[Support] jasonbean - Apache Guacamole

Taddeusz

By Taddeusz
in Docker Containers

Taddeusz
Message added by Taddeusz,

Before upgrading to 1.5.0 you need to have first upgraded to 1.4.0-3 of the container. I discovered that prior to 1.4.0-3 it was not shutting down MariaDB correctly and causing the database to be left in a dirty state.

 

If after upgrading to 1.5.0 you discover that MariaDB is stopping and the log mentions something about needing to open the database in an older version of MariaDB you should downgrade specifically to 1.4.0-3, start the container and make sure it's running correctly. Then you may upgrade to 1.5.0.

Recommended Posts

  • Replies 1.1k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Taddeusz
Taddeusz

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, SSH, and Telnet. This docker primarily has a MariaDB (MySQL) database built-in for authentication

Taddeusz
Taddeusz

We're getting closer to Guacamole 1.5.0. They've released RC1.

Taddeusz
Taddeusz

Yes, I’ve been working on it when I can.

Posted Images

Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
1 minute ago, uldise said:

i have guacamole-auth-duo-0.9.14.tar.gz extension enabled, but looks like in no more works, may be you have a link where i can get the same extension for new version?

It's included. I'm using it on mine. If you have OPT_DUO=Y then it should automatically upgrade it.

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
1 hour ago, uldise said:

ok, i will check then.. any news for "google athenticator" on 2FA authentication? i read somewhere, it will included in new version..

There are actually two new extensions included in this container. Quick Connect and "TOTP". I believe "TOTP" is the two-factor authentication extension you're referring to. I don't have them implemented yet as there's not yet documentation on their functionality. If you wish to give them a try you can open the container's console and copy them from /opt/guacamole into the container's /config/guacamole/extensions folder. Once 1.0.0 is finalized and there is documentation I will update the guacamole.properties template with the pertinent properties and add variables to enable/disable them.

Link to comment
uldise Collaborator

uldise

Posted
Posted

yes, i'm looking at TOTP. i see it in the /opt/guacamole/totp folder by i have no idea how to copy it outside the container..

and i think you should define some properties to guac.properties file to to get it to work..

so, looks like we should wait for additional info..

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
24 minutes ago, uldise said:

yes, i'm looking at TOTP. i see it in the /opt/guacamole/totp folder by i have no idea how to copy it outside the container..

and i think you should define some properties to guac.properties file to to get it to work..

so, looks like we should wait for additional info..

/config inside the container is the mounted volume that is outside. Extensions that are to be used are copied within the container into /config/guacamole/extensions. That way they still exist when the container is stopped, restarted, or removed.

Link to comment
uldise Collaborator

uldise

Posted
Posted
6 hours ago, Taddeusz said:

Alright, I just pushed out an update that adds OPT_TOTP and OPT_QUICKCONNECT. Just add the variable and set to "Y" for the extension to be used.

thanks, updated a container, added OPT_TOTP variable, starrted a container, and i see totp extension added in the extensions folder.

but still no go - when i press login, nothing happening, i'm still on login page..

 

BTW, there are no more logs writing with new version. so how to check what's going on?

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
7 hours ago, uldise said:

thanks, updated a container, added OPT_TOTP variable, starrted a container, and i see totp extension added in the extensions folder.

but still no go - when i press login, nothing happening, i'm still on login page..

 

BTW, there are no more logs writing with new version. so how to check what's going on?

All I can do is provide the extension. Since the documentation isn't finalized it's difficult for me to provide guidance on a new extension. Reading through the XML is difficult and it's not formatted in a meaningful way.

 

If you're referring to the catalina.out file I'm working on how to get the tomcat log to output to the "appdata" folder. In the meantime you can open the container's console and you'll find the logs in /var/lib/tomcat8/logs.

 

BTW, when you're attempting to use the TOTP extension are you commenting out the DUO properties in your guacamole.properties file?

Link to comment
uldise Collaborator

uldise

Posted
Posted

ok, got your update, looks like there are an error in this plugin. found error on localhost.<date>.log.

so, not sure what to do next..

