[Support] jasonbean - Apache Guacamole


Message added by Taddeusz,

Before upgrading to 1.5.0 you need to have first upgraded to 1.4.0-3 of the container. I discovered that prior to 1.4.0-3 it was not shutting down MariaDB correctly and causing the database to be left in a dirty state.

 

If after upgrading to 1.5.0 you discover that MariaDB is stopping and the log mentions something about needing to open the database in an older version of MariaDB you should downgrade specifically to 1.4.0-3, start the container and make sure it's running correctly. Then you may upgrade to 1.5.0.

Recommended Posts

8 hours ago, JamiePhonic said:

@Hugh Jazz I had this problem also.

I solved it by adding the following to my guacamole.properties file.

mysql-ssl-mode: disabled

 

You can also set it to 'preferred' so it will use SSL automatically if you configure it in the future and fall back to insecure otherwise.

Awesome! ❤️ That worked like a charm!

 

'preferred' didn't work though, but it doesn't matter. i use https when i access from my domain. isn't it secure then?

Edited by Hugh Jazz
Link to comment
On 4/16/2023 at 11:45 AM, Hugh Jazz said:

Awesome! ❤️ That worked like a charm!

 

'preferred' didn't work though, but it doesn't matter. i use https when i access from my domain. isn't it secure then?

 

This option is specifically for encrypting the connection between Guac and the database itself using SSL.

It's mostly a non issue in docker environments since the traffic either never leaves the container becasue Guac and MariaDB (MySQL) are both in the same container, or it never leaves the host since Guac and Database containers are "attached" to the same network and linked to each other by docker.

 

It's really only something you'd want to consider configuring if your Guac instance and Database were on completly different servers. Not uncommon in Corporate environments, none the less, it never hurts to implement best practice security :)

Link to comment
  • 2 weeks later...
4 minutes ago, uldise said:

sorry for stupid question, but how i can get version number of currently running guacamole? i simply won't update very frequently and just saw red warning on first page.. 

 

 

It shows the version number in the lower right corner of the login screen.

  • Like 1
Link to comment
2 minutes ago, Taddeusz said:

 

 

It shows the version number in the lower right corner of the login screen.

so small :) i'm currently on 1.3.0, so l must upgrade to 1.4.0-3, then i can upgrade on latest. is docker tag number 1.4.0-3 ?

Link to comment
22 minutes ago, Taddeusz said:

Yes, that’s correct.

just did that - 1.4.0-3 is working just fine. then i upgraded to latest - and it's not working - looks like mariadb is not running at all.

catalina log snippet below. if i open docker log, it's full of mariadb restarting every one second...

19:11:38.010 [http-nio-8080-exec-5] WARN  o.a.g.e.AuthenticationProviderFacade - The "mysql" authentication provider has encountered an internal error which will halt the authentication process. If this is u
19:11:38.014 [http-nio-8080-exec-5] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:.
### Error querying database.  Cause: com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure

The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
### The error may exist in org/apache/guacamole/auth/jdbc/user/UserMapper.xml
### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
### The error occurred while executing a query
### Cause: com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure

 

and mariadb.log is full of this:

/usr/bin/mysqld: One can only use the --user switch if running as root

 

Edited by uldise
Added mariadb.log info
Link to comment

OK, looks like i somehow fixed it myself. what i did (just for reference) :

 

1. there was a problem with my reverse proxy config, looks like it changed with this version. 

old version that works till version 1.4:

ProxyPass / http://<LAN IP>:8088/guacamole/ flushpackets=on

new version, works with version 1.5:

ProxyPass / http://<LAN IP>:8088/ flushpackets=on

 

2. after upgrading to 1.5 this time mysql started just fine, but there was an errors in mysql.log:

2023-05-05 20:45:18 0 [ERROR] Incorrect definition of table mysql.event: expected column 'definer' at position 3 to have type varchar(, found type char(141).
2023-05-05 20:45:18 0 [ERROR] Incorrect definition of table mysql.event: expected column 'sql_mode' at position 14 to have type set('REAL_AS_FLOAT','PIPES_AS_CONCAT','ANSI_QUOTES','IGNORE_SPACE','IGNORE_BAD
2023-05-05 20:45:18 0 [ERROR] mysqld: Event Scheduler: An error occurred when initializing system tables. Disabling the Event Scheduler.

after quick googling i found that it should be fixed with this command inside docker container:

mariadb-upgrade -u root -p

BUT, this command was not found in docker image used, so i installed it myself with command (again, inside docker container) :

apk add mariadb-server-utils

and executed mariadb-upgrade command above and it fixed my mysql installation.

 

looks like all is working just fine now, quick docker restart shows no more errors in mysql.log. 

Edited by uldise
typos
Link to comment

Hello everyone, I'm having a weird issue with this app.
TOTP works only on http NOT https 😕 and I can't login because I can't input the code

 

Can anyone lend a hand on how to fix this?

 

unsecure http

1.thumb.PNG.fe9bee6c606057a70cebc437e8701ecf.PNG

 

 

with https and my own domain on cloudflare

2.thumb.PNG.f9d6c043744dcf5f125fba5417a748b7.PNG

Link to comment
14 minutes ago, Taddeusz said:

@dhuesca Have you tried clearing your browser cache and reloading? Is the DNS entry for your guacamole set to proxy? I'm also on Cloudflare and have proxy disabled for my guacamole hostname.

 

That seems to have done the trick. Disabling proxy DNS on cloudflare dashboard worked.
Thank you!
 

Any ideas why this happened?

Link to comment
1 hour ago, N47H4N said:


Nobody ? I tried to recreate a new user, I got the QR-Code, but when I enter the code, it says "verification failed". I can't see any error message in the logs


Is the time on your server set correctly? That’s the only reason I can think that it world be failing.

Link to comment

@N47H4N I've had something similar happen and if you're using Google Authenticator for the totp then try going into

 

Settings > Time Correction for codes > Sync now

 

then try again.

 

For any other totp app you should find something similar as well.

Edited by Zeroeth
Link to comment
3 hours ago, Zeroeth said:

@N47H4N I've had something similar happen and if you're using Google Authenticator for the totp then try going into

 

Settings > Time Correction for codes > Sync now

 

then try again.

 

For any other totp app you should find something similar as well.

I tried without success, I also tried to setup a new account with another MFA tool (Google Authenticator, LastPass Authenticator & Microsoft Authenticator), they are not working..

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.