Install Guacamole in Docker

I'm using Docker running on Ubuntu 20.04. I've set up Traefik to proxy all traffic over SSL to my containers. To administer/manage my containers I'm using Portainer.

The instructions below are what I used to get Guacamole up and running. The information isn't original to me. It comes from various sites, google searches, etc. I put this here hoping to help out others. Let me know if you have any feedback.

Whats Guacamole

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.

We call it clientless because no plugins or client software are required.

Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.

Guacamole

High level steps:

• Install MySQL Docker container
• Install guacd Docker container
• Install guacamole Docker container

guacamole_db

SSH into Docker server

$ mkdir -p ~/config/guacamole_db/data

In portainer we'll create a new Container.

Name: guacamole_db
Image: ghcr.io/linuxserver/mariadb:latest

Environment settings

PUID = 1000
GUID = 1000
MYSQL_ROOT_PASSWORD = xxxx
TZ = America/Vancouver
MYSQL_DATABASE = guacamole
MYSQL_USER = guac
MYSQL_PASSWORD = xxx

Volumes

/config = /home/$USERNAME/config/guacamole_db/data

Restart policy

Change to "Unless Restarted"

Network

As we are going to proxy all guacamole traffic through traefik we'll change the network to "proxy"

Click on "Deploy the container"

Through portainer you can also shell (Console) in and verify the database is created. There's no content yet.

# mysql -uguac -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.4.19-MariaDB-1:10.4.19+maria~bionic-log mariadb.org binary distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| guacamole          |
| information_schema |
+--------------------+
2 rows in set (0.001 sec)

MariaDB [(none)]> use guacamole
Database changed
MariaDB [guacamole]> show tables;
Empty set (0.000 sec)

MariaDB [guacamole]> 

Set up the MySQL database

On my docker server I need to get the script to create the database structure

$ cd ~/config/guacamole_db/data
$ docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > guac_initdb.sql

The MySQL database has an empty database called "guacamole" and a user called "guac" who has no permissions. Let's set up the database and give "guac" the correct permissions.

Console into the guacamole_db container through Portainer.

# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.4.19-MariaDB-1:10.4.19+maria~bionic-log mariadb.org binary distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> GRANT ALL on `guacamole%`.* TO 'guac';
Query OK, 0 rows affected (0.002 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> quit

Now lets initialize the database. Previously I grabbed the necessary script and put it under ~/config/guacamole_db/data on the Docker host. On the guacamole_db container this directory is mapped/mounted to /config

Through portainer Console:

# cd /config
# ls
custom.cnf  databases  guac_initdb.sql  log
# cat guac_initdb.sql | mysql -uguac -p guacamole
Enter password: 
# mysql -uguac -p
Enter password: 

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 10.4.19-MariaDB-1:10.4.19+maria~bionic-log mariadb.org binary distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use guacamole;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [guacamole]> show tables;
+---------------------------------------+
| Tables_in_guacamole                   |
+---------------------------------------+
| guacamole_connection                  |
| guacamole_connection_attribute        |
| guacamole_connection_group            |
| guacamole_connection_group_attribute  |
| guacamole_connection_group_permission |
| guacamole_connection_history          |
| guacamole_connection_parameter        |
| guacamole_connection_permission       |
| guacamole_entity                      |
| guacamole_sharing_profile             |
| guacamole_sharing_profile_attribute   |
| guacamole_sharing_profile_parameter   |
| guacamole_sharing_profile_permission  |
| guacamole_system_permission           |
| guacamole_user                        |
| guacamole_user_attribute              |
| guacamole_user_group                  |
| guacamole_user_group_attribute        |
| guacamole_user_group_member           |
| guacamole_user_group_permission       |
| guacamole_user_history                |
| guacamole_user_password_history       |
| guacamole_user_permission             |
+---------------------------------------+
23 rows in set (0.001 sec)

Looking good so far.

guacd

Create another container.
Name: guacdImage
Image: guacamole/guacd.

Change Network to "proxy"

Set restart policy to "Unless stopped"

Click on "Deploy the container"

Guacamole

Added guacamole.lan.mydomain.com to my local DNS. Will need that for traefik.

Create a new container.

Name: guacamole
Image: guacamole/guacamole:latest

Environment settings

Network

Change to "proxy"

Labels

Now browse to https://guacamole.lan.mydomain.com/guacamole

default username/password: guacadmin/guacadmin