Hacker News new | comments | ask | show | jobs | submit login
Apache Guacamole (apache.org)
298 points by dalacv on May 21, 2016 | hide | past | web | favorite | 57 comments

I've been using Guacamole for 3+ years over many different releases. Support about 20+ users at any given time. It is a "Win" in my book. RDP Performance is decent for regular use. We make extensive use of VNC with it. We spawn Virtual VNC/X Instances with Xvnc4 and serve Windows Apps Running in WINE, within the Virtual X Display. It's a great way to "Webify" older enterprise apps so long as you are willing to support it. Thanks to Guac's extensibility, We even have our own print daemon that pushes PDFs to the end user while in VNC sessions.

Agreed. Recently set up a 100 user experiment on a beefy server in our research department were I used Guacamole (with RDP) to handle the problem/assumption of participants only having a web-browser. Worked fantastically!

12,000 years ago when 10BaseT still roamed the earth we had things called X-terminals. All the X-terminal had to do was to run an X server, while all computing was done on the large (for the time, typically DEC or IBM) computers some-where else. When X-terminals were packed up and sold by the pallet load we saw having "our own CPU" on our desks as a great liberation. So here's my gormless question: What has changed that fully distributed systems aren't as desirable?

>> What has changed that fully distributed systems aren't as desirable?

The amount of stored personal data (content, installed software, preferences/configuration) that the average user wants to access, and the concerns (expense, privacy, resiliency, speed) related to distributing that data.

The average user of today doesn't want more CPU, they want their stuff. For most people, it's far more efficient to open a window to the remote machine that has their stuff than it is to try to move all that stuff onto the machine they're sitting at.

I've been saying that a while. You'll love this article that briefly summarizes the stages that we went through from mainframes to desktop liberation to re-inventing mainframes with the long-term consequences that follow.


Meanwhile, there's these other projects creating standalone apps without the complexity and performance issues of browsers that do remote desktops. There's even a whole market of embedded, fanless systems that sell for $20-50 dollars that do it with or without protocol/media acceleration. There's also alternatives in client-server land like REBOL and its "reblets" that send whole, Internet apps to clients that are 2-50KB. Then, there's these projects doing remote desktops by embedding protocols in HTML5 in a web browser running on a native OS on expensive hardware. I'm sure it only seems like modern IT goes out of it's way to do simple things effectively. ;)

From a Sysadmin perspective: data management. It is easier to mange data in one place than in multiple locations. Why has Vitualization become so popular? We have kind of gone full circle at this point.

Well, CPUs are now much cheaper so everyone has one on their desk. Obviously.

So the only reason you'd use a distributed computing system now is if a) you're running some kind of publicly accessible server or b) you need a lot of computing power.

Distributed storage is another matter, but you don't need remote desktop for that.

Loved those. Spent a lot of my formative years logged onto an Xterm in the basements of engineering buildings at Rutgers.

It dosen't give people creating/maintaining the software the level of control they want.

I absolutely <3 guacamole. Its definitely part of every workspace I provision, its easy to use and plus you get control of everything. I'm glad its an ASF project now, it'll probably get even more visibility than it had before.

> I'm glad its an ASF project now

This is why incubating projects should use (Incubating) everywhere and clearly announce their status to avoid confusion. It isn't part of the ASF yet and, while unlikely, the incubation could not work out for any number of reasons. The usual suspects of successful incubations are mentoring them, though, so this will largely amount to very time-sensitive pedantry on my part.

(I was very confused and missed the footer on mobile the first time I read the page. I thought some new project I hadn't heard of had incubated oddly quickly.)

I mistyped as well, I meant to say incubating as well.

This is an interesting project. I'm glad they built this as we're undoubtedly going to see situations where people absolutely won't use a regular client but have a HTML5 browser they will use. This will serve that niche. Might also help us privacy-aware geeks get them off services that sell them out by facilitating easy hookup to their own desktop and data. Not sure how well it will do that but there's potential. Being Apache project is good thing as usual. :)

EDIT: Given JS vs HTML/CSS discussion elsewhere, I should also give credit to Apache site engineers for using tech that loads instantly and visually pleasing despite NoScript. Loads pretty fast on mobile, too. Good counter-example to bloat of modern Web.

