Hello André I have done a small docker-compose which embed the init part. It runs on a swarm stack but you can run a single docker node easily. It is bind to Active Directory for authentification and allowed users need to be member of AD Group GUACAMOLE-INSTANCE Nested group is supported.
Kind regards Philippe Dr. Philippe CAMELIO IT Infrastructure Manager & CISO OCAPIAT 5 rue Guillaume VII le Troubadour 86000 POITIERS www.ocapiat.fr<http://www.ocapiat.fr/> tél : +33(0) 170 383 845 / +33 (0) 632 301 909 ============================================================ version: "3.8" services: init-guacamole-db: image: guacamole/guacamole:1.5.0 command: ["/bin/sh", "-c", "test -e /init/initdb.sql && echo 'init file already exists' || /opt/guacamole/bin/initdb.sh --postgres > /init/initdb.sql" ] user: root volumes: - dbinit:/init deploy: restart_policy: condition: on-failure placement: constraints: [node.role == manager] postgres: image: postgres:13 environment: PGDATA: /var/lib/postgresql/data/guacamole POSTGRES_PASSWORD: changeme POSTGRES_USER: guacamole_user restart: unless-stopped volumes: - dbinit:/docker-entrypoint-initdb.d - dbdata:/var/lib/postgresql/data/guacamole deploy: placement: constraints: [node.role == manager] depends_on: - init-guacamole-db guacd: image: guacamole/guacd:1.5.0 restart: unless-stopped guac: image: guacamole/guacamole:1.5.0 environment: POSTGRE_VERSION: 13 GUACAMOLE_VERSION: 1.5.0 EXTENSION_PRIORITY: ldap, postgresql GUACD_HOSTNAME: guacd WEBAPP_CONTEXT: ROOT POSTGRES_HOSTNAME: postgres POSTGRES_DATABASE: guacamole_user POSTGRES_PASSWORD: changeme POSTGRES_USER: guacamole_user PROXY_ALLOWED_IPS_REGEX: 10.* PROXY_IP_HEADER: x-forwarded-for PROXY_PROTOCOL_HEADER: x-forwarded-proto PROXY_BY_HEADER: x-forwarded-by REMOTE_IP_VALVE_ENABLED: "true" LDAP_HOSTNAME: activedirectory.local.lan LDAP_PORT: 389 LDAP_ENCRYPTION_METHOD: none LDAP_SEARCH_BIND_DN: CN=bind-guacamole,OU=SomeOU,DC=local,DC=lan LDAP_SEARCH_BIND_PASSWORD: changemealso # LDAP_DEREFRENCE_ALIASES: always LDAP_MAX_SEARCH_RESULTS: 1000 LDAP_USER_BASE_DN: DC=local,DC=lan LDAP_USERNAME_ATTRIBUTE: userPrincipalName,cn, givenName, sn, mobile, mail LDAP_MEMBER_ATTRIBUTE: member LDAP_USER_SEARCH_FILTER: (&(objectclass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=GUACAMOLE-INSTANCE,OU=Guacamole,OU=Groups,DC=local,DC=lan)) # LDAP_GROUP_BASE_DN: # LDAP_GROUP_SEARCH_FILTER: # LDAP_GROUP_NAME_ATTRIBUTE: # LDAP_CONFIG_BASE_DN: POSTGRESQL_AUTO_CREATE_ACCOUNTS: "true" ports: - "8080:8080" depends_on: - postgres - guacd volumes: dbinit: driver: local dbdata: driver: local De : André R. Basel <[email protected]> Envoyé : jeudi 27 avril 2023 07:26 À : [email protected] Objet : Quacamole docker install Hi I have been working through the documentation to install Quacamole using docker. The IP of my docker server is 192.168.1.11 Base on my understanding of what I read, I did the following: Step 1: sudo docker run --name my-guacd -d guacamole/guacd Step 2: sudo docker run --name my-guacamole --link my-guacd:guacd -d -p 8080:8080 --restart unless-stopped guacamole/guacamole Step 3: sudo docker run --name quacamole-mysql -e MYSQL_ROOT_PASSWORD=mypassword! -d --restart unless-stopped mysql:latest Step 4: sudo docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sql Step 5: sudo docker run --name my-guacamole \ --link my-guacd:guacd \ --link guacamole-mysql:mysql \ -e MYSQL_HOSTNAME=192.168.1.11 \ -e MYSQL_USER=guacamole_user \ -e MYSQL_PASSWORD=mypassword \ --restart unless-stopped \ -d -p 8080:8080 guacamole/guacamole However when looking at the logs I get FATAL: No authentication configured ------------------------------------------------------------------------------- The Guacamole Docker container needs at least one authentication mechanism in order to function, such as a MySQL database, PostgreSQL database, SQLServer database, LDAP directory or RADIUS server. Please specify at least the MYSQL_DATABASE or POSTGRES_DATABASE or SQLSERVER_DATABASE environment variables, or check Guacamole's Docker documentation regarding configuring LDAP and/or custom extensions. My Docker setup looks as follows: [image.png] I tried following the instructions set the database up but I think I may have got those confused. Is there a simplified set of steps to help a NOOB get it up and running, after which I can start playing with the different settings? Kind regards Andre Sent with Proton Mail<https://proton.me/> secure email. Si vous recevez ce mail en dehors de vos heures de travail ou pendant vos congés, vous n'avez pas à y répondre immédiatement. Dans le cadre de la préservation de l’environnement, n'imprimez ce message qu’en cas de nécessité.
