Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Message added by Taddeusz,

Before upgrading to 1.5.0 you need to have first upgraded to 1.4.0-3 of the container. I discovered that prior to 1.4.0-3 it was not shutting down MariaDB correctly and causing the database to be left in a dirty state.

 

If after upgrading to 1.5.0 you discover that MariaDB is stopping and the log mentions something about needing to open the database in an older version of MariaDB you should downgrade specifically to 1.4.0-3, start the container and make sure it's running correctly. Then you may upgrade to 1.5.0.

[Support] jasonbean - Apache Guacamole

Featured Replies

@Taddeusz I agree with you. However, if I stop the docker, my firewall stop report abnormal traffic. I remove and reinstall, the problem still exist.

  • Replies 1.2k
  • Views 282.5k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • I just wanted to post an update about my progress with 1.5.5. It was a busy weekend but I did get a chance to work on it. I ran into an issue that I'm trying to figure out but I think I'll be able to

  • I'm sorry. I've been trying to avoid this for a while. I just don't have the time I used to have to work on Guacamole. Maybe some day I can come back to it but for now I'm going to have to throw in th

  • I have forked Jason project and upgrade to version 1.6.0, you can try using the same template changing the name to create a new application and in the field: Repository replace the word jasonbean to c

Posted Images

  • Author

@tamito Granted, I'm just using the firewall in my router and I'm not monitoring or filtering stuff there. I'm not seeing any current active connections to those IP addresses on my network.

  • Author

@tamito There's nothing that I know of in this container that would cause the traffic you're seeing. I assume you're on Unraid. Have you tried deleting the container and then use your template to re-download it?

  • Author

@tamito You may also check in your container's appdata folder in guacamole/extensions to make sure there aren't any weird jar files in there. The only jar files that should be there are ones that you have configured such as for MySQL or possibly a rebranding file if you have done that.

 

I can't think of any other way this container could be compromised.

Just a note to anyone trying to implement DUO 2fa on this docker - I spent a long time failing to implement it as my browser kept saying https://api-xxxxxxx.duosecurity.com%20%20%20 was incorrect.  It turns out that if you accidentally leave spaces behind the api url in the Guacamole.properties file, it will actually try to include those spaces and fail the api request (evidenced by the %20%20 in the browser console).

 

Other than that, if anyone is trying to set it up, the entire process was straightforward according to the Guacamole docs and works just fine at the end.  I even run this program behind the lsio/letsencrypt reverse proxy.  Only difference from the official documentation is that the DUO secret key does not have to be 20 characters as noted, the supplied 40 characters works just fine.

  • 2 months later...

Hello,

 

i tried setting this up using duo and am getting "Access denied. The server's time may be out of sync" i've checked the unraid server time and it seems to be correct. Anyone else seen this?

 

denied.PNG

  • 1 month later...

Has anyone seen Guacozy before? Looks really interesting! Wonder if it can be run alongside this container to use the existing guacd service.

 

https://github.com/paidem/guacozy

  • Author
34 minutes ago, kaiguy said:

Has anyone seen Guacozy before? Looks really interesting! Wonder if it can be run alongside this container to use the existing guacd service.

 

https://github.com/paidem/guacozy

That’s interesting. Currently it wouldn’t work. You would need to expose the guacd port as it’s currently just an internal service.

Helllo, 

somehow whatever parameters i set, can't get either the Firefox or VNC Web Browser docker container working under this Guacamole container.

It always gives me error:

The Guacamole server is denying access to this connection because you have exhausted the limit for simultaneous connection use by an individual user. Please close one or more connections and try again.

Edited by Daxxio
html

  • Author
4 hours ago, Daxxio said:

Helllo, 

somehow whatever parameters i set, can't get either the Firefox or VNC Web Browser docker container working under this Guacamole container.

It always gives me error:

The Guacamole server is denying access to this connection because you have exhausted the limit for simultaneous connection use by an individual user. Please close one or more connections and try again.

When you get this error have you tried logging off and logging back in? Whenever I’ve gotten this error that has worked for me.

unfortunately that does not work. been trying lots of thing:

both apache guacamole and ff are now in bridge, I tried it in custom with a fixed IP. I can access firefox from the docker itself, just not from apache guacamole.

also killed all sessions, limit increased to 20. nothing seems to work except for VNC and RDP to VM's, those work without any problems.

On 1/16/2020 at 10:57 PM, Taddeusz said:

That’s interesting. Currently it wouldn’t work. You would need to expose the guacd port as it’s currently just an internal service.

if you have an interest, i got it working. some manual work needed, but it just works then.. yes, it looks interesting, but lacks of 2FA authentication, if you wanna make it accessible public. just let me know, i can publish docker settings.

  • 3 weeks later...

@Taddeusz Any plan to upgrade to 1.1.0 in a foreseeable future? 

 

That would be great, Thanks

Edited by matthope
Thanks

  • Author
24 minutes ago, matthope said:

@Taddeusz Any plan to upgrade to 1.1.0 in a foreseeable future? 

 

That would be great, Thanks

Yes, I have to carve out some time to make it happen.

I'm not sure, but maybe I'm using the wrong docker here. This page says that it hasn't been updated in a year.

  • Author
17 minutes ago, ndaringer said:

I'm not sure, but maybe I'm using the wrong docker here. This page says that it hasn't been updated in a year.

That is correct. 1.0.0 was released Jan 8, 2019. There were no new versions until the recent 1.1.0 release over a year later. I currently don’t have a timeline to release an updated container. My family has been rather busy lately and I started a new job in November. Please be patient.

Thanks for all your hard work on this container!

