nerdlicht/docker-container
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add Git stuff

Browse Source
This commit is contained in:
Sönke Domröse
2025-04-09 07:09:53 -05:00
parent 0bf105f83e
commit e0ae8f2bed
23 changed files with 820 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
guacamole-docker-compose/README.md Normal file
View File

@@ -0,0 +1,152 @@
# Guacamole with docker compose
This is a small documentation how to run a fully working **Apache Guacamole (incubating)** instance with docker (docker compose). The goal of this project is to make it easy to test Guacamole.
## About Guacamole
Apache Guacamole (incubating) is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. It is called clientless because no plugins or client software are required. Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.
It supports RDP, SSH, Telnet and VNC and is the fastest HTML5 gateway I know. Checkout the projects [homepage](https://guacamole.incubator.apache.org/) for more information.
## Prerequisites
You need a working **docker** installation and **docker compose** running on your machine.
## Quick start
Clone the GIT repository and start guacamole:
~~~bash
git clone "https://github.com/boschkundendienst/guacamole-docker-compose.git"
cd guacamole-docker-compose
./prepare.sh
docker compose up -d
~~~
Your guacamole server should now be available at `https://ip of your server:8443/`. The default username is `guacadmin` with password `guacadmin`.
## Details
To understand some details let's take a closer look at parts of the `docker-compose.yml` file:
### Networking
The following part of docker-compose.yml will create a network with name `guacnetwork_compose` in mode `bridged`.
~~~python
...
# networks
# create a network 'guacnetwork_compose' in mode 'bridged'
networks:
guacnetwork_compose:
driver: bridge
...
~~~
### Services
#### guacd
The following part of docker-compose.yml will create the guacd service. guacd is the heart of Guacamole which dynamically loads support for remote desktop protocols (called "client plugins") and connects them to remote desktops based on instructions received from the web application. The container will be called `guacd_compose` based on the docker image `guacamole/guacd` connected to our previously created network `guacnetwork_compose`. Additionally we map the 2 local folders `./drive` and `./record` into the container. We can use them later to map user drives and store recordings of sessions.
~~~python
...
services:
# guacd
guacd:
container_name: guacd_compose
image: guacamole/guacd
networks:
guacnetwork_compose:
restart: always
volumes:
- ./drive:/drive:rw
- ./record:/record:rw
...
~~~
#### PostgreSQL
The following part of docker-compose.yml will create an instance of PostgreSQL using the official docker image. This image is highly configurable using environment variables. It will for example initialize a database if an initialization script is found in the folder `/docker-entrypoint-initdb.d` within the image. Since we map the local folder `./init` inside the container as `docker-entrypoint-initdb.d` we can initialize the database for guacamole using our own script (`./init/initdb.sql`). You can read more about the details of the official postgres image [here](http://).
