Fedora 28 Guacamole base install.

travisdh1

That note about using Guacamole behind a reverse proxy. You need to add proxy_buffering off within the location / section of the conf file. Guacamole steams the console/vnc/rdp session live, and trying to buffer the stream will cause problems.

Example from my home lab:

 server {
         client_max_body_size 40M;
         listen 443 ssl;
         server_name guacamole.travisdh1.net;
         ssl     on;
         ssl_certificate /etc/ssl/travisdh1.net.pem;
         ssl_certificate_key /etc/ssl/travisdh1.net.key;
         ssl_stapling_verify on;
         ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
         ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
         ssl_prefer_server_ciphers       on;
         ssl_session_cache shared:SSL:10m;
         add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
 
         location / {
                 proxy_set_header X-Real-IP $remote_addr;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header Host $http_host;
                 proxy_set_header Connection $http_connection;
                 proxy_http_version 1.1;
                 proxy_pass http://10.10.10.2:8080;
                 proxy_redirect off;
                 access_log off;
                 proxy_buffering off;
         }
 }
 
 server {
         client_max_body_size 40M;
         listen 80;
         server_name guacamole.travisdh1.net;
         rewrite ^ https://guacamole.travisdh1.net$request_uri? permanent;
 }

black3dynamite

@travisdh1 said in Fedora 28 Guacamole base install.:

selinux is disabled. I've done some basic troubleshooting, but not been able to correct selinux to allow everything to run correctly yet. The only denials I saw in the audit.log were for ssh, so I suspect that selinux would need settings configured for every protocol you're going to use. For the time being, it's just disabled.

Does it not work in permissive mode instead? At least with permissive, we can still check the logs for denials.

stacksofplates

This application seems like more trouble than it's worth.

travisdh1

@black3dynamite said in Fedora 28 Guacamole base install.:

@travisdh1 said in Fedora 28 Guacamole base install.:

selinux is disabled. I've done some basic troubleshooting, but not been able to correct selinux to allow everything to run correctly yet. The only denials I saw in the audit.log were for ssh, so I suspect that selinux would need settings configured for every protocol you're going to use. For the time being, it's just disabled.

Does it not work in permissive mode instead? At least with permissive, we can still check the logs for denials.

I tried it in permissive for just that reason. It wasn't working, obviously. It looked like it was going to be a specific setting for every protocol, so I can't debug it properly yet

travisdh1

@stacksofplates said in Fedora 28 Guacamole base install.:

This application seems like more trouble than it's worth.

I actually agree with you. Which is part of the reason I started down the road of doing a whole series of tutorials for it. I had found no good guides online, and it's the only open-source tool I know of that enables all of it's functionality.

stacksofplates

@travisdh1 said in Fedora 28 Guacamole base install.:

@stacksofplates said in Fedora 28 Guacamole base install.:

This application seems like more trouble than it's worth.

I actually agree with you. Which is part of the reason I started down the road of doing a whole series of tutorials for it. I had found no good guides online, and it's the only open-source tool I know of that enables all of it's functionality.

I just don't see the value to it. I'd rather type the extra couple characters and make a tunnel for RDP/SSH/VNC. Or just script it.

travisdh1

@stacksofplates said in Fedora 28 Guacamole base install.:

@travisdh1 said in Fedora 28 Guacamole base install.:

@stacksofplates said in Fedora 28 Guacamole base install.:

This application seems like more trouble than it's worth.

I actually agree with you. Which is part of the reason I started down the road of doing a whole series of tutorials for it. I had found no good guides online, and it's the only open-source tool I know of that enables all of it's functionality.

I just don't see the value to it. I'd rather type the extra couple characters and make a tunnel for RDP/SSH/VNC. Or just script it.

Hrm, thanks for the reminder. I need to add viewing the session recordings to my list of tutorials to do. Welcome to how my brain works

The big value add is for end users more than IT I think. It's a really easy way to get a secured connection to many different systems remotely once it's configured correctly.

stacksofplates

@travisdh1 said in Fedora 28 Guacamole base install.:

@stacksofplates said in Fedora 28 Guacamole base install.:

@travisdh1 said in Fedora 28 Guacamole base install.:

@stacksofplates said in Fedora 28 Guacamole base install.:

This application seems like more trouble than it's worth.

I actually agree with you. Which is part of the reason I started down the road of doing a whole series of tutorials for it. I had found no good guides online, and it's the only open-source tool I know of that enables all of it's functionality.

I just don't see the value to it. I'd rather type the extra couple characters and make a tunnel for RDP/SSH/VNC. Or just script it.

Hrm, thanks for the reminder. I need to add viewing the session recordings to my list of tutorials to do. Welcome to how my brain works

The big value add is for end users more than IT I think. It's a really easy way to get a secured connection to many different systems remotely once it's configured correctly.

