Get AI summaries of any video or article — Sign up free
access EVERYTHING from your web browser!! (Linux and Windows Desktop, SSH) // Guacamole Install thumbnail

access EVERYTHING from your web browser!! (Linux and Windows Desktop, SSH) // Guacamole Install

NetworkChuck·
5 min read

Based on NetworkChuck's video on YouTube. If you like this content, support the original creators by watching, liking and subscribing to their content.

TL;DR

Guacamole centralizes remote access to Windows (RDP), Linux shells (SSH), and Linux desktops (VNC) inside a browser-based dashboard.

Briefing

Guacamole lets people reach multiple remote machines—Windows via RDP, Linux via SSH, and Linux desktops via VNC—through a single web browser interface, eliminating the need for separate RDP/SSH client apps. The practical payoff is central: once Guacamole is deployed and wired to your hosts, every connection becomes a click inside a browser tab, usable from laptops, tablets, or phones.

Setup starts with a web-accessible “gateway” using Apache Guacamole, but the walkthrough emphasizes a faster path: deploying Guacamole through Cloudron, a platform that automates much of the otherwise fiddly installation. Two deployment routes are presented. For cloud users managing multiple machines, a Cloudron instance is created on Lenode (with an Ubuntu VM), then configured to serve Guacamole on a subdomain of a domain name. For home-lab users, the same Cloudron-based approach runs on an Ubuntu 20.04 virtual machine (shown on Proxmox), with router port forwarding so the browser can reach it from outside the house.

Before Cloudron can host Guacamole, the workflow requires domain plumbing. If no domain is available, a free one can be obtained from Freenom (the example uses Stark Industries.tk). DNS is then managed through Cloudflare: the domain’s nameservers are switched to Cloudflare’s, and HTTPS is enabled by default. The tutorial also calls out a common friction point—some free top-level domains may not work smoothly with Cloudron’s automatic DNS integration—so it includes a manual DNS fallback where an A record points the relevant subdomain to the server’s IP.

In the cloud path, a Lenode VM is provisioned from the Cloudron marketplace image (Ubuntu “Fasa” is referenced). After Cloudron finishes its automated scripts (about 10 minutes), the public IP is used to reach the Cloudron setup page. Cloudron then requests a domain, Cloudflare credentials, and a Cloudflare global API key. Once the Cloudron dashboard loads, the App Store is used to install Guacamole. The Guacamole app is assigned its own subdomain (example: guac.starkindustries.tk). After installation, the default login is guac admin / guac admin.

Connections are then created inside Guacamole. For SSH, the host and port 22 are entered along with credentials. For Windows RDP, the protocol is switched to RDP, port 3389 is used (with a note to change it in real deployments), and security mode is set to NLA (network level authentication), with an option to ignore server certificates for typical home setups. For Linux graphical access, VNC connections are added using port 5901 by default.

The home-lab section mirrors the same logic but shifts the networking burden to the router. Cloudron is installed via a script on an Ubuntu 20.04 VM, then the user forwards port 443 (and port 80 for Let’s Encrypt certificate issuance). DNS records are created so Cloudron and the Guacamole subdomain resolve to the home server’s public IP (with a brief mention of dynamic DNS for changing IPs). After Guacamole is installed from Cloudron’s App Store, the same SSH/RDP/VNC connection types are configured, and the result is browser-based remote access from anywhere—without dedicated client software.

Cornell Notes

Guacamole provides a single browser interface for remote access to Windows (RDP), Linux shells (SSH), and Linux desktops (VNC). The walkthrough deploys Guacamole using Cloudron, which automates installation and exposes Guacamole through a subdomain under a domain name. Domain setup relies on Cloudflare for DNS and HTTPS, with a manual DNS workaround when certain free top-level domains don’t integrate cleanly. After Guacamole is installed, connections are added by entering hostnames/IPs, ports (22 for SSH, 3389 for RDP, 5901 for VNC), and credentials, then selecting RDP security mode NLA for Windows. The same approach works in the cloud (Lenode) or at home, with home access requiring router port forwarding (443, and often 80 for certificates).

Why does the tutorial route Guacamole through Cloudron instead of installing Guacamole directly?