~~~python
...
postgres:
container_name: postgres_guacamole_compose
environment:
PGDATA: /var/lib/postgresql/data/guacamole
POSTGRES_DB: guacamole_db
POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234
POSTGRES_USER: guacamole_user
image: postgres
networks:
guacnetwork_compose:
restart: always
volumes:
- ./init:/docker-entrypoint-initdb.d:ro
- ./data:/var/lib/postgresql/data:rw
...
~~~
#### Guacamole
The following part of docker-compose.yml will create an instance of guacamole by using the docker image `guacamole` from docker hub. It is also highly configurable using environment variables. In this setup it is configured to connect to the previously created postgres instance using a username and password and the database `guacamole_db`. Port 8080 is only exposed locally! We will attach an instance of nginx for public facing of it in the next step.
~~~python
...
guacamole:
container_name: guacamole_compose
depends_on:
- guacd
- postgres
environment:
GUACD_HOSTNAME: guacd
POSTGRES_DATABASE: guacamole_db
POSTGRES_HOSTNAME: postgres
POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234
POSTGRES_USER: guacamole_user
image: guacamole/guacamole
links:
- guacd
networks:
guacnetwork_compose:
ports:
- 8080/tcp
restart: always
...
~~~
#### nginx
The following part of docker-compose.yml will create an instance of nginx that maps the public port 8443 to the internal port 443. The internal port 443 is then mapped to guacamole using the `./nginx/templates/guacamole.conf.template` file. The container will use the previously generated (`prepare.sh`) self-signed certificate in `./nginx/ssl/` with `./nginx/ssl/self-ssl.key` and `./nginx/ssl/self.cert`.
~~~python
...
# nginx
nginx:
container_name: nginx_guacamole_compose
restart: always
image: nginx
volumes:
- ./nginx/templates:/etc/nginx/templates:ro
- ./nginx/ssl/self.cert:/etc/nginx/ssl/self.cert:ro
- ./nginx/ssl/self-ssl.key:/etc/nginx/ssl/self-ssl.key:ro
ports:
- 8443:443
links:
- guacamole
networks:
guacnetwork_compose:
...
~~~
## prepare.sh
`prepare.sh` is a small script that creates `./init/initdb.sql` by downloading the docker image `guacamole/guacamole` and start it like this:
~~~bash
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > ./init/initdb.sql
~~~
It creates the necessary database initialization file for postgres.
`prepare.sh` also creates the self-signed certificate `./nginx/ssl/self.cert` and the private key `./nginx/ssl/self-ssl.key` which are used
by nginx for https.
## reset.sh
To reset everything to the beginning, just run `./reset.sh`.
## WOL
Wake on LAN (WOL) does not work and I will not fix that because it is beyound the scope of this repo. But [zukkie777](https://github.com/zukkie777) who also filed [this issue](https://github.com/boschkundendienst/guacamole-docker-compose/issues/12) fixed it. You can read about it on the [Guacamole mailing list](http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/How-to-docker-composer-for-WOL-td9164.html)
**Disclaimer**
Downloading and executing scripts from the internet may harm your computer. Make sure to check the source of the scripts before executing them!

