Jump to content
Taddeusz

[Support] jasonbean - Apache Guacamole

500 posts in this topic Last Reply

Recommended Posts

1 hour ago, Taddeusz said:

I’m at a conference today so I’m away from a computer. The first thing to try is stop the container, delete the ApacheGuacamole folder from your appears folder, then restart Guacamole.

 

If that doesn't work post the output from the Guacamole Docker log and your catalina.out file. That last file is located in guacamole/log.

Unraid Log

Catalina.out

Docker Log

 

i did as you suggested, but that didnt seem to fix the issue.  links are to pastebin. Thank you for looking into this. 

 

 

 

Share this post


Link to post
22 hours ago, robw83 said:

Unraid Log

Catalina.out

Docker Log

 

i did as you suggested, but that didnt seem to fix the issue.  links are to pastebin. Thank you for looking into this. 

 

 

 

I just tested a clean install of this on my Unraid machine and it worked fine. I don't see anything that jumps out at me in your logs. Can you post your guacamole.config file and a screenshot of your Docker's configuration.

Share this post


Link to post
On 11/2/2018 at 9:39 AM, Taddeusz said:

I just tested a clean install of this on my Unraid machine and it worked fine. I don't see anything that jumps out at me in your logs. Can you post your guacamole.config file and a screenshot of your Docker's configuration.

Besides changing the port to 84 instead of 8080 my configs were default.

So i did a little digging and it seems that something is blocking loading the page on my home pc. Dont know what yet, but i can configure from my phone, and from my laptop.  Im not sure whats causing the issue, but its happening on all 3 browsers (chrome / ie / ff ) on this pc.  Might be my pihole? Maybe my antivirus software? ill figure that one out soon. 

 

The funny thing is, when i configure my reverse proxy i can access the interface and everything works fine from that problem pc. 

 

Thank you for your help in trying to chase down a ghost :) 

 

 

Share this post


Link to post
8 minutes ago, robw83 said:

Besides changing the port to 84 instead of 8080 my configs were default.

So i did a little digging and it seems that something is blocking loading the page on my home pc. Dont know what yet, but i can configure from my phone, and from my laptop.  Im not sure whats causing the issue, but its happening on all 3 browsers (chrome / ie / ff ) on this pc.  Might be my pihole? Maybe my antivirus software? ill figure that one out soon. 

 

The funny thing is, when i configure my reverse proxy i can access the interface and everything works fine from that problem pc. 

 

Thank you for your help in trying to chase down a ghost :)

 

 

I'm glad you narrowed down the problem. It's always fun trying to track down weird problems like this.

Share this post


Link to post

My password no longer works on guac, tried the default un/pw as well (thinking config reset) and still nothing.... How do I fix this?

Share this post


Link to post
18 hours ago, Dstubbs28 said:

My password no longer works on guac, tried the default un/pw as well (thinking config reset) and still nothing.... How do I fix this?

Does it show an error message that says "Invalid Login"?

Share this post


Link to post
On 11/20/2018 at 1:48 PM, Taddeusz said:

Does it show an error message that says "Invalid Login"?

Yes. I just realized that since this started happening I also now have a mariadb docker running, I have that running on 3307, but the default port is 3306. Could they be conflicting?

guacamole.png

Share this post


Link to post
1 hour ago, Dstubbs28 said:

Yes. I just realized that since this started happening I also now have a mariadb docker running, I have that running on 3307, but the default port is 3306. Could they be conflicting?

guacamole.png

That shouldn’t cause an issue. I also have a Mariahdb Docker running separately for another application.

 

Could you post your catalina.out and Docker console log.

Share this post


Link to post

I tried to setup guacamole to VNC to firefox. However, I got a lot of java error in catalina.out. I totally follow the guidance from this source https://technicalramblings.com/blog/remotely-accessing-the-unraid-gui-with-guacamole-and-vnc-web-browser/ . It used to work before.

 

image.thumb.png.c361e2607a9c529c9109e4370439e23e.png

 

Here is catalina.out log

 

INFO: Server startup in 4384 ms
10:10:13.569 [http-nio-8080-exec-9] INFO  o.a.g.r.auth.AuthenticationService - User "guacadmin" successfully authenticated from 192.168.10.33.
10:10:14.134 [http-nio-8080-exec-6] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: Non-numeric character in element length.
10:10:14.260 [http-nio-8080-exec-10] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: Non-numeric character in element length.
10:10:15.329 [http-nio-8080-exec-7] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: Non-numeric character in element length.
10:10:15.380 [http-nio-8080-exec-8] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: Non-numeric character in element length.
10:10:15.947 [http-nio-8080-exec-3] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: Non-numeric character in element length.
10:10:16.040 [http-nio-8080-exec-6] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: Non-numeric character in element length.
10:10:16.366 [http-nio-8080-exec-4] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: Non-numeric character in element length.

