Categories
Linux

Running guacamole from a Docker Container on Ubuntu 16.04 LTS / 16.10

Replaced by updated post / article: https://www.cb-net.co.uk/linux/deploying-guacamole-duo-mfa-via-docker-containers-ubuntu/

I’ve been looking at how I can move some/ all of my QEMU virtualised workloads to docker containers – the main drivers behind this being:

  • Reducing the administrative overhead of updating an additional operating system
  • Reducing the compute overhead of running an additional operating system on top of the host O/S

I also looked at whether this solution wold run in a docker-enabled Ubuntu 16.04 LXD container and, whilst the mysql and guacamole images downloded, the guacd image failed with an “operation not permitted error” meaning I was unable to use the image inside an LXD container.

I use Apache guacamole for remote access to my infrastructure and, on finding there were guacamole containers for the client and server elements, I thought I would look to move this workload from a dedicated Ubuntu Server 16.04 LTS Virtual Machine to a docker container.

This guide assumes you have installed docker as outlined here: http://www.cb-net.co.uk/linux/installing-docker-on-ubuntu-16-04-lts-16-10/

Downloading / Deploying the Container

Be sure to define/ update the commands below with:

  • A new mysql root user password (find and replace <root password> )
  • A new mysql guacamole user password (find and replace <guac user password> )

We will now create/ configure and start three containers:

  1. A mysql database instance: guac-mysql
  2. A guacamole-server container: guacd
  3. A guacamole-client container: guacamole

# Pull the guacamole (and related) docker images

sudo docker pull guacamole/guacd
sudo docker pull guacamole/guacamole
sudo docker pull mysql 

# Create script to prepare MySQL Database

docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sql

# Make a scripts folder to pass-through to container

mkdir /tmp/scripts
cp initdb.sql /tmp/scripts

# Create/ start mysql instance

docker run --name guac-mysql -v /tmp/scripts:/tmp/scripts -e MYSQL_ROOT_PASSWORD=<root password> -d mysql:latest 
history -c

# Create mysql db, user and prepare mysql instance for guacamole

docker exec -it guac-mysql /bin/bash

mysql -u root -p'<root password>'
CREATE DATABASE guacamole;
CREATE USER 'guacamole' IDENTIFIED BY '<guac user password>';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole.* TO 'guacamole';
FLUSH PRIVILEGES;
quit

cat /tmp/scripts/initdb.sql | mysql -u root -p'<root password>' guacamole
history -c

# Now ctrl-d to exit docker container shell # Start guacd

docker run --name guacd -d guacamole/guacd

# Start guacamole client

docker run --name guacamole --link guacd:guacd --link guac-mysql:mysql \
-e MYSQL_DATABASE='guacamole' \
-e MYSQL_USER='guacamole' \
-e MYSQL_PASSWORD='<guac user password>' \
-d -p 8080:8080 guacamole/guacamole

# Harden tomcat, as-per https://www.owasp.org/index.php/Securing_tomcat

sudo docker exec -it guacamole /bin/bash

sed -i 's/redirectPort="8443"/redirectPort="8443" server="" secure="true"/g' /usr/local/tomcat/conf/server.xml

sed -i 's/<Server port="8005" shutdown="SHUTDOWN">/<Server port="-1" shutdown="SHUTDOWN">/g' /usr/local/tomcat/conf/server.xml
 
rm -Rf /usr/local/tomcat/webapps/docs/
rm -Rf /usr/local/tomcat/webapps/examples/
rm -Rf /usr/local/tomcat/webapps/manager/
rm -Rf /usr/local/tomcat/webapps/host-manager/
 
chmod -R 400 /usr/local/tomcat/conf

You can now browse to http://<docker host IP>:8080/guacamole/ and login using the credentials guacadmin/guacadmin.

Managing the Containers

Replace “guac-mysql” below with the other container names used above to manage guacd, guacamole or guac-mysql independently:

# Start a container

sudo docker start guac-mysql

# Stop a container

sudo docker stop guac-mysql

# Hard-stop a container

sudo docker kill guac-mysql

# Restart (and auto-update) a container

sudo docker restart guac-mysql

# List all running containers

sudo docker ps

# List all running AND non-running containers

sudo docker ps -a

# Remove a container

sudo docker rm guac-mysql

# Remove the mysql docker image

sudo docker rmi mysql

# Review logs for container

sudo docker logs -f guac-mysql

9 replies on “Running guacamole from a Docker Container on Ubuntu 16.04 LTS / 16.10”

hello,

I have a issue for this topic , i have a blanc page on the http:localhost:8080/guacamole

thanks for your help

Hi Chris,
I’m getting an error at this point:

cat /tmp/scripts/initdb.sql | mysql -u root -p”

I get

ERROR 1046 (3D000) at line 24: No database selected

Line 24 is the first CREATE_TABLE command in the initdb.sql

Any suggestions for me?
Thanks for your work on this.

I had another go at this today and see that I simply got the offending line wrong. Fixing it according to your guide appears to have worked. Sorry for the noise and thanks again for the great guide.

Leave a Reply

Your email address will not be published. Required fields are marked *