Jump to content
Taddeusz

[Support] jasonbean - Apache Guacamole

411 posts in this topic Last Reply

Recommended Posts

I could only get it to work if the location was the same as the base URL of guacamole. So these are the entries I use that work great for me:

location ^~ /guacamole/ {
	proxy_pass http://<ip>:<port>/guacamole/;
}

location ^~ /guacamole/websocket-tunnel {
   	proxy_pass http://<ip>:<port>/guacamole/websocket-tunnel;
   	proxy_http_version 1.1;
   	proxy_set_header Upgrade $http_upgrade;
   	proxy_set_header Connection "upgrade";
}

The websocket portion is important so that Guacamole can use websockets rather than standard http for two-way communication.

Share this post


Link to post

Copied that, and it was scary that when I went to it, guacamole was already logged in under my name ready to access computers!!  WHAT!!

 

 

Share this post


Link to post
2 minutes ago, theDrell said:

Copied that, and it was scary that when I went to it, guacamole was already logged in under my name ready to access computers!!  WHAT!!

 

 

Cookie maybe?

Share this post


Link to post
39 minutes ago, Taddeusz said:

I could only get it to work if the location was the same as the base URL of guacamole. So these are the entries I use that work great for me:


location ^~ /guacamole/ {
	proxy_pass http://<ip>:<port>/guacamole/;
}

location ^~ /guacamole/websocket-tunnel {
   	proxy_pass http://<ip>:<port>/guacamole/websocket-tunnel;
   	proxy_http_version 1.1;
   	proxy_set_header Upgrade $http_upgrade;
   	proxy_set_header Connection "upgrade";
}

The websocket portion is important so that Guacamole can use websockets rather than standard http for two-way communication.

Apparently if you set your ssl user and pass the same as quac, after logging into the ssl domain, it will auto log you into quac... I was not expecting that lol.

 

Thanks for the web socket part, I thought I was going to have to set a baseurl like everything else.

Share this post


Link to post

Interestingly after my Duo trial expired and reverted to Duo Free my Guacamole is still able to authenticate through Duo.

Share this post


Link to post

I tried installing this docker today and for some reason I can't login with guacadmin/guacadmin  Any ideas why this might be?  If I create a user in the user-mapping.xml file I can get in with that.

 

Another issue I'm having is getting a RDP connection to work.  SSH works fine, but RDP won't seem to connect to my windows servers (NLA is off).

 

Any help would be greatly appreciated!

Share this post


Link to post

For the first problem make sure that the option "OPT_MYSQL" is set to "Y" and "OPT_LDAP" set to "N". Were you upgrading an existing installation or is this new?

 

For the second problem I'm not sure as I'm using LDAP through my Windows Active Directory domain.

Share this post


Link to post

This is a new installation.  I have OPT_MYSQL set to Y.  I did some digging around and found this in the catalina.out inside the container.  Do you think this is the issue and any ideas on how to fix it?

 

18:25:04.014 [localhost-startStop-1] ERROR o.a.g.extension.ExtensionModule - Extension "guacamole-auth-jdbc-mysql-0.9.12-incubating.jar" could not be loaded: Extension is not a valid zip file: guacamole-auth-jdbc-mysql-0.9.12-incubating.jar
 

Thanks for your help!

Share this post


Link to post

Do you know how to ssh into your unRAID server?

 

From ssh with Guacamole running type the following command, change the name to match your instance if you've changed it from the default:

 

docker exec -it ApacheGuacamole /bin/bash

then:

cd /var/lib/guacamole/extensions/
ls

Make sure the file guacamole-auth-jdbc-mysql-0.9.12-incubating.jar is there.

 

If it's not there I would recommend removing the Apache Guacamole docker and then reinstalling it using your "my" template. If it is there try disabling OPT_MYSQL, click Apply and then go back and re-enable OPT_MYSQL. It should copy that file to your /mnt/user/appdata/ApacheGuacamole/guacamole/extensions folder.

Share this post


Link to post

I think I'm missing some thing...have the same issue where I cannot login and as referenced in a post above:

 

"For the first problem make sure that the option "OPT_MYSQL" is set to "Y" and "OPT_LDAP" set to "N"."

 

Is this referring to an environment variable in the docker setup? If so I did set but still unable to login....or do I have to create a template?

