diff options
author | Steffen Ritter | 2023-07-17 16:22:33 +0200 |
---|---|---|
committer | Steffen Ritter | 2023-07-17 16:22:33 +0200 |
commit | a128e6ad40867b071b73632c71e7c0746b8ea6f8 (patch) | |
tree | 4ed76c16cf1bef4d15ef1900d15ec110a6944e91 | |
parent | Bump to Guacamole 1.5.0 (diff) | |
download | bwlp-guacamole-ext-a128e6ad40867b071b73632c71e7c0746b8ea6f8.tar.gz bwlp-guacamole-ext-a128e6ad40867b071b73632c71e7c0746b8ea6f8.tar.xz bwlp-guacamole-ext-a128e6ad40867b071b73632c71e7c0746b8ea6f8.zip |
Add some helpers for easy docker deployment
-rw-r--r-- | deployment/apache2/bwlehrpool-remote.conf | 35 | ||||
-rw-r--r-- | deployment/docker/.env.example | 16 | ||||
-rw-r--r-- | deployment/docker/Dockerfile | 17 | ||||
-rw-r--r-- | deployment/docker/README | 48 | ||||
-rwxr-xr-x | deployment/docker/data/guacamole.properties | 3 | ||||
-rw-r--r-- | deployment/docker/docker-compose.yml | 41 |
6 files changed, 160 insertions, 0 deletions
diff --git a/deployment/apache2/bwlehrpool-remote.conf b/deployment/apache2/bwlehrpool-remote.conf new file mode 100644 index 0000000..49ff247 --- /dev/null +++ b/deployment/apache2/bwlehrpool-remote.conf @@ -0,0 +1,35 @@ +<VirtualHost 10.9.8.7:80> + ServerName bwlehrpool-remote.de + ServerAdmin webmaster@test.de + + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] +</VirtualHost> + + +<VirtualHost 10.9.8.7:443> + ServerName bwlehrpool-remote.de + ServerAdmin webmaster@test.de + + SSLEngine on + SSLProtocol All -SSLv2 -SSLv3 + SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt + SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key + + <Location /> + ProxyPass http://localhost:8080/guacamole/ flushpackets=on + ProxyPassReverse http://localhost:8080/guacamole/ + ProxyPassReverseCookiePath /guacamole / + </Location> + + <Location /websocket-tunnel> + Order allow,deny + Allow from all + ProxyPass ws://localhost:8080/guacamole/websocket-tunnel + ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel + </Location> + + SetEnvIf Request_URI "^/tunnel" dontlog + CustomLog /var/log/apache2/guac.log common env=!dontlog +</VirtualHost> diff --git a/deployment/docker/.env.example b/deployment/docker/.env.example new file mode 100644 index 0000000..d33499c --- /dev/null +++ b/deployment/docker/.env.example @@ -0,0 +1,16 @@ +VERSION=1.5.2 +PORT=8080 +SLX_CLIENT_LIST_URL=https://10.9.8.7/slx-admin/api.php?do=remoteaccess + + +# Optional +# ---------------------- +#SLX_LOGO_URL=https://some-url/logo.png + +#LDAP_HOSTNAME= +#LDAP_PORT=636 +#LDAP_ENCRYPTION_METHOD=ssl +#LDAP_USER_BASE_DN= +#LDAP_SEARCH_BIND_DN= +#LDAP_USER_SEARCH_FILTER= +#LDAP_USERNAME_ATTRIBUTE= diff --git a/deployment/docker/Dockerfile b/deployment/docker/Dockerfile new file mode 100644 index 0000000..399a0bb --- /dev/null +++ b/deployment/docker/Dockerfile @@ -0,0 +1,17 @@ +ARG VERSION +FROM guacamole/guacamole:${VERSION} + +# If you need to import a SSL certificate for your ldap-server +# you can adapt the following exemplary lines to your needs. +# It should be enough to place your 'ldap-cert.crt' in +# the ./data directory and uncomment the following lines. + +#USER root +#COPY data/ldap-cert.crt /usr/local/share/ca-certificates/ +#RUN update-ca-certificates && \ +# keytool -delete -alias ldap-cert -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit || true && \ +# keytool -importcert -alias ldap-cert -keystore $JAVA_HOME/jre/lib/security/cacerts -file /etc/ssl/certs/ldap-cert.pem -storepass changeit -noprompt + +# On guacamole versions