Guacamole

[rdubs]

Hi, what is the current install procedure for guacamole? I see a version on the community apps, but it's outdated/unsupported. Anyone can point me to some reading material to install manually? Thanks

[rdubs]

As an update, I've read through the thread and installed the repo from aptalca/guacamole, however opening webgui just gives me a blank screen. I hope this docker is still updated, as I'm completely lost trying to read through the apache documentation on it. I'm basically brand new to linux stuff and it might as well be in a foreign language lol.

 

I've deleted the docker + image.

opened up MC and deleted the appdata/guacamole folder.

started a new container, deleted my-guacamole template.

put in his repo

 

still getting * Starting Tomcat servlet engine tomcat7

...fail!

 

P.S. for what it's worth, all the documentation talks about keeping dockers on a cache only share. I am only using 1 disk atm, so I don't have a cache only option. Is this a true necessity that is causing me issues? Or just a performance suggestion? My plex seems to be working fine without a cache share

[rdubs]

Don't mind me, just holding a conversation with myself lol. Hopefully can be helpful to other users to read . I got it working (mostly, now just need to figure out the user-mappings to connect to something), but the issue was me trying to change the port off 8080. It had recommended to do so, but it makes it fail everytime when I do. If I just leave it on 8080, it does work and pulls up the guacamole login screen

 

 

Everything up and running. Doesn't work if i take port off 8080 for some reason, but oh well

[trurl]

You can never change the container port, only the host port, and only if using bridge mode.

[testdasi]

I see this guacamole thingie a lot. What does it do?

[CHBMB]

I see this guacamole thingie a lot. What does it do?

 

It does a lot, rdp/vnc/ssh guacamole app.

[rdubs]

Now that I have everything up and running, does anyone have any advice, as to what would be a good way to publish my ip to myself, so that I can still access my guac if my ip changes? I saw dynds has a product, but I would much prefer a free solution.

[CHBMB]

I'm not sure making guacamole publicly facing is such a good idea unless it's over a VPN.

[rdubs]

Well, it's forwarded from an obscure port, at which point they would need to crack guac and then also the rdp win login back to back? Someone that dedicated can have my beach photos and downloaded movies at that point lol. Plus a big point of guac is being able to access your pcs from a location where you can't install programs or control the environment.

 

I will be getting around to vpn anyways just because I enjoy the learning experience of continuing to customize and make my unraid more robust, but for now, I just need to figure out a way to publish my ip - in case of a power cycle or any other antagonist that might cause my ip to switch. Perhaps someone knows of a docker or something that would email me my ip if the eth0 changed or something like that? Although my ifconfig is just going to be returning my lan side IP anyways, which is useless of course. I'm sort of lost how to achieve this function.

 

Thanks for all the help!

[Squid]

Well, it's forwarded from an obscure port, at which point they would need to crack guac and then also the rdp win login back to back? Someone that dedicated can have my beach photos and downloaded movies at that point lol.

Its not a matter of dedication - its a matter of how long.  Everything is all automated nowadays.  Brute force attacks work, and can work in a surprisingly short period of time.

[roland]

I use DuckDNS (with its docker) and it works very well.

 

But the points raised above are certainly well worth considering!

Maybe get the VPN server first before you venture further.

 

BTW I am still looking for a MODEM/ROUTER that has a good VPN server built in or can easily be flashed to DD-WRT?

Anyway, that is a bit off-topic.

[rdubs]

Perhaps I misunderstand the point of guac then. If I'm in a location where I can load up and configure a vpn client, connect on putty, turn on vnc/rdp directly, what would be the point of putting guac in the middle? As I understood, it seemed more like a replacement for teamviewer or a more friendly connect between linux/windows boxes. Otherwise it seems to be just bloatware in the middle of connection protocols?

 

Also, so I can learn better - What features are lacking from guac compared to other wan login portals as well? As my bank account, gmail etc all have internet logins that aren't being bashed open?

 

Also, thanks for the idea about duckdns, I will check it out!

[rdubs]

Open vn as setup and guac taken off wan access. Would still like to know what makes it so uniquely vulnerable and what it's point kinda is though

[flaggart]

It would be sensible to install an Nginx docker and configure it as a reverse proxy so that you can access Guacamole via HTTPS:

 

https://guacamole.incubator.apache.org/doc/gug/proxying-guacamole.html

[aptalca]

It would be sensible to install an Nginx docker and configure it as a reverse proxy so that you can access Guacamole via HTTPS:

 

https://guacamole.incubator.apache.org/doc/gug/proxying-guacamole.html

Make sure to also use fail2ban to protect against brute force