[Support] jasonbean - Apache Guacamole


Message added by Taddeusz,

Before upgrading to 1.5.0 you need to have first upgraded to 1.4.0-3 of the container. I discovered that prior to 1.4.0-3 it was not shutting down MariaDB correctly and causing the database to be left in a dirty state.

 

If after upgrading to 1.5.0 you discover that MariaDB is stopping and the log mentions something about needing to open the database in an older version of MariaDB you should downgrade specifically to 1.4.0-3, start the container and make sure it's running correctly. Then you may upgrade to 1.5.0.

Recommended Posts

  • 2 weeks later...

By the way, here is the most detail I've read about the VNC disconnection issues and what the plan is for them. 

 

Quote

The list of JIRA issues slated for the 1.0.0 release has been set, and, unfortunately, this
one is not included.  That said, we've recently discussed a different methodology for releases
going forward which should make it possible to release bug fixes like this in a more rapid
fashion than the every 3-6 months we've been averaging in the past.

But, before we get ahead of ourselves and try to schedule the release, we have to actually
find a fix for it - it looks like we've confirmed that it is related to TLS and libvncclient.
 If you're using Docker, the guacd image in 1.0.0 will swap over to the Debian Stable distribution
(instead of CentOS), so it's possible, based on previous anecdotes, that this will get better
for Docker containers once 1.0.0 is released.

For other environments, we have to determine if this is an issue that can actually be resolved
within guacamole-server, and, if so, how to fix it.  If it's something to do with how guacamole-server
is calling libvncclient (sounds like maybe Mike is on to something there), then it might be
something we can fix.  If it's a bug in a particular version of libvncclient, then the best
we'll be able to do is advise building guacamole-server against a particular version.  But,
all of that has yet to be determined, so there's a bit of work to be done, yet, before we
can determine if/when this will actually get fixed.

 

Edited by Chad Kunsman
Link to comment
  • 2 weeks later...

Trying to set up duo... Ive put all the relevant info into guacamole.properties but I get the following error when logging into guac:

 

duoerror.png.c6dd227220c0d8b271d891e3b40c4fe0.png

 

I can curl ipinfo.io/ip so i know that the docker can at least access the outside world, and /var/log/* does not show any kind of errors (I dont know which one i should of checked, so I checked them all, none of them have any error relating to this...) 

Edited by Dstubbs28
clarification
Link to comment
9 minutes ago, Dstubbs28 said:

Trying to set up duo... Ive put all the relevant info into guacamole.properties but I get the following error when logging into guac:

 

duoerror.png.c6dd227220c0d8b271d891e3b40c4fe0.png

 

I can curl ipinfo.io/ip so i know that the docker can at least access the outside world, and /var/log/* does not show any kind of errors (I dont know which one i should of checked, so I checked them all, none of them have any error relating to this...) 

 

“%20” is the URL encoding for a space so check that you don’t have some trailing spaces on that line. For that matter you should probably check that you have no trailing spaces on any lines.

Link to comment

Hi, installed this Docker today, works ok for me - tried VNC and RDP protocols..

and i agree that web interface seem some old-school.

but have some questions @Taddeusz

- i have an interest for remote printing too, so i have to install some specific version? 

- are there any chances to get new 1.0.0 version? i'm interested in two factor OTOP authentication. if i understand correctly, it will be available in new version (from there? https://github.com/apache/guacamole-client)

- have anyone tried some re-branding? it's possible via extension..

 

And Thanks @Taddeusz, for this docker!

Uldis

Link to comment
47 minutes ago, uldise said:

Hi, installed this Docker today, works ok for me - tried VNC and RDP protocols..

and i agree that web interface seem some old-school.

but have some questions @Taddeusz

- i have an interest for remote printing too, so i have to install some specific version? 

- are there any chances to get new 1.0.0 version? i'm interested in two factor OTOP authentication. if i understand correctly, it will be available in new version (from there? https://github.com/apache/guacamole-client)

- have anyone tried some re-branding? it's possible via extension..

 

And Thanks @Taddeusz, for this docker!

Uldis

 

Remote printing should be working. There was a fix some time ago that enabled that functionality. I've never personally used it so honestly I'm not sure how it is supposed to work. The latest version will give you that functionality.

 

I will begin work on 1.0.0 when it reaches "release candidate" status. The way this is written it can only pull distinct releases that are available from apache.org. I'm not sure of their schedule but judging by the Github activity it should be "any day now". They have obviously been preparing for the 1.0.0 release.

 

I've thought about doing the re-branding but I've never attempted it. Should definitely be possible though. Just drop the extension in your guacamole/extensions folder.

Link to comment

Yes, thanks, i tried already some tweaks on css, and it works..

and i successfully added DUO support too.

BUT printing for me is not working. it should open an pdf file, but it just displays 'waiting for replay' and nothing happening, but when i log out from Guac then i see a save as dialog in my browser with that PDF. looks like save as dialog opens something behind them main window? very weird...

i'm on Ubuntu workstation, tried Chrome and Firefox, the same for both. Any help welcome :)  

Link to comment
2 hours ago, uldise said:

Yes, thanks, i tried already some tweaks on css, and it works..

and i successfully added DUO support too.

