On Wed, May 27, 2020 at 7:10 PM MARTINEZ, ARIEL <amarti...@hostos.cuny.edu> wrote:
> Hello, > > From reviewing the documentation, I gather it is possible to install the > tomcat Guacamole component on one server and have the guacd proxy on > another. But I am unsure how to configure it as such. Can anyone provide > some pointers or more detailed info how to get this done? > > Yes, the components have been designed precisely to facilitate these kinds of configurations. In my day job, I run Guacamole configured in this way - with multiple Guacamole Client systems pointed at the same internal guacd host, and some of those Guacamole Client systems sitting in DMZ configurations. Configuring this is quite simple - you just need to install the various components where you want them, and make sure the correct firewall ports are opened (Guacamole Client -> guacd on TCP/4822 by default, and guacd -> RDP, SSH, Telnet, Kubernetes, and/or VNC). On the system where guacd is running configure guacd.conf such that it is listening on the appropriate interface. On the systems running the Guacamole Client components (Tomcat), edit guacamole.properties and set guacd-hostname to the host name or IP of the system running guacd, and guacd-port to the port you've configured for guacd. I also highly recommend using the SSL options to encrypt traffic between Guacamole Client and guacd if you're operating them on separate systems, else you will see full traffic (keystrokes, images, text, etc.) in plaintext on the wire, which is an unnecessary risk. Configuring SSL is quite simple between Guacamole Client and guacd, as documented in the manual. If you run into any issues with it do not hesitate to post back here with specific questions. -Nick
