[Support] jasonbean - Apache Guacamole


Message added by Taddeusz,

Before upgrading to 1.5.0 you need to have first upgraded to 1.4.0-3 of the container. I discovered that prior to 1.4.0-3 it was not shutting down MariaDB correctly and causing the database to be left in a dirty state.

 

If after upgrading to 1.5.0 you discover that MariaDB is stopping and the log mentions something about needing to open the database in an older version of MariaDB you should downgrade specifically to 1.4.0-3, start the container and make sure it's running correctly. Then you may upgrade to 1.5.0.

Recommended Posts

12 hours ago, Taddeusz said:

@Fidreus What happens if you add the following to your guacamole.properties file?


auth-provider: org.apache.guacamole.auth.openid.OpenIDAuthenticationProvider

 

No change, then it shows the ordinary login again.

I would say this is a Guacamole bug, but would be nice to have a workaround in the docker until it is fixed.

Link to comment

Hi!

 

I looked in the official guacamole/guacamole docker, and they handle it in the start.sh-file:

    # Update config file
    set_property          "openid-authorization-endpoint"    "$OPENID_AUTHORIZATION_ENDPOINT"
    set_property          "openid-jwks-endpoint"             "$OPENID_JWKS_ENDPOINT"
    set_property          "openid-issuer"                    "$OPENID_ISSUER"
    set_property          "openid-client-id"                 "$OPENID_CLIENT_ID"
    set_property          "openid-redirect-uri"              "$OPENID_REDIRECT_URI"
    set_optional_property "openid-username-claim-type"       "$OPENID_USERNAME_CLAIM_TYPE"

    # Add required .jar files to GUACAMOLE_EXT
    # "1-{}" make it sorted as a first provider (only authentication)
    # so it can work together with the database providers (authorization)
    find /opt/guacamole/openid/ -name "*.jar" | awk -F/ '{print $NF}' | \
    xargs -I '{}' ln -s "/opt/guacamole/openid/{}" "${GUACAMOLE_EXT}/1-{}"

Is this somehing you could add to this docker as well @Taddeusz ?

 

/Fredrik

Link to comment

I think this will work in firstrun.sh: 

OPTOPENID=${OPT_OPENID^^}
if [ "$OPTOPENID" = "Y" ]; then
  if [ -f "$GUAC_EXT"/*openid*.jar ]; then
    oldOpenidFiles=( "$GUAC_EXT"/*openid*.jar )
    newOpenidFiles=( "$EXT_STORE"/openid/*openid*.jar )

    if diff ${oldOpenidFiles[0]} ${newOpenidFiles[0]} >/dev/null ; then
      echo "Using existing OpenID extension."
    else
      echo "Upgrading OpenID extension."
      rm "$GUAC_EXT"/*openid*.jar
      find ${EXT_STORE}/openid/ -name "*.jar" | awk -F/ '{print $NF}' | xargs -I '{}' cp "${EXT_STORE}/openid/{}" "${GUAC_EXT}/1-{}"
      CHANGES=true
    fi
  else
    echo "Copying OpenID extension."
    find ${EXT_STORE}/openid/ -name "*.jar" | awk -F/ '{print $NF}' | xargs -I '{}' cp "${EXT_STORE}/openid/{}" "${GUAC_EXT}/1-{}"
    CHANGES=true
  fi
elif [ "$OPTOPENID" = "N" ]; then
  if [ -f "$GUAC_EXT"/*openid*.jar ]; then
    echo "Removing OpenID extension."
    rm "$GUAC_EXT"/*openid*.jar
  fi
fi

 

Link to comment
  • 3 weeks later...

Hey, I just got this all set up and I love the idea of using this for remoting into my systems, VMs and such from away but one thing that I just haven't been able to figure out is... I can access everything when I use the server IP and PORT http://10.10.10.99:9191/#/ from a local workstation but when I am using the reverse proxy for it https://remote.[REDACTED].net/#/ it does NOT work properly. The webUI is quick, responsive, no issues. I can VNC all day long and even the RDP works as far as I can tell. What doesn't work is SSH and Telnet. I telnet and SSH into my network infrastructure, among a few other things, and those do NOT work when they are proxied. When I try to connect, the connection will eventually time out and that's all she wrote. I have searched and searched and I just can't figure this part out and it's the only thing holding me back from fully deploying this thing and setting up the more secure authentication methods for actual full time use.

