Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Message added by Taddeusz,

Before upgrading to 1.5.0 you need to have first upgraded to 1.4.0-3 of the container. I discovered that prior to 1.4.0-3 it was not shutting down MariaDB correctly and causing the database to be left in a dirty state.

 

If after upgrading to 1.5.0 you discover that MariaDB is stopping and the log mentions something about needing to open the database in an older version of MariaDB you should downgrade specifically to 1.4.0-3, start the container and make sure it's running correctly. Then you may upgrade to 1.5.0.

[Support] jasonbean - Apache Guacamole

Featured Replies

16 hours ago, Taddeusz said:


If your Guacamole container is connected to a custom network you need to go to Unraid’s Docker settings and enable “Host access to custom networks”.

 

Nope that's not it : I'm using the bridge interface and anyway this option is already set on my server.

And the error message suggest that Guacamole reach the SSH server but can't finish the handshake.

 

I think I may have the root cause, here's the debug logs from guacd when an attempt is made :

guacd[385]: DEBUG:      Client is using protocol version "VERSION_1_3_0"
guacd[385]: DEBUG:      Successfully connected to host 192.168.1.40, port 22
guacd[385]: ERROR:      SSH handshake failed.

 

The connection is effective but the handshake couldn't go through.

Now here's the logs from unraid :

Mar 26 08:42:08 <my unraid hostname> sshd[7790]: Unable to negotiate with 172.17.0.22 port 58070: no matching hos
t key type found. Their offer: ssh-rsa,ssh-dss [preauth]

 

So the SSH connection fails because guacd and sshd couldn't find a common ground.

The only way I could make it worked is allowing ssh-rsa again in unraid :

 

To permit using old RSA keys for OpenSSH 8.8+, add the following lines to your sshd_config:

HostKeyAlgorithms=ssh-rsa,[email protected]
PubkeyAcceptedAlgorithms=+ssh-rsa,[email protected]

 

 

Edited by hot22shot

  • Replies 1.2k
  • Views 282.5k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • I just wanted to post an update about my progress with 1.5.5. It was a busy weekend but I did get a chance to work on it. I ran into an issue that I'm trying to figure out but I think I'll be able to

  • I'm sorry. I've been trying to avoid this for a while. I just don't have the time I used to have to work on Guacamole. Maybe some day I can come back to it but for now I'm going to have to throw in th

  • I have forked Jason project and upgrade to version 1.6.0, you can try using the same template changing the name to create a new application and in the field: Repository replace the word jasonbean to c

Posted Images

  • Author

@hot22shot It sounds like you're using a host key. If that's the case you should probably regenerate the host key on your Unraid server to not use the insecure old RSA algorithm rather than bypassing the limitation.

Have tried setting this up today, and can't get the web UI to load the login prompt without throwing this:

 

image.png.0911eab2325695fb6c03e5f18f9940d2.png

 

There's no errors in the Apache Guacamole docker, nor MariaDB. The user and password work for the database I setup for this container, so I'm at a loss.

 

Have tried both Unraid templates (with and without mariadb), Docker has 'host access to custom networks' enabled, and have also tried different networks (br0 to give the container it's own IP, as well as my reverse proxy network).

 

Probably something simple, but any help would be appreciated. Thanks.

  • Author
27 minutes ago, evakq8r said:

Have tried setting this up today, and can't get the web UI to load the login prompt without throwing this:

 

image.png.0911eab2325695fb6c03e5f18f9940d2.png

 

There's no errors in the Apache Guacamole docker, nor MariaDB. The user and password work for the database I setup for this container, so I'm at a loss.

 

Have tried both Unraid templates (with and without mariadb), Docker has 'host access to custom networks' enabled, and have also tried different networks (br0 to give the container it's own IP, as well as my reverse proxy network).

 

Probably something simple, but any help would be appreciated. Thanks.


You’re using it with an external database? Did you import the database schema using the SQL file?

1 hour ago, Taddeusz said:


You’re using it with an external database? Did you import the database schema using the SQL file?

 

Yes using an external DB and also imported the schema. For whatever reason though, I just reinstalled it from scratch and made no changes to config, and 'it just works'.

 

NFI why, but I'm not questioning it. :)

I feel like a complete noob, but how do you even edit the guacamole.properties? nano, vim, nor vi seem to work...

  • Author
8 minutes ago, joshbgosh10592 said:

I feel like a complete noob, but how do you even edit the guacamole.properties? nano, vim, nor vi seem to work...


I personally use nano. I haven’t had any problems. What kind of problem are you having editing the properties file?

On 3/30/2022 at 10:55 PM, Taddeusz said:


I personally use nano. I haven’t had any problems. What kind of problem are you having editing the properties file?

I also typically use nano, but when I try to edit it (using the container's CLI), no commands work - not nano, not ping, not even vi. I have a feeling I'm just doing something wrong and it's a simple mistake lol..

2 minutes ago, joshbgosh10592 said:

when I try to edit it (using the container's CLI), no commands work

cause the programs are not installed inside the docker ...

 

depends now how you can access the mashine, the guacamole.properties is located in /mnt/user/appdata/.....

 

so either use the unraid terminal and use nano or a client and access the share ...

 

image.png.832b1b9bc1be291766023b1320315ad4.png

49 minutes ago, alturismo said:

cause the programs are not installed inside the docker ...

 

depends now how you can access the mashine, the guacamole.properties is located in /mnt/user/appdata/.....

 

so either use the unraid terminal and use nano or a client and access the share ...

 

image.png.832b1b9bc1be291766023b1320315ad4.png

Yup, sorry, like I said, I felt like a complete noob and was making a stupid, simple mistake. Thank you! I'm very new to dockers and forgot that their data is just a folder inside the appdata share.

