From a128e6ad40867b071b73632c71e7c0746b8ea6f8 Mon Sep 17 00:00:00 2001
From: Steffen Ritter
Date: Mon, 17 Jul 2023 16:22:33 +0200
Subject: Add some helpers for easy docker deployment

---
 deployment/apache2/bwlehrpool-remote.conf   | 35 +++++++++++++++++++++
 deployment/docker/.env.example              | 16 ++++++++++
 deployment/docker/Dockerfile                | 17 ++++++++++
 deployment/docker/README                    | 48 +++++++++++++++++++++++++++++
 deployment/docker/data/guacamole.properties |  3 ++
 deployment/docker/docker-compose.yml        | 41 ++++++++++++++++++++++++
 6 files changed, 160 insertions(+)
 create mode 100644 deployment/apache2/bwlehrpool-remote.conf
 create mode 100644 deployment/docker/.env.example
 create mode 100644 deployment/docker/Dockerfile
 create mode 100644 deployment/docker/README
 create mode 100755 deployment/docker/data/guacamole.properties
 create mode 100644 deployment/docker/docker-compose.yml

diff --git a/deployment/apache2/bwlehrpool-remote.conf b/deployment/apache2/bwlehrpool-remote.conf
new file mode 100644
index 0000000..49ff247
--- /dev/null
+++ b/deployment/apache2/bwlehrpool-remote.conf
@@ -0,0 +1,35 @@
+<VirtualHost 10.9.8.7:80>
+        ServerName bwlehrpool-remote.de
+        ServerAdmin webmaster@test.de
+ 
+        RewriteEngine On
+        RewriteCond %{HTTPS} !=on
+        RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+</VirtualHost>
+ 
+ 
+<VirtualHost 10.9.8.7:443>
+        ServerName bwlehrpool-remote.de
+        ServerAdmin webmaster@test.de
+ 
+        SSLEngine on
+        SSLProtocol All -SSLv2 -SSLv3
+        SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
+        SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
+ 
+        <Location />
+                ProxyPass http://localhost:8080/guacamole/ flushpackets=on
+                ProxyPassReverse http://localhost:8080/guacamole/
+                ProxyPassReverseCookiePath /guacamole /
+        </Location>
+ 
+        <Location /websocket-tunnel>
+                Order allow,deny
+                Allow from all
+                ProxyPass ws://localhost:8080/guacamole/websocket-tunnel
+                ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel
+        </Location>
+
+        SetEnvIf Request_URI "^/tunnel" dontlog
+        CustomLog  /var/log/apache2/guac.log common env=!dontlog
+</VirtualHost>
diff --git a/deployment/docker/.env.example b/deployment/docker/.env.example
new file mode 100644
index 0000000..d33499c
--- /dev/null
+++ b/deployment/docker/.env.example
@@ -0,0 +1,16 @@
+VERSION=1.5.2
+PORT=8080
+SLX_CLIENT_LIST_URL=https://10.9.8.7/slx-admin/api.php?do=remoteaccess
+
+
+# Optional
+# ----------------------
+#SLX_LOGO_URL=https://some-url/logo.png
+
+#LDAP_HOSTNAME=
+#LDAP_PORT=636
+#LDAP_ENCRYPTION_METHOD=ssl
+#LDAP_USER_BASE_DN=
+#LDAP_SEARCH_BIND_DN=
+#LDAP_USER_SEARCH_FILTER=
+#LDAP_USERNAME_ATTRIBUTE=
diff --git a/deployment/docker/Dockerfile b/deployment/docker/Dockerfile
new file mode 100644
index 0000000..399a0bb
--- /dev/null
+++ b/deployment/docker/Dockerfile
@@ -0,0 +1,17 @@
+ARG VERSION
+FROM guacamole/guacamole:${VERSION}
+
+# If you need to import a SSL certificate for your ldap-server
+# you can adapt the following exemplary lines to your needs.
+# It should be enough to place your 'ldap-cert.crt' in
+# the ./data directory and uncomment the following lines.
