summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteffen Ritter2023-07-17 16:22:33 +0200
committerSteffen Ritter2023-07-17 16:22:33 +0200
commita128e6ad40867b071b73632c71e7c0746b8ea6f8 (patch)
tree4ed76c16cf1bef4d15ef1900d15ec110a6944e91
parentBump to Guacamole 1.5.0 (diff)
downloadbwlp-guacamole-ext-a128e6ad40867b071b73632c71e7c0746b8ea6f8.tar.gz
bwlp-guacamole-ext-a128e6ad40867b071b73632c71e7c0746b8ea6f8.tar.xz
bwlp-guacamole-ext-a128e6ad40867b071b73632c71e7c0746b8ea6f8.zip
Add some helpers for easy docker deployment
-rw-r--r--deployment/apache2/bwlehrpool-remote.conf35
-rw-r--r--deployment/docker/.env.example16
-rw-r--r--deployment/docker/Dockerfile17
-rw-r--r--deployment/docker/README48
-rwxr-xr-xdeployment/docker/data/guacamole.properties3
-rw-r--r--deployment/docker/docker-compose.yml41
6 files changed, 160 insertions, 0 deletions
diff --git a/deployment/apache2/bwlehrpool-remote.conf b/deployment/apache2/bwlehrpool-remote.conf
new file mode 100644
index 0000000..49ff247
--- /dev/null
+++ b/deployment/apache2/bwlehrpool-remote.conf
@@ -0,0 +1,35 @@
+<VirtualHost 10.9.8.7:80>
+ ServerName bwlehrpool-remote.de
+ ServerAdmin webmaster@test.de
+
+ RewriteEngine On
+ RewriteCond %{HTTPS} !=on
+ RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+</VirtualHost>
+
+
+<VirtualHost 10.9.8.7:443>
+ ServerName bwlehrpool-remote.de
+ ServerAdmin webmaster@test.de
+
+ SSLEngine on
+ SSLProtocol All -SSLv2 -SSLv3
+ SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
+ SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
+
+ <Location />
+ ProxyPass http://localhost:8080/guacamole/ flushpackets=on
+ ProxyPassReverse http://localhost:8080/guacamole/
+ ProxyPassReverseCookiePath /guacamole /
+ </Location>
+
+ <Location /websocket-tunnel>
+ Order allow,deny
+ Allow from all
+ ProxyPass ws://localhost:8080/guacamole/websocket-tunnel
+ ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel
+ </Location>
+
+ SetEnvIf Request_URI "^/tunnel" dontlog
+ CustomLog /var/log/apache2/guac.log common env=!dontlog
+</VirtualHost>
diff --git a/deployment/docker/.env.example b/deployment/docker/.env.example
new file mode 100644
index 0000000..d33499c
--- /dev/null
+++ b/deployment/docker/.env.example
@@ -0,0 +1,16 @@
+VERSION=1.5.2
+PORT=8080
+SLX_CLIENT_LIST_URL=https://10.9.8.7/slx-admin/api.php?do=remoteaccess
+
+
+# Optional
+# ----------------------
+#SLX_LOGO_URL=https://some-url/logo.png
+
+#LDAP_HOSTNAME=
+#LDAP_PORT=636
+#LDAP_ENCRYPTION_METHOD=ssl
+#LDAP_USER_BASE_DN=
+#LDAP_SEARCH_BIND_DN=
+#LDAP_USER_SEARCH_FILTER=
+#LDAP_USERNAME_ATTRIBUTE=
diff --git a/deployment/docker/Dockerfile b/deployment/docker/Dockerfile
new file mode 100644
index 0000000..399a0bb
--- /dev/null
+++ b/deployment/docker/Dockerfile
@@ -0,0 +1,17 @@
+ARG VERSION
+FROM guacamole/guacamole:${VERSION}
+
+# If you need to import a SSL certificate for your ldap-server
+# you can adapt the following exemplary lines to your needs.
+# It should be enough to place your 'ldap-cert.crt' in
+# the ./data directory and uncomment the following lines.
