0
Ports Exposed
100%
Browser-Based
ZT
Zero Trust Auth
Access Flow
Kali GNU/Linux 2026.1 desktop rendered in Chrome at remote.evanakerly.com/guacamole — zero VPN required
Browser
Any device
→
Cloudflare ZT
Identity verification
→
Guacamole
remote.evanakerly.com
→
Kali Desktop
VirtualBox VM
Guacamole runs as a Docker Compose stack with three containers: guacamole, guacd (the native daemon), and PostgreSQL for session storage. A Cloudflare tunnel proxies the Guacamole web interface externally, with Zero Trust Access requiring authentication before any connection is established. The Kali VM connects to Guacamole via VNC on the internal VirtualBox network.
Key Features
-
Zero Trust Security No direct port exposure. All access flows through Cloudflare's identity-aware proxy. The Kali desktop is completely unreachable without authenticated access.
-
Anywhere Access Full Kali Linux desktop accessible from any browser on any device. No VPN client, no SSH tunneling, no port forwarding required.
-
Containerized Stack Entire Guacamole infrastructure runs as a Docker Compose stack. Easily reproducible, version controlled, and portable to any Docker host.
-
Session Management PostgreSQL backend stores connection configurations, user accounts, and session history. Multiple connections configurable for different lab targets.
Docker Compose Stack
The Guacamole stack is defined as a three-service Docker Compose configuration:
# Guacamole stack - docker-compose.yml services: guacd: image: guacamole/guacd restart: always guacamole: image: guacamole/guacamole restart: always ports: - "8080:8080" environment: GUACD_HOSTNAME: guacd POSTGRESQL_HOSTNAME: guacdb POSTGRESQL_DATABASE: guacamole_db guacdb: image: postgres:15 restart: always
⚠️ Security Note
Database credentials and sensitive environment variables are stored separately in a .env file
excluded from version control. The Guacamole port (8080) is not exposed publicly — all external
access is routed exclusively through the Cloudflare Zero Trust tunnel.
Use Cases
Penetration Testing Lab
Launch Nmap scans, Hydra brute force attacks, Metasploit modules, and Nikto web scans against lab targets directly from the browser — no local Kali install needed.
SOC Attack Simulation
Generate realistic attack traffic against the Wazuh SIEM to test detection rules, tune alerts, and document incident response workflows for portfolio evidence.
Remote Lab Access
Access the full home lab environment from any location — coffee shop, office, mobile — without carrying equipment or configuring remote access on each new network.
Certification Practice
CySA+, Security+, and future certifications require hands-on tool familiarity. Having Kali always accessible means practice happens whenever time allows.
Skills Demonstrated
-
Docker & Containerization Multi-container orchestration with Docker Compose. Inter-container networking, volume management, environment variable configuration.
-
Zero Trust Architecture Practical implementation of the Zero Trust model — no implicit trust, identity verification at every access point, no VPN dependency.
-
Database Administration PostgreSQL setup and initialization for Guacamole session storage. Schema initialization, credential management, container-to-container connectivity.
-
Linux Systems Administration VNC server configuration on Kali, systemd service management, network troubleshooting, and remote desktop protocol setup.