Synology NAS Apache Guacamole Setup Instructions!

  • Post author:WunderTech
  • Post published:October 8, 2020
  • Post last modified:October 30, 2023
  • Post category:Synology
  • Reading time:11 mins read
  • Post comments:10 Comments

Today we are going to look at how to install Apache Guacamole on a Synology NAS.

Apache Guacamole is a client-less remote desktop gateway that runs in your browser. In summary, you’re able to RDP, VNC, or SSH into devices on your network through a web browser. The tool works very well and allows you to manage all your connections in a centralized location accessible by a web browser.

Setting up Apache Guacamole on a Synology NAS is straight forward and works very well. I recently created a tutorial on how you can set up Apache Guacamole on a Raspberry Pi, but my preferred approach is by using a Synology NAS.

1. Instructions – Synology NAS Apache Guacamole

1. If you haven’t already, download Docker from Synology’s Package Center.

2. Under the Docker folder that is automatically created, create a new folder named Guacamole.

synology nas apache guacamole - docker folder creation

3. Go to the Registry in Docker and search for Guacamole. Download the package oznu/guacamole.

synology nas apache guacamole container download

4. When the image finishes downloading, select Image and double-click the oznu/guacamole image.

image downloaded and container creation

5. Give the container a name and check off execute container using high privilege. When the warning appears, select yes. Then, select Advanced Settings.

synology nas apache guacamole container creation

6. Check off Enable auto-restart.

7. Under Volume, select Add Folder and select the Guacamole folder we created in step two. Enter the mount path as /config.

synology nas apache guacamole volume setup

8. Under Port Settings, change the Local Port from Auto to 8080. NOTE: If you are using port 8080 for something else on your Synology NAS, you will have to change this port to something not currently in use.

synology nas apache guacamole port configuration

9. Apply the settings to complete the setup.

apache guacamole container settings

10. If you are using Synology’s Firewall, ensure that you create an allow rule for port 8080.

Synology NAS Apache Guacamole Setup Instructions!

2. Connecting to Apache Guacamole

1. Navigate to Apache Guacamole using your Synology NAS’s IP address and port 8080.

http://[SYNOLOGY_NAS_IP]:[8080]

2. When you access the landing page, log in with the username guacadmin and password guacadmin.

synology nas apache guacamole login screen

3. The first thing we will do is create a new username and delete guacadmin. In the top right, select guacadmin and then settings. Select Users and then New User.

synology nas apache guacamole user account setup

4. Create a new user and save. NOTE: There are a bunch of different options here that you can tinker with if you’d like.

synology nas apache guacamole account password

5. Logout and then log in with your newly created user. Navigate to the settings and then delete the guacadmin user.

6. The setup process is now complete!

3. Remote Connection Setup – Synology NAS Apache Guacamole

Setting up a remote connection is super simple. The key is to ensure that the destination device (Windows, Mac, Linux PC) is configured properly. Generally, you will be using RDP or VNC sessions if you’d like to view the desktop of a destination PC and SSH if you’d like to connect to the terminal. I’m not going to go over each example, but I will go over the general way of adding a new group and connection.

Once again, it’s very important to setup the destination device so that it can accept RDP, VNC or SSH connections!

3.1 How to Create a Connection Group – Synology NAS Apache Guacamole

Groups give you an easy way of structuring your machines. This will need to be created based on your requirements, but I generally split my machines up by category (Windows, Linux).

1. Navigate to the settings and select Connections, then New Group.

synology nas apache guacamole connections

2. Give your group a name, modify any settings you’d like, and select Save.

apache guacamole connection group

3.2 How to Create a New Connection

Connections are what you’ll use to connect to your machines. I am not going to give specific examples but will show you how you can create RDP, VNC, or SSH connections.

