Apache Guacamole 1.4 Docker
Pull the Docker images
docker pull guacamole/guacamole
docker pull guacamole/guacd
docker pull mariadb/server
Setup the Database
Generate Database Initialization Script.
docker run -it guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > guac_1.4_db.sql
Creating Initial docker-compose.yaml
.
docker-compose.yaml
version: '3'
services:
guacdb:
container_name: guacdb
image: mariadb/server:latest
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: 'MariaDBRootPSW'
MYSQL_DATABASE: 'guacamole_db'
MYSQL_USER: 'guacamole_user'
MYSQL_PASSWORD: 'MariaDBUserPSW'
volumes:
- ./guacdb-data:/var/lib/mysql
volumes:
guacdb-data:
Bring the database's container up.
docker-compose up -d
Copy the database initialization script into the container.
docker cp guac_1.4_db.sql guacdb:/guac_1.4_db.sql
Open a shell in the container an initialize the database.
docker exec -it guacdb bash
mysql guacamole_db < /guac_1.4_db.sql
exit
Bring the database's container down.
docker-compose down
Setup Apache Guacamole
Here we will modify docker-compose.yaml
in the following way. Note in my case the host's port is 8082
.
docker-compose.yaml
version: "3"
services:
guacdb:
container_name: guacdb
image: mariadb/server:latest
restart: always
environment:
MYSQL_ROOT_PASSWORD: "MariaDBRootPSW"
MYSQL_DATABASE: "guacamole_db"
MYSQL_USER: "guacamole_user"
MYSQL_PASSWORD: "MariaDBUserPSW"
volumes:
- ./guacdb-data:/var/lib/mysql
guacd:
container_name: guacd
image: guacamole/guacd
restart: always
volumes:
- ./guacd-data/drive:/drive:rw
- ./guacd-data/record:/record:rw
guacamole:
container_name: guacamole
image: "guacamole/guacamole:latest"
restart: always
ports:
- "8082:8080"
environment:
GUACD_HOSTNAME: "guacd"
MYSQL_HOSTNAME: "guacdb"
MYSQL_DATABASE: "guacamole_db"
MYSQL_USER: "guacamole_user"
MYSQL_PASSWORD: "MariaDBUserPSW"
TOTP_ENABLED: "true"
depends_on:
- "guacdb"
- "guacd"
volumes:
guacdb-data:
guacd-data:
Bring everything up.
docker-compose up -d
At this point you should be able to access http://host.ip.address:8082/guacamole
and login with guacadmin
/guacadmin
.
Apache2 Reverse Proxy
Further within my dev environment I'm using the script a2proxy
to create Apache2 Reverse Proxy yo the instance:
sudo a2proxy guac 8082
The next step that should be done is to create a new Administrator user and remove the default one! Also enable TOTP: the module is already integrated in the Docker container, so we just need to enable it by the docker's configuration – see line 36
of the above listing.
References
- Systems.dance: Apache Guacamole and docker-compose
- Mauro Frigerio blog: Install Guacamole on Docker with Traefik and 2FA
- Kifarunix: Configure TOTP Two-Factor on Apache Guacamole Native Installation
- Apache Guacamole 1.4 Docs: Installing Guacamole with Docker
- DockerHub: Guacamole
- Stack Overflow: Difference in docker restart policy between on-failure and unless-stopped?