before 1.4.0 the following line should +# stay commented, because there was no 'guacamole' user +#USER guacamole diff --git a/deployment/docker/README b/deployment/docker/README new file mode 100644 index 0000000..c6890bc --- /dev/null +++ b/deployment/docker/README @@ -0,0 +1,48 @@ +## README + +This is a basic skeleton for deploying [Apache +Guacamole](https://guacamole.apache.org/) for bwLehrpool remote access with +docker containers. It consists of two containers. One for guacd and one for +guacamole. + +First, copy *.env.example* to *.env* + + cp .env.example .env + +Edit the file and set at least which Guacamole version to use and the IP or +hostname of your satelliteserver in SLX_CLIENT_LIST_URL. You can also set a +different port, if there is already another service using that one. + +To configure LDAP login you need to set some more variables. There are +additional configuration options available if needed. +https://guacamole.apache.org/doc/gug/guacamole-docker.html#ldap-authentication + +**Optional:** It may be necessary to import a ssl-certificate for your +ldap-server in the guacamole container if you have a custom CA or a self-signed +cert. This can be done whilst building the container through the 'Dockerfile'. +Uncomment and adapt the last few lines to your needs. If you don't need a +special cert, you can skip that step. + +The 'data' directory will be mounted in the container. Place the +bwlp-guac-plugin which corresponds to your guacamole version in +'./data/extensions/'. You can find all currently for download available plugins +under https://files.bwlp.ks.uni-freiburg.de/satellit/guacamole/ + +Make sure, that there is **only one** bwlp-guac-plugin in the extension folder +at the same time! + +To start the containers simply type + + docker compose up --build -d + +To check if both containers are running or to inspect runtime logs you can use + + docker ps docker logs -f <container-name> +--- + +If you want to update to a newer version of Guacamole just edit the '.env' file, +replace the bwlp-guac-plugin with the new one matching your wanted Guacamole +version and restart the containers with + + docker compose up --build --force-recreate -d + diff --git a/deployment/docker/data/guacamole.properties b/deployment/docker/data/guacamole.properties new file mode 100755 index 0000000..8919531 --- /dev/null +++ b/deployment/docker/data/guacamole.properties @@ -0,0 +1,3 @@ +# we want to use all properties from the environment
+# https://guacamole.apache.org/doc/gug/guacamole-docker.html#configuring-guacamole-when-using-docker
+enable-environment-properties: true
diff --git a/deployment/docker/docker-compose.yml b/deployment/docker/docker-compose.yml new file mode 100644 index 0000000..57f68a1 --- /dev/null +++ b/deployment/docker/docker-compose.yml @@ -0,0 +1,41 @@ +version: "3" +services: + + guacd: + image: "guacamole/guacd:${VERSION}" + container_name: "guacd" + restart: always + logging: + driver: local + environment: + - TZ=Europe/Berlin + networks: + - guacnetwork + + guacamole: + image: "guacamole/guacamole:${VERSION}" + container_name: "guacamole" + build: + args: + - VERSION=${VERSION} + restart: always + logging: + driver: local + depends_on: + - "guacd" + env_file: .env + environment: + - GUACD_HOSTNAME=guacd + - GUACAMOLE_HOME=/guacamole + - TZ=Europe/Berlin + ports: + - "127.0.0.1:${PORT}:8080" + volumes: + - ./data:/guacamole + networks: + - guacnetwork + +networks: + guacnetwork: + name: guacnetwork + driver: bridge |