  

04-Jan-2019 19:12:27.093 SEVERE [http-nio-8080-exec-1] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [default] in context with path [/guacamole] threw exception
 org.codehaus.jackson.map.JsonMappingException: Image stream of QR code could not be written. (through reference chain: org.apache.guacamole.rest.APIError["expected"]->java.util.UnmodifiableCollection[0]->org.apache.guacamole.auth.totp.form.AuthenticationCodeField["qrCode"])
	at org.codehaus.jackson.map.JsonMappingException.wrapWithPath(JsonMappingException.java:218)
	at org.codehaus.jackson.map.JsonMappingException.wrapWithPath(JsonMappingException.java:183)
	at org.codehaus.jackson.map.ser.std.SerializerBase.wrapAndThrow(SerializerBase.java:140)
	at org.codehaus.jackson.map.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:158)
	at org.codehaus.jackson.map.ser.BeanSerializer.serialize(BeanSerializer.java:112)
	at org.codehaus.jackson.map.ser.std.CollectionSerializer.serializeContents(CollectionSerializer.java:72)
	at org.codehaus.jackson.map.ser.std.CollectionSerializer.serializeContents(CollectionSerializer.java:23)
	at org.codehaus.jackson.map.ser.std.AsArraySerializerBase.serialize(AsArraySerializerBase.java:86)
	at org.codehaus.jackson.map.ser.BeanPropertyWriter.serializeAsField(BeanPropertyWriter.java:446)
	at org.codehaus.jackson.map.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:150)
	at org.codehaus.jackson.map.ser.BeanSerializer.serialize(BeanSerializer.java:112)
	at org.codehaus.jackson.map.ser.StdSerializerProvider._serializeValue(StdSerializerProvider.java:610)
	at org.codehaus.jackson.map.ser.StdSerializerProvider.serializeValue(StdSerializerProvider.java:256)
	at org.codehaus.jackson.map.ObjectMapper.writeValue(ObjectMapper.java:1604)
	at org.codehaus.jackson.jaxrs.JacksonJsonProvider.writeTo(JacksonJsonProvider.java:558)
	at com.sun.jersey.spi.container.ContainerResponse.write(ContainerResponse.java:306)
	at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1479)
	at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1391)
	at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1381)
	at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
	at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538)
	at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
	at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263)
	at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178)
	at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91)
	at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62)
	at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118)
	at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1458)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.IllegalStateException: Image stream of QR code could not be written.
	at org.apache.guacamole.auth.totp.form.AuthenticationCodeField.getQRCode(AuthenticationCodeField.java:306)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.codehaus.jackson.map.ser.BeanPropertyWriter.get(BeanPropertyWriter.java:483)
	at org.codehaus.jackson.map.ser.BeanPropertyWriter.serializeAsField(BeanPropertyWriter.java:418)
	at org.codehaus.jackson.map.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:150)
	... 44 more
Caused by: javax.imageio.IIOException: Can't create output stream!
	at javax.imageio.ImageIO.write(ImageIO.java:1574)
	at com.google.zxing.client.j2se.MatrixToImageWriter.writeToStream(MatrixToImageWriter.java:159)
	at com.google.zxing.client.j2se.MatrixToImageWriter.writeToStream(MatrixToImageWriter.java:144)
	at org.apache.guacamole.auth.totp.form.AuthenticationCodeField.getQRCode(AuthenticationCodeField.java:298)
	... 51 more
Caused by: javax.imageio.IIOException: Can't create cache file!
	at javax.imageio.ImageIO.createImageOutputStream(ImageIO.java:423)
	at javax.imageio.ImageIO.write(ImageIO.java:1572)
	... 54 more
Caused by: java.nio.file.NoSuchFileException: /var/lib/tomcat8/temp/imageio968254410183490612.tmp
	at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
	at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)
	at java.nio.file.Files.newByteChannel(Files.java:361)
	at java.nio.file.Files.createFile(Files.java:632)
	at java.nio.file.TempFileHelper.create(TempFileHelper.java:138)
	at java.nio.file.TempFileHelper.createTempFile(TempFileHelper.java:161)
	at java.nio.file.Files.createTempFile(Files.java:897)
	at javax.imageio.stream.FileCacheImageOutputStream.<init>(FileCacheImageOutputStream.java:88)
	at com.sun.imageio.spi.OutputStreamImageOutputStreamSpi.createOutputStreamInstance(OutputStreamImageOutputStreamSpi.java:68)
	at javax.imageio.ImageIO.createImageOutputStream(ImageIO.java:419)
	... 55 more

