Guacamole Remote Access Gateway on Docker

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

warning failure to secure this container properly could result in a compromised server this is guacamole and in this video i'm going to explain what it is how to set it up and a couple of different ways to use it but first a quick message from today's video sponsor yourcdk.com is a great place to get windows 10 keys at incredibly low prices so here we are on the microsoft windows 10 pro page and right here you can see the current price is dollars and five cents but if you use the coupon code that's in the description down below you'll get it even cheaper so i'm gonna go ahead and paste that in here and click apply and now our new total for windows 10 pro is about 15 bucks now i have the option to go ahead and view the keys right here so i'm going to go ahead and click on that then i'll click on get the key and then i'm going to come over here and right there you can change the product key so go ahead and click on that i'm going to go ahead and change the product key right here so i've entered my key and i'll click next then i'll click on activate and here we can see the windows is activated next what we want to do is go ahead and validate the key installation and right there you can see the windows 10 professional edition is permanently activated so head on over to yourcdk.com to get your next windows 10 pro key at ridiculously low prices so as i mentioned this is guacamole and i've been using it for a while to to manage certain things on my network different servers different desktop environments and things like that and here recently i was in discord chatting with some people and it was brought to my attention that the version i was using which was the oz new version actually hasn't been updated in 10 months as you can see right there and in fact is no longer being supported so i decided for security reasons to switch over to the official guacamole container and then ran into some issues luckily though i did manage to find uh this blog post uh written by nicholas over at techblog.jepson.org that was written back in march and like he says right here apache guacamole is an awesome html5 remote access gateway unfortunately it can be very frustrating to set up and boy i'll tell you i i really did experience a lot of frustration and trying to get it set up however uh they have docker images that are supposed to make that process easier but i still ran into a lot of problems now when i'm saying that i'm i'm i'm reading what he said but i'm also saying that i also experienced a lot of problems however uh docker compose exists and uh that does make it easier to set up and luckily uh there was somebody who was nice enough to put together uh a github repository that we're going to clone and uh and deploy that way using command line now you could probably go through the process of setting this up through portainer or casa os or yacht or or whatever but for the sake of keeping things simple and straightforward for this video we are going to use ssh to deploy guacamole on our system so if we come over to here uh here you can see that uh everything uh is listed out right here as far as commands are concerned but let's actually jump over to that github repository uh so we can see what's going on here now the first thing that i want to mention is that this repository is not an official guacamole uh repository it's not but you can actually see that right right up here uh in the url and the in the in the the breadcrumbs up here uh in the title it's it's all over the place this is not an official guacamole repository however uh if we actually come in here and look at the uh docker compose file right here he's got a ton of great notes in here i say he whoever created this repository has a lot of great notes in here uh that explains step by step what's what's going on um and what we want to do is actually scroll down until we get to until we get to this part right here uh where we can see that under services in our docker compose uh we are using the official guacamole image right here this is guacamole slash guac d uh if we scroll down a little further to guacamole here uh the official image is listed right there under guacamole guacamole and then even further down there is an official nginx container as well now you don't have to use the nginx container it is it is just an additional thing that you can do in fact it even shows here that if you decide not to use this portion right here you can remove this uncomment this and deploy it that way however using the nginx container also allows us to install uh self-signed certificates on the server for a little extra for a little extra layer of security so that's what we're going to do in this setup is we're going to go ahead and use the nginx uh proc or we're going to use the nginx container as a proxy so that we can also install self-signed certificates locally so before we get uh too much further into this let's actually take a look at what guacamole is and what it does so uh like i said here we are run we're on guacamoles or the home page that i've got set up on my guacamole server and the first thing i'm going to tell you is that i hate the interface uh the aesthetic of the interface the interface is fine it's the aesthetic that i hate it is blinding white and even going through the the settings over here like so so here we've got active sessions this will show any of the active sessions that are currently going on uh you know who's doing it when they started doing it where they're doing it from those sorts of things uh the history you can see that i've been i've been doing all kinds of stuff in here and again it gives all of that same