Yeah that makes more sense. However after looking at all of the work it takes to deploy this, I'd rather deploy a full SD-WAN solution. And just let people connect normally. But I can see the attraction if it works properly.

travisdh1

@stacksofplates said in Fedora 28 Guacamole base install.:

@travisdh1 said in Fedora 28 Guacamole base install.:

@stacksofplates said in Fedora 28 Guacamole base install.:

@travisdh1 said in Fedora 28 Guacamole base install.:

@stacksofplates said in Fedora 28 Guacamole base install.:

This application seems like more trouble than it's worth.

I actually agree with you. Which is part of the reason I started down the road of doing a whole series of tutorials for it. I had found no good guides online, and it's the only open-source tool I know of that enables all of it's functionality.

I just don't see the value to it. I'd rather type the extra couple characters and make a tunnel for RDP/SSH/VNC. Or just script it.

Hrm, thanks for the reminder. I need to add viewing the session recordings to my list of tutorials to do. Welcome to how my brain works

The big value add is for end users more than IT I think. It's a really easy way to get a secured connection to many different systems remotely once it's configured correctly.

Yeah that makes more sense. However after looking at all of the work it takes to deploy this, I'd rather deploy a full SD-WAN solution. And just let people connect normally. But I can see the attraction if it works properly.

Getting it working properly should be easy once someone does it once, and gets it ******** publicly documents. Also, you're welcome in advance

travisdh1

I found the font a bit wonky, and also found the fix for it here. I'll add them in my original post here in a minute.

dnf -y install terminus-fonts terminus-fonts-console dejavu-sans-mono-fonts

Also, yes, I started working on the LDAP integration today.

Obsolesce

This is my first time looking at Guacamole.

I just want a simple way of remote desktoping to a Linux PC, from another Windows or Linux PC.

Is Guacamole Base/Server/Client (what's the difference?) the type of thing I would install on a simple Linux PC for that purpose?

Should I just use TeamViewer instead?

Obsolesce

@scottalanmiller said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

As expected, Guacamole doesn't like Deepin but this was my first test.

Guacamole should be installed on a server. Deepin is a desktop client, not really designed for server use. As a client, it should work fine.

This answers my above question.

TeamViewer it is.

scottalanmiller

@obsolesce said in Fedora 28 Guacamole base install.:

This is my first time looking at Guacamole.

I just want a simple way of remote desktoping to a Linux PC, from another Windows or Linux PC.

Is Guacamole Base/Server/Client (what's the difference?) the type of thing I would install on a simple Linux PC for that purpose?

Should I just use TeamViewer instead?

There is an in between. Guacamole is for building a remove access gateway infrastructure. You can get products that just do an HTML desktop of the local machine. That sounds more like what you'd want.

scottalanmiller

@obsolesce said in Fedora 28 Guacamole base install.:

@scottalanmiller said in What Are You Doing Right Now:

@wirestyle22 said in What Are You Doing Right Now:

As expected, Guacamole doesn't like Deepin but this was my first test.

Guacamole should be installed on a server. Deepin is a desktop client, not really designed for server use. As a client, it should work fine.

This answers my above question.

TeamViewer it is.

Check out NoVNC.

black3dynamite

@obsolesce said in Fedora 28 Guacamole base install.:

This is my first time looking at Guacamole.

I just want a simple way of remote desktoping to a Linux PC, from another Windows or Linux PC.

Is Guacamole Base/Server/Client (what's the difference?) the type of thing I would install on a simple Linux PC for that purpose?

Should I just use TeamViewer instead?

NoMachine is another option.

wirestyle22

@travisdh1 From what I've heard, Guacamole on Fedora is pretty unstable. How has this been running for you?

Alex Sage

@wirestyle22 said in Fedora 28 Guacamole base install.:

@travisdh1 From what I've heard, Guacamole on Fedora is pretty unstable. How has this been running for you?

@travisdh1 Yeah, I want to know too

travisdh1

@wirestyle22 said in Fedora 28 Guacamole base install.:

@travisdh1 From what I've heard, Guacamole on Fedora is pretty unstable. How has this been running for you?

The base install here using the user-mappings.xml for everything has been working great. I only have it pointing to two different things on the back end. It was still up and running when I checked it just now tho.

The thing with Guacamole right now is that the documentation is just..... crap. It says different options are available in the user-mappings.xml which always break things.

dnf-automatic is running. I'll try rebooting it tonight and see if it comes back up correctly.

scottalanmiller

@travisdh1 said in Fedora 28 Guacamole base install.:

The thing with Guacamole right now is that the documentation is just..... crap. It says different options are available in the user-mappings.xml which always break things.

That's the base problem with Fedora installs, I think. Not that it isn't stable, but that it's not documented properly.

travisdh1

@scottalanmiller said in Fedora 28 Guacamole base install.:

@travisdh1 said in Fedora 28 Guacamole base install.:

The thing with Guacamole right now is that the documentation is just..... crap. It says different options are available in the user-mappings.xml which always break things.

That's the base problem with Fedora installs, I think. Not that it isn't stable, but that it's not documented properly.

I'd be very surprised if it acted any differently on any platform. One of the big reasons I decided to do a guide on it is how it just breaks when using many of the supposed options. Not that I really expect great documentation for anything before v1 is out, but at least take down known broken stuff!