Hi, I am the maintainer of the image you mentioned (yes, I am a he, no worries!). For more info, this image is a fork of a very popular image that has been abandoned (Oznu's image). Many images have forked from Oznu's, and mine is far from being the most popular. However, I take pride of updating and rebuilding it every week, or when the main software inside are updated (Tomcat, PostgreSQL JDBC and S6 overlay). I wondered why my image got a bump in pulls around end of January, now I get it ! (most likely your video + a mention in the Watchtower community) Most of the credit should go to the Apache Guacamole Team of course (Nick Couchman and Mike Jumper), and to Oznu for inspiration.
Thank you for this video and your other video "Cloudflare Tunnels: Getting Started with Domains, DNS, and Tunnels". These were immensely helpful. I finally got my whole server rack in a zero trust so I can access it anywhere. Thank you!!
Another option is Kasmweb, with their new Server Workspaces! Kasmweb is installed locally, and have most of my local servers set up as Kasmweb Workspaces. Some are RDP, and some are SSH sessions. Local access is straignt forward, but I also have a CloudFlare Tunnel providing the external connection with a CloudFlare Application providing secure access. So I can basically get to anything on my local network from anywhere with a reasonable assurance of security. (And of course, I learned how to do the CloudFlare Tunnel and Application from YOUR videos!!) ;)
How is the performance with this over cloudflare tunnel? I setup my guac access through a cloudflare tunnel that forwards to my reverse proxy (traefik) and it randomly disconnects every 2-15 minutes and I have to relogin. If i just port forward from my router > traefik, I have zero issues. Wondering if anyone else is encountering this problem.
I'm confused how this works. Aren't kasm workspaces basically containers/VMs that you can access remotely. Or are you using them to access your workstation or servers remotely? Is this a 1:1 replacement for guacamole? I was looking at Kasm, but it seems more like rolling out ephemeral desktops in containers rather than something like guac which is just a gateway so you can RDP to your workstation. Please correct me if I'm wrong.
@@DrDingus Performance is stellar. My homelab is running on Proxmox on a Dell 5080 with an i7 with 16 vCPUs and 32GB RAM over a 200x200 fiber internet connection. Connectivity is solid, stable, and reliable.
Great video 🙂 I spent about 3-4 hours yesterday trying to get a remote setup then when I saw your video noted you'd used guacamole which I'd heard of but not looked into a lot. I tend to use a different tunnel for each service and do them both together in single docker compose. That way I can jus backup the whole container and can restore to a different host if need be for redundancy after changing the tunnel key and IP addresses.
If you are running UFW you need to open the respective port (sudo ufw allow 8080) for example. Otherwise you will get a bad gateway error. Great video, thanks.
Great video, will have a play with Guacamole. I'd personally love to see SSH access run through via cloudflare tunnels, being set up on a third party client like termius
Authelia on top of Cloudflare tunnel seems a bit to much. The function of Authelia is 2fa in front of your internal apps and that´s what you have with cloudflare tunnel. In my opinion you do not need authelia any more. Authelia is usefull, if you use nginx proxy manager instead of cloudflare, but that´s not as good as this solution 🙂
Been using guac for over 2 years and love it. One issue I'm having now on another computer is USERNAME/PASSWORD doesn't work great when you use your "hello" pin or actual Microsoft account to sign into Windows. Yes, if you use a local account works all day but other way it's such a pain.
Thanks for this. Only set up cloudflare tunnels a couple of days ago and was wondering how I could RDP into my Hyper-V server from a locked down work computer. Just logged onto my portainer, copied your setup, added it in cloudflare and bang, it's working. Think I'll leave the username/password blank though and enter it everytime and I've setup 2FA on the cloudflare tunnels already, rather than set it up for each application.
Does this actually work well for anyone? I get constant disconnects on guac if I use the argo tunnel, but no issues if I don't use the argo tunnel. I'm using traefik as a reverse proxy in both situations.
I really like your videos, but quite often, I wish you'd have a "how to update" when things change. I know it's something I should probably be able to figure out out on my own, but it's nice when that is included.
@@DBTechYT Yeah. Kind of like that. Boy do I feel silly after watching that! Sorry. I wasn't able to get Guacamole to login to my desktop computer. I'm sure it s something I'm doing wrong. Thanks for the videos!