+
+#USER root
+#COPY data/ldap-cert.crt /usr/local/share/ca-certificates/
+#RUN update-ca-certificates && \
+#  keytool -delete -alias ldap-cert -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit || true && \
+#  keytool -importcert -alias ldap-cert -keystore $JAVA_HOME/jre/lib/security/cacerts -file /etc/ssl/certs/ldap-cert.pem -storepass changeit -noprompt
+
+# On guacamole versions before 1.4.0 the following line should 
+# stay commented, because there was no 'guacamole' user
+#USER guacamole
diff --git a/deployment/docker/README b/deployment/docker/README
new file mode 100644
index 0000000..c6890bc
--- /dev/null
+++ b/deployment/docker/README
@@ -0,0 +1,48 @@
+## README
+
+This is a basic skeleton for deploying [Apache
+Guacamole](https://guacamole.apache.org/) for bwLehrpool remote access with
+docker containers. It consists of two containers. One for guacd and one for
+guacamole.
+
+First, copy *.env.example* to *.env*
+
+	cp .env.example .env
+
+Edit the file and set at least which Guacamole version to use and the IP or
+hostname of your satelliteserver in SLX_CLIENT_LIST_URL. You can also set a
+different port, if there is already another service using that one.
+
+To configure LDAP login you need to set some more variables. There are
+additional configuration options available if needed.
+https://guacamole.apache.org/doc/gug/guacamole-docker.html#ldap-authentication
+
+**Optional:** It may be necessary to import a ssl-certificate for your
+ldap-server in the guacamole container if you have a custom CA or a self-signed
+cert. This can be done whilst building the container through the 'Dockerfile'.
+Uncomment and adapt the last few lines to your needs. If you don't need a
+special cert, you can skip that step.
+
+The 'data' directory will be mounted in the container. Place the
+bwlp-guac-plugin which corresponds to your guacamole version in
+'./data/extensions/'. You can find all currently for download available plugins
+under https://files.bwlp.ks.uni-freiburg.de/satellit/guacamole/
+
+Make sure, that there is **only one** bwlp-guac-plugin in the extension folder
+at the same time!
+
+To start the containers simply type
+
+	docker compose up --build -d
+
+To check if both containers are running or to inspect runtime logs you can use
+
+	docker ps docker logs -f <container-name> 
+--- 
+
+If you want to update to a newer version of Guacamole just edit the '.env' file,
+replace the bwlp-guac-plugin with the new one matching your wanted Guacamole
+version and restart the containers with 
+
+	docker compose up --build --force-recreate -d
+
diff --git a/deployment/docker/data/guacamole.properties b/deployment/docker/data/guacamole.properties
new file mode 100755
index 0000000..8919531
--- /dev/null
+++ b/deployment/docker/data/guacamole.properties
@@ -0,0 +1,3 @@
+# we want to use all properties from the environment
+# https://guacamole.apache.org/doc/gug/guacamole-docker.html#configuring-guacamole-when-using-docker
+enable-environment-properties: true
diff --git a/deployment/docker/docker-compose.yml b/deployment/docker/docker-compose.yml
new file mode 100644
index 0000000..57f68a1
--- /dev/null
+++ b/deployment/docker/docker-compose.yml
@@ -0,0 +1,41 @@
+version: "3"
+services: 
+
+  guacd:
+    image: "guacamole/guacd:${VERSION}"
+    container_name: "guacd"
+    restart: always
+    logging:
+      driver: local
+    environment:
+      - TZ=Europe/Berlin
+    networks:
+      - guacnetwork
+
+  guacamole:
+    image: "guacamole/guacamole:${VERSION}"
+    container_name: "guacamole"
+    build:
+      args:
+        - VERSION=${VERSION}
+    restart: always
+    logging:
+      driver: local
+    depends_on:
+      - "guacd"
+    env_file: .env
+    environment:
+      - GUACD_HOSTNAME=guacd
+      - GUACAMOLE_HOME=/guacamole
+      - TZ=Europe/Berlin
+    ports:
+      - "127.0.0.1:${PORT}:8080"
+    volumes:
+      - ./data:/guacamole
+    networks:
+      - guacnetwork
+
+networks:
+  guacnetwork:
+    name: guacnetwork
+    driver: bridge
-- 
cgit v1.2.3-55-g7522