The official guacamole/guacd image ships FreeRDP 2.x, which crashes
silently when connecting to Windows 11 22H2+ hosts due to NLA/CredSSP
cipher-suite changes. FreeRDP 3.x resolves this.
- docker/guacd.Dockerfile: builds guacamole-server 1.6.0 from source on
Ubuntu 24.04 against freerdp3-dev (FreeRDP 3.5.1+); uses
CPPFLAGS=-Wno-error=deprecated-declarations to suppress upstream
deprecation warnings in freerdp3 headers
- docker-compose.yml: switch guacd service from official image to local build
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add TCP connectivity pre-test before guacd handshake — gives a clear
error message if the RDP host is unreachable from the Docker network
- Add disable-gfx:true (disables GFX Pipeline Extension, known FreeRDP
2.x crash source on Windows 10/11) and cert-tofu:true
- Log tcpBuf flush content and all guacd data at debug level so we can
see exactly what guacd sends after the ready instruction
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- rdp.ts: dynamically acknowledge guacd's VERSION_x_y_z parameter by
echoing it back in the connect instruction. Without this, guacd 1.5+
runs in legacy mode which crashes FreeRDP on modern Windows targets.
Also add disable-glyph-caching and resize-method params.
- docker-compose: upgrade guacd from 1.5.4 to latest to get FreeRDP 3.x
which fixes known crash bugs with Windows 11 22H2+ / Server 2022
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- docker-compose: override guacd command with -L debug flag so FreeRDP
errors are visible in `docker logs mremotify-guacd-1`
- rdp.ts: log RDP host/user, arg names, ready instruction, proxy-mode
entry, and any error/disconnect instructions from guacd
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- RdpTab: remove token from base URL; pass via client.connect(data)
because WebSocketTunnel always appends "?"+data to the URL,
corrupting a pre-built ?token=JWT into ?token=JWT?<data>
- rdp.ts: send UUID as Guacamole internal instruction "0.,36.<uuid>;"
(opcode="" = INTERNAL_DATA_OPCODE) instead of a plain string,
matching the WebSocketTunnel 1.5.0+ protocol expectation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- MainLayout: replace inner <Layout> with row-flex div so sidebar and
session tabs appear side-by-side instead of stacked vertically
- global.css: add Ant Design Tabs CSS overrides so tab pane content
fills available height (SSH terminal and RDP canvas sized correctly)
- rdp.ts: send guacd's ready-UUID as first WebSocket message so
Guacamole.WebSocketTunnel completes its tunnel handshake correctly
- RdpTab: add connecting/error/disconnected status overlays for
visibility when RDP fails
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
prisma migrate deploy requires migration files to exist — creates the
users, folders, and connections tables with all foreign key constraints.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add binaryTargets = ["native", "linux-musl-openssl-3.0.x"] to the
Prisma generator so the correct engine binary is bundled for Alpine
- Install openssl in the runtime Docker stage via apk
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Inline tsconfig.base.json settings into frontend/tsconfig.json (same
Docker context issue as backend — only frontend/ is copied)
- Upgrade @types/react and @types/react-dom to ^19.0.0 to satisfy
antd 5.20.x which references React.ActionDispatch (React 19 type);
React 18 runtime is unchanged
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Inline tsconfig.base.json settings into backend/tsconfig.json so the
Docker build (which only copies backend/) can resolve them
- Replace default imports of Node built-ins (crypto, net) with named imports
- Replace default bcrypt import with named imports (compare, hash)
- Switch @fastify/websocket from v8 to v7 (SocketStream API) to match
Fastify v4 peer dependency; update WebSocket handler signatures accordingly
- Remove obsolete `version` key from docker-compose.yml
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sets up the complete mRemotify project — a browser-based remote
connection manager — with a working pnpm workspace monorepo:
Frontend (React + TypeScript + Vite + Ant Design 5):
- Login page with JWT auth
- Resizable sidebar with drag-and-drop connection tree (folders + connections)
- Tabbed session area (SSH via xterm.js, RDP via guacamole-common-js)
- Connection CRUD modal with SSH/RDP-specific fields
- Zustand store for auth, tree data, and open sessions
Backend (Fastify + TypeScript + Prisma + PostgreSQL):
- JWT authentication (login + /me endpoint)
- Full CRUD REST API for folders (self-referencing) and connections
- AES-256-CBC password encryption at rest
- WebSocket proxy for SSH sessions (ssh2 <-> xterm.js)
- WebSocket proxy for RDP sessions (guacd TCP handshake + bidirectional relay)
- Admin user seeding on first start
Infrastructure:
- Docker Compose: postgres (healthcheck) + guacd + backend + frontend/nginx
- nginx: serves SPA, proxies /api and /ws (with WebSocket upgrade) to backend
- .env.example with all required variables documented
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