 

I use nginxproxymanager as my proxy and so far I haven't had that be an issue before, honestly, I'm just stuck.

Link to comment
16 hours ago, Fidreus said:

I'm running Nginx Proxy Manager with guacamole and have no problems with SSH now when I tried (again).

I have enabled "Websockets Support" and under "Custom Nginx Configuration" I've added "proxy_buffering off;"

 

Spot the heck on there my friend! It's the custom part I was missing. I THOUGHT the turning off of caching was the same but seems I was VERY wrong about that. The instant I added that to the config it started working perfectly and instantly. Thanks a million!

 

I used to use the normal nginx and switched to proxy manager version just because it was quicker and easier to set up new things, especially experimental stuff. I am writing this from work remoting into my main PC just for kicks. Hehe, this is super neat and super useful!

Edited by cammelspit
Link to comment
  • 2 weeks later...
13 hours ago, Taddeusz said:

@dodgypast If you have your Guacamole container on a custom network you use the container port. Try changing your conf file from 9999 to 8080 and see if it works.

I use 8080 for something else.

 

I did some digging and this worked:
 

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name PRIVATE

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    location / {
    proxy_pass http://192.168.1.153:9999/;
    proxy_buffering off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_http_version 1.1;
    proxy_no_cache $cookie_session;
                
    }
} 

 

Link to comment
  • 1 month later...

Hi All,   Has anyone managed to get VNC File sharing working with a Unraid Docker Guacamole instance connecting to an Unraid VM/KVM Instance?
Everytime I try to enable SFTP I cant connect to the remote host anymore, and from within the Guac shell there is no ability to sftp to check connectivity.

Any advice or pointers? Google and reddit seems pretty skimp on info

Link to comment

small update, switched now fast to the official guacd && guacamole docker and yes, my issue is fixed in 1.2

 

(remote app connections closing after 2 mins)

 

and i use mysql (mariadb) and did not run the firstrun.sh, any reason why its needed ? any changes in database ?

Link to comment

I’m not ready to update the “latest” branch yet. I think I need to rethink the database upgrade scripting. I’ve always thought it was a kludge. I just haven’t thought of a better way to do it. Fortunately there are no database changes this time around.

 

However, if you’d like to test it out I’ve pushed out 1.2.0 with the tags “1.2.0” and “1.2.0-nomariadb”. I’m sure I’ll be making changes to the database update code before I decide to make this official.

 

That being said, I really like the quick change feature for if you have multiple remotes open.

 

I also have to admit that I personally haven’t been using my own Guacamole that much. A lot of that has to do with changing jobs and then having to work from home due to COVID-19. I just don’t need the remote access as much as I once did. Plus, Unraid’s built-in Wire Guard has made it much easier to get remote access when I need it. I am still dedicated to maintaining this container. It’s a great tool that needs an all-in-one version. I’m sure the separate client and server containers have their place but the all-in-one approach is much cleaner to deploy.
 

If you decide to test this out please let me know if you run into any issues.

  • Like 1
Link to comment
11 hours ago, Taddeusz said:

I also have to admit that I personally haven’t been using my own Guacamole that much. A lot of that has to do with changing jobs and then having to work from home due to COVID-19. I just don’t need the remote access as much as I once did.

it's the same for me too! i have Guacamole setup just running, but lastly i'm moving slowly to meshcentral2 https://www.meshcommander.com/meshcentral2. to me it adds a value to connect to another desktop like in teamviever to support another person. RDP still works, VNC too. according RDP, if you need it through browser, then Guacamole is still the champ in UX - works very well like native Windows RDP. i'm running this Meshcentral in docker too, so, if anyone have an interest, just ask.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.