 

I do see these errors, which I presume is due to the mysql database not being created:

 

May 22 10:11:43 guacamole mysqld_safe: Starting mysqld daemon with databases from /config/databases
stdout
10:11:43
May 22 10:11:43 guacamole mysqld: 170522 10:11:43 [Note] /usr/sbin/mysqld (mysqld 5.5.54-MariaDB-1~trusty) starting as process 782 ...
stdout
10:11:43
May 22 10:11:43 guacamole mysqld: 170522 10:11:43 [ERROR] mysqld: File '/var/log/mysql/mariadb-bin.~rec~' not found (Errcode: 13)
stdout
10:11:43
May 22 10:11:43 guacamole mysqld: 170522 10:11:43 [ERROR] MYSQL_BIN_LOG::open_purge_index_file failed to open register  file.
stdout
10:11:43
May 22 10:11:43 guacamole mysqld: 170522 10:11:43 [ERROR] MYSQL_BIN_LOG::open_index_file failed to sync the index file.
stdout
10:11:43
May 22 10:11:43 guacamole mysqld: 170522 10:11:43 [ERROR] Aborting

 

------

Any help appreciated.

Share this post


Link to post

Judging by the errors it appears that it can't find the database files. Where is the "/config" container path pointing to? The default should be "/mnt/user/appdata/ApacheGuacamole". Verify that the files in that location exist.

Share this post


Link to post

Apache Guacamole 0.9.13-incubating is out. Looks to include a lot of bug fixes. Adds CAS single sign-on authentication for those who might need it.

 

Since this is the first update to include database schema changes it now upgrades the database to to 0.9.13 and records the current version in a file for future schema upgrades.

Share this post


Link to post

Is there an error log in the config directory, or is there just the docker log. I'm having trouble connecting to rdp but can't find the error.

Share this post


Link to post
8 minutes ago, surfshack66 said:

Is there an error log in the config directory, or is there just the docker log. I'm having trouble connecting to rdp but can't find the error.

 

I believe all its error output goes to the Docker log. That's where I've looked when I've had trouble connecting.

Share this post


Link to post

I just installed it for the first time and when I try to connect to a SSH I get an error message

An internal error has occurred within the Guacamole server, and the connection has been terminated. If the problem persists, please notify your system administrator, or check your system logs.

And the container log is full of 

Aug 3 20:02:56 f4c825db8449 guacd[69]: Guacamole protocol violation. Perhaps the version of guacamole-client is incompatible with this version of guacd?

 

Share this post


Link to post

What is the console output in your browser? Are you connecting locally on your network or remotely through a proxy?

Share this post


Link to post
3 minutes ago, Taddeusz said:

What is the console output in your browser? Are you connecting locally on your network or remotely through a proxy?

 

All I get after Iog is this https://i.imgur.com/pLlok1q.png  . Nothing else.

I am connecting locally.

 

To resume : 

  • I installed the container for the first time
  • Logged in fine and went to the setting
  • added an SSH connection where I filled the host, user and pwd
  • used that connexion and now when I log in I get the screenshot I just posted. No menu, no console.

Share this post


Link to post

What I mean is your browser's console log. Hit F12 and use the developer tools to view your browser's log.

Share this post


Link to post
4 minutes ago, Taddeusz said:

What I mean is your browser's console log. Hit F12 and use the developer tools to view your browser's log.

Oh :)

VM957:1 POST http://192.168.1.3:18080/tunnel?connect 500 (Internal Server Error)

And the content of that 500 reply itself is

<html><head><title>Apache Tomcat/7.0.52 (Ubuntu) - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.52 (Ubuntu)</h3></body></html>

 

Share this post


Link to post

I've been able to replicate the problem on my end. I'm working to figure out what's going on.

Share this post


Link to post

I'm not sure what's going on. When I upgraded my own installation everything works fine. On a clean installation only RDP works. I'll do more investigation but I may need to roll this back to 0.9.12 to give me time to fix it.

Share this post


Link to post

In your successful RDP connection, do you see the following warning?

 

Quote

*** Running /etc/rc.local...
* Starting Tomcat servlet engine tomcat7
*** Running /etc/my_init.d/firstrun.sh...
Using existing properties file.
Using existing MySQL extension.
Using existing Duo extension.
ln: failed to create symbolic link ‘/usr/share/tomcat7/.guacamole/guacamole’: File exists
*** Running /etc/rc.local...
* Starting Tomcat servlet engine tomcat7
...fail!

 

Share this post


Link to post

Yes, it always shows that warning because the firstrun.sh script always tries to set that symbolic link. I'll see if that can be moved to the Dockerfile to prevent confusion. My OCD self also just finds that pointless warning annoy.

 

The only thing that I can guess is that on my upgrade the part of the image that didn't need upgrading contained some libraries that are for whatever reason not in the complete 0.9.13 image.

Share this post


Link to post

Ok, total pebkac that I'm completely guilty of myself. Move the hostname you're connecting to from the "Guacamole Proxy Parameters (GUACD)" section to the "Parameters -> Network" section. I'm not sure because I can't remember what the connection configuration screens looked like in 0.9.12 but the Guacamole Proxy may be a new feature in this version.

Share this post


Link to post

I have updated the image to include all optional libraries so that guacd is now fully featured. I also moved the symbolic link creation to the Dockerfile so that warning will no longer be present to confuse or annoy the OCD.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.