Works fine for me but when rdp into Fedora 37 or Ubuntu 22.04 desktop, the mouse pointer is replaced by a square block of colours. Apparently this is a bug in Guacamole. Anyone know a way to easily fix this ?
I know you said that you did a previous video about this a while ago, but for a newcomer to this, I'd recommend to show ALL the steps in your new video indeed or saying to go back and watch a section of the previous video.. the reason, is that for a newcomer to this that's watching your current video as a Step-by-Step guide and actually doing the setup on their computer at the same time, it really muddies the water with trying to switch back and forth between videos and make sure that something doesn't get missed which then causes a problem and leaves the newcomer wondering where it went wrong and trying to troubleshoot the issue.. There in is the issue of trying to watch multiple videos and make it all work. Instead, I'd recommend to cover ALL of it in the new video versions and have timestamps so that people can easily skip ahead of a section doesn't apply to their situation. But that's just my suggestion
So the problem with that is that I end up making the same video over and over and then just changing the ending. What I like to do is show people how to do different things and then let them decide how to set up/configure their homelabs.
@@DBTechYT I get that, but I was trying to follow along and setup on my system and ended up having an issue that I had to figure out what went wrong/ where and it was where I was trying to follow what to do between 2 different videos. But thank you for responding
@@DodgeHooker641 Thats the best part. Bonus learning there that makes you remember way longer than if it was easy a to b processing. Harsh for a beginner, but such a satisfying reward when you successfully fix it on your own
Completely agree, but I understand DBtech's point below about having the same videos 1000 times. I faced that problem with a postgres additional property stack not allowed which the video did not mention anything about. Do we need a postrgres image ?
It would be interesting to see how you have WARP setup. I have included as an access rule but seems that anyone using warp can access the application not just me.
Hi, I completed installing all setups. testing local ip address can access Guacamole, but Cloudflare can't access error 502. I use Synology Docker to install blow containers. Could you know how to fix it?
hi there i tryed the way you ddi i have now access to the guacamole page i created 2 connection (one ssh ( proxmox) one windows) i try to connect to windows it keep disconnecting right way ssh i get the same thingi try to copy form my cmomputer the information ssh from teh folder .ssh knownhost fine associated to my ip of my proxmox server) still not working -befor to put it on my cloudflare i want it to work properly do you have an idea why it doesnt work
Is there any way to speed up Guac connecting to Ubuntu desktop? I'm using xrdp and it is laggy. I think what I need is the 10Mbit option for Guac to support. Similar to what the Windows RDP client allows.
If I want to remotely secure access to my local Raspberry Pi terminal, should I use Guacamole and Cloudflare Tunnels - or is there a better way? I'm thinking it would be cool to be able to access the raspberry pi terminal through any webbrowser. But accessing from a remote terminal would also be ok. I already have Cloudflare Tunnels running using Portainer on my RPI so that I can access other services on my local network. I've watched the video above, but I'm still not sure if Guacamole can help me. Thanks!
Hello, I have been experiencing some issues with the RDP. It just doesn’t take the credentials (it says that it is incorrect, but they are right). I have tried to connect from a normal desktop computer and still no success. I have tried every guide on the internet but didn’t manage to get it work. Any idea?
I ran the guacamole image directly from within docker and it says starting guacamole client but I don’t see any client running? Is there a specific ip address I should navigate to to see the client login
I saw that you tagged me in your description!! Thanks!! It's too bad that I don't actually get notifications when I get tagged. Had to go to the "Mentions" tab to find out!
I think (not 100%), for something like this, you'd want a TinyPilot KVM or Pi KVM setup for that. But that's just my brain's answer with no real research on the matter.
I'm using cloudflared in a container to point to my traefik reverse proxy then to Guacamole so that I can access my workstation at home remotely. The issue is that with the cloudflared tunnel, I get random disconnects, anywhere from 2-15 minutes which forces me to relogin to guac (my authelia session remains intact). This is very annoying and makes it unusable for this purpose. I'm wondering if anyone else has experienced this and if it's normal. Changing nothing else but removing the tunnel and forwarding the ports on my router to traefik completely solves the issue, so I'm certain it's the tunnel, but perhaps there are settings I can change to improve the connection stability?
