Utilizing Portainer to Deploy Guacamole As Net Primarily based Distant Entry Gateway (Up to date) – InfoSec Memo

 About 3 years in the past, I had a publish to point out methods to use Portainer to deploy Guacamole 

I made a decision to attempt it utilizing my Oracle Cloud Free ARM machine to see how the deployment goes. It was stunning easy for entire deployment expertise. This publish is to summarize all of the steps , together with methods to RDP into Home windows machine and methods to use NPM (Nginx Proxy Supervisor) so as to add customized area and ssl assist. 




Deployment Utilizing Docker Run Command

Utilization (works for x86_64 and arm64v8, no assist for 32 bits)

docker run 
  -p 8080:8080 
  -v /root/knowledge/docker_data/guacamole:/config 

Be aware: /root/knowledge/docker_data/guacamole is a folder created on the docker host. 

Deployment Utilizing Portainer

Create a brand new container:





Atmosphere variable will routinely set throughout creating your docker container. You do not want to manually enter them. 








GPG_KEYS=05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 5C3C5F3E314C866292F359A8F3AD5C94A67F707E 765908099ACF92702C7D949BFA0C35EA8AA299F1 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23







DESCRIPTION=Guacamole 1.4.0









Restart coverage could be set to Except stopped. 

As soon as all configuration entered, click on “Deploy the container” button. Deployment will begin. When you’ve got not pull the picture earlier than, it can pull picture immediately from Docker Hub repository. 

Entry Guacamole net portal

 http://<public ip>:8080

default username and password: guacadmin / guacadmin

You can be notified to create your individual consumer title and password.

Entry Linux Machines

 RDP to entry xRDP desktop

1. Username and Password

2. Personal key

Personal key in Guacamole connection’s parameters web page will want PEM format file, which isn’t puttygen generated non-public key file. 

We’re in a position to convert PPK format non-public key to PEM format utilizing Puttygen this software. Utilizing Puttygen to load your PPK format non-public key file, then select menu Conversions -> Export OpenSSH key to export to a PEM format non-public key file.

Entry Home windows Machines

When utilizing Guacamole to entry Home windows server machine 2016, all appears fantastic  However frequent problem when making an attempt to make use of Guacamole to hook up with Home windows server 2022 machine with default settings like this:

You’ll get following error message:

“The distant desktop server is presently unreachable. If the issue persists, please notify your system administrator, or test your system logs.”

In case your username or password is fallacious, you’re going to get following error message.

“Log in failed. Please reconnect and take a look at once more.”

Even we checked “Ignore server certificates”, we’d nonetheless get an error message to say server is unreachable. 

Guacamole apparently doesn’t work with Home windows 10 or Home windows Server 2016 RDP naturally so it’s a must to edit the registry to make it work.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp]

Change “SecurityLayer” worth to 1 (Unique worth is 2)

Confirm “UserAuthentication” worth is 0 (Unique worth is 1)

Supply: https://mangolassi.it/matter/17846/make-windows-10-server-2016-rdp-work-with-guacamole/2

So long as you checked “Igore server certificates”, it is possible for you to to log in now. Safety mode could be set to empty or any. 

Enabling Extensions


Extensions could be enabled utilizing the -e EXTENSIONS variable. A number of extensions could be enabled utilizing a comma separated listing with out areas.

For instance:

docker run 
  -p 8080:8080 
  -v </path/to/config>:/config 
  -e "EXTENSIONS=auth-ldap,auth-duo"

Extension Record:

  • auth-duo
  • auth-header
  • auth-jdbc-mysql
  • auth-jdbc-postgresql
  • auth-jdbc-sqlserver
  • auth-json
  • auth-ldap
  • auth-quickconnect
  • auth-sso-openid
  • auth-sso-saml
  • auth-sso-cas
  • auth-totp


Dangerous gateway when accessing portal

If there’s any problem taking place after you run your Guacamole for some time, you may wish to duplicate / edit your present container to create a precisely new one. 

Earlier than you try this, be sure to stopped the present Guacamole container. 

I did met a difficulty after operating it for a few weeks, one thing referring to “Dangerous gateway”. Guacamole net GUI couldn’t load. 

连接rdp协议的windows7或者windows server 2008直接断开?

因为freerdp的一个问题导致的,把 设置>RDP 下面的禁用字形缓存打开即可。 详情可参考 https://points.apache.org/jira/browse/GUACAMOLE-1191

Be aware: https://next-terminal.typesafe.cn/faq/#dockerpercentE5percentAEpercent89percentE8percentA3percent85percentE5percentA6percent82percentE4percentBDpercent95percentE6percent9BpercentB4percentE6percent96percentB0




Leave a Reply

Your email address will not be published.