On Wed, Aug 11, 2021 at 9:17 AM Wade Gibson <[email protected]> wrote:
> I'm relatively new to the guac world, but so far have set up fourteen > servers on Ubuntu with Let's Encrypt and MFA. We're seeing abundant uses > for remote access with vendors and other outside parties who need to manage > internal systems remotely. > > One thing that we've discovered we would really like is the ability to > have a connection type that's an emulated HTTP/HTTPS browser session where > we can control what internal web service/address a user can connect to. We > love the simplicity and security that guac gives us by having a single URL > to give vendors to access their equipment without having to set up gobs of > port forwards and firewall rules, but sometimes all we need is to have a > management web interface accessible and not a full RDP or VNC connection. > > Wade, While I don't have any direct links to threads right now, this has been asked and discussed in the past. There was even a JIRA issue opened for it: https://issues.apache.org/jira/browse/GUACAMOLE-57 The gist of it is that we do not intend to make Guacamole into a generic VPN client or reverse proxy. We are focused on providing a robust, clientless remote desktop gateway, and support popular remote desktop protocols. Reverse proxying HTTP/HTTPS is something we are not interested in doing. There should be ways to use either Apache httpd or Nginx to accomplish what you're trying to do - Nginx in particular, I know, can take a URL argument and proxy it through, and I would imagine Apache httpd can do similar things. You can also secure both of those platforms in their reverse proxy capacity with various authentication mechanisms. > We're experimenting with running a Linux client VM that automatically pops > up a Firefox kiosk when connecting with VNC, but it isn't really scalable > for us. Has anyone run into this type of use case that may have a better > workaround? > > If you're crunched for time, and just need a solution, then I think this is a great idea - it uses existing protocol support in Guacamole, and can present it in a, more or less, seamless fashion to the end users. The only other thing I suggest would be that, if VNC doesn't work for you, you can try xrdp on Linux and use that, instead - particularly if Audio support is required, or multi-user access, session management, etc., - things that VNC isn't particularly good at, then xrdp may allow you to accomplish some of these items. xrdp has great support for allowing you to customize what's being launched (window manager, specific application, etc.), so that might be better for you. You can also use Guacamole's built-in support for Load Balancing connection groups to spread the load across multiple servers. -Nick >