I use this almost daily for various things.

I was wondering if you'd be able to modify the default tomcat config the container ships with to include the Remote IP Valve:

<Valve className="org.apache.catalina.valves.RemoteIpValve"
       remoteIpHeader="x-forwarded-for" />

This would allow Guacamole's connection history page to reflect the correct source IP for people using a reverse proxy like NGINX or HAProxy.

Currently, i'm doing it by adding "/bin/bash /config/startup.sh" to the containers "post arguments" which copies a modified "server.xml" that includes the valve over the existing one, then exec's "/etc/firststart/firststart.sh" to continue starting the container as usual.

 

Don't get me wrong, It works, but it's basically a bodge

  • Author
50 minutes ago, JamiePhonic said:

Thanks for all your hard work on this container!

I use this almost daily for various things.

I was wondering if you'd be able to modify the default tomcat config the container ships with to include the Remote IP Valve:


<Valve className="org.apache.catalina.valves.RemoteIpValve"
       remoteIpHeader="x-forwarded-for" />

This would allow Guacamole's connection history page to reflect the correct source IP for people using a reverse proxy like NGINX or HAProxy.

Currently, i'm doing it by adding "/bin/bash /config/startup.sh" to the containers "post arguments" which copies a modified "server.xml" that includes the valve over the existing one, then exec's "/etc/firststart/firststart.sh" to continue starting the container as usual.

 

Don't get me wrong, It works, but it's basically a bodge

I'll look at this. I've had a busy life lately and just haven't had time to sit down and work on it.

Just wanted to post this in case someone else is running into trouble.  I was trying to do a reverse proxy in nginx (letsencrypt container) and kept getting served a blank page when I played around with the reverse proxy config from Apache Guacamole's own documentation.  Ended up figuring it out.  Here's what worked for me:

  location ^~ /guacamole {
    proxy_pass http://[IP-ADDRESS]:[PORT];
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    access_log off;
  }

Now everything's working fine when I access using my.url/guacamole.  Unfortunately I couldn't manage to get a different subfolder name to work but I'm going to play around with that a little more.

  • Author
On 2/16/2020 at 2:55 PM, JamiePhonic said:

Thanks for all your hard work on this container!

I use this almost daily for various things.

I was wondering if you'd be able to modify the default tomcat config the container ships with to include the Remote IP Valve:


<Valve className="org.apache.catalina.valves.RemoteIpValve"
       remoteIpHeader="x-forwarded-for" />

This would allow Guacamole's connection history page to reflect the correct source IP for people using a reverse proxy like NGINX or HAProxy.

Currently, i'm doing it by adding "/bin/bash /config/startup.sh" to the containers "post arguments" which copies a modified "server.xml" that includes the valve over the existing one, then exec's "/etc/firststart/firststart.sh" to continue starting the container as usual.

 

Don't get me wrong, It works, but it's basically a bodge

I'm almost ready to push out 1.1.0. I just want to get some clarification on this. I've added this to the /etc/tomcat9/server.xml file within the Host element. I have my personal container set to use a custom proxy network and I'm just seeing 172.x.x.x addresses. I'm not sure if this would change if my container was set to "bridge".

 

If you'd like to try it out you can change the repository in your container to "jasonbean/guacamole:1.1.0-nomariadb" or "jasonbean/guacamole:1.1.0" depending on which version you're using.

 

I'll wait to change these to "latest" just in case I need to make some changes.

5 hours ago, Taddeusz said:

I'm almost ready to push out 1.1.0. I just want to get some clarification on this. I've added this to the /etc/tomcat9/server.xml file within the Host element. I have my personal container set to use a custom proxy network and I'm just seeing 172.x.x.x addresses. I'm not sure if this would change if my container was set to "bridge".

 

If you'd like to try it out you can change the repository in your container to "jasonbean/guacamole:1.1.0-nomariadb" or "jasonbean/guacamole:1.1.0" depending on which version you're using.

 

I'll wait to change these to "latest" just in case I need to make some changes.

tested your 110 version now and looking good, also the change to see real ip in history looked good, external and internal tested and showing wan or lan in history ...

 

finally can switch back and remove the 2 original ones, really nice with new rdp and auto resize is improved (specially win clients)

 

thanks for the update from here

  • Author

Apache Guacamole 1.1.0 has been pushed out to "latest". Other than the version change the base container is now debian:stable-slim to shave off some size. No database schema changes this time around. Have fun.

 

Especially since this deviates slightly from the official containers in using Tomcat 9 and Java 11. Please let me know if you have any issues.

19 hours ago, Taddeusz said:

I'm almost ready to push out 1.1.0. I just want to get some clarification on this. I've added this to the /etc/tomcat9/server.xml file within the Host element. I have my personal container set to use a custom proxy network and I'm just seeing 172.x.x.x addresses. I'm not sure if this would change if my container was set to "bridge".

 

If you'd like to try it out you can change the repository in your container to "jasonbean/guacamole:1.1.0-nomariadb" or "jasonbean/guacamole:1.1.0" depending on which version you're using.

 

I'll wait to change these to "latest" just in case I need to make some changes.

Thanks so much for all your hard work on this!

Tested connections from a couple different locations (Via VPN) and the remote IP seems to be showing correctly!

Just updated my Guacamole instance too. all works as expected, didn't noticed something new :)

and Guacozy docker works too with this new version.. 

2 hours ago, uldise said:

Just updated my Guacamole instance too. all works as expected, didn't noticed something new :)

and Guacozy docker works too with this new version.. 

Awesome news! Would you be willing to share your Guacozy setup? Thanks!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.