Installing Apache Guacamole
.
Created this guide to assist others who may need a way to access to resources remotely when your current environment may either block or restrict what resources you have.
I personally recommend using Chrome Remote Desktop as a faster method to gaining access to your home PC but if for some reason this page is blocked by your network here's this guide. I hope it helps :-) Categorize Domain: https://sitereview.bluecoat.com/#/
End State
Access to desktop with additional resources outside of current environment
Requirements
VMWare Workstation (I'm Using VMWare Workstation Pro 15.x) Ubuntu 18.04.3 Server Personal Domain (I Used Google Domains to purchase mine) Access to Router's Admin Page Windows 10 Pro
STEP 1 - Set up & Install
Download Ubuntu Here: https://ubuntu.com/download/server
This guide will not cover how to create a VM, but the biggest change during VM set up was changing the network connection to bridged. This gives the VM its own IP on your network which will assist later when the firewall must be adjusted.
No changes were made during Ubuntu's set up. Once the initial install is complete download MysticRyuujin's Install script for a faster set up.
Download file directly from here:
Make it executable:
Run it as root:
The script will help install all of the dependencies and adds a few helpful extensions in /etc/guacamole/extensions/ (such as two factor authentication)
Once complete you should have access to the guac server at http://localhost.com:8080/guacamole/
Log in and create a new user. Log in with the new user and delete the default credentials.
Next step will be to install NGINX & LetsEncrypt SSL Certificate. I recommend saving the VM's state now so you can revert back in the future if needed.
I recommend if you have some time to read http://guacamole.apache.org/ for a better understanding of how Guacamole works and how to trouble shoot any issues you may run into.
STEP 2 - NGINX/LetsEncrypt Setup
At this point you should purchase your domain and create an A record for your subdomain; linking the domain to your public IP. If you're using Google Domains then head on over to the DNS tab and then go to Custom Resource Records.
2.A Installing NGINX
Prior to this point I would enable port forwarding from my public IP to port 80 on my Guac Server IP. You will have to enable a rule for HTTPS later so keep this in mind.
If you have the router that was provided by AT&T I enabled port forwarding under Settings > Firewall > NAT/Gaming. I then selected the service Apache (80/443) and the device selected was my Guac Server.
If you're using pfSense then go to Firewall > NAT > Port Forward. I restricted the source IP to be the same IP as my phone IP during testing to limit who has access to public services. I would recommend doing the same thing if you only plan on accessing your guac server from one location (i.e work).
Install nginx
Enable nginx on start up
(Optional) create file link if you aren't using the default file
Configure /etc/nginx/sites-available/default Example of my NGINX configuration:
Verify config file
restart service to push update
You should have access to your Guac server via HTTP now Save your VM's snapshot for a point of reference if you mess something up
2.B Installing TLS/SSL Cert
If you haven't already... add port forward rule for HTTPS.
Add certbot repository
Install Certbot
Generate and Install a Let's Encrypt SSL certificate
You should now be able to access your guacamole server from your.domain.com
Step 3 - Access Desktop via RDP
3.A Enable RDP on Windows 10 Pro PC
Search for Advanced System Settings
Click Remote Tab
Allow Remote Access and create a User
Enable Remote Desktop
3.B Create RDP Connection on Guac
Log in and go to settings
Select connections > New Connection
Create Name, Location, and Protocol
Fill in Guacamole Proxy Parameters
4.A. Hostname > 127.0.0.1
4.B. Port > 4822
4.C. Encryption > None
Parameters
5.A. Hostname > IP of PC (launch terminal and enter "ipconfig" to find IP)
5.B. Port > 3389
5.C. Username > username of PC (launch terminal and enter "whoami" to find username)
5.D. Password > You should hopefully remember the password to your PC :-)
5.E. Domain > WORKGROUP by default (launch terminal and enter "wmic computersystem get domain" to find domain)
5.F. Security Mode > NLA
5.G. Ignore Server Certificate > check box
Save a snapshot of your VM in case the guac server breaks. (shit happens sometimes)
Example of Connection
I hope this guide helps you and there are more to come.
Last updated