Overview

#

Accessing your machines securely over the internet usually requires configuring a VPN client compatible with your home network. Once connected, you still need to manage a VNC or RDP session to interact with your system. This approach often comes with complexity, overhead, and potential misconfigurations that increase the attack surface.

Portado eliminates the need for a traditional VPN by providing direct, secure, browser-based access to your homelab machines. Through a combination of Cloudflare Tunnel, Nginx reverse proxy, and Apache Guacamole, Portado delivers clientless RDP, SSH, and VNC over HTTPS.

Key Features of Portado

#

• Zero Trust Architecture – All VMs live inside a DMZ with no internal LAN access except Guacamole communication.
• VPN-Free Secure Access – Access machines directly from any internet-enabled device.
• Clientless RDP, SSH & VNC – No extra software needed; everything runs in the browser.
• Strong Security Boundary – OPNsense firewall enforces filtering and routing.
• Cloudflare Tunnel Integration – Services are securely exposed without opening inbound ports.
• Scalability – Easily extend access to more VMs while maintaining isolation.
• Dockerized Deployment – Uses docker-compose for portability and easy setup.

Portado - Full Documentation

Step-by-step guide on how I deployed Portado with Cloudflare Tunnel, OPNsense, and Guacamole.

https://portado.arbaazjamadar.com

arbaaz29/guacamole-docker-compose

Guacamole with docker-compose using MariaDB, nginx with SSL (self-signed)

Shell

0

0