I had to figure out all this by myself and only now i am finding this vid. The algorithm failed me.. The only diffrence is that i used VMs in HyperV and not docker but it works just fine. Is there a way to direlctly acess RDP without using guacamole? and even an openvpn connection directly?
As an absolut newbie on this topic I'd like to know the difference between this setup and when all system are accessible through CF subdomains? I reckon you would use Guacamole when the actual system is piece of hardware with no web frontend, right?
Followed this tutorial and it worked great but after 24 hours the container for guacomole stops and i have to go back into portainer to start the service. Any ideas what i did wrong or skipped to keep it running?
Many thanks for your video. Although I reach the Guacamole login screen via my Cloudflare Tunnel, I get the following error after entering username / password and pressing the Login button - "An error has occurred and this action cannot be completed. If the problem persists, please notify your system administrator or check your system logs. I am running on a Raspberry Pi4, so that might be relevant." I cannot see any error messages in either the container logs or tomcat error logs. Any suggestions welcome please!!
great content, love your video's. I did want to know though could I setup Cloudflare Tunnel to hit a locally hosted nignx proxy manager and have the reverse proxy take me to the correct service? would this add another layer of protection or just complicate the setup for no real benefit? Again thank you for all that you do, much appreciated.
This will not work because in Cloudflare you have to define the target computer and port, too. With cloudflared you will not need a locally npm any more 🙂
I have this setup. All my cloudflare public hostnames in my tunnel point to my NginxProxyManager container. Then based on the url entered NPM redirects to the proper service. If you already use NPM for local reverse proxy, it's really easy to do. Just need to make sure your NPM and cloudflared containers are in the same docker network. It's not really another layer of protection, but if you want to add another layer of protection you could do that with Authelia. DBTech has a tutorial on that and it's how I set up mine too. Basically I access my guacamole instance, it redirects me to my Authelia where I have 2FA enabled, when that 2FA is confirmed it redirects back to guacamole. All of them using cloudflare tunnels so I can access it wherever.
@@julientheriault7423 I had the same setup, except using traefik with Authelia instead of NPM. I was having disconnect issues with Guac that made it unusable using the cloudflared tunnel. It would randomly kick me out of guac and I'd have to login to guac again every 2-15 minutes even with activity. It would save my authelia sessoin, but still made it hard to work on. Keeping everything else the same but eliminating the cloudflard tunnel fixed the issue. Wondering if I'm the only one who is having this problem since it seems there are quite a few people out there using cloudfalred tunnel with guac and no mention of this issue.
Not sure if anyone else has this problem, but the "published ports" to access that guacamole apache screen didn't work for me Solution: go to portainer environments --> local --> public ip = your computer's IP address --> restart the stack --> enter ":port" in the browser
Never open a cloudflare tunnel directly to your pc but use an intermediate vps and from there wireguard tunnel. In this way you can even use RDP securely.
I love it when guys like you make these overarching, commanding statements but never actually explain yourselves. "DO THIS BECAUSE I SAID SO BUT I'M NOT GOING TO EXPLAIN MY LOGIC. SO SAYETH ME"
they have a file upload limit of 100mb on the free tier since they only really want people using the service to serve html, css and that sort of thing with it
I somehow fail 2 understand, why i would want to use guacamole instead of forwarding a random high port through a firewall to the vm/server i want to access. I just see it as a big entry point with many possible insecuritys while ssh is well configured pretty hard and f.e. Softwar like Mobaxterm makes it pretty easy to access
I followed your instructions and RDP is working, but the sessions are very slow. I expected it to be faster than TeamViewer, but it's the opposite. Do you have any suggestions for speeding up RDP sessions?
All my stuff is just as fast as if I was sitting there at the original computer. Are you dealing with Wifi? How fast is your upload/download on each end? Are either (or both) of the systems low-end devices? The more information you can give when asking tech support questions, then better and faster your responses will be.
Thanks for the quick response. My network has 235 Mbps down and 12 up. The micro PC where the Docker container runs is an old Intel Atom 330 1.6 GHz with 3 GB RAM running Ubuntu 20.04. The Windows 11 where the desktop runs is an Intel Core i5-6500 2.5 GHz with 16 GB RAM. All connection are Ethernet 100/1000.@@DBTechYT
My Published Ports links in my portainer never work unlike yours. Instead of linking the servers IP address or hostname all those links are 0.0.0.0: followed by the port. Found the settings. In Portainer Environments -> Local Set public IP address to the IP address of the Portainer server and the links are proper now.
great video, but i don't really see the advantage. For my home server I use a local reverse proxy to not have to specify ports and to get valid TLS certificates. This via DNS challenge to not open any ports. My router is running Wireguard so I can connect to my local network from anywhere. Cloudflare seems easier, but you have to rely on there service.
