Guacamole is legendary in the world of remote access solutions, combining a web front end, great user and connection organisation and flexible database and (historically) combined into a single host. This is post 1 of 2 about simplifying the deployment and shortening the time to deploy.
Background
If you aren’t aware of Guacamole it’s a self contained remote desktop solution where the connections are accessed through a web page, so it’s a multi-protocol remote proxy with integrated HTML based KVM. No need for external tools to use such as VNC Viewer, MS Terminal Services Client (MSTSC), and combined with an SSE solution we can create a secure front-end with powerful remote access connections
What sort of connections? Guac (given it’s short name) supports Remote Desktop Protocol (RDP), Teletype Network (TelNet for the rest of us), Secure SHell (SSH), Virtual Network Computing (VNC), and Kubernetes. Phew that’s a decent list seeing as it comes all through a web browser as per the SSH Example below.
When i first started using Guacamole for remote access it was a monolithic set of applications which were deployed onto a single Linux host, since then we have had a containerised deployment release where the three main elements (GuacD, Database & WebApp).
Versions 1.5.0 (2023), 1.5.5 (2024) and 1.6.0-RC1 (2025) in my opinion made big leaps in terms of modernising the platform, comparisons are for another blog, but up until 1.6.X we were unable to use ED25519 encryption with SSH (for example) so connecting SSH to new Linux distro’s wasn’t possible. That’s fixed now and you can find release notes for all GA versions HERE
1.6.0-RC1? Well this adds a few bits such as the important ED25519 support and an updated method of connecting to DUO. DUO had removed support for the traditional prompt, and instead are using a universal prompt which previous versions of Guac didn’t support.
Why did i write this?
I always try to explain why I write these guides, usually they are for me to remember when I come back to something in 18 months (old and rusty?), but this time it’s because when I did try to update my deployment there were conflicting guides & blogs due to
- Different versions all the way back from 0.9.6
- Containerised and monolithic mismatched,
- Varying supported deployments none with exactly these components,
- Versions with bugs in,
- DUO had modernised away from iFrame support (hence the RC1 Version),
- Most of the above in the same blogs with complex scripts to deploy
I have reduced to two files (docker-compose.yml (for easy & repeatable container deployment) and a very short (< 10 lines) script to save manual Database preparation.
Why containerised, isn’t that complex?
There are a lot of advantages to a containerised deployment, repeatability is one thing, it’s also pretty flexible because Guac supports multiple methods for access and user management (SAML, MFA, LDAP, Local etc) so if we want SAML but also want to have a test environment using the connections we can have the compose deploy a front end (production) SAML/MFA based deployment and a back end internal entry for admins using LDAP (or any combination).
Network connections too, by using an IaC method of deploying the platform we can use things like scaling and auto-remediation to scale up connections if things slow down or break, if we need to swing the SSE connection to a different login method rapidly (SAML to LDAP for instance) we can by adding a container for LDAP quickly and moving the network ports.
These can all be deployed at once, or at different times, (while this isn’t a docker post) docker compose provides flexible and robust methods to deploy, update and change a multi-container deployment with the change of a few characters in a file.
How is this post broken down
While I could have written this blog as an end-to-end, single post, it would be massive, so i broke it down into 2 parts, this bit about background and justification, the second part where we deploy the components one by one with explanation.
Part 2 can be found here
Secret IT Engineer 
Leave a comment