Replaced by updated post / article: https://www.cb-net.co.uk/linux/deploying-guacamole-duo-mfa-via-docker-containers-ubuntu/
I’ve been looking at how I can move some/ all of my QEMU virtualised workloads to docker containers – the main drivers behind this being:
- Reducing the administrative overhead of updating an additional operating system
- Reducing the compute overhead of running an additional operating system on top of the host O/S
I also looked at whether this solution wold run in a docker-enabled Ubuntu 16.04 LXD container and, whilst the mysql and guacamole images downloded, the guacd image failed with an “operation not permitted error” meaning I was unable to use the image inside an LXD container.
I use Apache guacamole for remote access to my infrastructure and, on finding there were guacamole containers for the client and server elements, I thought I would look to move this workload from a dedicated Ubuntu Server 16.04 LTS Virtual Machine to a docker container.
This guide assumes you have installed docker as outlined here: http://www.cb-net.co.uk/linux/installing-docker-on-ubuntu-16-04-lts-16-10/
Downloading / Deploying the Container
Be sure to define/ update the commands below with:
- A new mysql root user password (find and replace <root password> )
- A new mysql guacamole user password (find and replace <guac user password> )
We will now create/ configure and start three containers:
- A mysql database instance: guac-mysql
- A guacamole-server container: guacd
- A guacamole-client container: guacamole
# Pull the guacamole (and related) docker images
sudo docker pull guacamole/guacd sudo docker pull guacamole/guacamole sudo docker pull mysql
# Create script to prepare MySQL Database
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sql
# Make a scripts folder to pass-through to container
mkdir /tmp/scripts cp initdb.sql /tmp/scripts
# Create/ start mysql instance
docker run --name guac-mysql -v /tmp/scripts:/tmp/scripts -e MYSQL_ROOT_PASSWORD=<root password> -d mysql:latest history -c
# Create mysql db, user and prepare mysql instance for guacamole
docker exec -it guac-mysql /bin/bash mysql -u root -p'<root password>' CREATE DATABASE guacamole; CREATE USER 'guacamole' IDENTIFIED BY '<guac user password>'; GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole.* TO 'guacamole'; FLUSH PRIVILEGES; quit cat /tmp/scripts/initdb.sql | mysql -u root -p'<root password>' guacamole history -c
# Now ctrl-d to exit docker container shell # Start guacd
docker run --name guacd -d guacamole/guacd
# Start guacamole client
docker run --name guacamole --link guacd:guacd --link guac-mysql:mysql \ -e MYSQL_DATABASE='guacamole' \ -e MYSQL_USER='guacamole' \ -e MYSQL_PASSWORD='<guac user password>' \ -d -p 8080:8080 guacamole/guacamole
# Harden tomcat, as-per https://www.owasp.org/index.php/Securing_tomcat
sudo docker exec -it guacamole /bin/bash sed -i 's/redirectPort="8443"/redirectPort="8443" server="" secure="true"/g' /usr/local/tomcat/conf/server.xml sed -i 's/<Server port="8005" shutdown="SHUTDOWN">/<Server port="-1" shutdown="SHUTDOWN">/g' /usr/local/tomcat/conf/server.xml rm -Rf /usr/local/tomcat/webapps/docs/ rm -Rf /usr/local/tomcat/webapps/examples/ rm -Rf /usr/local/tomcat/webapps/manager/ rm -Rf /usr/local/tomcat/webapps/host-manager/ chmod -R 400 /usr/local/tomcat/conf
You can now browse to http://<docker host IP>:8080/guacamole/ and login using the credentials guacadmin/guacadmin.
Managing the Containers
Replace “guac-mysql” below with the other container names used above to manage guacd, guacamole or guac-mysql independently:
# Start a container
sudo docker start guac-mysql
# Stop a container
sudo docker stop guac-mysql
# Hard-stop a container
sudo docker kill guac-mysql
# Restart (and auto-update) a container
sudo docker restart guac-mysql
# List all running containers
sudo docker ps
# List all running AND non-running containers
sudo docker ps -a
# Remove a container
sudo docker rm guac-mysql
# Remove the mysql docker image
sudo docker rmi mysql
# Review logs for container
sudo docker logs -f guac-mysql
9 replies on “Running guacamole from a Docker Container on Ubuntu 16.04 LTS / 16.10”
[…] now recommend using this updated guide to deploy guacamole using Docker images. This is *much* easier, and by default you’ll get the latest […]
[…] Before proceeding, be sure to check out my post on getting guacamole up and running using Docker images – here. […]
hello,
I have a issue for this topic , i have a blanc page on the http:localhost:8080/guacamole
thanks for your help
You need to have a trailing forward slash; i.e. http://127.0.0.1:8080/guacamole/
I am having the same issue. This did not work for me.
Hi Chris,
I’m getting an error at this point:
cat /tmp/scripts/initdb.sql | mysql -u root -p”
I get
ERROR 1046 (3D000) at line 24: No database selected
Line 24 is the first CREATE_TABLE command in the initdb.sql
Any suggestions for me?
Thanks for your work on this.
I had another go at this today and see that I simply got the offending line wrong. Fixing it according to your guide appears to have worked. Sorry for the noise and thanks again for the great guide.
Good to hear you got it working 🙂
[…] Article: https://www.cb-net.co.uk/linux/running-guacamole-from-a-docker-container-on-ubuntu-16-04-lts-16-10/ […]