Creating a Remote Desktop Web Gateway on Raspberry Pi with Apache Guacamole
Last updated on February 6th, 2022
Smart Working needs are stressing the needs to have an external access to your Personal Computer from a remote station. This remote station can be whatever device, with whatever OS (and different versions). The very first need for people is remoting their Desktop to have access their docs and apps.
A flexible solution comes with Apache Guacamole™, an Open Source software able to give a clientless remote desktop access (via VNC, RDP, SSH, etc). This solution differs from common ones because it can be used from a simple Web Browser, helping to overcome client installation issues.
This guide will provide step-by-step procedure to install Apache Guacamole in your Raspberry PI, making it your personal remote desktop web gateway. Also Docker will be user to simplify service setup.
First of all, let me show a simple diagram to better understand what we are building.
This solution requires that:
- Your Raspberry PI can be reached from your laptop from where you want to see remote desktop
- Your remote PC have RDP configured or VNC server active or SSH remote connection enabled
In this post, I’m going to use a Windows RDP connection. A remote Windows 10 PC will be managed by an external device (maybe another PC with different OS, a tablet, etc).
What We Need
As usual, I suggest adding from now to your favourite e-commerce shopping cart all the needed hardware, so that at the end you will be able to evaluate overall costs and decide if continue with the project or remove them from the shopping cart. So, hardware will be only:
- Raspberry PI (including proper power supply or using a smartphone micro usb charger with at least 3A)
- high speed micro SD card (at least 16 GB, at least class 10)
- a device different from your remote PC (a different PC, tablet, etc)
Check hardware prices with following links:
Configure RDP on remote PC
Remote PS with Windows OS must be configured to accept connections from specified users already created. With Windows 7, users are usually belonging to Workgroup or specific domain, having a specific password. With Windows 8 / 10, users will usually match with mail address and related password. In both cases you must configure your user to belong in Remote Desktop Users group.
Note that you can’t connect to a computer that’s asleep or hibernating. Make sure settings for sleep and hibernation on remote computer are set to Never in Energy Management options.
Configure RDP on remote PC in Windows 7
For Windows 7 Remote PCs, the procedure can be found in https://support.microsoft.com/en-us/help/17463/windows-7-connect-to-another-computer-remote-desktop-connection:
- Open System by clicking Start button, right-clicking Computer, and then clicking Properties.
- Click Remote settings. If you’re prompted for an administrator password or confirmation, type the password or provide confirmation. Under Remote Desktop, select one of the three options.
- Click Select Users.
If you’re a computer administrator, your current user account will automatically be added to the list of remote users and you can skip next two steps.
- In Remote Desktop Users dialog box, click Add.
- In Select Users or Groups dialog box, do following:
- To specify search location, click Locations, and then select the location you want to search.
- In Enter the object names to select, type user name that you want to add, and then click OK.
The name will be displayed in user list of Remote Desktop Users dialog box. Click OK, and then click OK again.
Configure RDP on remote PC in Windows 8 / 10
For Windows 8 / 10 Remote PCs, procedure can be found in https://docs.microsoft.com/en-gb/windows-server/remote/remote-desktop-services/clients/remote-desktop-allow-access:
- On device you want to connect to, select Start and then click Settings icon on left.
- Select System group followed by Remote Desktop item.
- Use the slider to enable Remote Desktop.
- It is also recommended to keep PC awake and discoverable to facilitate connections. Click Show settings to enable.
- As needed, add users who can connect remotely by clicking Select users that can remotely access this PC.
Members of Administrators group automatically have access.
Install Raspberry PI OS Lite Operating System
Start installing Raspberry PI Os Lite as operating system.
Take note of your Raspberry PI IP address, that will be referred in this post as << YourRpiIpAddress >>.
Also for this part, please use Setup a Docker Environment with Raspberry PI OS Lite and Portainer article. Portainer is a simple and useful web GUI for docker, but its installation is optional for our purpose.
Run Guacamole Container
With Docker, runnung a Guacamole service is particularly easy.