How safe is this? I have good experience with virtual machines and systems, but I am weak in security and I want to strengthen this aspect. What can I do about this?
I think, with a setup like this, I would want to add some additional authentication to the setup using this method (or something similar): th-cam.com/video/wdmbAo02ktQ/w-d-xo.html
Very nice. I made I made the same setup with official image. But still issue with the IP shown in the dashboard. Like you, its a docker IP, not the real IP. Have a solution for that? Anyway still a good video
It can't without some sort of remote connection. I wouldn't at all recommend installing Guacamole on Linode to access your home server. That just seems like a bad idea.
Thanks for another great video. Am having a problem connecting via ssh. Is there anything special about port 6943 that you used ? I can connect on port 22 from a linux terminal but Guacamole fails to connect. RDP works fine to the same machine.
@@DBTechYT After more experimenting it turns out I cannot ssh into any linux desktops from Guacamole. Command line ssh works fine and rdp is also fine. I can ssh from Guacamole into container linux servers but not as root. The problem obviously lies with Guacamole. Any suggestions as to what to try to fix it ?
Man, your videos are very interesting and informative, however, you need to slow down talking about 50%, since it feels like you got hit by diarrhea...
Well this just pisses me off, itd been great if before 15 mins in you mentioned Windows 11 Home editons DO NOT HAVE REMOTE DESKTOP AND YOUR WASTING YOUR TIME!!!!! GRRRRR
So I wasted your time because you didn't know the limitations of the operating system you use? Go buy a cheap Windows 11 Pro key and enter it into your current system to upgrade it to Pro.
Hi, I am the maintainer of the image you mentioned (yes, I am a he, no worries!). For more info, this image is a fork of a very popular image that has been abandoned (Oznu's image).
Many images have forked from Oznu's, and mine is far from being the most popular. However, I take pride of updating and rebuilding it every week, or when the main software inside are updated (Tomcat, PostgreSQL JDBC and S6 overlay).
I wondered why my image got a bump in pulls around end of January, now I get it ! (most likely your video + a mention in the Watchtower community)
Most of the credit should go to the Apache Guacamole Team of course (Nick Couchman and Mike Jumper), and to Oznu for inspiration.
Thanks for continuing an awesome project and providing frequent updates! Extremely appreciated amongst the community
Thank you for this video and your other video "Cloudflare Tunnels: Getting Started with Domains, DNS, and Tunnels". These were immensely helpful. I finally got my whole server rack in a zero trust so I can access it anywhere. Thank you!!
Best Guacamole tutorial ever! Greetings from Chile 🇨🇱
Another option is Kasmweb, with their new Server Workspaces!
Kasmweb is installed locally, and have most of my local servers set up as Kasmweb Workspaces. Some are RDP, and some are SSH sessions. Local access is straignt forward, but I also have a CloudFlare Tunnel providing the external connection with a CloudFlare Application providing secure access. So I can basically get to anything on my local network from anywhere with a reasonable assurance of security.
(And of course, I learned how to do the CloudFlare Tunnel and Application from YOUR videos!!) ;)
I actually recently started a Kasmweb series. Only 1 video out so far, but more coming soon!
@@DBTechYT Looking forward to it!
How is the performance with this over cloudflare tunnel? I setup my guac access through a cloudflare tunnel that forwards to my reverse proxy (traefik) and it randomly disconnects every 2-15 minutes and I have to relogin. If i just port forward from my router > traefik, I have zero issues. Wondering if anyone else is encountering this problem.
I'm confused how this works. Aren't kasm workspaces basically containers/VMs that you can access remotely. Or are you using them to access your workstation or servers remotely? Is this a 1:1 replacement for guacamole? I was looking at Kasm, but it seems more like rolling out ephemeral desktops in containers rather than something like guac which is just a gateway so you can RDP to your workstation. Please correct me if I'm wrong.
