-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Route Guacamole traffic through the app gateway #4032
Comments
This PR resolves the issue however wasn’t merged as it introduced a 100 workspace limit (due to App Gateway max 100 backend pool limit): Wondering whether a shared Guacamole service might be a plausible solution instead, rather than 1 per workspace - though are there downsides to this approach? |
The reason we did it independently was to minimise the work needed to handle auth for each workspace. The shared service would be an ok solution from my perspective, as long as tokens are validated against the appropriate workspace application ID. At the moment we use OAuth Proxy - https://github.com/oauth2-proxy/oauth2-proxy. In addition the custom authentication extension (java) access the KeyVault in the workspace to retrieve the credentials for the VM. So it's not straight forward, but if want to put a design proposal together, and are willing to put in the time to do a PR once aligned, then we can discuss it. |
OK thanks for the info, still considering options at the moment.
|
See #3731 |
Route Guacamole traffic through the App Gateway, and do not allow direct connections to guacamole service endpoints.
This would provide the following benefits:
The text was updated successfully, but these errors were encountered: