Hi Nick, Thank you for this information. Does the Guacamole client and guacd have the same required dependencies? In other words do I need to install Cairo, libjpeg, libpng, and the OSSP UUID library only on the Guacamole Client server and things like ffmpeg, freerdp, pango, etc. only on the guacd server? Or, should I install all of the dependencies on both servers?
Thanks. From: Nick Couchman <[email protected]> Sent: Wednesday, May 27, 2020 8:24 PM To: [email protected] Subject: [EXTERNAL] Re: Guacamole Installation with separate servers for DMZ and Internal Setup WARNING: This email originated outside the Hostos campus. Do not click links or open attachments unless you recognize the sender and know the content is safe. Never provide login credentials, financial or sensitive details in response to an email or by clicking on a link. Report suspicious emails to: [email protected]<mailto:[email protected]> On Wed, May 27, 2020 at 7:10 PM MARTINEZ, ARIEL <[email protected]<mailto:[email protected]>> wrote: Hello, From reviewing the documentation, I gather it is possible to install the tomcat Guacamole component on one server and have the guacd proxy on another. But I am unsure how to configure it as such. Can anyone provide some pointers or more detailed info how to get this done? Yes, the components have been designed precisely to facilitate these kinds of configurations. In my day job, I run Guacamole configured in this way - with multiple Guacamole Client systems pointed at the same internal guacd host, and some of those Guacamole Client systems sitting in DMZ configurations. Configuring this is quite simple - you just need to install the various components where you want them, and make sure the correct firewall ports are opened (Guacamole Client -> guacd on TCP/4822 by default, and guacd -> RDP, SSH, Telnet, Kubernetes, and/or VNC). On the system where guacd is running configure guacd.conf such that it is listening on the appropriate interface. On the systems running the Guacamole Client components (Tomcat), edit guacamole.properties and set guacd-hostname to the host name or IP of the system running guacd, and guacd-port to the port you've configured for guacd. I also highly recommend using the SSL options to encrypt traffic between Guacamole Client and guacd if you're operating them on separate systems, else you will see full traffic (keystrokes, images, text, etc.) in plaintext on the wire, which is an unnecessary risk. Configuring SSL is quite simple between Guacamole Client and guacd, as documented in the manual. If you run into any issues with it do not hesitate to post back here with specific questions. -Nick
