On Sun, Jan 5, 2020 at 6:54 AM Vieri <[email protected]> wrote:
> Hi again, > > I know the Guacamole devs don't want to implement a "VPN-like" web portal > to access other protocols such as HTTP/HTTPS and FTP (discussed before)... Mostly that Guacamole is designed to be a web-based remote desktop client, not a full VPN client, and we're interested in keeping the scope contained. > ...but I'd like to know if anyone here has any thoughts/experience > regarding a guacamole-like portal such as: > > > https://help.fortinet.com/fmgr/50hlp/56/5-6-2/FMG-FAZ/1300_VPN_Manager/1200_SSL_VPN/0410_Pre%20defined%20bookmarks.htm > > This commercial product offers basically the same features as Guacamole > (except for the fact that telnet, vnc and rdp require a plug-in which I > dislike) with the added support for HTTP/HTTPS and FTP services. > > I'm struggling to keep using open-source projects whenever possible, but > not everyone is on my side :-(. I'd like to keep using Guacamole (because > it simply works great), and for that I'd need to argue why. The only > missing piece for me is really HTTP, and I'm wondering how this commercial > product is implementing it. As previously commented in this thread, it's > hard to imagine that it's implemented as "HTML to image rendering" (but > possible). It may also be simply a reverse proxy setup (which could be > implemented with other open-source projects), but it doesn't seem to be. > Does anyone have experience with this or similar products (regarding HTTP)? > > First, i share your desire to do as much as possible with Open Source software, and I routinely have to fight the battle of why to stick with open source rather than spending money on a commercial product. I'm always happy to help architect solutions that leverage open source software, even if they're outside the scope of this project. Regarding the ability to have an HTTP(S) portal implemented alongside Guacamole, I think this is possible using one of a couple of different options. In doing some past research on this, I believe Nginx had some ability to configure itself as a Reverse Proxy that can use parameters to allow access for particular site. Squid may also have the capability to do some of these things. I've never personally configured or implemented it, but I believe it's possible. Tying it all together into a single solution is going to take some work - I don't know of anything out there, today, that has it all built in, but all of the components are there and it just needs to be collected into a single solution. It will probably take some development work to bring it all together, but I think it's possible. Implementing a portal of sorts that will bring it into a single view and allow you to publish URLs that can then be reverse-proxied back through a portal into something else. -Nick