148
guacamole-docker-compose/docker-compose.yml Normal file
View File

@@ -0,0 +1,148 @@
####################################################################################
# docker-compose file for Apache Guacamole
# created by PCFreak 2017-06-28
#
# Apache Guacamole is a clientless remote desktop gateway. It supports standard
# protocols like VNC, RDP, and SSH. We call it clientless because no plugins or
# client software are required. Thanks to HTML5, once Guacamole is installed on
# a server, all you need to access your desktops is a web browser.
####################################################################################
#
# What does this file do?
#
# Using docker-compose it will:
#
# - create a network 'guacnetwork_compose' with the 'bridge' driver.
# - create a service 'guacd_compose' from 'guacamole/guacd' connected to 'guacnetwork_compose'
# - create a service 'postgres_guacamole_compose' (1) from 'postgres' connected to 'guacnetwork_compose'
# - create a service 'guacamole_compose' (2) from 'guacamole/guacamole/' conn. to 'guacnetwork_compose'
# - create a service 'nginx_guacamole_compose' (3) from 'nginx' connected to 'guacnetwork_compose'
#
# (1)
# DB-Init script is in './init/initdb.sql' it has been created executing
# 'docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > ./init/initdb.sql'
# once.
# DATA-DIR is in './data'
# If you want to change the DB password change all lines with 'POSTGRES_PASSWORD:' and
# change it to your needs before first start.
# To start from scratch delete './data' dir completely
# './data' will hold all data after first start!
# The initdb.d scripts are only executed the first time the container is started
# (and the database files are empty). If the database files already exist then the initdb.d
# scripts are ignored (e.g. when you mount a local directory or when docker-compose saves
# the volume and reuses it for the new container).
#
# !!!!! MAKE SURE your folder './init' is executable (chmod +x ./init)
# !!!!! or 'initdb.sql' will be ignored!
#
# './data' will hold all data after first start!
#
# (2)
# Make sure you use the same value for 'POSTGRES_USER' and 'POSTGRES_PASSWORD'
# as configured under (1)
#
# (3)
# ./nginx/templates folder will be mapped read-only into the container at /etc/nginx/templates
# and according to the official nginx container docs the guacamole.conf.template will be
# placed in /etc/nginx/conf.d/guacamole.conf after container startup.
# ./nginx/ssl will be mapped into the container at /etc/nginx/ssl
# prepare.sh creates a a self-signed certificate. If you want to use your own certs
# just remove the part that generates the certs from prepare.sh and replace
# 'self-ssl.key' and 'self.cert' with your certificate.
# nginx will export port 8443 to the outside world, make sure that this port is reachable
# on your system from the "outside world". All other traffic is only internal.
#
# You could remove the entire 'nginx' service from this file if you want to use your own
# reverse proxy in front of guacamole. If doing so, make sure you change the line
# from - 8080/tcp
# to - 8080:8080/tcp
# within the 'guacamole' service. This will expose the guacamole webinterface directly
# on port 8080 and you can use it for your own purposes.
# Note: Guacamole is available on :8080/guacamole, not /.
#
# !!!!! FOR INITAL SETUP (after git clone) run ./prepare.sh once
#
# !!!!! FOR A FULL RESET (WILL ERASE YOUR DATABASE, YOUR FILES, YOUR RECORDS AND CERTS) DO A
# !!!!! ./reset.sh
#
#
# The initial login to the guacamole webinterface is:
#
# Username: guacadmin
# Password: guacadmin
#
# Make sure you change it immediately!
#
# version date comment
# 0.1 2017-06-28 initial release
# 0.2 2017-10-09 minor fixes + internal GIT push
# 0.3 2017-10-09 minor fixes + public GIT push
# 0.4 2019-08-14 creating of ssl certs now in prepare.sh
# simplified nginx startup commands
# 0.5 2023-02-24 nginx now uses a template + some minor changes
# 0.6 2023-03-23 switched to postgres 15.2-alpine
# 0.61 2024-07-27 fix networks + version 3.0
# 0.62 2024-07-27 fix
#####################################################################################
#the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
#version: '3.0'
# networks
# create a network 'guacnetwork_compose' in mode 'bridged'
networks:
guacnetwork_compose:
driver: bridge
# services
services:
# guacd
guacd:
container_name: guacd_compose
image: guacamole/guacd
networks:
- guacnetwork_compose
restart: always
volumes:
- /home/soenke/docker-data/guacamole-docker-compose/drive:/drive:rw
- /home/soenke/docker-data/guacamole-docker-compose/record:/record:rw
# postgres
postgres:
container_name: postgres_guacamole_compose
environment:
PGDATA: /var/lib/postgresql/data/guacamole
POSTGRES_DB: guacamole_db
POSTGRES_PASSWORD: 'ChooseYourOwnPasswordHere1234'
POSTGRES_USER: guacamole_user
image: postgres:15.2-alpine
networks:
- guacnetwork_compose
restart: always
volumes:
- /home/soenke/docker-data/guacamole-docker-compose/init:/docker-entrypoint-initdb.d:z
- /home/soenke/docker-data/guacamole-docker-compose/data:/var/lib/postgresql/data:Z
# guacamole
guacamole:
container_name: guacamole_compose
depends_on:
- guacd
- postgres
environment:
GUACD_HOSTNAME: guacd
POSTGRES_DATABASE: guacamole_db
POSTGRES_HOSTNAME: postgres
POSTGRES_PASSWORD: 'ChooseYourOwnPasswordHere1234'
POSTGRES_USER: guacamole_user
image: guacamole/guacamole
networks:
- guacnetwork_compose
volumes:
- /home/soenke/docker-data/guacamole-docker-compose/record:/record:rw
ports:
## enable next line if not using nginx
- 6080:8080/tcp # Guacamole is on :6080/guacamole, not /.
## enable next line when using nginx
## - 8080/tcp
restart: always

