You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by "Sky..." <sk...@gmail.com> on 2020/01/10 02:00:59 UTC
guacd endpoint for health check?
I am trying to put guacd behind AWS application load balancer, but the load
balancer requires heath check. Is there an endpoint url I can use for the
health check?
Re: Administrative action logging
Posted by Mike Jumper <mj...@apache.org>.
On Thu, Jan 9, 2020 at 6:53 PM Adam Woodland <ad...@adamwoodland.com> wrote:
> Hi,
>
> Using 1.0.0, under Ubuntu 18.04.
>
> I'm looking at auditing administrative actions in Guacamole and I'm trying
> to find what is logged when an [account|group|connected] is
> [created|modified|deleted] on the portal.
>
Administrative actions are not currently logged. I recommend opening an
issue in JIRA to request this if your use case requires such logging, as
it's definitely something that could be done.
https://issues.apache.org/jira/browse/GUACAMOLE/
- Mike
Administrative action logging
Posted by Adam Woodland <ad...@adamwoodland.com>.
Hi,
Using 1.0.0, under Ubuntu 18.04.
I'm looking at auditing administrative actions in Guacamole and I'm trying
to find what is logged when an [account|group|connected] is
[created|modified|deleted] on the portal.
catalina.out is recording logins ok and guacd is recording those users
connecting through to end devices, so I can log those centrally.
Just can't find any admin logging to send centrally.
Any locations I've missed?
Thanks,
Adam
Re: guacd endpoint for health check?
Posted by Mike Jumper <mj...@apache.org>.
On Thu, Jan 9, 2020, 18:59 Sky... <sk...@gmail.com> wrote:
> I should have explain my setup. I'm not trying to load balance guacd. I
> need to manage servers in multiple isolated virtual networks. All my
> servers are in private subnet on AWS and front by AWS application load
> balancer. I want to deploy 1 guacamole client and 1 guacd per virtual
> network. Right now I deploy guacd in a public subnet and have access list
> to allow only guacamole client IP to access it.
>
You should always keep guacd on a private network and limit access to only
the subnet of the server(s) hosting Tomcat, yes. You should never allow
public access to guacd.
I want further secure this by putting guacd in a private subnet and front
> by an application load balancer so there is less attack surface. Is this
> possible?
>
You can put Tomcat behind an application balancer. You cannot put guacd
behind an application balancer because it is not a web application. It
doesn't speak HTTP.
- Mike
Re: guacd endpoint for health check?
Posted by "Sky..." <sk...@gmail.com>.
I should have explain my setup. I'm not trying to load balance guacd. I
need to manage servers in multiple isolated virtual networks. All my
servers are in private subnet on AWS and front by AWS application load
balancer. I want to deploy 1 guacamole client and 1 guacd per virtual
network. Right now I deploy guacd in a public subnet and have access list
to allow only guacamole client IP to access it. I want further secure this
by putting guacd in a private subnet and front by an application load
balancer so there is less attack surface. Is this possible?
On Thu, Jan 9, 2020 at 6:06 PM Mike Jumper <mj...@apache.org> wrote:
> On Thu, Jan 9, 2020, 18:01 Sky... <sk...@gmail.com> wrote:
>
>> I am trying to put guacd behind AWS application load balancer, but the
>> load balancer requires heath check. Is there an endpoint url I can use for
>> the health check?
>>
>
> No. guacd is not a web application and cannot be placed behind an
> application load balancer.
>
> If you wish to balance guacd, you will need to use a TCP load balancer.
>
> - Mike
>
>
Re: guacd endpoint for health check?
Posted by Mike Jumper <mj...@apache.org>.
On Thu, Jan 9, 2020, 18:01 Sky... <sk...@gmail.com> wrote:
> I am trying to put guacd behind AWS application load balancer, but the
> load balancer requires heath check. Is there an endpoint url I can use for
> the health check?
>
No. guacd is not a web application and cannot be placed behind an
application load balancer.
If you wish to balance guacd, you will need to use a TCP load balancer.
- Mike