Apache Guacamole VM by Anarion Technologies
Apache Guacamole is an innovative, clientless remote desktop gateway that simplifies the process of accessing and managing remote desktops and servers. Unlike traditional remote access solutions that require the installation of client software on the user’s device, Guacamole operates entirely within a web browser. This eliminates compatibility issues and provides seamless access from virtually any device with an internet connection, making it an ideal solution for modern, distributed work environments.
One of the key strengths of Apache Guacamole is its support for a wide range of standard protocols, including VNC (Virtual Network Computing), RDP (Remote Desktop Protocol), and SSH (Secure Shell). This versatility ensures that Guacamole can be used to connect to a variety of systems, whether they are Windows, macOS, Linux, or Unix-based. Users can securely access their desktops and servers from anywhere, enhancing productivity and flexibility, especially in scenarios that require remote work or management of geographically dispersed resources.
Guacamole’s architecture is designed with security and ease of management in mind. It acts as a gateway, isolating the user’s device from direct contact with the remote systems. This adds a layer of security by minimizing the exposure of sensitive systems to potential threats. Additionally, Guacamole supports multi-factor authentication (MFA) and can be integrated with existing authentication systems, further strengthening security. For IT administrators, the central management of remote access policies and user permissions through a web-based interface simplifies administration and ensures compliance with organizational security policies.
Deployment and scalability are also major advantages of Apache Guacamole. Being a web application, it can be easily deployed on-premises or in the cloud, and it scales effortlessly to accommodate growing numbers of users and connections. The open-source nature of Guacamole means that it can be customized and extended to meet specific needs, and a vibrant community of developers continuously contributes to its improvement and feature set. Whether for small teams or large enterprises, Apache Guacamole provides a reliable, secure, and flexible remote access solution that adapts to the evolving demands of today’s digital landscape.
To subscribe to this product from Azure Marketplace and initiate an instance using the Azure compute service, follow these steps:
1. Navigate to Azure Marketplace and subscribe to the desired product.
2. Search for “virtual machines” and select “Virtual machines” under Services.
3. Click on “Add” in the Virtual machines page, which will lead you to the Create a virtual machine page.
4. In the Basics tab:
- Ensure the correct subscription is chosen under Project details.
- Opt for creating a new resource group by selecting “Create new resource group” and name it as “myResourceGroup.”
5. Under Instance details:
- Enter “myVM” as the Virtual machine name.
- Choose “East US” as the Region.
- Select “Ubuntu 18.04 LTS” as the Image.
- Leave other settings as default.
6. For Administrator account:
- Pick “SSH public key.”
- Provide your user name and paste your public key, ensuring no leading or trailing white spaces.
7. Under Inbound port rules > Public inbound ports:
- Choose “Allow selected ports.”
- Select “SSH (22)” and “HTTP (80)” from the drop-down.
8. Keep the remaining settings at their defaults and click on “Review + create” at the bottom of the page.
9. The “Create a virtual machine” page will display the details of the VM you’re about to create. Once ready, click on “Create.”
10. The deployment process will take a few minutes. Once it’s finished, proceed to the next section.
To connect to the virtual machine:
1. Access the overview page of your VM and click on “Connect.”
2. On the “Connect to virtual machine” page:
- Keep the default options for connecting via IP address over port 22.
- A connection command for logging in will be displayed. Click the button to copy the command. Here’s an example of what the SSH connection command looks like:
“`
ssh [email protected]
“`
3. Using the same bash shell that you used to generate your SSH key pair, you can either reopen the Cloud Shell by selecting >_ again
or going to https://shell.azure.com/bash.
4. Paste the SSH connection command into the shell to initiate an SSH session.
Usage/Deployment Instructions
Anarion Technologies – Apache Guacamole
Note: Search product on Azure marketplace and click on “Get it now”
Click on Continue
Click on Create
Creating a Virtual Machine, enter or select appropriate values for zone, machine type, resource group and so on as per your choice.
After Process of Create Virtual Machine. You have got an Option Go to Resource Group
Click Go to Resource Group
Click on the Network Security Group: guacamole-nsg
Click on Inbound Security Rule
Click on Add
Add Port
Add Port
Destination Port Ranges Section* (where default value is 8080)
8080
Select Protocol as TCP
Option Action is to be Allow
Click on Add
Click on Refresh
Copy the Public IP Address
SSH into VM Terminal and follow the process how
To secure Apache Guacamole with HTTPS using your company’s SSL certificate, you can set it up with a reverse proxy using Apache or Nginx. Here’s a step-by-step guide to help you set up Apache Guacamole on HTTPS using your SSL certificate.
To install Apache:
$ sudo apt update
$ sudo apt install apache2
Obtain and Configure SSL Certificate
You need to have the SSL certificate and the private key
from your company. If you already have them, upload them to the server,
typically in the /etc/ssl/ directory.
For example:
- Certificate
file: /etc/ssl/certs/mycompanydomain.com.crt - Private
key file:/etc/ssl/private/mycompanydomain.com.key
If your certificate chain includes intermediate certificates, concatenate them into a single .crt file with the primary certificate on top.
Configure Reverse Proxy for HTTPS For Apache Enable necessary modules:
$ sudo a2enmod proxy proxy_http ssl
$ sudo systemctl restart apache2
Create a new virtual host file:
Create a configuration file for your domain (e.g., guacamole-ssl.conf) in the
/etc/apache2/sites-available/ directory.
$ sudo nano
/etc/apache2/sites-available/guacamole-ssl.conf
Configure Apache for HTTPS and proxying to
Guacamole: Add the following configuration to the file. Replace mycompanydomain.com with your actual domain and adjust paths to your SSL certificate files as needed.
<VirtualHost *:443>
ServerName
mycompanydomain.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/mycompanydomain.com.crt
SSLCertificateKeyFile
/etc/ssl/private/mycompanydomain.com.key
# If you have
intermediate certificates
#
SSLCertificateChainFile /etc/ssl/certs/mycompanydomain.com.chain.crt
ProxyPass /
http://localhost:8080/guacamole/ # Adjust if Guacamole is on another port or
URL
ProxyPassReverse / http://localhost:8080/guacamole/
ErrorLog
${APACHE_LOG_DIR}/guacamole-error.log
CustomLog
${APACHE_LOG_DIR}/guacamole-access.log combined
</VirtualHost>
Enable the site and reload Apache:
$ sudo a2ensite guacamole-ssl.conf
$ sudo systemctl reload apache2
Verify HTTPS Access to Guacamole
Once configured, you should be able to access Guacamole
at https://mycompanydomain.com. Make sure you’ve opened port 443 on your
firewall to allow HTTPS traffic.
Additional Security Recommendations Configure HTTP to HTTPS Redirection: To redirect HTTP to HTTPS, you can add a redirect in your configuration.
For Apache, add this in a
separate VirtualHost for port 80:
<VirtualHost *:80>
ServerName
mycompanydomain.com
Redirect
permanent / https://mycompanydomain.com/
</VirtualHost>
Enable HSTS: Adding HTTP Strict Transport Security (HSTS) forces browsers to use HTTPS:
For Apache, add Header always
set Strict-Transport-Security “max-age=31536000; includeSubDomains” within the <VirtualHost *:443> block.
This setup should secure your Apache Guacamole instance
with HTTPS using your company’s SSL certificate!