Tomcat

Tomcat has been modified from the default setup to allow for SSL to be enabled for the Guacamole host. 

ALL of Tomcat settings and logging files are inaccessible from the regular user login. sudo -s is required to be able to access and modify Tomcat files

Logging is done via Catalina, the output of which sits at /opt/tomcat/tomcatapp/logs/catalina.out

Tomcat Connector

Keystore password is in 1Password.

This connector was modified from the original 8080 connector to enable SSL, and designate a certificate for SSL. 

The certificate is located in a .jks keystore and encrypted using the password. The certificate that was placed in the keystore was a pkcs12 certificate with Private Key embedded. These files are stored in the /conf/crt/ directory of Tomcat.

SSL is required in Tomcat to enable SAML transmissions through the reverse proxy remaining in HTTPS.

Note. When changes are made to the Guacamole Config, Tomcat is the server host, a restart of the Tomcat service is usually all that is required to enact the changes.