@@DrDingus Performance is stellar. My homelab is running on Proxmox on a Dell 5080 with an i7 with 16 vCPUs and 32GB RAM over a 200x200 fiber internet connection. Connectivity is solid, stable, and reliable.
Great video 🙂 I spent about 3-4 hours yesterday trying to get a remote setup then when I saw your video noted you'd used guacamole which I'd heard of but not looked into a lot. I tend to use a different tunnel for each service and do them both together in single docker compose. That way I can jus backup the whole container and can restore to a different host if need be for redundancy after changing the tunnel key and IP addresses.
If you are running UFW you need to open the respective port (sudo ufw allow 8080) for example. Otherwise you will get a bad gateway error. Great video, thanks.
Thanks for that one, I was cracking my head trying to figure it out ;D
Great video, will have a play with Guacamole. I'd personally love to see SSH access run through via cloudflare tunnels, being set up on a third party client like termius
thanks for the demo and info, have a great day
Great Video as always ❤, Thanks
Could you please make a video how to add authelia for cloudflare tunnel
Authelia on top of Cloudflare tunnel seems a bit to much. The function of Authelia is 2fa in front of your internal apps and that´s what you have with cloudflare tunnel. In my opinion you do not need authelia any more. Authelia is usefull, if you use nginx proxy manager instead of cloudflare, but that´s not as good as this solution 🙂
Great video I wanna do this for my Proxmox server. :)
Been using guac for over 2 years and love it. One issue I'm having now on another computer is USERNAME/PASSWORD doesn't work great when you use your "hello" pin or actual Microsoft account to sign into Windows. Yes, if you use a local account works all day but other way it's such a pain.
Interesting. I hadn't thought about that being an issue
The Best videos... thanks for your time
How do you setup totp using the docker image. The explanation from the docker hub page was not so clear
Great vídeo, thanks
I guess that this can make also sing a basic account in cloudflare.
great vid, thanks!
Thanks for this. Only set up cloudflare tunnels a couple of days ago and was wondering how I could RDP into my Hyper-V server from a locked down work computer. Just logged onto my portainer, copied your setup, added it in cloudflare and bang, it's working. Think I'll leave the username/password blank though and enter it everytime and I've setup 2FA on the cloudflare tunnels already, rather than set it up for each application.
Hi sir! Can you make a guide on how to expose samba share using cloudflare tunnel
THNAK YOU!!!!!!!!!!!!
Do you have a video on setting up Warpdrive like how you use it to access this service?
Great video thanks
Does this actually work well for anyone? I get constant disconnects on guac if I use the argo tunnel, but no issues if I don't use the argo tunnel. I'm using traefik as a reverse proxy in both situations.
I really like your videos, but quite often, I wish you'd have a "how to update" when things change. I know it's something I should probably be able to figure out out on my own, but it's nice when that is included.
You mean like this video I made in 2020? th-cam.com/video/mGfcHlgW1VQ/w-d-xo.html
@@DBTechYT Yeah. Kind of like that. Boy do I feel silly after watching that! Sorry. I wasn't able to get Guacamole to login to my desktop computer. I'm sure it s something I'm doing wrong. Thanks for the videos!
Works fine for me but when rdp into Fedora 37 or Ubuntu 22.04 desktop, the mouse pointer is replaced by a square block of colours. Apparently this is a bug in Guacamole. Anyone know a way to easily fix this ?
Also add ZeroTier container to access all your ZeroTier nodes :)
Absolutely!
Any idea how to get WoL working for RDP connections?
I know you said that you did a previous video about this a while ago, but for a newcomer to this, I'd recommend to show ALL the steps in your new video indeed or saying to go back and watch a section of the previous video.. the reason, is that for a newcomer to this that's watching your current video as a Step-by-Step guide and actually doing the setup on their computer at the same time, it really muddies the water with trying to switch back and forth between videos and make sure that something doesn't get missed which then causes a problem and leaves the newcomer wondering where it went wrong and trying to troubleshoot the issue.. There in is the issue of trying to watch multiple videos and make it all work. Instead, I'd recommend to cover ALL of it in the new video versions and have timestamps so that people can easily skip ahead of a section doesn't apply to their situation. But that's just my suggestion
So the problem with that is that I end up making the same video over and over and then just changing the ending. What I like to do is show people how to do different things and then let them decide how to set up/configure their homelabs.
