Guacamole + Docker

Published by Felipe Crochik on

Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH

https://guacamole.apache.org/

Running guacamole on a virtual machine can help you expose other servers on the same VPC that are not accessible directly for remote management. 

More important can give you access to any of them using a standard browser.

The easiest way to get it up and running is using docker containers.

Docker

Of course you need a host with docker. The easiest way is using snap on a system that supports it (e.g. Ubuntu 16.04+)

sudo snap install docker

Get ready

You can get them from github (or copy and paste the contents bellow).

git clone https://github.com/crochik/guacamole.docker

Start

On the folder you have the 3 files (e.g ./guacamole.docker), start the containers:

sudo docker-compose up -d

You should be able to access the guacamole UI at: http://localhost:8080/guacamole

The default credentials are: guacadmin/guacadmin

After starting you will notice a postgresql folder under the current folder. In this folder all the guacamole configurations will be persisted. 

What’s Next?

Make sure to use the UI to change the default admin password.

Before actually exposing this to the “internet” you probably want to hide the tomcat server (http://localhost:8080) and encrypt the communication. 

You can do this by adding nginx and using let’s encrypt to generate a SSL certificate.

The Files

Environment Configuration

.env:

COMPOSE_PROJECT_NAME=guacamole
DATABASE_NAME=guacamole_db
DATABASE_USER=dbadmin
DATABASE_PASSWORD=N0tS4f3!
PORT=8080

Database container (postgres)

Dockerfile:

# generate sql file
FROM guacamole/guacamole as guacamole
WORKDIR /opt/guacamole/bin/
RUN /opt/guacamole/bin/initdb.sh --postgres > /opt/guacamole/bin/initdb.sql

# generate postgres with init script
FROM postgres
WORKDIR /docker-entrypoint-initdb.d/
COPY --from=guacamole /opt/guacamole/bin/initdb.sql /docker-entrypoint-initdb.d/

The “Maestro”

docker-compose.yml:

version: '3'

services:
  postgres:
    environment:
      PGDATA: /var/lib/postgresql/data/guacamole
      POSTGRES_DB: ${DATABASE_NAME}
      POSTGRES_PASSWORD: ${DATABASE_PASSWORD}
      POSTGRES_USER: ${DATABASE_USER}
    build: 
      context: .
      dockerfile: Dockerfile
    restart: always
    volumes:
      - ${PWD}/postgresql:/var/lib/postgresql/data:rw

  guacd:
    image: guacamole/guacd:latest
    restart: always

  guacamole:
    image: guacamole/guacamole:latest
    restart: always
    ports:
      - ${PORT}:8080
    environment:
      GUACD_HOSTNAME: guacd
      POSTGRES_DATABASE: ${DATABASE_NAME}
      POSTGRES_HOSTNAME: postgres
      POSTGRES_PASSWORD: ${DATABASE_PASSWORD}
      POSTGRES_USER: ${DATABASE_USER}
Categories: TL;DR
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Related Posts

TL;DR

Grafana – reset admin password

If you have deployed grafana to your k8s cluster using the helm chart and for some reason can’t login using the password stored in the secret, this is how you reset it. The password is Read more…

TL;DR

Multipass – Remote-SSH development environment on your Mac

This is a little experiment to run ubuntu linux on your Mac using multipass to develop SPAs using a vscode Remote-SSH development environment. This is not the quickest way to setup a remote development environment Read more…

TL;DR

AWS Credentials

Get the role name wget http://169.254.169.254/latest/meta-data/iam/info will get something like: { "Code" : "Success", "LastUpdated" : "2020-03-06T20:34:08Z", "InstanceProfileArn" : "arn:aws:iam::3940394039403:instance-profile/ProfileName", "InstanceProfileId" : "kasdjaksjakjsa" } or better yet, get the role name from: wget http://169.254.169.254/latest/meta-data/iam/security-credentials It Read more…