[Support] jasonbean - Apache Guacamole


Message added by Taddeusz,

Before upgrading to 1.5.0 you need to have first upgraded to 1.4.0-3 of the container. I discovered that prior to 1.4.0-3 it was not shutting down MariaDB correctly and causing the database to be left in a dirty state.

 

If after upgrading to 1.5.0 you discover that MariaDB is stopping and the log mentions something about needing to open the database in an older version of MariaDB you should downgrade specifically to 1.4.0-3, start the container and make sure it's running correctly. Then you may upgrade to 1.5.0.

Recommended Posts

  • 2 weeks later...

I did a little searching, but don't see this being a common issue for others.

 

I have a Windows10 VM up and running successfully.  I can locally access through Windows RDP client without an issue.  In a daring moment, I opened port 3389 and redirected to the VM to test externally.  This worked flawlessly too.  It operated as clean and quick as if it was the local OS.

 

I've had Guacamole docker up and running for a few years now.  I have a VNC connection and RDP connection set up.  VNC is okay, but not as good as the native windows RDP client.  RDP through guacamole however is incredibly inconsistent.  It always connects, but at times is incredibly laggy.  I've tried every configuration under the sun through the Guacamole GUI to no avail.  I've tried to tinker with my NGINX settings to see if there was something I was missing, but nothing there seems to make a difference either.

 

Any thoughts as to why RDP through Guacamole connecting a Windows to Windows machine can be so unstable?

Link to comment

@Living Legend Make sure the proxy configuration includes the line to automatically "upgrade" the connection to use websockets. Also recommended is to disable proxy buffering. Insert these into your Nginx conf file for Guacamole and see if they make things work better:

 

proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;

 

Link to comment
7 minutes ago, Taddeusz said:

@Living Legend Make sure the proxy configuration includes the line to automatically "upgrade" the connection to use websockets. Also recommended is to disable proxy buffering. Insert these into your Nginx conf file for Guacamole and see if they make things work better:

 


proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;

 

Both of these are already set as advised.

 

I was reading through the Guacamole docs and noticed this excerpt:

 

Apache will not automatically proxy WebSocket connections, but you can proxy them separately with Apache 2.4.5
and later using mod_proxy_wstunnel. After enabling mod_proxy_wstunnel a secondary Location section can be added
which explicitly proxies the Guacamole WebSocket tunnel, located at /guacamole/websocket-tunnel:

 

Is this parameter enabled for this docker?

Edited by Living Legend
Link to comment
13 minutes ago, Living Legend said:

Both of these are already set as advised.

 

I was reading through the Guacamole docs and noticed this excerpt:

 


Apache will not automatically proxy WebSocket connections, but you can proxy them separately with Apache 2.4.5
and later using mod_proxy_wstunnel. After enabling mod_proxy_wstunnel a secondary Location section can be added
which explicitly proxies the Guacamole WebSocket tunnel, located at /guacamole/websocket-tunnel:

 

Is this parameter enabled for this docker?

 The Docker container is accessed directly through its Tomcat instance. This refers to whatever web server you’re using as a proxy. This only applies if you’re using Apache as your proxy server. The header upgrade I referred to earlier for Nginx accomplishes the same thing, to be able to proxy web sockets.
 

Look in your catalina.out file to make sure websockets isn’t failing. What browser are you using?

Link to comment
48 minutes ago, Taddeusz said:

 The Docker container is accessed directly through its Tomcat instance. This refers to whatever web server you’re using as a proxy. This only applies if you’re using Apache as your proxy server. The header upgrade I referred to earlier for Nginx accomplishes the same thing, to be able to proxy web sockets.
 

Look in your catalina.out file to make sure websockets isn’t failing. What browser are you using?

I am using chrome.

 

Here is a screenshot of what I can see from that log file.  Sorry, I'm remote now and can only seem to access these files through terminal so I took a screen shot:

 

image.thumb.png.e63451b62ec7ebd98bfbea143cc1e7bf.png

 

That first message appears numerous times throughout the log.  The messages below only appear that one time.

Link to comment

Another thing you can do is open the dev tools in Chrome (F12). Then connect to your Windows system. Look at the console and see is there are any errors about websockets. You can look at the Network tab and filter by WS to see if it’s getting websockets communication.

Link to comment
2 hours ago, Taddeusz said:

Another thing you can do is open the dev tools in Chrome (F12). Then connect to your Windows system. Look at the console and see is there are any errors about websockets. You can look at the Network tab and filter by WS to see if it’s getting websockets communication.

Looks like it's seeing something.  And the requests # changes as I attempt to scroll around.

 

image.png.1398ebc1377befc011bc4bf4812e9356.png

Link to comment

@Living Legend i've been running behind HAProxy for the past couple of years but i had to modify its config to keep tunnle conections from timing out in a handful of apps (Guac and HomeAssistant mainley):

WebSocket connections are technically tunnels from HAProxy's prespective. Not sure if there's a similar config you could try in Nginx?

defaults
  timeout tunnel  60s
  timeout connect 5s
  timeout client  5s
  timeout server  5s

If you can post/link your Nginx config, it might help identify possible issues?