If anyone wants to quickly test this out, I made a docker-compose file that uses the official images.


Nice! That makes it a lot easier to try it out quickly! Will look into it :)

When is this preferable to using a VPN or SSH tunnel to carry VNC/RDP/Spice to a local native client?

It seems to me that either you have the ability to install such a client, XOR you don't trust the local machine enough to want to use it.

There are settings where you can trust the local machine but cannot perform any installs. In many offices normal users do not have the technical or formal permissions to install software, even though they may trust the local machine to not be infected by malware or be compromised in some other way.

Another example may be if you are only allowed to access the internet through a proxy browser solution using e.g. Citrix MetaFrame, then even though you might be able to install applications locally, they will not be able to connect to the internet directly.

When I visit a family member's house, whom I trust, but don't want to be bothered installing a client on their computer.

Probably when you want to use the browser (from computers you do not control) or when the user is not that computer literate.

Between this and Google Play apps (seems unlikely but I still hope we will have the ability to side load APK) on ChromeOS, we can bring the likes of Citrix to the home -- a permanently Internet-connected headless computer at home and connecting to it from your Chromebook.

If Mike Jumper is on this thread, Congratulations!

I worked at a small company that leveraged Guacamole to provide access via the web to a legacy Windows desktop application and working with the Guac team (including direct support from Mike) was a pleasure.

Also, it works well and the bits I saw were well architected. For reference, I replaced their web client with my own AngularJS wrapper at the direction of management and it was pretty easy (with some help from Mike because I was not...still am not...an amazing JavaScript guru).

Is there a good Linux equivalent to Window's terminal services? Ideally I'd be able to migrate my X session from physical display/keyboard hardware to VNC then back to physical hardware when I log out. I'd also settle for just being able to easily manage a number of sessions over VNC (with decent authentication).

There have been a number of attempts. The closest is http://www.xrdp.org (https://github.com/neutrinolabs/xrdp), which does basic session management against a backing Xrdp or Xvnc server, proxying either to RDP.

I haven't used it in a while (~6m), but to get the most of it you really had to compile from source and understand how to manage the various daemons (xrdp.ini is a mess, and configuring some things was rather counter-intuitive). Otherwise you wouldn't have resizable desktops (as in xrandr, not rescaling) and other niceties.

Not sure about audio, now that I think about it, but the gist of things is that so far no mainstream distribution got xrdp right or usable out of the box (unless we're talking about the niche LTSP-related stuff).

You could try text top :): https://github.com/tombh/texttop

There use to be a project called FreeNX. It basically paired down / compressed the chatty X protocol.

No. Remote desktop on Linux is a total unmitigated disaster.


First time heard about this project, thanks to HN. I use both Teamviewer and VNC, how does this compare to them? Especially Teamviewer that is.

I'd love to see this packaged up in Homebrew to have an alternative to Back to My Mac that only requires a web browser as a client.

What Dynamic DNS solutions are most popular?

I think there's already a docker image that has this packaged up. That might be a lot easier than trying to patch it up for OS X? [0]

[0] http://guacamole.incubator.apache.org/doc/0.9.9/gug/guacamol...

Don't know why I suddenly got downvoted after this comment was voted up?

The Docker image is officially supported by the project, and Docker is easy to install on a Mac, and it's turnkey on AWS, Google, Heroku...

From Guacamole's docs: ``Guacamole can be deployed using Docker, removing the need to build guacamole-server from source or configure the web application manually. The Guacamole project provides officially-supported Docker images for both Guacamole and guacd which are kept up-to-date with each release.''


Getting it on a Mac requires installing a slew of dependencies and two daemons (one of which is a Java servlet container). Docker containers almost make it too easy with not too much overhead. To get it working on a Mac, you'd need to install a JVM and tomcat on top of the guacd daemon.

