Skip to content

Web Application

The Virtual Cluster uses a web interface based on Guacamole to manage graphical and terminal sessions via the HTTPS protocol. The web application itself is served by the Tomcat application server. An NGINX reverse proxy controls access to the web application and also handles the encryption/decryption of the web traffic.

SSL/TLS Certificate#

The HTTPS protocol relies on a public/private key infrastructure to encrypt the web traffic, but also to verify the identity of the server to which the clients connect. It is strongly recommended to use a server certificate which is trusted by the client, usually issued by a Certificate Authority (CA). Alternatively, trusted certificates can also be obtained by a service such as Let’s Encrypt if the system has a public DNS record.

When installing certificates for NGINX on the “frontend” instance of the Virtual Cluster, please make sure that:

  • The permissions for the private key file are as restrictive as possible (such that only the “root” user has access to it).
  • NGINX refers to the correct file(s) in the configuration found in:
/etc/nginx/nginx.conf

and in the other configuration files included by this file.