[Support] jasonbean - Apache Guacamole


Message added by Taddeusz,

Before upgrading to 1.5.0 you need to have first upgraded to 1.4.0-3 of the container. I discovered that prior to 1.4.0-3 it was not shutting down MariaDB correctly and causing the database to be left in a dirty state.

 

If after upgrading to 1.5.0 you discover that MariaDB is stopping and the log mentions something about needing to open the database in an older version of MariaDB you should downgrade specifically to 1.4.0-3, start the container and make sure it's running correctly. Then you may upgrade to 1.5.0.

Recommended Posts

1 hour ago, stFfn said:

i have a windows VM that im connecting to and with that i have full connection to everything.

 

and guacamole runs locally without a problem on this network. and as i mentioned countless times before. ALL OTHER Dockers work with this network and the configuration of cloudflare and DNS auth...

Since you’re now getting a 502 message from Cloudflare I would recommend renaming the container from “ApacheGuacamole” to just “guacamole” and then make sure that’s the name used in your conf file.

Link to comment
4 hours ago, Taddeusz said:

Since you’re now getting a 502 message from Cloudflare I would recommend renaming the container from “ApacheGuacamole” to just “guacamole” and then make sure that’s the name used in your conf file.

Wait... what config file are you talking about?

Link to comment
1 minute ago, Taddeusz said:

In your Swag appdata. nginx/proxy-confs/guacamole.subdomain.conf

omfg.. thank fucking god... for some reason i assumed i dont need to eddit that file because of DNS auth but i had to change the container APP name... xD

 

now i can access it!

Thank you so mutch. i almost went crazy

Link to comment

I've followed everything I could find, but I'm still not able to get access via swag. I have a proper cname. I have the proper ports forwarded on my firewall (pfsense) I changed the dockername to have no uppercase letters, and edited the swag conf file to reflect that. But still no access via domain name. Can get to it fine via LAN ip. Swag shows no errors. My nextcloud is fine and accessible from the internet, just not guac. I've got the port number on the docker set to 8089. When i go to remote.mydomain.com:8089 I get no response. When I go to remote.mydomain.com I get this. which is the same thing you get when going to the swag webui, making me think the problem lies within a config file, and the traffic is not being forwarded.


Here's my swag .conf:

# make sure that your dns has a cname set for guacamole and that your guacamole container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name apacheguacamole.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_app apacheguacamole;
        set $upstream_port 8080;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_buffering off;
    }
}

 

 

Link to comment

u dont use the port 8089 for reverse proxy usage (would make it obsolete), u only use remote.mydomain.com ...

 

or when i see your sample, https://apacheguacamole.mydomain.com

 

is your docker names "apacheguacamole" too ? lower case (using names is case sensitive), and is your external domain also apacheguacamole.... ?

Link to comment
On 11/18/2020 at 2:12 AM, alturismo said:

 

 

or when i see your sample, https://apacheguacamole.mydomain.com

 

is your docker names "apacheguacamole" too ? lower case (using names is case sensitive), and is your external domain also apacheguacamole.... ?

I did not realize the subdomain had to be the same name as the docker. My docker is just named "guacamole" but the subdomain I intended to use was 'remote'
I added a new cname record for 'guacamole'. Immediately I was able to access it with guacamole.mydomain.com.

 

So if my observation is correct, the docker (or whatever form the server itself takes) has to share the name of the subdomain being used to point traffic too it? I suppose that makes enough sense, I just didnt realize how that worked.. Anyway cheers for helping me be less dumb :P

Link to comment
15 hours ago, 2Piececombo said:

I did not realize the subdomain had to be the same name as the docker. My docker is just named "guacamole" but the subdomain I intended to use was 'remote'
I added a new cname record for 'guacamole'. Immediately I was able to access it with guacamole.mydomain.com.

 

So if my observation is correct, the docker (or whatever form the server itself takes) has to share the name of the subdomain being used to point traffic too it? I suppose that makes enough sense, I just didnt realize how that worked.. Anyway cheers for helping me be less dumb :P

i think you missunderstood some parts

 

subdomain does NOT have to be the same name as the container, it just needs to be setted up properly ...

