I'm trying to figure out how to connect my headquarters, where Apache Guacamole is installed, to several branch offices that currently have no network connection between them. Is there a way to create a proxy server that would allow me to connect to all these branches via a single Guacamole instance at the HQ? I'm considering setting up a proxy server, opening its ports, and establishing connections to the branch offices using the central Guacamole setup.
5 Answers
Interestingly, you can already achieve this out of the box by installing the guacamole-server component on a different host and then configuring it in the guacamole-client connection on the web interface. Just keep in mind that it lacks built-in authentication, so you might want to wrap it using stunnel for secure access.
You might want to explore Cloudflare tunnels. They can simplify the setup in some cases.
Just a heads-up, this has come up in discussions before. From what I've seen, guacd isn't very secure for direct external use. Setting up a VPN would likely be your safest option.
Typically, if there's no connection between your locations, using VPN tunnels like IPSec is the go-to solution for creating secure links. This way, the central Guacamole instance can interact with devices at your branches as though they're on the same network, thanks to proper firewall and filtering rules.
Have you considered using Tailscale? It's generally simpler to set up compared to something like Headscale.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures