Versionen im Vergleich

Alte Version 2

changes.mady.by.user Nemeth, Zoltan

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user Nemeth, Zoltan

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

  • most of them rely on installation of client software.
  • some of them manage the access via third gateway somewhere in the cloud
  • and some networks actively block the ports for RDP and/or SSH (for example corporate networks allows access to internet only via proxy servers, where only http/https traffic is allowed)

In the past I've used CNTLM to create tunnel thru proxy server, but the project is already dead (last update was published in April 2012).

...

It is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. It is called clientless because no plugins or client software are required - thanks to HTML5, once Guacamole is installed on a server, all I need to access my systems is a HTML5 capable web browser.

Benefits:

  • All internal systems are available via single https port, which enables the access from very restrictive corporate networks without any problem.
  • This also means, you have to enable only the ports 80/443 from outside and route them to nginx reverse proxy or to guacamole server itself. As I already use the nginx reverse proxy, no network changes are needed - just new section in nginx config file.
  • Guacamole currently supports Microsoft RDP, SSH, telnet and VNC connections - including file transfer possibility - what more do you want?

Needed components:

  • guacamole web server component
  • guacd proxy component
  • some database (I use PostreSQL)

I've tried LDAP authentication first, but run into troubles (unable to logon at all), so I've implemented the authentication using database option. I'll try to switch to LDAP sometime later.

Installation

guacd

Installation is quite straight-forward, just run the following command - no further configuration is needed:

docker run --name guacd -it -d -p 4822:4822 guacamole/guacd

...

install the DB itself

docker run -d -it --rm -p 5432:5432 --name postgres \
-e POSTGRES_PASSWORD=<master passwd> \
-e PGDATA=/var/lib/postgresql/data/pgdata \
-v postgres_data:/var/lib/postgresql/data \
postgres

...

add following block to https server block in the nginx configuration file (in my case /var/lib/docker/volumes/reverse_proxy_conf/_data/conf.detc/nginx/conf.d/default.conf):

#
# Guacamole
#
location /guacamole/ 
    {
    proxy_pass http://<docker-host>:8080/guacamole/;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    access_log off;
    }

...

  • Name: connection name
  • Protocol: I've tested RDP and SSH so far
  • in GUACAMOLE PROXY PARAMETERS (GUACD) section:
  • Hostname: Use the internal network IP of the guacd container (something like 172.17.0.x)
  • Port: 4822
  • Encryption: none
  • in the PARAMETERS section:
    • for RDP:
      • Hostname: hostname of the windows system to connect to
      • Port: 3389
      • Username/Password/Domain - your credentials
      • Security mode: NLA
      • set the Keyboard Layout as needed - if your language isn't listed, select the Unicode one
    • for SSH:
      • Port is 22


enjoy! (Lächeln)