@@DBTechYT I get that, but I was trying to follow along and setup on my system and ended up having an issue that I had to figure out what went wrong/ where and it was where I was trying to follow what to do between 2 different videos.
But thank you for responding
@@DodgeHooker641 Thats the best part. Bonus learning there that makes you remember way longer than if it was easy a to b processing. Harsh for a beginner, but such a satisfying reward when you successfully fix it on your own
Completely agree, but I understand DBtech's point below about having the same videos 1000 times. I faced that problem with a postgres additional property stack not allowed which the video did not mention anything about. Do we need a postrgres image ?
😂
…lulz
It would be interesting to see how you have WARP setup. I have included as an access rule but seems that anyone using warp can access the application not just me.
Hi, I completed installing all setups. testing local ip address can access Guacamole, but Cloudflare can't access error 502.
I use Synology Docker to install blow containers. Could you know how to fix it?
An interesting alternative is immense/Remotely
Is remotely still maintained? I thought it was a dead project.
hi there i tryed the way you ddi i have now access to the guacamole page i created 2 connection (one ssh ( proxmox) one windows) i try to connect to windows it keep disconnecting right way
ssh i get the same thingi try to copy form my cmomputer the information ssh from teh folder .ssh knownhost fine associated to my ip of my proxmox server) still not working
-befor to put it on my cloudflare i want it to work properly do you have an idea why it doesnt work
Is there any way to speed up Guac connecting to Ubuntu desktop? I'm using xrdp and it is laggy. I think what I need is the 10Mbit option for Guac to support. Similar to what the Windows RDP client allows.
If I want to remotely secure access to my local Raspberry Pi terminal, should I use Guacamole and Cloudflare Tunnels - or is there a better way? I'm thinking it would be cool to be able to access the raspberry pi terminal through any webbrowser. But accessing from a remote terminal would also be ok. I already have Cloudflare Tunnels running using Portainer on my RPI so that I can access other services on my local network. I've watched the video above, but I'm still not sure if Guacamole can help me. Thanks!
Ok - so now I have actually tried Guacamole - and it solves my question regarding ssh. Should have tried before I asked :)
Anyone figure out how to add a custom branding.jar to this installation? Would like to change the logo and title name.
Hello, I have been experiencing some issues with the RDP. It just doesn’t take the credentials (it says that it is incorrect, but they are right). I have tried to connect from a normal desktop computer and still no success. I have tried every guide on the internet but didn’t manage to get it work. Any idea?
I ran the guacamole image directly from within docker and it says starting guacamole client but I don’t see any client running? Is there a specific ip address I should navigate to to see the client login
Fist & watching :) BTW. my last video i mentioned you in it ! and linked your channel !
I saw that you tagged me in your description!! Thanks!! It's too bad that I don't actually get notifications when I get tagged. Had to go to the "Mentions" tab to find out!
Any advice on how to add TOTP to this container?
do you have find the answare? for me dont working..
Can you show how to get Wake-On-LAN to work in guacamole? Thanks for the great videos!
I think (not 100%), for something like this, you'd want a TinyPilot KVM or Pi KVM setup for that. But that's just my brain's answer with no real research on the matter.
Or you can look here for more info: guacamole.apache.org/doc/gug/configuring-guacamole.html#wake-on-lan
I'm using cloudflared in a container to point to my traefik reverse proxy then to Guacamole so that I can access my workstation at home remotely. The issue is that with the cloudflared tunnel, I get random disconnects, anywhere from 2-15 minutes which forces me to relogin to guac (my authelia session remains intact). This is very annoying and makes it unusable for this purpose. I'm wondering if anyone else has experienced this and if it's normal. Changing nothing else but removing the tunnel and forwarding the ports on my router to traefik completely solves the issue, so I'm certain it's the tunnel, but perhaps there are settings I can change to improve the connection stability?
I had to figure out all this by myself and only now i am finding this vid. The algorithm failed me.. The only diffrence is that i used VMs in HyperV and not docker but it works just fine.
Is there a way to direlctly acess RDP without using guacamole? and even an openvpn connection directly?
Where are the record session?
As an absolut newbie on this topic I'd like to know the difference between this setup and when all system are accessible through CF subdomains? I reckon you would use Guacamole when the actual system is piece of hardware with no web frontend, right?
