A comprehensive solution for secure remote desktop and terminal access using Apache Guacamole, VNC, and TTYD, tunneled through Cloudflare. This setup provides both GUI and terminal access through a web browser, secured by Cloudflare's tunnel service.
This project provides a complete setup for accessing Ubuntu desktop and terminal through a web browser, using:
- Guacamole for VNC-based desktop access (gui.yourdomain.com)
- TTYD for web-based terminal (dev.yourdomain.com)
Both secured and tunneled through Cloudflare, requiring no open ports.
- Overview
- Features
- Prerequisites
- Installation
- Configuration Files
- Security
- Troubleshooting
- Contributing
- License
This project provides a complete setup for remote system access through:
- Web-based GUI using Apache Guacamole and VNC
- Web-based terminal using TTYD
- Secure tunneling through Cloudflare
- No port exposure to the internet
- Apache Guacamole: Web-based remote desktop gateway
- VNC Server (x11vnc): Remote desktop access
- TTYD: Web terminal access
- Cloudflare Tunnel: Secure connection tunneling
- XFCE Desktop: Lightweight desktop environment
- π Secure access without exposed ports
- π Browser-based access (no client software needed)
- π± Mobile device compatible
- π Separate authentication for GUI and terminal
- π Fast and reliable connection through Cloudflare's network
- π₯ Multi-user support
- Ubuntu Server (20.04 LTS or newer)
- A domain name with Cloudflare DNS
- Cloudflare account with access to create tunnels
- Root or sudo access on the server
- Git installed
- At least 2GB RAM and 20GB storage
- Basic understanding of Linux systems and networking
git clone git@github.com:prakash-aryan/guacamole-cloudflare-tunnel.git
cd guacamole-cloudflare-tunnel- Register a domain if you don't have one
- Add domain to Cloudflare
- Ensure Cloudflare DNS is active
# Download latest cloudflared
curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -o cloudflared.deb
# Install package
sudo dpkg -i cloudflared.deb# Login to Cloudflare
cloudflared login
# Create tunnel
cloudflared tunnel create remote-access
# Copy tunnel credentials
sudo mkdir -p /etc/cloudflared
sudo cp ~/.cloudflared/*.json /etc/cloudflared/
# Copy config file
sudo cp config/cloudflared/config.yml /etc/cloudflared/
# Configure DNS
cloudflared tunnel route dns <tunnel-id> gui.yourdomain.com
cloudflared tunnel route dns <tunnel-id> dev.yourdomain.comsudo apt update
sudo apt install -y \
tomcat9 \
xvfb \
x11vnc \
xfce4 \
build-essential \
libcairo2-dev \
libjpeg-turbo8-dev \
libpng-dev \
libtool-bin \
libossp-uuid-dev \
libavcodec-dev \
libavformat-dev \
libavutil-dev \
libswscale-dev \
freerdp2-dev \
libpango1.0-dev \
libssh2-1-dev \
libtelnet-dev \
libvncserver-dev \
libwebsockets-dev \
libpulse-dev \
libssl-dev \
libvorbis-dev \
libwebp-dev \
ttydwget https://downloads.apache.org/guacamole/1.5.3/source/guacamole-server-1.5.3.tar.gz
tar xzf guacamole-server-1.5.3.tar.gz
cd guacamole-server-1.5.3
./configure --with-init-dir=/etc/init.d
make
sudo make install
sudo ldconfig# Create VNC directory
mkdir -p ~/.vnc
# Set VNC password
x11vnc -storepasswd $USER/.vnc/passwd# Copy service files
sudo cp config/systemd/* /etc/systemd/system/
# Start services
sudo systemctl daemon-reload
sudo systemctl enable --now xvfb
sudo systemctl enable --now x11vnc
sudo systemctl enable --now ttyd
sudo systemctl enable --now cloudflaredAfter installation, you can access:
- Desktop interface: https://gui.yourdomain.com
- Terminal interface: https://dev.yourdomain.com
Default credentials:
- GUI (Guacamole): Set in user-mapping.xml
- Terminal (TTYD): Set in ttyd.service
.
βββ config/
β βββ cloudflared/
β β βββ config.yml
β βββ guacamole/
β β βββ guacamole.properties
β β βββ user-mapping.xml
β βββ systemd/
β βββ cloudflared.service
β βββ ttyd.service
β βββ x11vnc.service
β βββ xvfb.service
βββ html/
β βββ guacamole.html
β βββ index.html
βββ vnc/
β βββ xstartup
β βββ x-startup.sh
βββ sys.svg
- Use strong passwords
- Regularly update system packages
- Monitor access logs
- Back up configurations
- Consider implementing 2FA
- Keep Cloudflare security settings strict
Monitor service logs:
sudo journalctl -u x11vnc
sudo journalctl -u cloudflared
sudo journalctl -u ttyd-
VNC Connection Failed
# Check service status sudo systemctl status x11vnc # Verify display echo $DISPLAY
-
Cloudflare Tunnel Issues
# Check tunnel status cloudflared tunnel list # Check logs sudo journalctl -u cloudflared
-
TTYD Access Problems
# Verify service sudo systemctl status ttyd # Check port ss -tulpn | grep 3001
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
git@github.com:prakash-aryan/guacamole-cloudflare-tunnel.git