Re: Printing using docker image?

[Mike Jumper]

On Dec 20, 2017 17:26, "Jonathan Hunter"  wrote:

...

The following command returns nothing for me:

# docker exec -it guacamole find / -type f -name gs

Am I barking up the wrong tree here?


Yep. You need to bark up the guacd tree instead. ;)

It's not the guacamole image which needs GhostScript, but the guacd image.
It should be there, though. It's installed as part of the image build:

https://github.com/apache/guacamole-server/blob/f72de10328ae39fcbf067333b0c2a2c9aecc441b/Dockerfile#L36

- Mike

unable to use websocket - HTTP tunnel instead

[wouterve]

Hi,
This is a continuation from my  previous post

  
as it was getting a little messy. 
So here is my problem:

Guacamole is not using websocket but http-tunnel instead eventhough I have
set up a proxy with Apache.

Here is the output from /var/lib/tomcat7/logs/catalina.out:


> 16:19:18.001 [http-bio-8080-exec-10] INFO 
> o.a.g.r.auth.AuthenticationService - User "vaneenw" successfully
> authenticated from 192.168.217.184.
> Wed Dec 20 16:19:18 CET 2017 WARN: Establishing SSL connection without
> server's identity verification is not recommended. According to MySQL
> 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be
> established by default if explicit option isn't set. For compliance with
> existing applications not using SSL the verifyServerCertificate property
> is set to 'false'. You need either to explicitly disable SSL by setting
> useSSL=false, or set useSSL=true and provide truststore for server
> certificate verification.
> 16:19:18.351 [http-bio-8080-exec-13] INFO 
> o.a.g.tunnel.TunnelRequestService - User "vaneenw" connected to connection
> "1".
> 16:19:18.354 [http-bio-8080-exec-13] INFO 
> o.a.g.tunnel.TunnelRequestService - User "vaneenw" disconnected from
> connection "1". Duration: 3 milliseconds
> 16:19:18.552 [http-bio-8080-exec-7] INFO 
> o.a.g.tunnel.TunnelRequestService - User "vaneenw" connected to connection
> "1".
> 16:19:18.552 [http-bio-8080-exec-7] INFO 
> o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not
> WebSocket). Performance may be sub-optimal.

With Apache, I have done the following configuration:

1-enable mod_proxy & mod_proxy_wstunnel


>  sudo a2enmod proxy_wstunnel   (this also enables mod_proxy..)
> sudo a2enmod proxy_http
> sudo a2enmod headers
> sudo a2enmod rewrite
> sudo a2enmod proxy_html
> sudo a2enmod deflate

(I'm not sure whether the other mods beside the first one are really
necessary but doesn't harm to enable too much it seems to me..)


Then I've changed my apache virtual host file:
/etc/apache2/sites-enabled/000-default.conf
(as desbribed by the  guacamole documentation
  


> 
> ServerName name
> 
>   ServerAdmin webmaster@localhost
>   DocumentRoot /var/www/html
>   ProxyRequests on
> 
> Order allow,deny
> Allow from all
> 
> 
> 
> Order allow,deny
> Allow from all
> ProxyPass http://localhost:8080/guacamole/ flushpackets=on
> ProxyPassReverse http://localhost:8080/guacamole/
> 
> 
> 
>Order allow,deny
>Allow from all
>ProxyPass ws://localhost:8080/guacamole/websocket-tunnel
>ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel
> 
> 
> 


(note: once websocket is working I will adapt the  config so that
only local requests are accepted)

Thus far, I haven't succeeded in establishing connection with guacomole
through websocket which results in very laggy response from the remote
computer..
Only exception is when I log into guacamole from the server itself, then I
have a websocket and optimal performance so problem is within proxying I
guess.

I have to add I don't use SSL certificates (use port 80) as can also be
found in the tomcat log (see above). Could this also have to do something
with it? 