8 hours ago, joshbgosh10592 said:

Thank you! I'm very new to dockers and forgot that their data is just a folder inside the appdata share.

Only the part of the container that has a mapping is elsewhere. Understanding the difference between the container's own filesystem, the host filesystem, and how the two interact with mapping is one of the core principles that you need to get familiar with when working with docker containers.

TOPIC: TOTP field not showing on hosted site.

I have set up TOTP for ApacheGuacamole and it is working on the local host fine.
I have reversed proxied (Using NginxProxyManager) it to a custom domain and it worked without the TOTP but not with TOTP enabled the page is displayed but

there is no entry to type the one time password.

 


The network response when clicking the Continue:

POST https://vm.domain.com/api/tokens
400 Bad Request

[EDIT] - SOLVED:
One of my Cache Drives was completely filled.
Freeing up space on that drive resolved the issue. 


 

Screenshot_2022-04-03_13-03-58.png

Edited by BMCave

3 hours ago, BMCave said:

TOPIC: TOTP field not showing on hosted site.

I have set up TOTP for ApacheGuacamole and it is working on the local host fine.
I have reversed proxied (Using NginxProxyManager) it to a custom domain and it worked without the TOTP but not with TOTP enabled the page is displayed but

there is no entry to type the one time password.

 


The network response when clicking the Continue:

POST https://vm.domain.com/api/tokens
400 Bad Request


 

Screenshot_2022-04-03_13-03-58.png

I i modify the post request on the first login page and add the one time password in it seems to work. 
 

2022-04-03 18_27_30-Untitled - Paint.png

On 4/4/2022 at 4:36 PM, Taddeusz said:

@BMCave Have you tried clearing your cache?

That was indeed the issue! One of my shares were set up incorrectly and filled one of the cache drives once clearing the drives it was working as expected.

Is there an explanation as to why this would affect something like this?

  • Author
15 hours ago, BMCave said:

That was indeed the issue! One of my shares were set up incorrectly and filled one of the cache drives once clearing the drives it was working as expected.

Is there an explanation as to why this would affect something like this?


I actually meant your browser cache but that would probably cause all sorts of random weirdness. In this case it was probably having issues writing to the database.

On 3/27/2022 at 7:02 PM, Taddeusz said:

@hot22shot It sounds like you're using a host key. If that's the case you should probably regenerate the host key on your Unraid server to not use the insecure old RSA algorithm rather than bypassing the limitation.

 

I do not use host key for authentification.

I think the core issue is with the algorithms used to exchange keys between guacd and unraid.

Unraid is using a recent version of openSSH, on the other end guacd use libssh2 and your image docker use version 1.8.

 

The error message I got from unraid seems to be resolved with the uprade of libssh2, would you consider bumping to 1.10 ?

 

  • Author
3 hours ago, hot22shot said:

 

I do not use host key for authentification.

I think the core issue is with the algorithms used to exchange keys between guacd and unraid.

Unraid is using a recent version of openSSH, on the other end guacd use libssh2 and your image docker use version 1.8.

 

The error message I got from unraid seems to be resolved with the uprade of libssh2, would you consider bumping to 1.10 ?

 


Not saying it’s not a problem but I have no problem connecting to my own Unraid SSH. I’m running 6.9.2. Unless something has changed with 6.10? I’m not going to be running 6.10 until it’s final. I just don't have the hardware to test this one container on the next version of Unraid. I don't want to risk my one Unraid server.

Edited by Taddeusz

8 minutes ago, Taddeusz said:


Not saying it’s not a problem but I have no problem connecting to my own Unraid SSH. I’m running 6.9.2. Unless something has changed with 6.10? I’m not going to be running 6.10 until it’s final. I just don't have the hardware to test this one container on the next version of Unraid. I don't want to risk my one Unraid server.

 

Well i don't have a 6.9.2 environment anymore, but I suppose that openSSH has been bumped since then.

6.10.0-RC4 comes with OpenSSH 8.8+ which disabled RSA by default

 

This release disables RSA signatures using the SHA-1 hash algorithm by default.

 

I can test any new container if you want.

  • Author

@hot22shot Looking at it further I'd have to switch to building guacd myself rather than using their pre-built guacd container. Their pre-built guacd container uses Debian buster-slim as it's base which has libssh2-1 version 1.8.0-2.1. For their upcoming 1.5.0 version they've switched to using Ubuntu 21.10 which has libssh2-1 version 1.9.0-3. I'm not sure which version of the libssh2-1 library would negotiate correctly with Unraid 6.10?

Edited by Taddeusz

On 4/15/2022 at 5:32 PM, Taddeusz said:

@hot22shot Looking at it further I'd have to switch to building guacd myself rather than using their pre-built guacd container. Their pre-built guacd container uses Debian buster-slim as it's base which has libssh2-1 version 1.8.0-2.1. For their upcoming 1.5.0 version they've switched to using Ubuntu 21.10 which has libssh2-1 version 1.9.0-3. I'm not sure which version of the libssh2-1 library would negotiate correctly with Unraid 6.10?

 

To be honest I'm not sure. Do you know when the 1.5 is due ?

 

 

  • Author
10 minutes ago, hot22shot said:

 

To be honest I'm not sure. Do you know when the 1.5 is due ?

 

 

They’ve been doing annual major version releases so probably not till January or February next year. I will try and experiment when I can. I can’t really promise a timeline.

  • 2 weeks later...

Hi guys, I just installed the ApacheGuacamole App from Taddeusz repo.

For some reason I get an invalid login message the moment the installation finishes and I go to 

login to the Apache server for the 1st time using the default guacadmin username/password.

Any idea why that would be happening?

Any help is greatly appreciated

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.