28
guacamole-docker-compose/nginx/ssl/self-ssl.key Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCtCPsfamFqEVwx
9Qxlz+VLU5j2Z5+hLzNkf5BVr6VGl/ovg9/lUNCtiFP73GGaCin5gd+Cof8xoiq/
+xOpoqp8cMyEhvr2CxVJISVyVqQl5YqqLDvgjcfSXKH9XQrFPmDHZrWK6E0tYh3y
veuy5pxgVmc7ob4VPbFEhQJjDW7fQNXc+xB5UIZL/GBSFE3DTrtfi17WN1Dyydms
NG1W6wgNtIj9WyXx6TUR4EANpEB9B3pvuBXqqgYRS+DS9TeXx+do+MWRcHlsyhci
MMU97Ar7Avc9C9M483p58zB3mCksAHOw21am2kM3owEbZanVvcJM5CiVGTYS+tXf
isK83BMNAgMBAAECggEAG7kIouvkV54Ya1ibd+RrFDp8k13e0XBCh6N4eIH/tOO8
jchPIupjxKnG6t9QM+HU/8izCrbxr/4PY1rSt6b8MZvQ6JrHsovsCR9qZHtFKV0x
bjpQDZYpoaZ9vZ4ej6OC1e+6vlqhotfJfI65KJySCU1OlNtBHR4ZPKUi0MPiM5pn
096uQ41gZnzCtlvn7BUruvqYXaA1/WQ6i255ToHcvOHfMD1x9vjh+40Jnh+n85AI
0qTR7v9n27OTXZeVi8SNj5O0TduI+Cj9YyUBxn8V1bq/GOXWVcpk/M4mUnsM1G33
+1XZ1OsFU4HqyKvtrbi9EIMye60uzYXZmtGj/bHn8QKBgQDqbnTcBDBSbEp8JGmt
ziqRwJQ+4dYGgaKS/KCxmVnZbyWyDoTVsNpj02ETQcYAiNv3zPKRMYQWhAM5+Lvh
rS8n8iKi3rp2eIydwuG4t5+j+woCd8i2MZeaUxCK2K6khoNjYjK2RX0rWwjNE8IC
ZU1wlSsAmjiJgBdvI6CY048XGwKBgQC89HX2xJ3QgBffOeQCv93aO6Ef8wAqnDRx
gdBHE/5UZEXK4tOHcUNDCzkf2Jzbt+aNM1v7zeNa2Y+r/iNp7LDmw1yfr38iXTm7
AKb+M2HZeRU3xzCaQiXgj76VnInEPqFVIJUw19WT8qlDeRdCjzKEyiYdYJplgq70
a3nYZcrY9wKBgQCFHErGUqqNYme4rYRD5/hL4ilKuzinYRxKkZ88uHJH/9BLlere
2xhl7jQElygyTYN45KomvxLdJgAe/pjPv2IzME1yZT1C35gYS/uWwsymc3hvhkw1
B1upiNivvfEMAkTAPZXF4Rb9cydAKqPScGrULh7IrMjFajHkLTqXDCkHWQKBgBoE
jzmrWQ+ck6zpC7xVLvcdvtHnY956I759YXBoEF0OcY2+LeI4dkqFARihevfGGrjW
mZPShbu8uUu1cqrjLHiZ7ecPAzJ4I7rcHCJkcNTBF2rWwpp7ATwqjtOK+m1LMmvG
UMSo83+rqiLgSZOgpBQkwZrJ8niHxg9hvSVO3t+BAoGBALPYDejTZBO9NLNQt5mS
6L69jQLM7D5JEI5z/v7L+xhgov5w9IXRGQCw5YW3xXrf3RsljJHusKBk+iGhNuQG
mZyhNjR9HJbTooDOfHRD2E1mR/wvvzr4U1fIepLDOEc7Z5h62YwpLRRybWDSwR2W
PZNkyIMprTJ7rmIquXFrbp3r
-----END PRIVATE KEY-----