 

in the swag config samples there is a server name to config (which is your subdomain name) and a docker name where to route/connect to.

 

so of course you can use remote.mydomain.com to route to your guacamole docker

 

as long its working now you good, but may take another look in the configs for the future ;)

Edited by alturismo
Link to comment
2 hours ago, fenix-silver said:

How do I switch my TOTP to a different MFA app or otherwise reset the TOTP?  Thanks!

I don’t believe there’s currently any way to do this. Their TOTP system is rather limited as it also doesn’t provide any means of backup codes. In the past what I’ve done is cleared the associated database columns to first disable TOTP for the user.

Link to comment
8 hours ago, alturismo said:

i think you missunderstood some parts

 

subdomain does NOT have to be the same name as the container, it just needs to be setted up properly ...

 

in the swag config samples there is a server name to config (which is your subdomain name) and a docker name where to route/connect to.

 

so of course you can use remote.mydomain.com to route to your guacamole docker

 

as long its working now you good, but may take another look in the configs for the future ;)

Ahh, I get it now. Cheers friend

Link to comment
On 10/30/2020 at 8:21 PM, DrDirtyDevil said:

guacemole keeps freezing on me in windows RDP after about 20 seconds it tries to reconnect session. any idea why ? im using nginx proxy manager to get to it.

i justed wanted to update this topic, sorry for the late reply. i managed to fix my stability issues with whitelisting my internet subnet in the IPS of my router.

Link to comment

I'm getting a fatal error for the Guacamole image by jasonbean after the docker container is restarted/rebooted:

 

How to replicate issue:

1. Install guacamole (do a fresh install)

2. When guacamole is first launched, it will work (you see the login page) at guacamole.yourdomain.com

3. Restart guacamole docker container (e.g. you've edited the guacamole config or added an extension)

4. Guacamole container will restart successfully, but the mariadb inside the container fails to start. From docker logs --follow guacamole while container is being restarted:

 

[WARN tini (7)] Tini is not running as PID 1 and isn't registered as a child subreaper. Zombie processes will not be re-parented to Tini, so zombie reaping won't work. To fix the problem, use the -s option or set the environment variable TINI_SUBREAPER to register Tini as a child subreaper, or run Tini as PID 1. 2020-11-28 22:53:15,992 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2020-11-28 22:53:15,992 INFO Set uid to user 0 succeeded 2020-11-28 22:53:15,993 INFO supervisord started with pid 11 2020-11-28 22:53:16,995 INFO spawned: 'guacd' with pid 14 2020-11-28 22:53:16,996 INFO spawned: 'mariadb' with pid 15 2020-11-28 22:53:16,997 INFO spawned: 'tomcat9' with pid 16 guacd[14]: INFO: Guacamole proxy daemon (guacd) version 1.2.0 started guacd[14]: INFO: Listening on host 0.0.0.0, port 4822 2020-11-28 22:53:17,365 INFO exited: mariadb (exit status 0; not expected) 2020-11-28 22:53:18,366 INFO success: guacd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2020-11-28 22:53:18,367 INFO spawned: 'mariadb' with pid 270 2020-11-28 22:53:18,367 INFO success: tomcat9 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2020-11-28 22:53:18,612 INFO exited: mariadb (exit status 0; not expected) 2020-11-28 22:53:20,615 INFO spawned: 'mariadb' with pid 490 2020-11-28 22:53:20,877 INFO exited: mariadb (exit status 0; not expected) 2020-11-28 22:53:23,880 INFO spawned: 'mariadb' with pid 724 2020-11-28 22:53:24,092 INFO exited: mariadb (exit status 0; not expected) 2020-11-28 22:53:25,094 INFO gave up: mariadb entered FATAL state, too many start retries too quickly

 

Link to comment
20 minutes ago, Taddeusz said:

@glidekirkland How are you editing your guacamole.config file? If it's a Windows tool like Notepad it may be replacing all the line endings with the incorrect ones. (LF vs CRLF). I've never seen your issue in my testing so I can only assume it has something to do with how you're editing or what you're adding to the config file.

