Opening (publishing) ports in docker (guacamole)
I want to encrypt my VNC sessions and so I'm trying setup SSH tunnels to the server, but for that to work I need to be able to open ports from the docker container. However, I'm new to docker and I'm failing to be able to copy the image and run it with published ports. First I tried commiting the image to a new one, but then it failed miserable because the configuration doesn't also get copied, so then I found out it's possible to commit the container itself, which seemed to go a little better but still won't start probably due to some missing configuration.
Can someone please tell me how I can copy an image/container of guacamole and actually have it run (with open ports)?
@bionor I am not an active guacamole user, but generally speaking, while Cloudron is using docker in the background, it is not supported to really interact or tinker with docker and containers directly like this on Cloudron. Since the system would have no clue what you did, it will eventually break during updates.
If you want to open up further ports, you have to fork the guacamole app frm https://git.cloudron.io/cloudron/guacamole-app and tweak the
CloudronManifest.jsonthere at the tcp/udp ports https://docs.cloudron.io/packaging/manifest/#tcpports
However it sounds like a common thing to have VNC encrypted, so maybe other active guacamole users could help here if there are different options already supported by the app?
Per https://sourceforge.net/p/guacamole/discussion/1110833/thread/b12442b9/?limit=25 it seems there is no standard for VNC encryption. Can you tell us how encryption would work if the protocol doesn't support it? Doesn't guacd need to know about encryption ?
@girish Thanks for the input. I actually decided to just build the server manually without using docker, but to answer your question, how I've done it (and this would be a SUPER AWESOME feature for you to add in your app) is to set up an encrypted tunnel using SSH. I'm doing a remote port forward from the machine I'm remoting into, to the guacamole server. Guacamole connections are then simply configured to connect to localhost and the forwarded port. Traffic then goes through an encrypted tunnel to the machine I'm remoting into.