25
guacamole-docker-compose/nginx/ssl/self.cert Normal file
View File

@@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIUVv9uwr0PLv9CH4tbSVuiMRO4nPUwDQYJKoZIhvcNAQEL
BQAwgaQxCzAJBgNVBAYTAkRFMQswCQYDVQQIDAJCWTEWMBQGA1UEBwwNSGludGVy
dHVwZmluZzERMA8GA1UECgwIRG9yZndpcnQxDjAMBgNVBAsMBVRoZWtlMSEwHwYD
VQQDDBh3d3cuY3JlYXRleW91cm93bi5kb21haW4xKjAoBgkqhkiG9w0BCQEWG2Rv
Y2tlckBjcmVhdGV5b3Vyb3duLmRvbWFpbjAeFw0yNDEyMzExNDU3MzRaFw0yNTAx
MzAxNDU3MzRaMIGkMQswCQYDVQQGEwJERTELMAkGA1UECAwCQlkxFjAUBgNVBAcM
DUhpbnRlcnR1cGZpbmcxETAPBgNVBAoMCERvcmZ3aXJ0MQ4wDAYDVQQLDAVUaGVr
ZTEhMB8GA1UEAwwYd3d3LmNyZWF0ZXlvdXJvd24uZG9tYWluMSowKAYJKoZIhvcN
AQkBFhtkb2NrZXJAY3JlYXRleW91cm93bi5kb21haW4wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCtCPsfamFqEVwx9Qxlz+VLU5j2Z5+hLzNkf5BVr6VG
l/ovg9/lUNCtiFP73GGaCin5gd+Cof8xoiq/+xOpoqp8cMyEhvr2CxVJISVyVqQl
5YqqLDvgjcfSXKH9XQrFPmDHZrWK6E0tYh3yveuy5pxgVmc7ob4VPbFEhQJjDW7f
QNXc+xB5UIZL/GBSFE3DTrtfi17WN1DyydmsNG1W6wgNtIj9WyXx6TUR4EANpEB9
B3pvuBXqqgYRS+DS9TeXx+do+MWRcHlsyhciMMU97Ar7Avc9C9M483p58zB3mCks
AHOw21am2kM3owEbZanVvcJM5CiVGTYS+tXfisK83BMNAgMBAAGjUzBRMB0GA1Ud
DgQWBBT0qKLiWEWgk98qceU/KyaviAEa8DAfBgNVHSMEGDAWgBT0qKLiWEWgk98q
ceU/KyaviAEa8DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAc
TOjLO2dLq7u2JPYZZRCfNoLIQyLpCEMbQ4fPiTUP72AZ56Dd4nHyl6O/ZIEN+r9C
O230zhb3OS+/6D0YpUDEIxbWdu5Y29Y75Ieh1AQJh9MO5rmHphWag1+x3w9OoEUr
+DuYKKvkWOyHkQqvOXfVJ21KbOhccr41VKo+AWb+2M7uApOstF5/r2llojEVZmbS
pFMJK0UU7y7er5MGcH4TNa1umzcHrjfXlAd15iF5tKH+WA0CU1fNd9KMbCyy+vkU
Fu3mixXmn9tOCweNdzIQx4wLvHV34d0XMMaGpzrF1QQ47xmlWdzKJ9p2qomRyN79
t9Nv0d6bagcrLSe23VgG
-----END CERTIFICATE-----

42
guacamole-docker-compose/nginx/templates/guacamole.conf.template Normal file
View File

@@ -0,0 +1,42 @@
### BBB
server {
listen 443 ssl;
http2 on;
server_name localhost;
ssl_certificate /etc/nginx/ssl/self.cert;
ssl_certificate_key /etc/nginx/ssl/self-ssl.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling off;
ssl_stapling_verify off;
location / {
proxy_pass http://guacamole:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_cookie_path /guacamole/ /;
access_log off;
# allow large uploads (default=1m)
# 4096m = 4GByte
client_max_body_size 4096m;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

18
guacamole-docker-compose/prepare.sh Executable file
View File

@@ -0,0 +1,18 @@
#!/bin/sh
#
# check if docker is running
if ! (docker ps >/dev/null 2>&1)
then
echo "docker daemon not running, will exit here!"
exit
fi
echo "Preparing folder init and creating ./init/initdb.sql"
mkdir ./init >/dev/null 2>&1
mkdir -p ./nginx/ssl >/dev/null 2>&1
chmod -R +x ./init
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > ./init/initdb.sql
echo "done"
echo "Creating SSL certificates"
openssl req -nodes -newkey rsa:2048 -new -x509 -keyout nginx/ssl/self-ssl.key -out nginx/ssl/self.cert -subj '/C=DE/ST=BY/L=Hintertupfing/O=Dorfwirt/OU=Theke/CN=www.createyourown.domain/emailAddress=docker@createyourown.domain'
echo "You can use your own certificates by placing the private key in nginx/ssl/self-ssl.key and the cert in nginx/ssl/self.cert"
echo "done"

13
guacamole-docker-compose/reset.sh Executable file
View File

@@ -0,0 +1,13 @@
#!/bin/bash
echo "This will delete your existing database (./data/)"
echo " delete your recordings (./record/)"
echo " delete your drive files (./drive/)"
echo " delete your certs files (./nginx/ssl/)"
echo ""
read -p "Are you sure? " -n 1 -r
echo "" # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]; then # do dangerous stuff
chmod -R +x -- ./init
sudo rm -r -f ./data/ ./drive/ ./record/ ./nginx/ssl/
fi