I was editing using nano within my ubuntu server. But actually, you don't even need to edit the config. If you just restart the docker container, or docker stop and docker start the container, it fails to load the second time off of a fresh install throwing those errors about mariadb.

 

FWIW, I'm using this ansible script to deploy your docker image:

https://github.com/Cloudbox/Community/blob/master/roles/guacamole/tasks/main.yml

 

I don't understand why it would work on first boot/startup, but when the container is restarted it fails to load forever (start mariadb). The only way to fix is to completely delete the container and config folder, and reinstall upon which it works again on the first boot but fails subsequently.

 

Do you need to set permissions as 0777 on the config folder or something? The ansible script only allows for chmod 0775.

Link to comment
7 minutes ago, glidekirkland said:

I was editing using nano within my ubuntu server. But actually, you don't even need to edit the config. If you just restart the docker container, or docker stop and docker start the container, it fails to load the second time off of a fresh install throwing those errors about mariadb.

 

FWIW, I'm using this ansible script to deploy your docker image:

https://github.com/Cloudbox/Community/blob/master/roles/guacamole/tasks/main.yml

 

I don't understand why it would work on first boot/startup, but when the container is restarted it fails to load forever (start mariadb). The only way to fix is to completely delete the container and config folder, and reinstall upon which it works again on the first boot but fails subsequently.

 

Do you need to set permissions as 0777 on the config folder or something? The ansible script only allows for chmod 0775.

You're not running on Unraid? I've never tested on any other platform so I'm unsure how it would behave. Technically there's no reason it shouldn't be able to run on another platform. However, I'm not set up to test on any other platform.

Link to comment

Just to provide some more datapoints, this is the docker logs guacamole output when I do a fresh install using the ansible script:

 

[WARN  tini (6)] Tini is not running as PID 1 and isn't registered as a child subreaper.
Zombie processes will not be re-parented to Tini, so zombie reaping won't work.
To fix the problem, use the -s option or set the environment variable TINI_SUBREAPER to register Tini as a child subreaper, or run Tini as PID 1.
2020-11-29 12:54:12,512 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2020-11-29 12:54:12,513 INFO Set uid to user 0 succeeded
2020-11-29 12:54:12,515 INFO supervisord started with pid 357
2020-11-29 12:54:13,516 INFO spawned: 'guacd' with pid 360
2020-11-29 12:54:13,517 INFO spawned: 'mariadb' with pid 361
2020-11-29 12:54:13,518 INFO spawned: 'tomcat9' with pid 362
guacd[360]: INFO:	Guacamole proxy daemon (guacd) version 1.2.0 started
guacd[360]: INFO:	Listening on host 0.0.0.0, port 4822
2020-11-29 12:54:14,658 INFO success: guacd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-11-29 12:54:14,658 INFO success: mariadb entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-11-29 12:54:14,658 INFO success: tomcat9 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)

 

Docker logs for guacamole after a restart (no change in configs, i didn't even change the username/password for guacadmin). From here on, no matter if you reboot the ubuntu server or restart it doesn't work.

 

