There are many solutions how to access your home systems from remote locations.
In the past I've used CNTLM to create tunnel thru proxy server, but the project is already dead (last update was published in April 2012).
Some of my web-based applications related to home automation are currently accessible via NGINX-based reverse-proxy container secured using Let's Encrypt free certificate running in Docker in a Debian VM.
Now I've found Apache Guacamole Project, which absolutely fits to (almost) all my needs.
It is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. It is called clientless because no plugins or client software are required - thanks to HTML5, once Guacamole is installed on a server, all I need to access my systems is a HTML5 capable web browser.
Installation is quite straight-forward, just run the following command:
docker run --name guacd -it -d -p 4822:4822 guacamole/guacd
create volume first:
docker volume create guacamole_data
install guacamole:
docker run -it --name guacamole \-e GUACD_HOSTNAME=<hostname of guacd> \-e GUACD_PORT=4822 \-e POSTGRES_HOSTNAME=<hostname of SQL server> \-e POSTGRES_PORT=5432 \-e POSTGRES_DATABASE=guadb \-e POSTGRES_USER=guadbuser \-e POSTGRES_PASSWORD=<password> \-v guacamole_data:/guacamole \-e GUACAMOLE_HOME=/guacamole \-d -p 8080:8080 guacamole/guacamole
Note to "-p 8080:8080" command: if the port 8080 is already exposed by another container, you can map the internal guacamole 8080 port to port 8081 reachable from external by using "-p 8081:8080"
create volume first:
docker volume create postgres_data
install the DB itself
docker run -d -it --rm -p 5432:5432 --name postgres \-e POSTGRES_PASSWORD=<master passwd> \-e PGDATA=/var/lib/postgresql/data/pgdata \-v postgres_data:/var/lib/postgresql/data \postgres
prepare the database for guacamole:
1. export the database schema
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > initdb.sql
2. install on your favorite desktop the PGadmin tool
3. connect to the database
4. create new database named guadb
5. create guadbuser with full rights for the newly created database
6. open the initdb.sql file in text editor and paste the content to SQL Command window in the guadb database settings and execute it - this will create the whole structure needed for storing user and connection informations
7. restart the guacamole container
Now, you can try to connect to guacamole using following URL: http://<docker-host>:8080
The default username/password is guacadmin. Don't forget to change the default password!
add following block to https server block in the nginx configuration file (in my case /var/lib/docker/volumes/reverse_proxy_conf/_data/conf.d):
## Guacamole#location /guacamole/ { proxy_pass http://<docker-host>:8080/guacamole/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; access_log off; }
and restart the nginx reverse proxy container.
when logged in, go to settings, select Connections tab and click on the New connection.
in the loooong form fill the following minimal mandatory field set:
enjoy!