1. Navigate to the settings and select Connections, then New Connection.

connection setup in apache guacamole

2. Enter a Name and then select Location to pick a group. Under Protocol, select RDP, VNC, or SSH.

3. There are a ton of settings here, but simply entering the information in the Parameters section will allow you to connect. Add your Hostname and port (3389 for RDP, 5900 for VNC, 22 for SSH). Then add your Username and Password to the destination device and save the connection. There are a ton of other options that can be changed, but in general, these are the most important.

synology nas apache guacamole setup for clients

4. Multi-factor Authentication

There are many reasons why someone would want to expose Apache Guacamole to the outside internet. Generally, it’s suggested that rather than exposing the service, you use a VPN to tunnel back to your home network. However, if you want to expose this to the internet, it’s best if you use a reverse proxy. You can use Synology’s built-in reverse proxy (I have a tutorial here on how to do it using Bitwarden, but you will have to substitute port 5555 in the tutorial with port 8080 and create a Let’s Encrypt Certificate) or Nginx Proxy Manager. To enable two-factor authentication, follow these steps.

1. Stop the Apache Guacamole Docker container.

2. Edit the container and select Environment.

3. Select Add and enter EXTENSIONS in the variable and auth-totp in the value. Then select Apply.

two factor authentication environment variable

4. Start the container and when you login, you will be asked to set up multi-factor authentication!

multi-factor authentication on web page

5. Conclusion – Synology NAS Apache Guacamole

Apache Guacamole is an awesome little tool and it’s super easy to setup on a Synology NAS. It’s very nice to be able to manage remote connections in a central location and it’s great that it works on all devices with a web browser! I’ve always used remote desktop connection tools but it was an entire setup every time I’d like to implement it on a new device. This is an easy way to hit all of your devices at the same time!

If you have any questions, please leave them in the comments. Thanks for reading!

WunderTech

WunderTech is a website that provides tutorials and guides on various NAS, server, networking, and infrastructure-related topics. WunderTech is maintained by Frank Joseph, an IT professional with 14+ years of experience in corporate IT and application management. He focuses on sharing his experience with others on his WunderTech website and YouTube page. Frank holds a Bachelor of Science in Computer Information Systems and a master of Business Administration (MBA).

This Post Has 10 Comments

  1. Hisashi

    On DSM 7 You must create subfolders for guacamole and postgres on docker guacamole config folder and mount thatfor guacamole conteiner as:
    1 /docker/guacamole >> /config/guacamole
    2 /docker/guacamole/postgres >> /config/postgres

    BTW set ovner for this folder ad your admin DSM user to full access if You do not this You get pemision error to postgres folder on DSM 7

    1. WunderTech

      I will have to look into this for DSM 7. Thanks a lot for letting me know and posting the solution!

  2. llanes

    I also had this issue cannot use RDP it shows that the requested connection does not exist, whether I use the IP address or hostname , I even created an exception in windows firewall to allow port 3389. still the same the connection tries to connect to a remote host 172.17.0.1.

  3. Schmidi

    hello 🙂
    i can’t connect over RDP to a Windows 10 maschine. over ssh is not a problem

    1. WunderTech

      Do you have a firewall enabled on your Windows PC? If so, have you allowed traffic on port 3389 (RDP port)? Also, can you RDP into it from other Windows devices?

  4. Ferran

    Hi, I have tried this but apache would not connect to any of my machines. It keeps timing out. The connection tries to connect to a remote host 127.17.0.1 which is not the IP address of the machine it should connect to. I have tried with different machines, even with my Pi but it cannot connect via guacamole on ssh but when I ssh into it from my mac it connects with no problem. Anyone knows what the issue might be? thanks!

    1. WunderTech

      Do you know if the settings are saving as they’re supposed to? Meaning that if you save an entry and go back into it, does it still have the correct IP address and port?

    2. vladdi

      I have the same issue, guacamole is waiting for a response and then just timing out.
      screensharing and VNC client on mac and windows work well!

  5. GRAY

    Is it possible to use 2FA with Duo’s push features? There’s a Guac extension named guacamole-auth-duo-1.2.0.jar which exists in the /guacamole/guacamole/extensions-available folder, but when I copy it to the /guacamole/guacamole/extensions, it disappears shortly after. I’ve tried adding an Environment variable called “EXTENSIONS” (and a value of “auth-duosecurity”) but that doesn’t work.

    With your method, it only accepts a numeric code. I’d like to enable the Duo app’s push features.

Leave a Reply