020-11-29 12:58:18,593 WARN received SIGTERM indicating exit request
2020-11-29 12:58:18,594 INFO waiting for guacd, mariadb, tomcat9 to die
2020-11-29 12:58:18,829 INFO stopped: tomcat9 (exit status 143)
2020-11-29 12:58:18,830 INFO stopped: mariadb (terminated by SIGKILL)
2020-11-29 12:58:18,831 INFO stopped: guacd (terminated by SIGTERM)
Using existing properties file.
Using existing MySQL extension.
No permissions changes needed.
Database exists.
Database upgrade not needed.
[WARN  tini (6)] Tini is not running as PID 1 and isn't registered as a child subreaper.
Zombie processes will not be re-parented to Tini, so zombie reaping won't work.
To fix the problem, use the -s option or set the environment variable TINI_SUBREAPER to register Tini as a child subreaper, or run Tini as PID 1.
2020-11-29 12:58:20,097 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2020-11-29 12:58:20,097 INFO Set uid to user 0 succeeded
2020-11-29 12:58:20,099 INFO supervisord started with pid 10
2020-11-29 12:58:21,101 INFO spawned: 'guacd' with pid 13
2020-11-29 12:58:21,102 INFO spawned: 'mariadb' with pid 14
2020-11-29 12:58:21,103 INFO spawned: 'tomcat9' with pid 15
guacd[13]: INFO:	Guacamole proxy daemon (guacd) version 1.2.0 started
guacd[13]: INFO:	Listening on host 0.0.0.0, port 4822
2020-11-29 12:58:21,436 INFO exited: mariadb (exit status 0; not expected)
2020-11-29 12:58:22,438 INFO success: guacd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-11-29 12:58:22,439 INFO spawned: 'mariadb' with pid 272
2020-11-29 12:58:22,439 INFO success: tomcat9 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-11-29 12:58:22,702 INFO exited: mariadb (exit status 0; not expected)
2020-11-29 12:58:24,704 INFO spawned: 'mariadb' with pid 491
2020-11-29 12:58:25,014 INFO exited: mariadb (exit status 0; not expected)
2020-11-29 12:58:28,019 INFO spawned: 'mariadb' with pid 726
2020-11-29 12:58:28,234 INFO exited: mariadb (exit status 0; not expected)
2020-11-29 12:58:29,235 INFO gave up: mariadb entered FATAL state, too many start retries too quickly

 

Link to comment
11 minutes ago, Taddeusz said:

@glidekirkland I just pushed a new version that you can try to see if that fixes your issue. Basically I added the "-s" switch to tini to fix that message. I'm not making it latest yet, jasonbean/guacamole:1.2.0-1

The new image got rid of the Tini error messages. But still the same issue - for some reason, on restart of a fresh container w/ no changes in configs mariadb just fails to load. Are there error logs for mariadb i can load in more detail that can hep you?

 

Using existing properties file.
Using existing MySQL extension.
Using existing Duo extension.
No permissions changes needed.
Database exists.
Database upgrade not needed.
2020-11-29 13:30:51,571 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2020-11-29 13:30:51,571 INFO Set uid to user 0 succeeded
2020-11-29 13:30:51,572 INFO supervisord started with pid 12
2020-11-29 13:30:52,574 INFO spawned: 'guacd' with pid 15
2020-11-29 13:30:52,576 INFO spawned: 'mariadb' with pid 16
2020-11-29 13:30:52,578 INFO spawned: 'tomcat9' with pid 17
guacd[15]: INFO:	Guacamole proxy daemon (guacd) version 1.2.0 started
guacd[15]: INFO:	Listening on host 0.0.0.0, port 4822
2020-11-29 13:30:52,798 INFO exited: mariadb (exit status 0; not expected)
2020-11-29 13:30:53,799 INFO success: guacd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-11-29 13:30:53,800 INFO spawned: 'mariadb' with pid 273
2020-11-29 13:30:53,800 INFO success: tomcat9 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-11-29 13:30:53,978 INFO exited: mariadb (exit status 0; not expected)
2020-11-29 13:30:55,985 INFO spawned: 'mariadb' with pid 493
2020-11-29 13:30:56,583 INFO exited: mariadb (exit status 0; not expected)
2020-11-29 13:30:59,587 INFO spawned: 'mariadb' with pid 729
2020-11-29 13:30:59,702 INFO exited: mariadb (exit status 0; not expected)
2020-11-29 13:31:00,703 INFO gave up: mariadb entered FATAL state, too many start retries too quickly

 

Link to comment

I figured it out! Changing the chmod permission from 0775 to 0777 fixes the mariadb issue. But I don't get why the container needs the directories to have 0777 permissions?

 

- name: Create guacamole directories

file: "path={{ item }} state=directory mode=0775 owner={{ user.name }} group={{ user.name }} recurse=yes"

with_items:

- /opt/guacamole

- /opt/guacamole/config

 

- name: Reset guacamole directories

file: "path={{ item }} state=directory mode=0775 owner={{ user.name }} group={{ user.name }} recurse=yes"

with_items:

- /opt/guacamole

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.