BUT printing for me is not working. it should open an pdf file, but it just displays 'waiting for replay' and nothing happening, but when i log out from Guac then i see a save as dialog in my browser with that PDF. looks like save as dialog opens something behind them main window? very weird...

i'm on Ubuntu workstation, tried Chrome and Firefox, the same for both. Any help welcome :)  

I'm running Chrome here at work. I enabled printing on my RDP connection. When I printed to the Guacamole "printer" it initiated a download of the resulting PDF. I even tried to change the option to always prompt for the download location and the dialog popped up in front like it should. What version of Chrome are you running? I'm running the latest, v69.

Link to comment
7 hours ago, uldise said:

just tried to print from Windows machine with latest Chrome installed - result is the same.. when i logout from guac, then i see pdf in the downloads, but it's corrupt.. do i need some more config to my Docker to get it to work? and yes, i'm on unRAID 6.1.9 still...

I think you've lost me there. I don't remember what version of unRAID was available when I took over this Docker but it was never anything that old. Judging by my initial release date probably 6.3.2. Unfortunately, I have no way to test or really even to support on such an old version of unRAID.

 

I don't know why there would be such a difference in the Docker subsystem but at this point that is the only major difference. Since Docker containers use the Linux kernel of the host system it is entirely possible that there was a vital kernel change that prevents Ghostscript from working correctly. I still have no way to test where that change occurred.

 

<soapbox>I understand the attitude of "if it works don't fix it" but there have been some notable security fixes between then and now.</soapbox>

Link to comment
2 hours ago, Taddeusz said:

<soapbox>I understand the attitude of "if it works don't fix it" but there have been some notable security fixes between then and now.</soapbox>

understand, may be this will be a reason to me to move to something newer.  i have a second unRAID server with version 6.4.1 currently installed, will try to setup guac docker here and then i will report back. 

Link to comment
11 minutes ago, uldise said:

understand, may be this will be a reason to me to move to something newer.  i have a second unRAID server with version 6.4.1 currently installed, will try to setup guac docker here and then i will report back. 

Keep in mind also that printing support didn't get added until June this year at which point 6.5.2 was the latest release. I can't reliably say that it will work prior to 6.5.

Link to comment
14 minutes ago, eleazar said:

@Taddeusz I hope this post is not against the rules, but I just wanted to say thank you for maintaining this container.  I'm anxiously awaiting v1.0 release, but in the meantime, I'm loving this and it's working perfectly for me :)

Thank you. I appreciate the sentiment.

 

I too am anxiously awaiting 1.0. I've been trying to follow the changes on Github. Not sure how much new stuff vs bug fixes are going to be in there. Since I've been using Guacamole this is the longest I've seen them go between releases so hopefully there will be some good things as well as polish in there.

Link to comment
21 hours ago, Taddeusz said:

Keep in mind also that printing support didn't get added until June this year at which point 6.5.2 was the latest release. I can't reliably say that it will work prior to 6.5.

Hi, i just updated my main server to unRAID 6.5.3..

and still no go with printing..

BUT one think i noticed in the catalina.out file, maybe that's related:

15:46:45.778 [http-nio-8080-exec-10] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

 

i'm using guac as subdomain - guac.mydomain.com for example. if i read guac documentation about proxies, i cant find a guide how to proxy Websocket to subdomain. Any ideas?

 

Link to comment
23 minutes ago, uldise said:

i'm using guac as subdomain - guac.mydomain.com for example. if i read guac documentation about proxies, i cant find a guide how to proxy Websocket to subdomain. Any ideas?

What web server are you using for a proxy. I personally use the Nginx that's available in the Let's Encrypt Docker. My proxying looks like this:

location ^~ /guacamole/ {
	proxy_pass http://<myip>:8088/guacamole/;
	proxy_buffering off;
   	proxy_http_version 1.1;
   	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   	proxy_set_header Upgrade $http_upgrade;
   	proxy_set_header Connection $http_connection;
   	access_log off;
}

If you're not using Nginx take a look at the Guacamole docs here: http://guacamole.apache.org/doc/gug/proxying-guacamole.html

Edited by Taddeusz
Remove map block from code.
Link to comment

OK, finally got it to work.. and yes, if web-sockets is not used, printing will not work!

here are fragment of my Apache virtual site:

 

    ProxyPass /websocket-tunnel ws://YOURIP:PORT/guacamole/websocket-tunnel
    ProxyPassReverse /websocket-tunnel ws://YOURIP:PORT/guacamole/websocket-tunnel

   

    ProxyPass / http://YOURIP:PORT/guacamole/ flushpackets=on
    ProxyPassReverse / http://YOURIP:PORT/guacamole/

 

keep in mind about order - first you need to specify web-socket section, and then the main page section - according to guac docs, they wrote you need to do it vice-versa... BUT, their Docs don't contain any examples with sub-domain at all..

 

So, fingers crossed for me! :)

 

@Taddeusz, my next question is about file exchange between host and client. what is a recommended way? cos Clients are connected to server from various locations, so i'm not sure, how to map client local drive to upload/download files to server..

Link to comment
2 hours ago, uldise said:

@Taddeusz, my next question is about file exchange between host and client. what is a recommended way? cos Clients are connected to server from various locations, so i'm not sure, how to map client local drive to upload/download files to server..

According to the docs it looks like you pick a folder on your host system to share. It's not a folder that you share from the computer you're connecting to. If you're dealing with multiple users this wouldn't be a folder for private files.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.