Alright, I'll shut up now. Thought I was being helpful by providing a solution now, but I guess what you wanted to hear was let's hope for a turnkey solution on OS X Homebrew rather than use a Docker image straight from the horse's mouth.

My guess is that this project is very poorly advertised...

A couple of months ago I was playing with remote desktops and did not find this marvel.

I ended up playing with X2Go, which is nice BTW.

I am wondering... Assuming I have a Linux remote desktop, can I disconnect and reconnect after a while BUT leave all of my applications running? I mean, without logging out.

Check out tmux. It's great at doing that for terminal apps. https://tmux.github.io/

I know about tmux (and gnu screen), but i was thinking of something like pause/resume.

Once upon a time i read that in the eighties at Sun Microsystems they had a big fat thin-client based architecture with dumb thin clients that only had vga port, keyboard, mouse and a smart-card reader.

The nice thing about such architecture was that once your smart-card was pulled out, the screen blanked and your remote session was closed.

But your desktop session was still running, on the server!

The coolest thing about this was that basically you could pick any desk in the building and just sit there and work.

Or you could go to one of your colleagues' desk, pull out his/her smartcard, insert your one in, and show him/her what you've been working on, ask for help, collaborate or anything.

This has always fascinated me.

I was wondering if I could use guacamole to do something similar: leave my desktop running in a datacenter somewhere in the world and use whatever to just connect to it and "resume" working.

But that's exactly what tmux does. Are you familiar with tmux attach and tmux detach? (Some people only use tmux for split screens and to keep the session from dying).

Guacamole is amazing! Maybe this is a good place to ask this question: Is there a way to make RDP work for two simultaneous users? Currently, as soon as the second RDP connection is made, the first one is logged out. So, we're forced to use VNC instead.

Official Microsoft answer: buy a server version of Windows

Unofficially there are a few hacks that either patch the terminal service or replace it with a wrapper that tricks it. Not sure if I would trust stuff like that for important systems. (e.g. https://github.com/stascorp/rdpwrap)

Check out ThinStuff or OpenSource: rdpwrap

anyone have hands on experience with this and noVNC? Clear winners on either side?

I have been using an old version of Guacamole for quite some time, and it works very well. I don't like that it is so heavy (Tomcat, ..) and the setup and user management is rather complicated. Maybe that has changed lately, I sure hope so, because once it's set up, it works beautifully.

noVNC is much lighter, but it seems very limited.

Guacamole has support for LDAP Auth.

When did it become an Apache project? It used to be its own thing.

What is an alternative to RDP for linux? VNC has always be slow and cluncky for compared to RDP.

TigerVNC actually works well, I started using it over WAN recently and it's very smooth. Traditionally VNC has sucked. But it's still not as good as RDP in some ways.

I use VNC all the time and don't mind it, but an alternative that I haven't tried but which looks very interesting is Xpra [0].

[0] https://xpra.org/

For fun you could try texttop: https://github.com/tombh/texttop

There is an RDP implementation called xrdp - it's not too bad

So can I install this on a windows computer that I manage? For example, to replace teamviewer?

If you have the right version of Windows, you can enabled RDP access. You can then use Guacamole to connect to the Windows Computer.

I have to admit this is pretty awesome! I am going to have to suggest this to our platform team at work as a way to allow others to access our build servers. Hopefully this can be configured with strict access controls.

Ah if I recall, Red Hat use this for their training environments. Haven't actually tried using it though, as they also support ssh access and I went with that.

Bravo! Seems very well done, and seems to work rather well.

It would be great to get ATEN KVM support in there too.

Oooooh, what I'd give for something that could be a transparent Java-free gateway to all those IPMI / stand-alone KVM interfaces...

I love this project, even made an auth-plugin for it. Bye bye RDP and VNC! (for end-user cases at least)

Time to ditch Teamviewer.

This is the coolest thing I've seen all morning!

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact