Roger Beraldi Martins created GUACAMOLE-2199:
------------------------------------------------
Summary: Allow dynamic injection of client Base URL via HTTP
Header for stateless load balancing
Key: GUACAMOLE-2199
URL: https://issues.apache.org/jira/browse/GUACAMOLE-2199
Project: Guacamole
Issue Type: Improvement
Components: guacamole-client
Affects Versions: 1.6.0
Environment: RHEL/OpenShift/Openstack, Fedora/OKD/Openstack,
Kubernetes/container VirtualMachines
Reporter: Roger Beraldi Martins
Fix For: 1.6.1
I have developed an architectural improvement for stateless load balancing
(dynamic Base URL injection) on RHEL/OpenShift environments. I wish to open a
JIRA ticket and submit a Pull Request to contribute this feature back upstream
to the Apache Guacamole project.
*Problem:* Currently, Guacamole relies on Sticky Sessions (Session Affinity) to
ensure client requests route to the correct internal node. In modern
containerized environments (Kubernetes Ingress, Zero-Trust Gateways), sticky
sessions are not always reliable or possible across domain boundaries.
*Proposed Solution:* Introduce a mechanism to allow an upstream proxy (Load
Balancer/Ingress) to inform the Guacamole Client where it should connect for
the WebSocket tunnel.
*Implementation Details:*
# Add a {{baseUrl}} field to {{{}APIAuthenticationResult{}}}.
# Maintain backward compatibility for {{APIAuthenticationResult}} constructors.
# Introduce a new {{guacamole.properties}} setting:
{{{}auth-base-url-header{}}}.
# Update {{TokenRESTService}} to inspect this header (if configured) and
inject the URL into the authentication response.
This shifts routing intelligence from the infrastructure layer (Sticky
Sessions) to the application layer (Explicit URL handoff).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
