Hi, Dne pá 19. čvc 2019 17:37 uživatel Nick Couchman <[email protected]> napsal:
> On Thu, Jul 18, 2019 at 2:57 PM Lukáš Raška <[email protected]> wrote: > >> Hi, >> I guess the easiest solution would be to use two different guacd >> instances. Guacamole backend can use multiple guacd, but the frontend can >> only use single Guacamole server, afaik. >> > > No, this is not true - you can configure multiple guacd instances and > point the same Guacamole Client instance at multiple ones. Basically > you'll end up with a default guacd instance that will be used when no other > instance is present in the configuration for a connection. This will > either be localhost (if nothing is configured) or whatever you've > configured in guacamole.properties. > > On a per-connection basis, you can configure each connection to point to a > specific guacd hostname and port. This is done in the Guacamole Proxy > section of the connection configuration, where you can specify the > hostname, port, and encryption method for guacd for that particular > connection. > Yes, that is exactly what I meant. Multiple guacd instances, but single (even if clustered) java webapp, because the Angular frontend application cannot speak to different API instances (which is what I understood was the primary question). > >> >> >> In case you can create persistent VPN tunnels to different sites, for us >> the easiest solution was to use Linux kernel network namespaces to separate >> those (basically what LXC / Docker does) and either run guacd locally or >> remotely. >> >> > There are definitely some creative things you could do with networking to > automatically route those guacd connections to the correct place without > having to specify parameters on a per-connection basis. Using kernel > network namespaces or some iptables rules would do the trick. You could > also using something like HAProxy and do the load balancing based on > destination address, I think. Several good options for automating this. > The problem here could be overlapping networks in different VPNs, so routing table separation will probably be necessary (depends where guacd will run and what is the exact usecase). > -Nick > BR, Lukas >
