Self hosting a remote desktop server

[kropotkin]

I want to install a small low-power windows PC that I can connect to from outside my network, using a remote desktop-type interface.

I want to be able to connect to a session in which i'll have access to my files, my copy of Word and full version of Acrobat, and can continue working on documents from wherever I am.

Currently I carry a laptop with me, but am often in places where there are computers anyway. In an ideal world it would work like my corporate NHS remote desktop- I can use any web browser on any computer anywhere and get into a desktop like i'm in the hospital. Seems to be Microsoft Remote Desktop web.

Can I safely do this at home?

I saw what looked perfect, which is guacamole from Apache, but this seems to only run on Linux and I specifically want to be able to get into a Windows session.
Other options seem to require either installable files or certain ports to be open on the client machine.

This isn't my area of expertise but i'm hoping someone here knows exactly what I need to do!

[This is all because i've bought a little N100 mini-PC to replace my home-assistant setup running on a rpi4]

 

[Magnus McGinty]

Can’t you just access a home PC via something like TeamViewer?

 

[kropotkin]

Does that need software on the client machine, or specifically open ports?

 

[Magnus McGinty]

Does that need software on the client machine, or specifically open ports?

Just TeamViewer on both machines. In terms of software though, like using Word remotely, you’ll need a very good connection both ends or you’ll get lag.

 

[Magnus McGinty]

I should add that all this does is enable you to control the home PC remotely. It isn’t an intranet, if that’s what you wanted.

 

[Boris Sprinkler]

Team viewer tunnels out via 443/tcp which is the standard https port. It was a nightmare trying to control on a corporate network as it went against all our policies. But, it fixed the technicians requirements and we had to create an exemption. And personally for me, revisit my reasoning for those requirements. Rules are put in place to give the illusion of control. But all they often do is hinder progress.

 

[kropotkin]

Ah that sounds good then. Thanks.

 

[kropotkin]

Got the mini pc on Sunday.
As of this morning finished setting it all up

Have proxmox on it, with three vms
1. Windows 11 pro
2. Guacamole server running in docker
3. My home assistant instance

All running at the same time. I'm amazed that this can now be done, especially on something consuming 6w idle and costing £115.

I have a cloudflare tunnel securing access to the machine running guacamole. This then provides secure Lan access to rdp running on the windows machine, which wakes from hibernation when this happens. This is secured by Google authenticator.

I now have a secure system that I can get into from any machine with a web browser. I just type in my domain and there is my desktop, with a persistent rdp session so everything stays open.

This is amazing!

 

[two sheds]

what model is it?

 

[kropotkin]

It's fucking ace

Firebat t8 pro

 

[editor]

It's fucking ace

Firebat t8 pro

I wish PCs did have names like that.

Would you like the "Pretty Good" model, "The Bastard Nippy" one or would you like to go all out and purchase the "Fucking Ace" configuration?

 

[kropotkin]

Firebat is pretty good as far as names go

 

[kropotkin]

Firebat is pretty good as far as names go

I love Chinese English nonsense names

 

[UnderOpenSky]

I'm jealous. The N100 I got recently is Topton, which is nowhere near as good a name as Firebat.

I did the whole remote desktop thing to my home network by setting up a Remote Desktop Gateway, but that required a Windows Server VM, so no where near as efficient as this.

 

[8ball]

Rules are put in place to give the illusion of control. But all they often do is hinder progress.

The autumn chill wind tears at the face of wholesome industry.

 

[kropotkin]

Update


Now I have two free cloudflare tunnels into my system, one to the home assistant and one to the docker system running guacamole.
Both systems are now accessible via the web with no ports open on my router at all.

Additionally, as the cloudflare tunnels have the wireguard protocol built in, I can wireguard in to wither tunnel (again with no open ports). So I have full secure access to the network with no open ports. So good!

 

[Saul Goodman]

Update


Now I have two free cloudflare tunnels into my system, one to the home assistant and one to the docker system running guacamole.
Both systems are now accessible via the web with no ports open on my router at all.

Additionally, as the cloudflare tunnels have the wireguard protocol built in, I can wireguard in to wither tunnel (again with no open ports). So I have full secure access to the network with no open ports. So good!

I'm in the process of setting up secure remote access to my home assistant. This seems ideal

 

[kropotkin]

I'm in the process of setting up secure remote access to my home assistant. This seems ideal

How did you get on?

This still works perfectly and I use it every day.
Having a persistent desktop I can get into from anywhere (including my laptop when out and about/abroad using wire guard and remote desktop) is brilliant. Work stays open and I can get back to it without opening a thousand windows.

 

[Saul Goodman]

How did you get on?

This still works perfectly and I use it every day.
Having a persistent desktop I can get into from anywhere (including my laptop when out and about/abroad using wire guard and remote desktop) is brilliant. Work stays open and I can get back to it without opening a thousand windows.

I haven't had time to do much of anything with it yet, and I still need to set up access to my NAS, but I'm really happy with it, and my nephew liked it, until his missus decided she wanted a similar setup
I get a bill every month from Cloudflare, but it's for $0.00, so I can live with that, and a few quid a year for a domain name is nothing, when you consider what they're throwing in with it.
I did have remote access previously, but it was just through an Asus DDNS account, and I wanted something more secure. This ticked all the boxes
The little Asus i7 Chromebox I'm using for Home Assistant is eating the task. I originally bought a Beelink N100 for the job, but that's still sat in its box, as It seems like overkill when you realise how few resources it takes to run HA. But I'm sure I'll find a use for it, eventually.

 

[UnderOpenSky]

I haven't had time to do much of anything with it yet, and I still need to set up access to my NAS, but I'm really happy with it, and my nephew liked it, until his missus decided she wanted a similar setup
I get a bill every month from Cloudflare, but it's for $0.00, so I can live with that, and a few quid a year for a domain name is nothing, when you consider what they're throwing in with it. And I got a nice domain name... www.nestlink.xyz
I did have remote access previously, but it was just through an Asus DDNS account, and I wanted something more secure. This ticked all the boxes
The little Asus i7 Chromebox I'm using for Home Assistant is eating the task. I originally bought a Beelink N100 for the job, but that's still sat in its box, as It seems like overkill when you realise how few resources it takes to run HA. But I'm sure I'll find a use for it, eventually.

Very quick and dirty method for your nephew....install tail scale VPN on both devices and just use regular RDP.

 

[Saul Goodman]

Very quick and dirty method for your nephew....install tail scale VPN on both devices and just use regular RDP.

But his missus 'needs' all the home automation stuff. That's the work he didn't want.