 

Here is docker log

image.thumb.png.11b654ef00782417e667dbadf97980b6.png

Share this post


Link to post
3 minutes ago, tamito said:

I tried to setup guacamole to VNC to firefox. However, I got a lot of java error in catalina.out. I totally follow the guidance from this source https://technicalramblings.com/blog/remotely-accessing-the-unraid-gui-with-guacamole-and-vnc-web-browser/ . It used to work before.

What was the error message you received on the screen when you tried to connect? What do your connection settings for this connection look like in Guacamole?

Share this post


Link to post

This is what I got.

 

image.png.0b74e47e49145d13f7a750b18888d0bf.png

 

My connection setting is below.

image.thumb.png.40750fdc4f81cd4ca53abd9a77580967.png

 

I can use VNC viewer to access my Firefox docker. So I believe I may miss some setting in Guacamole.

Share this post


Link to post
53 minutes ago, tamito said:

I can use VNC viewer to access my Firefox docker. So I believe I may miss some setting in Guacamole.

You're probably going to kick yourself when I tell you this but move your hostname and port from the "proxy parameters" section down to the "parameters" section. That will fix it.

Share this post


Link to post

I'm struggling to get this to work with the Letsencrypt/nginx docker.

 

Here's what's in my mgt.proxy.conf:

 

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name mgt.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;
    
	location / {

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_mgt ApacheGuacamole;
        proxy_pass http://$upstream_mgt:8802;
    }
    
	location /guacamole/websocket-tunnel {
   	    
		include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_mgt ApacheGuacamole;
        proxy_pass http://$upstream_mgt:8802/guacamole/websocket-tunnel;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
	}
}

I tried to integrate what someone else had posted with the way that the other Proxy.confs work in the letsencrypt docker config (e.g. sonarr, sab).  All of my docker containers that get proxied are under a single Docker network (called proxynet) per the SpaceInvaderOne letsencrypt video.

 

It just appears to load for a while, then I get a 502 screen.  What is the correct way to do this?

Share this post


Link to post

I have a bunch of different location paths. Here is an excerpt from mine showing the location for Guacamole. This isn't my whole config file. I basically followed the Guacamole docs. I also modified my Guacamole config so that the entry point is /guacamole. It makes proxying much easier. Also, the "proxy_buffering off" is very important as having it on can make your connections not work.

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    location ^~ /guacamole/ {
        proxy_pass http://<sanitized ip>:<sanitized port>/guacamole/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        access_log off;
    }
}

 

Share this post


Link to post
12 hours ago, Taddeusz said:

I have a bunch of different location paths. Here is an excerpt from mine showing the location for Guacamole. This isn't my whole config file. I basically followed the Guacamole docs. I also modified my Guacamole config so that the entry point is /guacamole. It makes proxying much easier. Also, the "proxy_buffering off" is very important as having it on can make your connections not work.


map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    location ^~ /guacamole/ {
        proxy_pass http://<sanitized ip>:<sanitized port>/guacamole/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        access_log off;
    }
}

 

So is this a config for subfolder? How did you change the entry point ?

 

 

Edit: Just tried this and it works!  Here's my contribution: I wanted to just be able to type my sub-domain and go straight to the page, but couldn't get it to work without typing /guacamole in the URL.  So I added this to redirect it:

 

location / {
	return 301 /guacamole/;
}

Thanks for the help!

Edited by Coolsaber57
It works!

Share this post


Link to post
48 minutes ago, Taddeusz said:

Ok, maybe I'm wrong about changing the entry point. It looks like the default entry point is "/guacamole". Here doc page that talks about proxying on Nginx: http://guacamole.apache.org/doc/gug/proxying-guacamole.html#nginx.

 

Are you only proxying Guacamole? Just wondering why you need to worry about the root?

I couldn't get it to work if I removed /guacamole.

 

I am using subdomains everywhere else, and wanted to remain consistent, so, in my case, I wanted mgt.mydomain.com to go to the Guacamole page.  In this case, it's the root of my subdomain that gets redirected to mgt.mydomain.com/guacamole.

 

If there's a more graceful way of doing that I'm all ears.

 

Edit: I did see on that page that you can change the Path: 

 

location /new-path/ {
    proxy_pass http://HOSTNAME:8080/guacamole/;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_cookie_path /guacamole/ /new-path/;
    access_log off;
}

But I'd have to experiment to see if it works changing /new-path/ to /  (root).