information uh historically speaking anyway here we've got next we've got users i've just got one user in here no groups don't need them for for my simple setup connections we are going to take a look at connections here and then preferences here you can make some changes to that sort of thing but again what we're gonna notice is there's no way to change this to a dark theme so uh luckily i have a script called stylish uh where i have uh created my own uh pretty crappy uh dark mode theme so that we can not be blinded by a white background so so basically here you can see that i've got one two three four five six uh connections is set up i've got two ad guard servers that demo server is the one that we're going to do all of this on jarvis is my synology device my npm that is for nginx proxy manager and ophthalia and all of those sorts of things and i've also got a windows 10 setup in here and i will show how to use windows 10 as well or windows in general how to remotely connect to windows 10 or windows through guacamole here so basically it works like this once you've got your connections set up you can then just click it and give it a second and now we're logged in as that user we didn't have to put any usernames or passwords or any of that kind of stuff in there it just automatically connected because we set up our connection to do that uh once we're done here uh we can uh we can just type in exit oops like so and then it will pop up a window saying hey do you want to go to the homepage do you want to try to reconnect or do you want to log out i'm just going to click on home because then it will take us back to here and again we can do the same thing here again we're logged in just that quickly this is super super handy for remotely managing multiple services multiple servers that sort of thing so i'm gonna go ahead and click on exit again and then it's gonna pop up this window and we can click home and then just for the sake of demonstration here we're going to use guacamole to rdp or remote desktop into a windows 10 instance so go ahead and click on that we'll give this just a second there is my setup there and here we are on a windows 10 is set up inside of guacamole here where we can we can do basically whatever we want to do so let's go ahead and pop this open uh this is a very the the the connection speed that we're seeing here uh is not because of guacamole it's actually a direct result of uh the lowest specs that i gave this vm so let's just come over here and go to fast.com like so and here we can see that we're getting a decent connection speed everything is working just as we would expect it to uh so let's go ahead and close this browser window here and then of course like i said you can come in here and just manage this as though you were on that desktop using remote desktop through windows so we've taken a look at what it looks like to do an ssh into a server or a couple of servers in this case we've also taken a look at connecting to a windows device using remote desktop or remote desktop protocol rdp uh so now let's actually take a look at how to set all of this up we're going to install guacamole and then we'll set up our connections so that we can access these devices uh much more easily as i mentioned we are going to use guacamole through this whole process here uh just to kind of give a demonstration of how easy it is to use so like i said we want to do this on our demo server that we've got set up right here so i'm going to go ahead and click on that i'm going to go ahead in fact down here in the bottom right hand corner you can see that i have a window a pop-up window down here and that is because instead of exiting that windows rdp session um normally i guess though the proper way or maybe in this way there is no proper way because uh what i did is i just came up to the to the toolbar and on my mouse i clicked the back button and what it did was take me back uh to uh to my list of other uh devices and then i logged into here and now we can see that i've got this windows 10 down here and what's cool is i can just toggle back and forth between them uh which is super super handy to do uh when you need to however i'm just gonna go ahead and close that like so okay so here we are we're on my terminals log in like we've already logged in we're at our root here so what i'm going to do is just add an ls just to get an idea of where we are we're in the the home directory of this user so what i'm going to do is i do a cd oops cd slash home and then here we can see all of the different things that i have currently up and running in this server or possibly it's what i've had running in the server not necessarily what's currently running in this server so what we want to do what i like to do for each of these is actually create a folder to to clone into or to install into those sorts of things so what i want to do is do an mkdir for make directory and then i'm going to call this i'm just going to call this guac like so and i also want to do so i also want to do and then i want to once that's done i want to cd into guac just so that we don't have to type it later and and now we've created and uh change directories into that guac directory the next thing that we want to do is actually come over to here and we want to just run this first command now this is git clone and then this github repository that we're on right now so i'm going to right click and click copy and then we're going to come over to here and i'm going to just right click like so now there's there's a possibility that you will get an uh an error if you haven't already installed get that said that get isn't installed and in order to install git you can just use sudo apt install get and hit enter