Guacamole container is not ready AS-IS to run on Raspberry PI: it is built on AMD / Linux architecture. Our Raspberry PI, on the other hand, is an ARM architecture.
An help comes from Oznu/docker-guacamole image. With this, once connected to your Raspberry PI via SSH terminal, container can be setup with a simple one line command:
docker run -d -p 8080:8080 -v guacamole_config:/config oznu/guacamole:armhf
This will download required packages, setup a container (with config files mapped to a persistent volume) and make it running.
After container is running, please it a minute to have processes ready and running.
Configure Guacamole Connection
Now all operations will be done from the device / PC from which we want to viasualize web Remote Desktop.
Connect from browser to Guacamole login page of your Raspberry PI. Use the URL “http://<<YourRpiIpAddress>>:8080”
Login with default Guacamole user:
- USERNAME: guacadmin
- PASSWORD: guacadmin
From guacadmin user dropdown menu click on “Settings”:
In next page, click on “Connections” tab:
In next page, use “New Connection” button to configure a new connection:
Next page will let you configure a wide number of parameters to manage your connection type. For a basic Windows RDP connection, you must configure at least the following.
In EDIT CONNECTION section, please enter the name used to refer this connection in you Guacamole Home page (in my example “ASUS”). You can leave Location as ROOT. Please modify Protocol to “RDP”:
In “NETWORK” block, add Hostname parameter with your remote PC IP Address (“192.168.1.34” for my example). Port must be set to 3389 (default Windows RDP port).
In “AUTHENTICATION” section, you must enter user and password configured in your remote PC as enabled Remote Users. My remote PC OS is Windows 10, so my username is my mail address with entire mail domain (for example “email@example.com”). In this case, what is after @ becomes also the Domain (and it is not required to edit “Domain” parameter). If you have a local user, you should also include the domain (for example WORKGROUP of whatever is your).
“Security mode” must be set to “Any”. You must also set “Ignore server certificate” flag.
Scroll down this page to bottom and click Save button. Our new connection now appears in Connections list. Use this page only to edit available connections or to create new ones.
Use drop down menu under guacadmin user to go back Home page, where you will find your link to remote desktop connection. Click this link to load your remote desktop.
Remote Desktop to a Windows PC will automatically logout people using Remote PC. In the same way, if you try to launch Remote Desktop to the same PC where you are working, you will be logged out.
Apache Guacamole is plenty of interesing features, try them to find solution that best fit your needs.
I was expecting from this installation better performances from what I obtained with my Raspberry PI 3 Model B (in terms of readyness to commands). Maybe that some setting have to be tuned or a different protocol could perform better.
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?
11 thoughts on “Creating a Remote Desktop Web Gateway on Raspberry Pi with Apache Guacamole”
Is the image no longer available? I looked at the project and its archived in github.
Hi Mike. Yes, the project has been recently declared as archived, but image is available. This means that this project on github will be read only and any need of changes or support will not be assured by project owner. I’m thinking if I’ll change tutorial to follow Guacamole installation from sources (far more complex than docker installation) or if I’ll look for a different, similar image. In the menawhile, you can still use oznu image.
i found your project and installed it on my rspi3. At the beginning you wrote about https ? but i still missing the part to make it as https interface.
Best regards Wolfgang
Thank you for your feedback. That was a refuse on diagram picture, just corrected.
How do I move a thread to a different topic?
hi all 🙂
sorry, this is not a forum, this is a blog. For this reason you can’t move comments to different topics.
If you feel the need of a forum and we have a number of people interested on, I can try creating a forum section.
Please let me know and feel free to email me (my address is available in https://peppe8o.com/info/ page).
Como se llamo esto i am from SPAIN
Hola killHaini, puedes especificar mejor la pregunta? Cuál es el nombre de qué? [translated with Google Translate]
Hi! Thanks for your guide, I managed to install guacamole and I would like to access to a local ip address (web server), is it possible? It’s a tasmota server I need to access remotely. Thanks!
Hi José. Why you don’t use a simple VPN server to access your local network remotely and get your webserver available from remote browser? In my blog you can find a guide to install Pivpn
Thanks Peppe8o. I’ll take a look.!!