Edited by Coolsaber57

Share this post


Link to post

So I've been playing with Guac a bit more and like it a lot.  One thing I've wanted to do that doesn't appear to be a feature yet is Wake-On-LAN for VMs.

 

There's a plugin to have a listener for the VM, which I've got, but now I need the other side: Send a magic Packet with Guacamole.  My research has so far found this: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/Wake-on-lan-function-working-td2832.html

 

Is there any chance that this could be included as a script in the Guac container? Perhaps with an easy way to manage the Macs file? (if not, maybe another mapping for appdata so if I add a MAC address it doesn't get wiped when the container reloads).

 

Thoughts?

Share this post


Link to post
12 minutes ago, Coolsaber57 said:

So I've been playing with Guac a bit more and like it a lot.  One thing I've wanted to do that doesn't appear to be a feature yet is Wake-On-LAN for VMs.

 

There's a plugin to have a listener for the VM, which I've got, but now I need the other side: Send a magic Packet with Guacamole.  My research has so far found this: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/Wake-on-lan-function-working-td2832.html

 

Is there any chance that this could be included as a script in the Guac container? Perhaps with an easy way to manage the Macs file? (if not, maybe another mapping for appdata so if I add a MAC address it doesn't get wiped when the container reloads).

 

Thoughts?

Currently Python is not included in this container so it wouldn't be able to run. I'm not sure how much larger adding python would make it. I'm hesitant since it's already a really large container. Also, adding an interface to manage MAC addresses is not trivial. I also don't see where the script should be placed so that it will run on every connection attempt.

 

They've recently released 1.0.0-RC1 so I'm going to be putting what time I have to implementing the new version. Feel free to clone my git repository. I will take a look at any pull requests. 1.0.0 is a huge change to the Dockerfile so any changes likely aren't going to be applicable.

Share this post


Link to post
6 minutes ago, Taddeusz said:

Currently Python is not included in this container so it wouldn't be able to run. I'm not sure how much larger adding python would make it. I'm hesitant since it's already a really large container. Also, adding an interface to manage MAC addresses is not trivial. I also don't see where the script should be placed so that it will run on every connection attempt.

 

They've recently released 1.0.0-RC1 so I'm going to be putting what time I have to implementing the new version. Feel free to clone my git repository. I will take a look at any pull requests. 1.0.0 is a huge change to the Dockerfile so any changes likely aren't going to be applicable.

Understood, thanks for taking the time to look.

Share this post


Link to post

I just wanted to update everyone on 1.0.0. I've taken some time over my holiday break to work on updating my Guacamole Docker with RC1. Thanks to the Guacamole team I've got a better build process. It looks like I'm going to be able to shave off about 120MB from the image size. I've also implemented a service manager and as a result I'm also able to not start the MariaDB service if you so choose. I'll also have an option to load just the MySQL extension so that you can use an external MySQL/MariaDB instance without the extra memory overhead in the current implementation.

 

I have a few things to iron out but I think I should have 1.0.0-RC1 available for anyone to test in the next week or so.

Share this post


Link to post

I have 1.0.0-RC1 images ready to test! I have two images. One with MariaDB and one without. You may install them by changing the Repsitory on your Docker container to jasonbean/guacamole:1.0.0-RC1 for the image with MariaDB and jasonbean/guacamole:1.0.0-RC1-nomariadb without MariaDB.

 

For the image that includes MariaDB you can still choose to use an external instance of MariaDB/MySQL by setting the variable OPT_MYSQL_EXTENSION=Y and set OPT_MYSQL=N and it will keep the extension but not load MariaDB. The image without MariaDB will load the MySQL extension with the original OPT_MYSQL=Y variable. Your guacamole.properties must be configured for a MariaDB/MySQL instance outside this container for either of these to work.

 

For now I'm not going to provide a way to set up or upgrade an external MariaDB/MySQL instance since there's no way for me to know your database's version. So unless you really know what you're doing you should probably stick with the internal MariaDB.

 

For those who wish to try your hand the Guacamole schema files are located in your appdata folder when you have enabled the MySQL extension. You just need to create a database, a user that has SELECT, INSERT, UPDATE, & DELETE permissions to that database, and apply the two schema files to the database you created. Once you modify your guacamole.properties file for that database it should work.

 

I have switched my personal Guacamole instance over and as far as I can tell it works perfectly. I'm actually using the image without MariaDB.

Edited by Taddeusz

Share this post


Link to post

if i wanna just upgrade my existing guac instance, then i just change my existing container Repository? 

i'm using it with included mariadb.

Share this post


Link to post
2 hours ago, uldise said:

if i wanna just upgrade my existing guac instance, then i just change my existing container Repository? 

i'm using it with included mariadb.

Yes

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.