Can someone help me with configuration please?

kind regards,

wouter





--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Re: Interesting combination of Guacamole and ZeroTier

[dan]

ZeroTier is an SDN, it tunnels out from the client and busts through
virtually any firewall and creates a peer to peer network.  You could best
analogies this by saying it’s a Cisco DMVPN but for clients not routers.
This accomplished things no port forwarding or vpn client can without a
very high end and IT heavy approach.

That said, I don’t see why you’d try to integrate it with guacamole.  Just
run ZeroTier on the client machine.

I do ZeroTier, tightvnc server, and put a guacamole server on that ZeroTier
network.  Done.  Also have ZeroTier on a Windows RDS server on that
network.  No need to integrate them all together, they already work great
this way.

Also, the ZeroTier install is dead simple.  There is no server, every
device is just a client and there are packages and installers for pretty
much anything so it’s very easy.

On Wed, Dec 20, 2017 at 12:37 AM Mike Jumper 
wrote:

> On Tue, Dec 19, 2017 at 4:13 PM, brian mullan 
> wrote:
>
>> I'm not sure what the advantages of integrating ZeroTier & Guacamole
>> might be?
>>
>> Speaking from a networking perspective (I am CCIE # 1143)..   you can
>> already implement Guacamole with NGINX etc and a Certificate from the likes
>> of LetsEncrypt to have HTTPS encrypted connection to the Guacamole Server
>> and RDP is encrypted to the end-server whether that is Windows or XRDP on
>> Linux.
>>
>> ZeroTier would give you a Layer 2 or Layer 3 VPN capability but what
>> exactly would you need that for in regards to remote desktop capability
>> unless it was for other personal or enterprise purposes besides the remote
>> desktop use?
>>
>> Just curious.
>>
>
> I would also like clarification on these points. I'm trying to give this
> thread the benefit of the doubt, but it has an uncomfortably spammy feel,
> and I don't currently see the relevance to Guacamole.
>
> I'll be happy to stand corrected if anyone can describe why such a thing
> would be an improvement over straight Guacamole, but until then I rather
> feel like I'm being marketed at. The justification that it provides
> additional security seems strained given that (1) you can achieve the same
> with a reverse proxy and (2) requiring a VPN client to use Guacamole would
> neuter the ability to connect with a browser alone.
>
> - Mike
>
>

INFO Required : CLIENT.URL_OSK_LAYOUT not translating

[Amarjeet Singh]

Hi Team,


CLIENT.URL_OSK_LAYOUT is not translating.

Code :-

  \n" +
> "\n"
> +
> " translate\">\n" +
> "\n" +
> "\n" +
> "\n" +


Below is the screenshot :-


[image: Inline image 1]

Is there anything I can do to work it out?

Thanks and Regards,
Amarjeet Singh

Re: How to get GuacamoleConfiguration from url?

[Mike Jumper]

On Mon, Dec 18, 2017 at 5:59 AM, genesis  wrote:

>
> I could not find some topics about the anonymous_identifier const, is there
> any example on how to use that?
>

The manual has an overview of the general authentication process, structure
of a Guacamole extension, and the nature of the key interfaces:

http://guacamole.apache.org/doc/gug/guacamole-ext.html#ext-auth-providers

The ANONYMOUS_IDENTIFIER is the value you will want to use for the
identifier of the AuthenticatedUser object returned by your
AuthenticationProvider implementation's authenticateUser() function. Doing
this tells Guacamole that the user is authenticated but that they have no
specific identity, and the Guacamole interface will adjust itself
accordingly.

My suggestion for going forward here would be to start by implementing
AuthenticationProvider and gradually filling in the gaps - implementing
authenticateUser(), implementing UserContext, implementing any applicable
Directory objects, etc., leveraging the Simple* versions of these where
helpful and applicable. There will likely be some point at which you can go
back to using the Simple* objects, but the Simple* objects which deal with
the main authentication process partly simplify things with the assumptions
that the user's session will not change while they're logged in and that
each user has a definite identity, which are incompatible with your
intended use.

Once you've started going through that implementation process, just come
back here if you encounter specific problems or need specific
clarification, and we can nudge you back on track.

- Mike