+
+#USER root
+#COPY data/ldap-cert.crt /usr/local/share/ca-certificates/
+#RUN update-ca-certificates && \
+# keytool -delete -alias ldap-cert -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit || true && \
+# keytool -importcert -alias ldap-cert -keystore $JAVA_HOME/jre/lib/security/cacerts -file /etc/ssl/certs/ldap-cert.pem -storepass changeit -noprompt
+
+# On guacamole versions before 1.4.0 the following line should
+# stay commented, because there was no 'guacamole' user
+#USER guacamole
diff --git a/deployment/docker/README b/deployment/docker/README
new file mode 100644
index 0000000..c6890bc
--- /dev/null
+++ b/deployment/docker/README
@@ -0,0 +1,48 @@
+## README
+
+This is a basic skeleton for deploying [Apache
+Guacamole](https://guacamole.apache.org/) for bwLehrpool remote access with
+docker containers. It consists of two containers. One for guacd and one for
+guacamole.
+
+First, copy *.env.example* to *.env*
+
+ cp .env.example .env
+
+Edit the file and set at least which Guacamole version to use and the IP or
+hostname of your satelliteserver in SLX_CLIENT_LIST_URL. You can also set a
+different port, if there is already another service using that one.
+
+To configure LDAP login you need to set some more variables. There are
+additional configuration options available if needed.
+https://guacamole.apache.org/doc/gug/guacamole-docker.html#ldap-authentication
+
+**Optional:** It may be necessary to import a ssl-certificate for your
+ldap-server in the guacamole container if you have a custom CA or a self-signed
+cert. This can be done whilst building the container through the 'Dockerfile'.
+Uncomment and adapt the last few lines to your needs. If you don't need a
+special cert, you can skip that step.
+
+The 'data' directory will be mounted in the container. Place the
+bwlp-guac-plugin which corresponds to your guacamole version in
+'./data/extensions/'. You can find all currently for download available plugins
+under https://files.bwlp.ks.uni-freiburg.de/satellit/guacamole/
+
+Make sure, that there is **only one** bwlp-guac-plugin in the extension folder
+at the same time!
+
+To start the containers simply type
+
+ docker compose up --build -d
+
+To check if both containers are running or to inspect runtime logs you can use
+
+ docker ps docker logs -f <container-name>
+---
+
+If you want to update to a newer version of Guacamole just edit the '.env' file,
+replace the bwlp-guac-plugin with the new one matching your wanted Guacamole
+version and restart the containers with
+
+ docker compose up --build --force-recreate -d
+
diff --git a/deployment/docker/data/guacamole.properties b/deployment/docker/data/guacamole.properties
new file mode 100755
index 0000000..8919531
--- /dev/null
+++ b/deployment/docker/data/guacamole.properties
@@ -0,0 +1,3 @@
+# we want to use all properties from the environment
+# https://guacamole.apache.org/doc/gug/guacamole-docker.html#configuring-guacamole-when-using-docker
+enable-environment-properties: true
diff --git a/deployment/docker/docker-compose.yml b/deployment/docker/docker-compose.yml
new file mode 100644
index 0000000..57f68a1
--- /dev/null
+++ b/deployment/docker/docker-compose.yml
@@ -0,0 +1,41 @@
+version: "3"
+services:
+
+ guacd:
+ image: "guacamole/guacd:${VERSION}"
+ container_name: "guacd"
+ restart: always
+ logging:
+ driver: local
+ environment:
+ - TZ=Europe/Berlin
+ networks:
+ - guacnetwork
+
+ guacamole:
+ image: "guacamole/guacamole:${VERSION}"
+ container_name: "guacamole"
+ build:
+ args:
+ - VERSION=${VERSION}
+ restart: always
+ logging:
+ driver: local
+ depends_on:
+ - "guacd"
+ env_file: .env
+ environment:
+ - GUACD_HOSTNAME=guacd
+ - GUACAMOLE_HOME=/guacamole
+ - TZ=Europe/Berlin
+ ports:
+ - "127.0.0.1:${PORT}:8080"
+ volumes:
+ - ./data:/guacamole
+ networks:
+ - guacnetwork
+
+networks:
+ guacnetwork:
+ name: guacnetwork
+ driver: bridge