You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@guacamole.apache.org by GitBox <gi...@apache.org> on 2021/11/16 14:44:06 UTC

[GitHub] [guacamole-website] necouchman opened a new pull request #95: Add entry to FAQ for HTTP(s) support.

necouchman opened a new pull request #95:
URL: https://github.com/apache/guacamole-website/pull/95


   I think this is probably a good entry to have on the FAQ, as the request comes up quite frequently.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [guacamole-website] necouchman commented on a change in pull request #95: Add entry to FAQ for HTTP(s) support.

Posted by GitBox <gi...@apache.org>.

necouchman commented on a change in pull request #95:
URL: https://github.com/apache/guacamole-website/pull/95#discussion_r750837111



##########
File path: faq.md
##########
@@ -262,6 +262,15 @@ method for X11, which is too complex. This is not necessary, though - as far as
 performance is concerned, there is an X.Org driver for Guacamole currently
 under development which achieves the same goal (see above).
 
+### I would like to access web pages via Guacamole. Can you add support for HTTP(s)? {#support-http}
+No. Guacamole is designed to be a remote desktop client, and the goal is not
+to provide a complete remote access solution (VPN, Proxy, Zero-Trust, etc.). There
+are many existing services available for VPN, Reverse Proxy, and the like, and Guacamole
+can complement these solutions by providing a remote desktop component to those

Review comment:
       I did some quick searching for Chrome/Chromium headless integration APIs, and I've found JavaScript, Java (Selenium), and C++, but nothing for straight C, unless ChromeDriver helps out at all, or unless integrating a C++ library/API would be doable. I don't have much experience with writing code across languages like that...




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [guacamole-website] mike-jumper commented on a change in pull request #95: Add entry to FAQ for HTTP(s) support.

Posted by GitBox <gi...@apache.org>.

mike-jumper commented on a change in pull request #95:
URL: https://github.com/apache/guacamole-website/pull/95#discussion_r750791933



##########
File path: faq.md
##########
@@ -262,6 +262,15 @@ method for X11, which is too complex. This is not necessary, though - as far as
 performance is concerned, there is an X.Org driver for Guacamole currently
 under development which achieves the same goal (see above).
 
+### I would like to access web pages via Guacamole. Can you add support for HTTP(s)? {#support-http}
+No. Guacamole is designed to be a remote desktop client, and the goal is not
+to provide a complete remote access solution (VPN, Proxy, Zero-Trust, etc.). There
+are many existing services available for VPN, Reverse Proxy, and the like, and Guacamole
+can complement these solutions by providing a remote desktop component to those

Review comment:
       I imagine the implementation would be essentially a browser implemented behind guacd, rendering page content using the Guacamole protocol - something like "libguac-client-http". Could be an integration of Chromium, especially if the rendering library of Chromium is an API that could have a guac-specific implementation plugged in.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [guacamole-website] necouchman commented on a change in pull request #95: Add entry to FAQ for HTTP(s) support.

Posted by GitBox <gi...@apache.org>.

necouchman commented on a change in pull request #95:
URL: https://github.com/apache/guacamole-website/pull/95#discussion_r750790823



##########
File path: faq.md
##########
@@ -262,6 +262,15 @@ method for X11, which is too complex. This is not necessary, though - as far as
 performance is concerned, there is an X.Org driver for Guacamole currently
 under development which achieves the same goal (see above).
 
+### I would like to access web pages via Guacamole. Can you add support for HTTP(s)? {#support-http}
+No. Guacamole is designed to be a remote desktop client, and the goal is not
+to provide a complete remote access solution (VPN, Proxy, Zero-Trust, etc.). There
+are many existing services available for VPN, Reverse Proxy, and the like, and Guacamole
+can complement these solutions by providing a remote desktop component to those

Review comment:
       > Guacamole is designed and intended to be a complete remote access solution, and is particularly well-suited to Zero-Trust and taking the place of what would traditionally involve a VPN given its built-in access controls and authn/authz layer. 
   
   Yes, that's a good point. I can broaden this a bit.
   
   > Given how frequently this is requested and the fact that we support RemoteApp, I occasionally wonder whether we may be wrong to exclude access to webapps from the concept of remote access.
   
