Apache Guacamole is a great clientless remote gateway that allows users to utilize HTML5 to access desktops/servers via a web browser. With no plugins or client software required, all you need is a web browser to access your remote desktops or SSH consoles to devices on your network. You can host guacamole in a container on your premise-based server or even in the cloud and set up a subdomain to point traffic to your locations. Guacamole will organize all your connections in one place and can group connections according to network locations, type of connections, user, and more. Check out Apache Guacamole on their site and then try deploying it yourself and see what you think.
Deploying Guacamole with Docker
Quickly use a Portainer App Template to deploy a Guacamole Docker container!
Using Portainer to deploy Guacamole I decided to try an app template. I have always pulled the image from docker or built the container via a stack in Portainer, but watching some videos on App Template deployments got me interested. I used a template from Nova Spirit github page found here: https://github.com/SelfhostedPro/selfhosted_templates and used the template link: https://raw.githubusercontent.com/novaspirit/pi-hosted/master/template/portainer-v2-arm32.json
To add the template link in Portainer, navigate to settings, paste the link in the App Templates URL, and save your settings.
Please navigate back to App Templates, find the Guacamole template, and select it.
Select advanced options and ensure your port mapping is to your desire and that your host config location is correct for where you would like your container configs saved. If you are running OMV, you might want to ensure you are mapping this to your predetermined config folder location. Once you have validated your site deploy your container.
Guacamole will take some time to build and deploy the app. Give it some time, watch the logs, and when the server starts up, notice is given you can open a web browser and navigate to port 8080 (if you did not change it) of the docker server you created the image on (ex. 192.168.128.81:8080); you should be greeted with a login screen!
To get to my Guacamole server from the internet, I added a sub-domain to point to my IP Address. I recommend Cloudflare, at least that is who I use to host my DNS, it’s free, and they will proxy your IP.
I use Nginx Proxy Manager to direct traffic to different servers on my network. I direct this traffic to my Guacamole docker container by adding my subdomain to Nginx.
You should now be able to log into Guacamole from your subdomain via the internet. Login using the default username and password: guacadmin/guacadmin. Immediately navigate to settings and change your password.
Adding Connections
I am first going to add an SSH connection to my NAS. Now time to set up a connection! Click on the admin drop down and click on the settings section. Click on the Connections tab and select “New Connection.” Super Easy, you can fill out as much as you know or just set up quickly filling out the sections: Edit Connection, Parameters for network, and Authentication:
Select Save, then admin menu, then select home, then test your new connection!
I am going to try a VNC Connection to my Raspberry Pi. Following the instructions above, I add a new connection, adjust the protocol to VNC, and work your down to “Parameters.” Add another one. Fill out your Host Name (domain or IP address to your server), then enter the port number. The Default VNC port number is 5900.
Suppose you are connecting to a Raspberry Pi running a Real VNC server. Set a password. Navigate to options and security on the Pi and change it to a VNC password instead of a UNIX password.
In Guacamole, under that VNC connection you are adding, for authentication, do not put in a username, but add the password you specified for the VNC Password in the Real VNC server on your Pi. Then test your connection!
Your Guacamole home screen will show all your recent connections, available connections, and user connections.
Also, to end all open connections, navigate to settings, select the active sessions to end, then click the “kill Sessions” button.
There are other connection types, such as RDP, and connections can be created for those. I don’t use the different connection types, but a simple search will help you find default port numbers for RDP and the other connection types. I will add, though, that with RDP, I have seen that many users opt to update the display section in Parameters to include color depth = actual color (32-bit), resize method = “Display Update” virtual channel, and updating the Performance section to select “Enable font smoothing (Clear Type).”
Running as a docker image, Guacamole has been a game-changer for me. Managing my servers has never been easier!
NGINX is a free, open-source, high-performance HTTP server, reverse proxy, and IMAP/POP3 proxy server. NGINX is known for its high performance and stability. Free SSL with Let’s Encrypt. Perfect for home networks. NGINX has a rich feature set, simple configuration, and low resource consumption. NGINX scales in all directions.
THANK YOU for the information on the REAL VNC Server configuration. I was pulling my hair out!