You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by Lionel PRAT <li...@gmail.com> on 2022/05/19 07:47:57 UTC

New protocol 'http/https'

Hi,

I'm looking for a solution to use guacamole to limit access to certain web
administration interfaces (firewall, vmware, ...).

I had thought of using a chrome in VNC but I find this solution too
dangerous.
The best solution would surely be to develop a connector for the
'http/https' protocol (perhaps starting from the existing code in the
connector
https://github.com/apache/guacamole-server/tree/master/src/protocols/
 kubernetes).
Has anyone had this problem before and if so, how did you resolve it?

Thank you

Lionel

Re: New protocol 'http/https'

Posted by Nick Couchman <vn...@apache.org>.

On Thu, May 19, 2022 at 3:48 AM Lionel PRAT <li...@gmail.com> wrote:

> Hi,
>
> I'm looking for a solution to use guacamole to limit access to certain web
> administration interfaces (firewall, vmware, ...).
>
> I had thought of using a chrome in VNC but I find this solution too
> dangerous.
> The best solution would surely be to develop a connector for the
> 'http/https' protocol (perhaps starting from the existing code in the
> connector
> https://github.com/apache/guacamole-server/tree/master/src/protocols/
>  kubernetes).
> Has anyone had this problem before and if so, how did you resolve it?
>
>
This has come up several times, and, to date, we have not really seriously
entertained the idea and have kind of pushed back against it. The
conversation in the past has been that Guacamole has been targeted toward
remote desktop protocols, and HTTP/HTTPS are not remote desktop protocols.
Furthermore, there are plenty of solutions out there to proxy/reverse-proxy
HTTP and HTTPS pages, and those could be used in place of Guacamole. We may
be shifting a bit on this, but, today, it isn't possible to use HTTP/HTTPS
through guacd.

Several alternatives have been offered that continue to use Guacamole - for
example, you can set up a remote server running RDP or VNC and create a
remote connection to that server, and you can even have the remote
connection open only a web browser, and you could even do it in Kiosk mode
with either Firefox or Chrome to prevent users from using it for other web
pages.

Beyond that, adding HTTP/HTTPS support is possible, but I would not say
it's all that straight-forward. We've had some conversations about how it
could be done, and it seems like we would need to use some sort of back-end
rendering engine that guacd could interface with (there are a couple of
good ones out there) and then write the logic to translate between the
rendering engine and the Guacamole protocol. Definitely possible, just not
easy. And I'm not sure the Kubernetes protocol is a great place to start -
it's text-only, similar to Telnet and SSH, whereas the HTTP/HTTPS protocol
is going to need to be graphics-based, more along the lines of VNC or RDP.

-Nick

>