Link to comment

I think I can rule out NGINX.  I'm home now and I just tested Guacamole locally without passing through NGINX.  

 

VNC yields very good results.  Not as good as Win Client RDP, but very good, especially locally.

RDP is still incredibly laggy.  It takes the inital screen multiple seconds to cascade in from top to bottom.

 

Could it be a connection setting somewhere within Guac?

Link to comment
1 hour ago, Living Legend said:

I have all settings in Guac RDP blank besides my IP address, port of 3389, and authentication set to any.  

 

Maybe I'm missing something.

I have my username and password set. Then I have the Security Mode set to NLA and have Ignore Server Certificate checked. You may also play with some of the performance settings to see if anything improves or makes it worse.

Link to comment
  • 3 weeks later...

Hi.  I'm on unraid 6.8.2 and latest ApacheGuacamole container from community apps.  Network is bridge mode.

 

I can log in as guacadmin and add connections but neither VNC nor RDP connections work, I get connection error instantly.  I am not proxying through nginx, just coming straight from the lan.

 

The only logs I could find of any interest:

16:34:25.074 [http-nio-8080-exec-9] INFO  o.a.g.tunnel.TunnelRequestService - User "guacadmin" connected to connection "2".
Exception in thread "Thread-108" 16:34:25.256 [http-nio-8080-exec-7] INFO  o.a.g.tunnel.TunnelRequestService - User "guacadmin" disconnected from connection "2". Duration: 182 milliseconds
java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed
    at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:425)
    at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:309)
    at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:250)
    at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:191)
    at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
    at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152)
    at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53)
    at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253)

 

 

One 404 error I see in the browser devtools (firefox here, I also tried chrome and safari):

Request URL:http://10.10.10.225:8083/api/session/tunnels/59265b01-3d2c-475c-9f37-bc413433986d/activeConnection/connection/sharingProfiles?token=ADABAF21D25AFD810A43B025B123F0C260238C3363C7D3C0189F5B09896B1F12

Request Method:GET

Remote Address:10.10.10.225:8083

Status Code:

404

 

Any ideas?

Thanks.

Link to comment
On 3/24/2020 at 1:14 PM, uek2wooF said:

I have them in the parameters section.  So strange that this works for everyone else.  I tried both of the containers and the one with external mariaDB has the same problem. 

For RDP I just had to check the box for Ignore Server Certificate (seems like that should be default, I've never seen an RDP client not complain about the cert).  I haven't figured out the problem with VNC or ssh yet.  Even the guacd debug log just says ERROR:    Unable to connect to VNC server.

 

I even tried the guacamole/guacd and guacamole/guacamole containers.

docker run --rm -p 4822:4822 -e GUACD_LOG_LEVEL=debug -h guacd --name guacd -d guacamole/guacd
docker run -p 8085:8080 -h guacamole -e GUACD_HOSTNAME=10.10.10.225 -e MYSQL_HOSTNAME=10.10.10.225 -e MYSQL_DATABASE=guacamole -e MYSQL_USER=guacamole -e MYSQL_PASSWORD=pa55w0rd --name guacamole -d guacamole/guacamole

Link to comment

For VNC you have to put the password in the config, it won't prompt for it like rdp and ssh do.  For ssh my unraid box didn't have a dns search entry in /etc/resolv.conf so neither did the container (I just made a userscript to add a search domains at array start).

 

Also figured out you need to bind mount any rdp fileshare dirs into the container.  Not sure how you do that with the unraid docker interface so I'll just use the other containers for now I guess.

 

Link to comment
  • 2 weeks later...

hi I have questions about apache..  instead of running a windows VM  running windows Server side includes... does apache  run it

 

I know I haven't updated my website in years.. so I not down with all the fancy stuff..  so was just curious

 

and if apachine can run multiple websites  as I host 5 different ones on my windows vm  on my home location..  so I jus curious what it can do  

 

Link to comment
20 minutes ago, comet424 said:

hi I have questions about apache..  instead of running a windows VM  running windows Server side includes... does apache  run it

 

I know I haven't updated my website in years.. so I not down with all the fancy stuff..  so was just curious

 

and if apachine can run multiple websites  as I host 5 different ones on my windows vm  on my home location..  so I jus curious what it can do  

 

I believe you are in the wrong place. This is the support for the Guacamole remote desktop server. It happens to now be part of the Apache Foundation. It specifically has nothing to do with the Apache web server. I can’t help you with that.

Link to comment
  • 2 weeks later...

I've got your docker to work with OpenID against Azure AD, works very nice!

But it was something odd I had to do for get it to work, not sure if I did it wrong or not?

 

For it to work I needed to enable both OPT_MYSQL and OPT_OPENID, but it still presented the ordinary user/password login. 

The solution was rename  "guacamole\extensions\guacamole-auth-openid-1.1.0.jar" to "guacamole\extensions\a-guacamole-auth-openid-1.1.0.jar" so it got loaded before "guacamole-auth-jdbc-mysql-1.1.0.jar". Maybe it's a better way to do that?

 

Thanks for your work!

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.