That's correct. Guacamole is good for remote SSH and RDP like I show in the video. This isn't meant to access things like VaultWarden or BookStack.
Did anyone able to use wake on lan with guacamole running in docker?
Followed this tutorial and it worked great but after 24 hours the container for guacomole stops and i have to go back into portainer to start the service. Any ideas what i did wrong or skipped to keep it running?
Depending on how you installed these, you'll need to set the restart policy on them to "always"
Is there any benefit on using guacomole to access a server through ssh compared to putting directly the ssh port in cloudflare tunnels?
Preference? Convenience?
Many thanks for your video. Although I reach the Guacamole login screen via my Cloudflare Tunnel, I get the following error after entering username / password and pressing the Login button - "An error has occurred and this action cannot be completed. If the problem persists, please notify your system administrator or check your system logs. I am running on a Raspberry Pi4, so that might be relevant." I cannot see any error messages in either the container logs or tomcat error logs. Any suggestions welcome please!!
I should add, the same Guacamole container works fine when accessed from within my LAN.
great content, love your video's. I did want to know though could I setup Cloudflare Tunnel to hit a locally hosted nignx proxy manager and have the reverse proxy take me to the correct service?
would this add another layer of protection or just complicate the setup for no real benefit? Again thank you for all that you do, much appreciated.
This will not work because in Cloudflare you have to define the target computer and port, too. With cloudflared you will not need a locally npm any more 🙂
This would be extra work that doesn't bring you a lot.
I have this setup. All my cloudflare public hostnames in my tunnel point to my NginxProxyManager container. Then based on the url entered NPM redirects to the proper service. If you already use NPM for local reverse proxy, it's really easy to do. Just need to make sure your NPM and cloudflared containers are in the same docker network. It's not really another layer of protection, but if you want to add another layer of protection you could do that with Authelia. DBTech has a tutorial on that and it's how I set up mine too. Basically I access my guacamole instance, it redirects me to my Authelia where I have 2FA enabled, when that 2FA is confirmed it redirects back to guacamole. All of them using cloudflare tunnels so I can access it wherever.
@@julientheriault7423 I had the same setup, except using traefik with Authelia instead of NPM. I was having disconnect issues with Guac that made it unusable using the cloudflared tunnel. It would randomly kick me out of guac and I'd have to login to guac again every 2-15 minutes even with activity. It would save my authelia sessoin, but still made it hard to work on. Keeping everything else the same but eliminating the cloudflard tunnel fixed the issue. Wondering if I'm the only one who is having this problem since it seems there are quite a few people out there using cloudfalred tunnel with guac and no mention of this issue.
Not sure if anyone else has this problem, but the "published ports" to access that guacamole apache screen didn't work for me
Solution: go to portainer environments --> local --> public ip = your computer's IP address --> restart the stack --> enter ":port" in the browser
I made a short about this a year or so ago: th-cam.com/users/shortsq6PimerKycI
Please for ftp or sftp with cloudflare
Can't we directly run RDP over the tunnel ? Been trying hard but I am failing.
You can, but I prefer to do it this way
Thanks..
Never open a cloudflare tunnel directly to your pc but use an intermediate vps and from there wireguard tunnel. In this way you can even use RDP securely.
I love it when guys like you make these overarching, commanding statements but never actually explain yourselves. "DO THIS BECAUSE I SAID SO BUT I'M NOT GOING TO EXPLAIN MY LOGIC. SO SAYETH ME"
Which Cloudflare-Plan do you use?
The free one
Tunnels for http/https traffic, it is limited bandwidth. Am I right?
they have a file upload limit of 100mb on the free tier since they only really want people using the service to serve html, css and that sort of thing with it
I used this image in a docker swarm, for some reason it shutdown after around 8 hours it start.
You need Linux or Win 11 will work?
I somehow fail 2 understand, why i would want to use guacamole instead of forwarding a random high port through a firewall to the vm/server i want to access. I just see it as a big entry point with many possible insecuritys while ssh is well configured pretty hard and f.e. Softwar like Mobaxterm makes it pretty easy to access
Because with this setup there's no port forwarding involved and multiple levels of security for logging in including 2 factor authentication
I can't even get to the web interface after starting the container in portioner :(
I followed your instructions and RDP is working, but the sessions are very slow. I expected it to be faster than TeamViewer, but it's the opposite. Do you have any suggestions for speeding up RDP sessions?