and we're already on the newest version so we don't need to do anything there but that's if you get an error sync git isn't installed that's all you've got to do so we're in our guac directory let's do an ls and here we're in there we've got a guacamole docker compose folder so we're going to do cd space and then we just hit tab at that point and it will autofill that and then we've got this we've got a few different files in here in fact this will be the same files that are listed uh up here we've just cloned these files so we've taken care of the first two steps actually we've we've cloned the repository and we've changed directories in that repository so the next thing we want to do is actually execute this prepare.sh script now we took a look at that that script already uh where we can oh that's the reset script i want the prepare script again this is the one where we're going to initialize the database and then install the the self-signed certificates if you're not comfortable trusting what this says right here you can then again do a nano repair preparer.sh and here you can see exactly what's going on in there as well i am just going to leave everything default for the sake of this setup but you definitely could come in here and change uh your your email address if you wanted to change this to you know mydomain.local or whatever the case is um and then uh hit control o and enter and control x so now we've got uh our our screen cleared and what we want to do is a dot slash prepare dot sh and hit enter so it's going to go through the process of creating the init.dr.sql file and we have gone ahead and installed the self-signed certificates based on the criteria in that preparer.sh file so if we come back over to here and come back a page so now we've we've we've done these three now we've done three we're 75 of the way there um so the next thing we'll do we want to do is docker compose up dash d i'm going to go ahead and copy that come back over to here we'll go ahead and just paste that in there now i've already downloaded all of these images just to kind of speed up this process but uh your your system will have to download most likely the guacamole container the guac d container as well as the engine x container uh in order to deploy these uh here we can see um that it's it's completed three of the four uh containers there we go now we have all four of our containers up and running should be ready to go but let's go ahead and take a look at um our portainer instance just so we can take a look at the logs so what i'm gonna do uh is i'm gonna do 192.168.69.106 9000. uh and here we are we're logged in come over to here go to our containers and here we can see that all of the the we've got engine next guacamole composed guacamole composed postgres guacamole compose and then guac composed down here now my experience is that this guac underscore or guac d underscore compose takes a while to start uh like almost a frustrating amount of time to start so give this a few minutes to to start up and do its thing uh before you get too frustrated and throw your hands up and walk away it will take a few minutes to install so just hang out and wait for that you will want to just periodically refresh the page and here we can see it's still starting so we'll come back once this is ready to go so here we are a few minutes later about four or five minutes later actually and here we can see that everything is up and running uh none of this is in uh starting mode or status or anything so what we want to do next is actually click this eight four four three four four three over here and it's going to throw an error so what we want to do is actually come up to our address bar and uh add https to the beginning of that like so and it's going to say hey your connection is not private so we're going to say click on advanced we're going to say proceed and then we're presented with a login screen here so what we want to do is come back over to here and in fact if we go into this docker compose file that we were given we can see that the username right here the initial login to guacamole is guac admin and guac admin so we're going to go ahead and log in with that like so and the first thing that i recommend doing for security purposes is coming up to guac admin on the top right clicking on settings uh going to users creating a new user and give it a username and password just like you would expect you can do this and then we can decide what kind of account restrictions we want to to set up here i'm just going to do this real quick like so i don't want to any of this other stuff i don't want to lock myself out of this for permissions i do want to make myself an admin a system administrator i want to be able to create new users i want to create new user groups new connections new connection groups new sharing profiles and i want to be able to change my own password so once i've got all of that set up i can click save and then now that we can see we have both of our user accounts here what i want to do is actually log out log out of guac admin and log in as the user that i just created and then go back over here uh to settings go to users and remove this guac admin uh default user account just for security reasons we're gonna say delete and delete and here we go now we just have our one user account so at this point we we have set up guacamole on our server so that we can then start adding accounts uh and other devices other connections things like that to our guacamole setup so let's take a look at how to do that next um so when you first log in um to guacamole this is what it's going to look like and it's not it's not pretty there's nothing there uh so what you'll do is you'll come up to the