On Mon, May 23, 2022 at 11:56 AM Dark Corner <[email protected]> wrote:
> Thanks for the reply. > I did not understand your suggestion. > Do you mean that in the firewall I have to direct the 80/443 traffic > towards the PC of Guacamole? > Yes. > What if there is a web server on the network? There isn't, but it could be > activated in the near future. In this case I would have to change the ports > on Guacamole and tell users that they must use the port in the URL. > Then I have to consider that the IP is dynamic and therefore I still have > to use a DDNS. > If you don't have a dedicated public IP, or a dedicated public IP per system that you want to serve content from, then, yes, you'll need Dyanmic DNS. However, if you're considering placing a web server on the network that serves content to the Internet then I would just make sure to architect things in a way that factors in both requirements. You could go ahead and stand up a single web server that is Internet-facing and use that to Reverse Proxy all of your required applications. You can configure the web server to forward the /guacamole path and everything under it to your Guacamole server, and if you have other applications do the same. We have instructions in the Guacamole Manual for proxying Guacamole: https://guacamole.apache.org/doc/gug/reverse-proxy.html Keep in mind, though, that if the proxy lives on a different server than Tomcat running Guacamole you may want/need to take additional steps to encrypt the traffic between the proxy and Tomcat (configure Tomcat with SSL support and make sure the reverse proxy trusts the Tomcat certificate). So, the setup may be slightly more complex than what is described in the manual, but it should be doable. -Nick
