We have build a solution to extend Guacamole with http(s) support with a similar approach/concept, which Nick actually had mentioned in this mailing list for a couple of times as I remembered. The user experience with Chrome/Firefox in kiosk mode cannot not provide plausible user experience, e.g. upload and download issues, inconvenient when accessing hyperlinks that open a new tab, without buttons to check previous or next page, and we had to build a customized browser core for this case.
With our solution, per user request to a connection, a virtual environment with customized browser core will be instantly created and launch the URL specified and then we have Guacamole connecting to the virtual environment and taking care of user actions. When the user access session ends, the virtual environment will be destroyed and released. Although efforts invested on this project were more than we had originally planed, the overall experience is actually beyond our expectation, easy to use and much better security. Please feel free to let me know if you are interested to know more. Thanks, Yang > On Mar 29, 2022, at 21:23, Guillermo Vargas-Dellacasa > <[email protected]> wrote: > > I was going to suggest the same as a workaround. Launching a browser in kiosk > mode as a webapp on an RDP session should accomplish restricted https access > to a particular application (haven't tried but sounds plausible). One > possible advantage of this approach vs a standard proxy will be that you > eliminate any possible issues that sometimes come up with proxies (e.g. > WebRTC or Certs issues). > > Every solution has its pros and cons. I have used Fortinet's SSL VPN Web mode > for RDP and it has limitations vs Guac (no print redirect, no file sharing, > no integrated copy-paste). The workaround for Fortinet's is to use it in > tunnel model, but then that requires a client. So, everything has pros/cons. > As a side note, in my experience Guac RDP is way faster than Fortinet's RDP > over SSL VPN Web mode (or even tunnel mode; again, in my experience). The > main advantage of Fortinet is that it is all done in a firewall unit (which > you anyway need). That's Fortinet's approach: trying to offer everything > under the sun on the firewall. Judging from one of the responses before, it > might be that Guac doesn't want to go that route as a project. That would be > fine with me. > > G. > > On Tue, Mar 29, 2022 at 7:52 AM Vendel Colja <[email protected] > <mailto:[email protected]>> wrote: > But what’s your problem? Just access a single webbrowser on a RDP host as an > application an you can access whatever http/https site via that browser. If > you’d like to restrict the range of pages, let’s say to a single site, that’s > subject to that browser and system you are accessing via guacamole and RDP. > > > > Colja > > > > Von: Stefan Bogdan Cimpeanu [mailto:[email protected] > <mailto:[email protected]>] > Gesendet: Dienstag, 29. März 2022 13:28 > An: [email protected] <mailto:[email protected]> > Betreff: Re: Support protocols > > > > I will get so much hate for this, but, there are other commercial solutions > that allow you to access webpages defined or user-provided from within the > solution, such as Fortinet. > > Different ACL’s can be implemented, 2FA, and all the bells and whistles. > > > > Bogdan > > > > > On 29 Mar 2022, at 11:38, Ricardo García Arroyo <[email protected] > <mailto:[email protected]>> wrote: > > > > Hello, good morning. > > > > We ask because aur client is the ESA (European Space Agency). > > Is it possible to create a future release with ESA requirement with an > estimation (in time and value) of your work? My team and ESA would evaluate > your estimation. > > > > Thanks and regards. > > Ricardo > > > > From: Alessandro Sironi <[email protected] > <mailto:[email protected]>> > Sent: martes, 29 de marzo de 2022 9:18 > To: [email protected] <mailto:[email protected]> > Subject: Re: Support protocols > > > > Hello, if you mean to be able to direct open a webpage in http(s) than it’s > definitely not possibile and not in any future release. > > Inviato da iPhone > > > > > > Il giorno 29 mar 2022, alle ore 09:14, Ricardo García Arroyo > <[email protected] <mailto:[email protected]>> ha scritto: > > > > Hello. > > > > We are using a NGINX proxy, we are asking that to know if in future > developments of the tools can be implemented the http(s) access like VNC or > RDP without the use of NGINX proxy. > > > > Thanks. > > Regards. > > Ricardo > > > > From: Sean Hulbert <[email protected] > <mailto:[email protected]>> > Sent: martes, 29 de marzo de 2022 9:11 > To: [email protected] <mailto:[email protected]> > Subject: RE: Support protocols > > > > Guacamole absolutely can be accessed using http(s) , install it with NGINX > and proxy it. I do highly recommend TLSv1.3 since login information can be > seen outside a secure unnel. > > > > > > > > > > > > > > > > Sent by Android Ai hijacked INS communications 6G > > > > > > -------- Original message -------- > > From: Ricardo García Arroyo <[email protected] <mailto:[email protected]>> > > Date: 3/28/22 11:57 PM (GMT-08:00) > > To: [email protected] <mailto:[email protected]> > Subject: Support protocols > > > > Good morning. > > > > I’m Ricardo from an IT company in Spain. > > > > My team and me are working in a project with Apache Guacamole tool. We > provide access to clients by VNC, RDP and SSH with guacamole. Our customer > requests us access by http or https. We watch that your tool doesn’t allow > this access for that moment. Is it possible a development for that or is > programed for future versions of Guacamole? > > > > If that question has been sent to a wrong email, can you tell me where can I > ask our question? > > > > Thanks and regards. > > Ricardo > > > > > Confidentiality Notice: This e-mail contains information that is privileged > and confidential and subject to legal restrictions and penalties regarding > its unauthorized disclosure or other use. You are prohibited from copying, > distributing or otherwise using this information if you are not the intended > recipient. If you have received this e-mail in error, please notify us > immediately by return e-mail and delete this e-mail and all attachments from > your system. Thank You. >