All my stuff is just as fast as if I was sitting there at the original computer. Are you dealing with Wifi? How fast is your upload/download on each end? Are either (or both) of the systems low-end devices? The more information you can give when asking tech support questions, then better and faster your responses will be.
Thanks for the quick response. My network has 235 Mbps down and 12 up. The micro PC where the Docker container runs is an old Intel Atom 330 1.6 GHz with 3 GB RAM running Ubuntu 20.04. The Windows 11 where the desktop runs is an Intel Core i5-6500 2.5 GHz with 16 GB RAM. All connection are Ethernet 100/1000.@@DBTechYT
My Published Ports links in my portainer never work unlike yours.
Instead of linking the servers IP address or hostname all those links are 0.0.0.0: followed by the port.
Found the settings. In Portainer Environments -> Local
Set public IP address to the IP address of the Portainer server and the links are proper now.
Yeah this is a common thing. I actually made a short about it a little over a year ago: th-cam.com/users/shortsq6PimerKycI
great video, but i don't really see the advantage. For my home server I use a local reverse proxy to not have to specify ports and to get valid TLS certificates. This via DNS challenge to not open any ports. My router is running Wireguard so I can connect to my local network from anywhere.
Cloudflare seems easier, but you have to rely on there service.
That's the great thing about self-hosting: there's no one right way to do it. You can set it up however you want
Some people need to access their applications from locations where installing a VPN is not possible, like locked-down work computers.
@@DrDingus That's exactly why I started Guacamole, and why I decided to updated Oznu's image ;-)
How safe is this? I have good experience with virtual machines and systems, but I am weak in security and I want to strengthen this aspect. What can I do about this?
I think, with a setup like this, I would want to add some additional authentication to the setup using this method (or something similar): th-cam.com/video/wdmbAo02ktQ/w-d-xo.html
@@DBTechYT Thanks for the tip. I already added google verification by watching your video.
Very nice. I made I made the same setup with official image. But still issue with the IP shown in the dashboard. Like you, its a docker IP, not the real IP. Have a solution for that? Anyway still a good video
Late but I believe you need to just use the host option in docker
Why do you have so many tunnels? One tunnel per service. I'm thinking one tunnel and one host name per service/ip is all I need. Home lab, 2 users.
you can build it however you want, but I need different things for different projects
Does this violate their terms of service?
what if i am using wifi on laptop and ip address is not fixed?
You'll need to set a fixed IP on your laptop
If i install guacamole on linode to access my Home Network from anywhere, how can i do it? How can the cloud computer access my network?
It can't without some sort of remote connection. I wouldn't at all recommend installing Guacamole on Linode to access your home server. That just seems like a bad idea.
@@DBTechYT So what would you suggest? i don't have any device at home where to run guacamole
Then I would suggest getting a device at home to run Guacamole
Thanks for another great video. Am having a problem connecting via ssh. Is there anything special about port 6943 that you used ? I can connect on port 22 from a linux terminal but Guacamole fails to connect. RDP works fine to the same machine.
that port of 6943 was the port I set up for that specific device
@@DBTechYT After more experimenting it turns out I cannot ssh into any linux desktops from Guacamole. Command line ssh works fine and rdp is also fine. I can ssh from Guacamole into container linux servers but not as root. The problem obviously lies with Guacamole. Any suggestions as to what to try to fix it ?
Dude, great content as always. Btw, have you stopped brushing your teeth?
Or you could just use ipv6 and call it a day
Why rely on someone else's service to make your server run
Man, your videos are very interesting and informative, however, you need to slow down talking about 50%, since it feels like you got hit by diarrhea...
Maybe I did?
Well this just pisses me off, itd been great if before 15 mins in you mentioned Windows 11 Home editons DO NOT HAVE REMOTE DESKTOP AND YOUR WASTING YOUR TIME!!!!! GRRRRR
So I wasted your time because you didn't know the limitations of the operating system you use? Go buy a cheap Windows 11 Pro key and enter it into your current system to upgrade it to Pro.
Could this be used to access my proxmox Web UK?
I don't see why not
@@DBTechYT I can't seem to get it working. Not done a deep dive on it yet