[
https://issues.apache.org/jira/browse/GUACAMOLE-2199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18049940#comment-18049940
]
Nick Couchman commented on GUACAMOLE-2199:
------------------------------------------
Thanks [~rogerberaldi] , please feel free to open a pull request and we will
review.
Keep in mind that this may not fully addresses all of the issues with load
balancing. As all of the data regarding sessions and active connections is
stored in-memory, and there is currently no mechanism to synchronize that data
among multiple instances of the Guacamole Client, things like authentication
tokens, connection sharing, and connection limits may still not function as
intended among multiple instances of the client, even with the changes you're
proposing.
Maybe the changes you intend to make will address all of that, but just wanted
to offer that word of caution. There is currently a Jira issue out there,
already, to track HA support: GUACAMOLE-283.
> Allow dynamic injection of client Base URL via HTTP Header for stateless load
> balancing
> ---------------------------------------------------------------------------------------
>
> Key: GUACAMOLE-2199
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-2199
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-client
> Affects Versions: 1.6.0
> Environment: RHEL/OpenShift/Openstack, Fedora/OKD/Openstack,
> Kubernetes/container VirtualMachines
> Reporter: Roger Beraldi Martins
> Priority: Minor
> Labels: LoadBalancing, containerization, virtualiztion
> Fix For: 1.6.1
>
>
> I have developed an architectural improvement for stateless load balancing
> (dynamic Base URL injection) on RHEL/OpenShift environments. I wish to open a
> JIRA ticket and submit a Pull Request to contribute this feature back
> upstream to the Apache Guacamole project.
>
> *Problem:* Currently, Guacamole relies on Sticky Sessions (Session Affinity)
> to ensure client requests route to the correct internal node. In modern
> containerized environments (Kubernetes Ingress, Zero-Trust Gateways), sticky
> sessions are not always reliable or possible across domain boundaries.
> *Proposed Solution:* Introduce a mechanism to allow an upstream proxy (Load
> Balancer/Ingress) to inform the Guacamole Client where it should connect for
> the WebSocket tunnel.
> *Implementation Details:*
> # Add a {{baseUrl}} field to {{{}APIAuthenticationResult{}}}.
> # Maintain backward compatibility for {{APIAuthenticationResult}}
> constructors.
> # Introduce a new {{guacamole.properties}} setting:
> {{{}auth-base-url-header{}}}.
> # Update {{TokenRESTService}} to inspect this header (if configured) and
> inject the URL into the authentication response.
> This shifts routing intelligence from the infrastructure layer (Sticky
> Sessions) to the application layer (Explicit URL handoff).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