top right you'll click on settings then you'll click on connections and then right here we can set up new connections or groups i'm just going to set up a new connection here i'm going to call this um ad guard one and the location is fine we don't need to change the location there our protocol in this case is going to be ssh because that's how i manage that particular server so maximum number of connections um i would i would set this number fairly low um one i wouldn't do one i do two three four five something like that i typically do five on here just in case i do something stupid so i can get back in um below that uh what we want to do uh we're not going to do load balancing for a basic setup so this one we don't need to deal with guacamole proxy parameters if you need to run a proxy you can do that but what we want to focus on is the parameters below where we've got network and authentication the host name will be the in this case the ip address it could be the domain name but for the sake of this it's going to be the ip address of the server that i'm trying to connect to so i'm going to type in 192.168.1.26 um on the port i believe i've got it on 2234. um the public host key base we're going to skip username will be uh pi i believe for that one like so um and then if you've got um ssh keys you can put those that information down here the display you can change you can disable copying and pasting uh you can execute commands you can set time zones there's a lot of different stuff in here that you can do uh that i don't have any use for you very well may and i encourage you to explore those options but again for the sake of just setting up an ssh login i don't need any of that stuff so oh i will also say that if you wanted to you could record the screen so if you've got other people on your network or on on your guac server you could record what they're doing so that you can go back and take a look at that later and kind of maybe maybe they screwed something up and you want to be able to uh see what they screwed up you want to see what they typed um that that sort of thing you can absolutely do uh with this uh we're not gonna set that up but you absolutely could so i'm gonna go and click on save and then here if you click that it just brings you back into into the settings area so let's go back we're gonna come back up to here we're gonna click on home and then we're gonna click on add guard one and if everything worked correctly now we're logged in and from here again you can do uh you know basically uh whatever you want to do it's all set up and ready to go and you can just manage your server via ssh now here is where that warning at the beginning of this video came in where it said warning failure to secure this container properly may result in a compromised server and that's something that you really need to be aware of make sure that your your user account that you are using to log into this is secured make sure it's not you know the same password that you use for all of your other stuff uh this is really one of those cases where you will want to add an extra layer of security uh by changing your password specifically for uh this setup so that's look i'm just as guilty as any of you out there about using the same password across all of my internal stuff also if you want to make this available uh through a domain name using a reverse proxy you know whether it's traffic or nginx proxy manager or cadi or or whatever you're using for your reverse proxy uh make sure that you add additional security to that as well so whether you're using nginx proxy and you're using um access lists um that would be a great way to start on this i would also encourage using authelia as an additional layer of protection with this as well do everything you can to to extra extra special secure this particular container because it will give access to whatever you attach to it on your network so just be cautious of that let's go ahead and come back to here we're going to type in exit just so we can get out of here and then again we're going to get this screen i'm going to click on home and then what i want to do next is actually show you how to set up an rdp or a remote desktop on windows so what we're going to do is click on connections we're going to add a new connection we're going to call this uh win and then we're going to switch the protocol to rdp again you can connect via kubernetes rdp ssh telnet and vnc again we're just going to cover rdp and ssh in this but we've already covered ssh that was easy uh we're going to set up uh the maximum number of connections and then what we want to do is actually come down again to the parameters here for the network uh host name that's going to be the ip address of the the the windows computer that you're trying to connect to uh this is one of those cases where um setting up a static ip for your devices on your network is super super handy if you're using dhcp that's fine however just know that if your ip address changes this will fail to connect in the future so i'm going to go ahead and type in my ip address like so and then the port uh the port for rdp is three three eight nine and then uh the authentication uh for that particular uh device we're gonna give it a name and then we're gonna give it a password and then we're going to ignore the certificate the server certificate here now it seems weird that we're putting it here instead of in the remote desk desktop gateway however i've just found that this works better for me i tried using the remote desktop gateway it just wouldn't work by switching it over to uh these first two options here uh i i've had success time after time after time and setting it up that way now here's the thing that we