 

 

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
Just now, uldise said:

Thanks so much!

looks like it started working..

i'm wondering why need you as container maintainer create that folder.. IMHO, it must be done by Guac itself..

Because I created an all-in-one container that includes both the Guacamole server, client, & database server. From Apache these are separate containers and require a separate database source.

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted

You could download and set up the guacamole/guacd and guacamole/guacamole containers and then set up your database but that would require a lot more work. My container does all that work for you. Since this is not only a new version but also based on a different base container there's a learning curve for me to figure out the requirements to get everything working. The reason this is a test version and not pushed into the "latest" tag.

 

I really appreciate your help and patience while I figure things out.

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted (edited)

Having used 1.0.0-RC1 for about a week the best new feature for me in daily use is that apparently now there's a service worker for the clipboard. It automatically picks up any changes to your local clipboard. Conversely, if you put something into one of your remotes' clipboards it automatically gets placed into your local clipboard. This works just like Microsoft's native Remote Desktop application. Unfortunately, this only works with the currently active remote. You still have to do the clipboard shuffle if you're copying and pasting between remotes.

Edited by Taddeusz
Link to comment
Coolsaber57 Apprentice

Coolsaber57

Posted
Posted
13 minutes ago, Taddeusz said:

Apache Guacamole 1.0.0 is finalized. New images are pushed out. New image for a version without MariaDB (jasonbean/guacamole:latest-nomariadb).

 

See first post for details.

Thanks for the updated template!  Quick question:  I have a MariaDB container running for NextCloud and Lychee, but currently run this container with the database included.  Is there an easy way I can migrate from the current DB-included container to the separate DB-container?

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
9 minutes ago, Coolsaber57 said:

Thanks for the updated template!  Quick question:  I have a MariaDB container running for NextCloud and Lychee, but currently run this container with the database included.  Is there an easy way I can migrate from the current DB-included container to the separate DB-container?

Not that I'm aware of. I'm actually in the same situation. When I switched to using the container without MariaDB I just created a new database. I didn't have that many connections so it wasn't that big of a deal to me. I actually used the container's console to create the database, user, and apply the Guacamole schema.

 

There may be a way to do it if you expose port 3306 on your Guacamole container and use MySQL Workbench so that MariaDB can be connected outside the container. Beyond that I don't know the process of copying a database from one instance of MariaDB to another.

Link to comment
Coolsaber57 Apprentice

Coolsaber57

Posted
Posted
2 minutes ago, Taddeusz said:

Not that I'm aware of. I'm actually in the same situation. When I switched to using the container without MariaDB I just created a new database. I didn't have that many connections so it wasn't that big of a deal to me. I actually used the container's console to create the database, user, and apply the Guacamole schema.

 

There may be a way to do it if you expose port 3306 on your Guacamole container and use MySQL Workbench so that MariaDB can be connected outside the container. Beyond that I don't know the process of copying a database from one instance of MariaDB to another.

Understood, thank you.  I may just grab screenshots of my configs and re-create the container at some point considering I don't have a ton of connections.

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
3 minutes ago, Coolsaber57 said:

Understood, thank you.  I may just grab screenshots of my configs and re-create the container at some point considering I don't have a ton of connections.

If you want to see the CLI commands you need to run just look at my Git repository at the mariadb.sh file.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing