Install Guacamole as Docker Container on Rocky Linux

0
146

In this guide, we are going to learn how to install Guacamole as Docker Container on Rocky Linux. Guacamole is a clientless HTML5 web based remote desktop gateway which provides remote access to servers and desktops through a web browser. It supports standard protocols like VNC, RDP, and SSH.

Install Guacamole as Docker Container on Rocky Linux

Guacamole is made up of two parts;

  • guacamole-server, which provides the guacd proxy and all the native, server-side components required by Guacamole to connect to remote desktops.
  • guacamole-client which provides the client to be served by the servlet container which is usually Tomcat.

You need to install both of these components to setup Guacamole web-based remote desktop client.

If you do not want to run Guacamole as docker container, then check this guide.

Install Guacamole as a Docker Container on Rocky Linux

To be able to run Guacamole as a Docker Container on Rocky Linux;

  • Install Docker CE on Rocky Linux by running the commands below;
dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
dnf install docker-ce docker-ce-cli containerd.io
  • Start and enable Docker service;
systemctl enable --now docker
  • Install Docker Compose on Rocky Linux;

Execute the commands below to install Docker compose on Rocky Linux;

curl -sL "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
  • Download Guacamole Container Images

Execute the commands below to download the Guacamole server and client images.

docker pull guacamole/guacd
docker pull guacamole/guacamole

Listing available images;

docker images
REPOSITORY            TAG       IMAGE ID       CREATED        SIZE
guacamole/guacd       latest    70fd332fa74e   17 hours ago   271MB
guacamole/guacamole   latest    599b74ba38c9   18 hours ago   439MB

Configure Guacamole Authentication

The Guacamole Docker container needs at least one authentication mechanism in order to function, such as a MySQL database, PostgreSQL database, LDAP directory or RADIUS server.

In this guide, we will use MySQL database authentication.

As a result, let’s deploy MySQL database container. We are using the lastest MySQL 8 docker image.

  • The command below will download latest MySQL 8 docker image, create a MySQL 8 Docker container called, guacamole_db, Guacamole database (guacdb), MySQL root user password;
docker run --name guacamole_db -e [email protected] -e MYSQL_DATABASE=guacdb -d mysql/mysql-server
  • Next, you need to generate Guacamole MySQL database initialization schema.

Let’s create a directory to store the schema;

mkdir -p /opt/guacamole/mysql
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > /opt/guacamole/mysql/01-initdb.sql
  • Copy the Guacamole MySQL database initialization script to MySQL Docker container;
docker cp /opt/guacamole/mysql/01-initdb.sql guacamole_db:/docker-entrypoint-initdb.d

The script will be copied to /docker-entrypoint-initdb.d directory of the MySQL docker container.

  • Connect to MySQL database container;
docker exec -it guacamole_db bash

This will drop you to the root directory of MySQL container.

bash-4.4#

Check that the initialization script is available;

ls /docker-entrypoint-initdb.d/
  • Initialize Guacamole MySQL Database;
cd /docker-entrypoint-initdb.d/
mysql -u root -p

Use the password specified with MYSQL_ROOT_PASSWORD above. You should now drop into MySQL prompt;

bash-4.4# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 24
Server version: 8.0.29 MySQL Community Server - GPL

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Initialize the Guacamole database;

use guacdb;
source 01-initdb.sql;

When done initializing, check the tables available;

show tables;

Sample output;

+---------------------------------------+
| Tables_in_guacdb                      |
+---------------------------------------+
| guacamole_connection                  |
| guacamole_connection_attribute        |
| guacamole_connection_group            |
| guacamole_connection_group_attribute  |
| guacamole_connection_group_permission |
| guacamole_connection_history          |
| guacamole_connection_parameter        |
| guacamole_connection_permission       |
| guacamole_entity                      |
| guacamole_sharing_profile             |
| guacamole_sharing_profile_attribute   |
| guacamole_sharing_profile_parameter   |
| guacamole_sharing_profile_permission  |
| guacamole_system_permission           |
| guacamole_user                        |
| guacamole_user_attribute              |
| guacamole_user_group                  |
| guacamole_user_group_attribute        |
| guacamole_user_group_member           |
| guacamole_user_group_permission       |
| guacamole_user_history                |
| guacamole_user_password_history       |
| guacamole_user_permission             |
+---------------------------------------+
23 rows in set (0.01 sec)

Next, create the Guacamole database user and grant the required permissions on the database;

create user [email protected]'%' identified by 'ChangeME';
grant SELECT,UPDATE,INSERT,DELETE on guacdb.* to [email protected]'%';
flush privileges;
quit

Exit the MySQL container;

exit

If you check the running containers;

docker ps

Sample output;

CONTAINER ID   IMAGE                COMMAND                  CREATED         STATUS                   PORTS                       NAMES
8fe00bea2c59   mysql/mysql-server   "/entrypoint.sh mysq…"   3 minutes ago   Up 3 minutes (healthy)   3306/tcp, 33060-33061/tcp   guacamole_db

As you can see, the health status is healthy, (started and running).

You can check the status again and print specific fields;

docker ps --format '{{.ID}}\t{{.Image}}\t{{.Status}}\t{{.Names}}'

You can also check the logs for the container;

docker logs guacamole_db

Start Guacamole Server Container

You can start the Guacamole Server container in the background as a service.

docker run --name guacamole-server -d guacamole/guacd
docker logs --tail 10 guacamole-server
guacd[7]: INFO:	Guacamole proxy daemon (guacd) version 1.4.0 started
guacd[7]: INFO:	Listening on host 0.0.0.0, port 4822

Again, list running containers after a few moments.

docker ps
CONTAINER ID   IMAGE                COMMAND                  CREATED             STATUS                       PORTS                       NAMES
669ad905db27   guacamole/guacd      "/bin/sh -c '/usr/lo…"   23 minutes ago      Up 23 minutes (healthy)      4822/tcp                    guacamole-server
b78a10e6b107   mysql/mysql-server   "/entrypoint.sh mysq…"   About an hour ago   Up About an hour (healthy)   3306/tcp, 33060-33061/tcp   guacamole_db

As you can see, Guacamole server is now up and running.

Start Guacamole Client Container

You can now start the Guacamole client.

In order for this to work, you need to link it to the Guacamole server and the Guacamole database.

You also need to expose the Guacamole client port, 8080 on the host to allow external access to the Guacamole.

All the containers will use the default Docker networks.

Thus, launch the Guacamole client;

docker run --name guacamole-client --link guacamole-server:guacd \
--link guacamole_db:mysql -e MYSQL_DATABASE=guacdb \
-e MYSQL_USER=guacadmin -e MYSQL_PASSWORD=ChangeME \
-d -p 80:8080 guacamole/guacamole

Check the Docker container processes;

docker ps
CONTAINER ID   IMAGE                 COMMAND                  CREATED             STATUS                       PORTS                                   NAMES
07233565559c   guacamole/guacamole   "/opt/guacamole/bin/…"   23 seconds ago      Up 20 seconds                0.0.0.0:80->8080/tcp, :::80->8080/tcp   guacamole-client
669ad905db27   guacamole/guacd       "/bin/sh -c '/usr/lo…"   29 minutes ago      Up 29 minutes (healthy)      4822/tcp                                guacamole-server
b78a10e6b107   mysql/mysql-server    "/entrypoint.sh mysq…"   About an hour ago   Up About an hour (healthy)   3306/tcp, 33060-33061/tcp               guacamole_db

As you can see, the Guacamole client is listening on port 8080, exposed on the host as port 80;

ss -altnp | grep :80
LISTEN 0      4096         0.0.0.0:80        0.0.0.0:*    users:(("docker-proxy",pid=6129,fd=4))   
LISTEN 0      4096            [::]:80           [::]:*    users:(("docker-proxy",pid=6135,fd=4))

Accessing Guacamole from Browser

Once Guacamole is setup, you can access it from web browser using the address http://server-IP/guacamole.

Default Credentials;

  • User: guacadmin
  • Password: guacadmin
Install Guacamole as Docker Container on Rocky Linux

Upon successful login, you get to Guacamole web dashboard.

Install Guacamole as Docker Container on Rocky Linux

And there you go. As you can see, no connections have been added yet. You can now add connections to your Guacamole.

You can also reset Guacamole user password on the settings page.

Install Guacamole as Docker Container on Rocky Linux

That marks the end of our guide on install Guacamole as Docker Container on Rocky Linux.

Read more on Guacamole User Guide.

LEAVE A REPLY

Please enter your comment!
Please enter your name here