need to take into consideration for remotely connecting to a windows computer and that is that the the remote windows computer needs to have two two things two criteria met the first is that the account that you want to log into has to have a password so you'll need to make sure that your your user has an account password to log in to the desktop that's the first thing the second thing is that you need to make sure the remote desktop is available on the setup so let's actually take a look at that now so let's come over to here uh let's just refresh oops we'll just say exit and we'll go to home and then we're going to go into windows 10 just so we can kind of see what we're doing here get logged in here and then uh so we're going to go ahead and open up my account settings for that user and again this is one of those changes or one of those things where you will want to go over here to sign in options and then make sure that you have a password set up on here um i do i i've got you know sign in with your accounts password um and yep your password is all set up on windows apps and devices if you want to you can change it or if it's not already in there you'll have the opportunity to go ahead and add a windows password the other thing that you need to do is come down here to start type in remote desktop oops remote let's actually look at settings allow remote connections to this computer is what you're looking for right there so go ahead and click on that and then in here make sure that remote desktop is is set up and ready to go in there right now it's not giving the option to change that because i am already rdp'ed into this computer uh so you will want to make sure that you go in here and turn on allow remote connections uh to this particular computer once you've got all of that then you can then you can actually come over here and set all of this up so what we're going to do scroll all the way down to the bottom click on save then we're going to come up here click on home and then we'll click on win10 give this just a second and hopefully there we go now i will say it also kicked me out of this because it's windows you can only be connected to the desktop one time through either a direct connection or rdp of course if you're using a different application uh you can you can share desktops and things like that but that's not what we're doing here so here we are we're back on our desktop um and we can continue to operate this as though we were sitting at it with a mouse and keyboard and monitor plugged into it so there are the basics of setting up and using guacamole on your server again if you want to make this available to the internet make sure that you add additional security to this whether it's through access lists vpn ophelia whatever the case is don't just let this sit uh open and bare to uh to the internet it's a really bad idea especially if you've got your your main docker server your main whatever if you've got anything attached to this make sure that it is as secure as you can possibly make it so this is something that's been requested time and time again for the last year or so and honestly i'm mad that i didn't look into this sooner this is going to save me so much time uh being able to just log into things and take care of things and and update things that sort of thing also uh being able to do this remotely when i'm away from home uh when i'm out doing stuff if i'm if i'm traveling visiting somewhere else whatever and i need to log into my server to make some changes or see what's going on being able to do this is super super handy so um i really do hope that this video was helpful uh to those people who are interested in using guacamole and i've had a hard time getting it set up properly and securely um of course if you've got other ideas for videos that you'd like to see leave that in the comment section down below a lot of the content that i create uh actually comes from from your suggestions so i really do appreciate when you guys leave those suggestions in the comment section down below also just a quick uh reminder note whatever uh after uh the end of this year the end of 2021 i will be doing away with uh youtube memberships on the channel um i'm just it adds an unnecessary layer of complication to what i'm trying to do and share content and all of those sorts of things so if you are a channel member and would like to continue to support the channel head on over to patreon where you can become a patron over there and get early access and and engage with me there as well if you'd like to do that uh there is also a link in the description is uh https uh dbte.ch where you'll find uh a new modified little landing page that i created with links to all of my social medias as well as different ways that you can support the channel financially whether it's through coffee or paypal i actually put up a bitcoin link in there as well if you want to do that all of that will be available in the description down below as well i want to give a big shout out to my existing patrons thank you guys so much for your continued support i really do appreciate you guys uh it really does help me uh continue to pay the bills and that sort of thing so i think though with all of that being said i'm gonna go ahead and wrap this up so as always thanks for your time i always appreciate your support and i'll talk to you the next video

Info

Channel: DB Tech

Views: 2,108

Rating: undefined out of 5

Keywords: DB Tech, DBTech, Docker tutorial, guacamole remote access, docker guacamole, remote access docker, remote access ssh, remote access rdp, how to setup guacamole on docker

Id: Mjrj6tdj1wo

Channel Id: undefined

Length: 27min 9sec (1629 seconds)

Published: Tue Dec 14 2021