Cloudron acts as an app platform that makes Guacamole’s setup “super easy” by handling the complicated parts that would otherwise require manual installation steps. In both cloud and home scenarios, the workflow uses Cloudron’s App Store to install Guacamole with minimal manual configuration, then configures Guacamole connections inside the web UI.

What domain and DNS steps are required before Guacamole can be reached in a browser?

A domain name is needed because Cloudron expects it. If starting from scratch, the tutorial uses Freenom to get a free domain (example: Stark Industries.tk). Then Cloudflare is set up by switching the domain’s nameservers to Cloudflare’s, enabling HTTPS. Cloudron and Guacamole are then assigned subdomains (e.g., guac.starkindustries.tk), and DNS records must point those subdomains to the correct server IP. When Cloudron can’t auto-manage DNS for certain domains, DNS is configured manually with an A record.

How are remote connections created inside Guacamole for different protocols?

Inside Guacamole, connections are added under settings → connections → new connection. For SSH, the protocol is set to SSH and port 22 is used, along with the target host/IP and credentials. For Windows, the protocol is set to RDP, port 3389 is used by default, and security mode is set to NLA (network level authentication); there’s also an option to ignore server certificates for typical home setups. For Linux graphical access, the protocol is set to VNC, using port 5901 by default, plus the VNC login credentials.

What networking changes are different between the cloud setup and the home-lab setup?

In the cloud, the server is already reachable via a public IP, so the main work is provisioning the VM, configuring Cloudron, and setting DNS to point to that public IP. In the home-lab, the user must forward ports on the router so external clients can reach Cloudron: port 443 is forwarded to the Cloudron VM’s internal IP, and port 80 may also be forwarded so Let’s Encrypt can issue certificates.

What are the default Guacamole credentials used after installation?

After Guacamole is installed via Cloudron, the default login is guac admin for both the username and the password (guac admin / guac admin). The tutorial then immediately uses the Guac admin account to create SSH, RDP, and VNC connections.

What’s the practical benefit of using Guacamole on mobile devices?

The tutorial emphasizes that mobile access works through the browser, meaning no separate SSH or RDP client apps are required. The main limitation mentioned is keyboard behavior on mobile (typing into terminals can be awkward), though a later note claims the keyboard works fine in practice.

Review Questions

  1. What specific ports does Guacamole use by default for SSH, RDP, and VNC in the walkthrough, and where are those values entered?
  2. Why might Cloudron require manual DNS configuration when using certain free top-level domains like .tk?
  3. In a home-lab deployment, which router ports must be forwarded for browser access and certificate issuance, and why?

Key Points

  1. 1

    Guacamole centralizes remote access to Windows (RDP), Linux shells (SSH), and Linux desktops (VNC) inside a browser-based dashboard.

  2. 2

    Cloudron streamlines Guacamole deployment by automating setup and providing an App Store for installing Guacamole.

  3. 3

    A domain name plus Cloudflare DNS is the backbone of making Guacamole reachable via HTTPS on a subdomain.

  4. 4

    Cloud deployments focus on VM provisioning and DNS pointing to a public IP, while home deployments require router port forwarding (443, and often 80).

  5. 5

    Guacamole connection setup is protocol-specific: SSH uses port 22, RDP uses port 3389 with NLA security mode, and VNC uses port 5901.

  6. 6

    After Guacamole installation via Cloudron, the default credentials are guac admin / guac admin, which are then used to add connections.

  7. 7

    When automatic DNS integration fails for certain domains, creating an A record manually to the server IP restores functionality.

Highlights

Guacamole turns remote machine access into a single browser workflow: click to connect to SSH, RDP, or VNC sessions without installing separate clients.
Cloudron’s App Store approach avoids the usual Guacamole installation friction by handling the heavy lifting behind the scenes.
Home access hinges on networking: port 443 forwarding (and port 80 for Let’s Encrypt) is what makes the browser gateway reachable from outside the house.
RDP connections are configured with NLA (network level authentication) and an option to ignore server certificates for typical home setups.
The tutorial’s default Guacamole login after install is guac admin / guac admin, then connections are created from the Guac admin settings page.

Topics

  • Guacamole Setup
  • Cloudron Deployment
  • Cloudflare DNS
  • RDP SSH VNC
  • Home Lab Port Forwarding

Mentioned

Get summaries like this for any content

Videos, articles, research papers — all summarized by AI and searchable in one place.

Start building your library