Hi Matthew,
(I'm just on the mailing list and not associated with the Guac' team).
Bob nailed this one further up in the thread - reverse proxy. I have a
Guac' server sitting in my DMZ and it's accessible via the web through a
reverse Apache proxy server. So, HTTPS to my web server (accessible
from the Internet) then it reverse proxies that traffic via HTTP
internally (on port xxxx). Rinse and repeat for the other sites.
Personally (if I understand your scenario) I'd connect the sites via a
VPN and route the traffic to a single Guac' server.
Rgds
C
On 15/09/16 15:51, Matthew Strowbridge wrote:
Good morning everyone,
Perhaps if I described my test scenario it will help to better explain
what I am trying to accomplish and hopefully give you, the experts,
the information necessary to tell me if this is possible and if so how
to go about it.
I have Guacd, Guacamole Server, and Mysql-server running in Docker
containers on a colocated physical server with direct internet access
and public IP. Guacamole server utilizing mysql authentication. I have
port 8080 mapped into port 8080 of my Guacamole Server container. My
interest would be in being able to remote access machines running
various operating systems at various locations, some behind firewalls
some being servers directly accessible via public IP.
I have no issues setting up ssh configured devices in my Guac Home to
connect to publicly accessible servers on the internet. The only
benefit this gives me is a single location from which to access these
servers via http connection to my Guac server. Now say for instance I
want to use Guacamole to access client workstations and servers
running various OS at their office locations behind firewalls. In
order to use Guacamole it seems as though I would have to possibly run
a Guacamole server at each location with a single port forward on the
firewall into port 8080 of the Guac server or a reverse proxy at each
location routing request from my Guac server to the intended machines
on the internal network is this correct or am I looking at this the
wrong way?
Thank you all for your time and information.
Regards,
*Matthew Strowbridge*
*On Call Technology Services Inc.*
*(o)845.477.5208*
*(m)845.673.9678*
*(e)[email protected] <mailto:[email protected]>*
*http://www.oct.services*
<https://www.facebook.com/octservicesinc><https://www.linkedin.com/in/matthew-strowbridge-915b2210b>
<https://www.twitter.com/octservicesinc>
On Sep 15, 2016, at 9:48 AM, Matthew Strowbridge <[email protected]
<mailto:[email protected]>> wrote:
Good morning Andrew and Bob,
First off Andrew thank you for your reply, however it added to my
confusion somewhat. You mentioned "once you configured your devices
to talk with Guac”, this doesn’t jive with me as in my installation
it is Guac that talks to the devices being that there is no client on
the devices to talk to Guac.
Bob, thank you as well for your input and again I must be looking at
this incorrectly. Based on the reverse proxy scenario, say I have “X”
number of sites with multiple devices behind a firewall at each site.
Is it your recommendation to run a reverse proxy at each site in
order to route requests from Guac to the devices without port
forwarding through the firewall?
Regards,
*Matthew Strowbridge*
*On Call Technology Services Inc.*
*(o)845.477.5208*
*(m)845.673.9678*
*(e)[email protected] <mailto:[email protected]>*
*http://www.oct.services <http://www.oct.services/>*
<fb.gif> <https://www.facebook.com/octservicesinc><linkedin.gif>
<https://www.linkedin.com/in/matthew-strowbridge-915b2210b>
<https://www.twitter.com/octservicesinc>
On Sep 14, 2016, at 10:42 PM, Andrew Sedlak <[email protected]
<mailto:[email protected]>> wrote:
Hi,
I think the whole point of Guacamole is that it's a centralized
system, allowing access through any web browser without the need for
a client. Basically once you've configured all your devices to talk
with Guacamole, you can access them all from a central point.
Myself I have a small setup when I have devices from two locations
all coming together in Guacamole. This does require some ports to be
opened and forwarded but once that's done, it's a fire and forget
sort of deal.
Summary: This product is supposed to eliminate the need for client
software.
On 15/09/2016 06:41, Matthew Strowbridge wrote:
Hello,
Guacamole newbie here and I have client questions I just can’t find
answers to. This may not be how to go about asking but I am going
to give it a shot.
I have Guacamole server up and running and have created an ssh
connection to a colocated server with direct internet connection
and dedicated IP address. I am able to connect to it through my
Guacamole Home no problem.
What confuses me is if there is not a client I can run on computers
behind a router/firewall that connects to Guacamole server and
allows me to connect to them through the Guacamole server as well,
what is the point? If I have to create a connection providing an IP
address and port to connect through on my Guacamole Home and then
port forward from my firewall to the desired computer to be able to
access it, I can just use RDP, SSH, or whatever native client to
connect at that point. Am I missing something? Is there a client
after all that I can run on say a Windows machine behind a firewall
and still connect to it via my Guacamole server similar to a
LogMeIn or Teamviewer service?
Sorry for my ignorance and if this is not how to submit a question
please inform me as to proper method.
Regards,
*Matthew Strowbridge*
*On Call Technology Services Inc.*
*(o)845.477.5208*
*(m)845.673.9678*
*(e)[email protected] <mailto:[email protected]>*
*http://www.oct.services <http://www.oct.services/>*
<Mail Attachment.gif>
<https://www.facebook.com/octservicesinc><Mail Attachment.gif>
<https://www.linkedin.com/in/matthew-strowbridge-915b2210b><Mail
Attachment.gif> <https://www.twitter.com/octservicesinc>
<https://www.twitter.com/octservicesinc>
------------------------------------------------------------------------
Avast logo
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
This email has been checked for viruses by Avast antivirus software.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
