On Wed, May 28, 2025 at 12:52 AM Roberto Torres <robe...@prohard.com.br> wrote:
> Hey Philip > > Look for Kasm workspaces. > > Em qua., 28 de mai. de 2025, 01:43, Philip Hoflack < > philip.hofl...@gmail.com> escreveu: > >> Hi Nick, >> >> Ok, all clear, thanks for the link, and the suggestion. >> >> Since the question pops up now and then; then what's the next best, most >> guacamole like solution? There is a real need to expose these websites >> through a system that has authentication, and gives the end user an >> overview of what connections are available to him. (I would prefer to not >> have a VM with a browser for this). >> >> A reverse proxy with some form of authentication SSO is probably the quickest/easiest, if not the most elegant. > I've found the following 2 candidates so far: >> - nginx proxy manager (NPM): probably no SSO possible, but seems to list >> connections and has user management >> - fossorial pangolin: has SSO support, but it seems a much more complex >> solution compared to NPM >> >> I believe there are some ways to integrate Nginx, in general, with SSO. I'm not sure about Nginx Proxy Manager, but I wouldn't be surprised if it is doable. > PS: I'm afraid this question will continue to pop up: maybe one could >> consider to implement it without the recording feature? And thus without >> rendering the website in a browser engine on the server? The need to manage >> connections is a real need, and since guacamole already had SSO extensions >> and a concept of connections that would allow to have it all in one place. >> It would also be easier to explain to the end user that he only needs >> guacamole instead of a website for this and another one for that... >> For example say you have an SSH connection in guacamole: adding a cups >> web ui connection to the same server would be possible. >> >> The recording is not the roadblock, here - in fact, recording is reasonably easy once the implementation is done. Guacamole isn't just a web interface/management system - while it has those components, the core, and what makes it do what it does really well is the underlying "Guacamole Protocol." The "Guacamole Server" (guacd) translates between all of the other remote protocols that it supports - RDP, VNC, SSH, Telnet, Kubernetes - and the Guacamole Protocol. The Guacamole Client (running in Tomcat) facilitates connection between the end clients (Web Browsers) and guacd over either HTTP or WebSocket "tunnels" so that the browsers can speak the Guacamole Protocol to guacd, and provides the access control, a nice management interface, etc. All that to say that the rendering of the website in a browser engine on the server must be done one way or the other, whether recording is enabled or not, because that's how connections are made between guacd and the browser-based client. The logical next questions are: * Well, couldn't you make guacd capable of tunneling the traffic without using the Guacamole Protocol? And, sure, you could add some sort of SSL/TLS or SSH tunneling capabilities to guacd, but why? There are plenty of other products out there that already do this, why reinvent the wheel? * Is there any way to allow Guacamole Client to manage connections that don't use guacd at all, just to provide a central place where "Connections" can be configured and made available to users? And, again, the answer to this is "yes", you could - in fact, you could use Guacamole's extension framework to provide links to some other system (like Nginx Proxy Manager, or perhaps some other tunneling or VPN client) alongside the Guacamole connections. But, IMHO, it isn't something to integrate into the core Guacamole project. -Nick >