   I'm definitely not opposed to changing our minds on this. I'm curious how you'd foresee this operating within the Guacamole framework - that is, would HTTP traffic be tunneled, somehow, within the Guacamole protocol, or would we bypass the Guacamole protocol altogether? Would guacd still do the translation and connection management between the tunnel and the back-end system? Presumably we could leverage one of several possibly HTTP libraries for that, but seems like a pretty extensive set of changes to make to support rendering pages between guacd and the remote browser, unless we don't use the Guacamole protocol at all and just act as a reverse proxy.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [guacamole-website] mike-jumper commented on a change in pull request #95: Add entry to FAQ for HTTP(s) support.

Posted by GitBox <gi...@apache.org>.

mike-jumper commented on a change in pull request #95:
URL: https://github.com/apache/guacamole-website/pull/95#discussion_r750526964



##########
File path: faq.md
##########
@@ -262,6 +262,15 @@ method for X11, which is too complex. This is not necessary, though - as far as
 performance is concerned, there is an X.Org driver for Guacamole currently
 under development which achieves the same goal (see above).
 
+### I would like to access web pages via Guacamole. Can you add support for HTTP(s)? {#support-http}
+No. Guacamole is designed to be a remote desktop client, and the goal is not
+to provide a complete remote access solution (VPN, Proxy, Zero-Trust, etc.). There
+are many existing services available for VPN, Reverse Proxy, and the like, and Guacamole
+can complement these solutions by providing a remote desktop component to those

Review comment:
       I think this may be a bit too narrow.
   
   Guacamole _is_ designed and intended to be a complete remote access solution, and is particularly well-suited to Zero-Trust and taking the place of what would traditionally involve a VPN given its built-in access controls and authn/authz layer. Wherever a VPN would have previously been used to allow remote access, Guacamole should serve as a much better alternative. If the view is narrowed to just looking at Guacamole as a remote desktop client (which does tend to happen given how the Guacamole project started), the access management aspects of the platform end up being missed. Those aspects are a major feature that set Guacamole apart in a great way.
   
   The specific sticky point is whether remote access extends all the way to non-desktop resources like a web application, to which our stance has been: no, to protect access to an internal web application, you should use a reverse proxy and becoming a general reverse proxy is out of scope for the Guacamole project.
   
   So:
   
   * Generalized reverse proxy for HTTP resources? No.
   * Better choice than a VPN (or similar) for remote access? Absolutely.
   
   Current things that we can point users to with respect to providing this sort of access are:
   
   * Leverage an existing feature like RemoteApp to provide access to a browser via Guacamole.
   * Leverage features of an existing reverse proxy (like Nginx and its `auth_request`) to delegate authentication to Guacamole.
   
   Of course, the fact that we support general protected access to individual native applications via RemoteApp could be argued to support that general protected access to individual _web_ applications is also in scope, so we could consider ... just changing our minds on this.
   
   Given how frequently this is requested and the fact that we support RemoteApp, I occasionally wonder whether we may be wrong to exclude access to webapps from the concept of remote access.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [guacamole-website] mike-jumper commented on a change in pull request #95: Add entry to FAQ for HTTP(s) support.

Posted by GitBox <gi...@apache.org>.

mike-jumper commented on a change in pull request #95:
URL: https://github.com/apache/guacamole-website/pull/95#discussion_r750857972



##########
File path: faq.md
##########
@@ -262,6 +262,15 @@ method for X11, which is too complex. This is not necessary, though - as far as
 performance is concerned, there is an X.Org driver for Guacamole currently
 under development which achieves the same goal (see above).
 
+### I would like to access web pages via Guacamole. Can you add support for HTTP(s)? {#support-http}
+No. Guacamole is designed to be a remote desktop client, and the goal is not
+to provide a complete remote access solution (VPN, Proxy, Zero-Trust, etc.). There
+are many existing services available for VPN, Reverse Proxy, and the like, and Guacamole
+can complement these solutions by providing a remote desktop component to those

Review comment:
       From what I can tell, Chrome/Chromium leverages the Blink browser engine which uses Skia as its graphics engine:
   
   * https://en.wikipedia.org/wiki/Blink_(browser_engine)
   * https://en.wikipedia.org/wiki/Skia_Graphics_Engine
   
   So, writing a protocol plugin for guacd that leverages Blink and a Guacamole Skia backend would probably fit the bill.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org