Sie zeigen eine alte Version dieser Seite an. Zeigen Sie die aktuelle Version an.

Unterschiede anzeigen Seitenhistorie anzeigen

« Vorherige Version anzeigen Version 2 Nächste Version anzeigen »

There are many solutions how to access your home systems from remote locations.

  • most of them rely on installation of client software.
  • some of them manage the access via third gateway somewhere in the cloud
  • and some networks actively block the ports for RDP and/or SSH

In the past I've used CNTLM to create tunnel thru proxy server, but the project is already dead (last update was published in April 2012).

Some of my web-based applications related to home automation are currently accessible via NGINX-based reverse-proxy container secured using Let's Encrypt free certificate running in Docker in a Debian VM.


Please note: this article doesn't cover installation and setup of following prerequisite components:

  • linux server + docker engine
  • nginx reverse proxy server + letsencrypt certificate
  • router settings + domain name

Apache Guacamole

Now I've found Apache Guacamole Project, which absolutely fits to (almost) all my needs.

It is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. It is called clientless because no plugins or client software are required - thanks to HTML5, once Guacamole is installed on a server, all I need to access my systems is a HTML5 capable web browser.

Needed components:

  • guacamole web server component
  • guacd proxy component
  • some database (I use PostreSQL)

Installation

guacd

Installation is quite straight-forward, just run the following command:

docker run --name guacd -it -d -p 4822:4822 guacamole/guacd

guacamole

create volume first:

docker volume create guacamole_data

install guacamole:

docker run -it --name guacamole \
-e GUACD_HOSTNAME=<hostname of guacd>   \
-e GUACD_PORT=4822             \
-e POSTGRES_HOSTNAME=<hostname of SQL server> \
-e POSTGRES_PORT=5432 \
-e POSTGRES_DATABASE=guadb \
-e POSTGRES_USER=guadbuser \
-e POSTGRES_PASSWORD=<password> \
-v guacamole_data:/guacamole   \
-e GUACAMOLE_HOME=/guacamole \
-d -p 8080:8080 guacamole/guacamole

Note to "-p 8080:8080" command: if the port 8080 is already exposed by another container, you can map the internal guacamole 8080 port to port 8081 reachable from external by using "-p 8081:8080"

PostgreSQL

create volume first:

docker volume create postgres_data

install the DB itself

docker run -d -it --rm -p 5432:5432 --name postgres \
-e POSTGRES_PASSWORD=<master passwd> \
-e PGDATA=/var/lib/postgresql/data/pgdata \
-v postgres_data:/var/lib/postgresql/data \
postgres

prepare the database for guacamole:

1. export the database schema

docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > initdb.sql

2. install on your favorite desktop the PGadmin tool

3. connect to the database

4. create new database named guadb

5. create guadbuser with full rights for the newly created database

6. open the initdb.sql file in text editor and paste the content to SQL Command window in the guadb database settings and execute it - this will create the whole structure needed for storing user and connection informations

7. restart the guacamole container


Now, you can try to connect to guacamole using following URL: http://<docker-host>:8080

The default username/password is guacadmin. Don't forget to change the default password!

nginx reverse proxy

add following block to https server block in the nginx configuration file (in my case /var/lib/docker/volumes/reverse_proxy_conf/_data/conf.d):

#
# Guacamole
#
location /guacamole/ 
    {
    proxy_pass http://<docker-host>:8080/guacamole/;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    access_log off;
    }

and restart the nginx reverse proxy container.

Connection setup

when logged in, go to settings, select Connections tab and click on the New connection.

in the loooong form fill the following minimal mandatory field set:

  • Name: connection name
  • Protocol: I've tested RDP and SSH so far
  • in GUACAMOLE PROXY PARAMETERS (GUACD) section:
  • Hostname: Use the internal network IP of the guacd container (something like 172.17.0.x)
  • Port: 4822
  • Encryption: none
  • in the PARAMETERS section:
    • for RDP:
      • Hostname: hostname of the windows system to connect to
      • Port: 3389
      • Username/Password/Domain - your credentials
      • Security mode: NLA
    • for SSH:
      • Port is 22

enjoy! (Lächeln)




  • Keine Stichwörter