fix(rdp): VERSION echo + guacd host networking for overlay reach

- Echo VERSION_X_Y_Z args back to guacd in CONNECT handshake - Set guacd to network_mode: host so it can reach RDP targets on NetBird/Tailscale overlay networks (100.64.x.x) - App container uses host.docker.internal to reach guacd on host - Add diagnostic logging for guacd→browser instruction relay Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-14 05:23:02 -04:00 · 2026-03-14 05:23:02 -04:00 · 80463235b0
commit 80463235b0
parent 9d3a93bea9
3 changed files with 15 additions and 5 deletions
--- a/backend/src/rdp/guacamole.service.ts
+++ b/backend/src/rdp/guacamole.service.ts
@ -170,7 +170,11 @@ export class GuacamoleService {
    };

    // Build values array matching the exact order guacd expects
-    const values = argNames.map((name) => paramMap[name] ?? '');
+    // VERSION_X_Y_Z args must be echoed back as-is
+    const values = argNames.map((name) => {
+      if (name.startsWith('VERSION_')) return name;
+      return paramMap[name] ?? '';
+    });
    return this.encode('connect', ...values);
  }

--- a/backend/src/rdp/rdp.gateway.ts
+++ b/backend/src/rdp/rdp.gateway.ts
@ -91,10 +91,13 @@ export class RdpGateway {

    // Pipe guacd → browser: wrap raw Guacamole instruction bytes in JSON envelope
    socket.on('data', (data: Buffer) => {
+      const instruction = data.toString('utf-8');
+      // Log first few instructions or errors for diagnostics
+      if (instruction.includes('error') || instruction.includes('ready') || instruction.includes('nop')) {
+        this.logger.log(`[guacd→browser] ${instruction.substring(0, 200)}`);
+      }
      if (client.readyState === 1 /* WebSocket.OPEN */) {
-        client.send(
-          JSON.stringify({ type: 'guac', instruction: data.toString('utf-8') }),
-        );
+        client.send(JSON.stringify({ type: 'guac', instruction }));
      }
    });

--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -6,8 +6,10 @@ services:
      DATABASE_URL: postgresql://wraith:${DB_PASSWORD}@postgres:5432/wraith
      JWT_SECRET: ${JWT_SECRET}
      ENCRYPTION_KEY: ${ENCRYPTION_KEY}
-      GUACD_HOST: guacd
+      GUACD_HOST: host.docker.internal
      GUACD_PORT: "4822"
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
    depends_on:
      postgres:
        condition: service_healthy
@ -17,6 +19,7 @@ services:

  guacd:
    image: guacamole/guacd
+    network_mode: host
    restart: always

  postgres: