“It is truth that liberates, not your effort to be free.”
― Jiddu Krishnamurti
As we know, the convenience of having one place to access your servers is something most administrators can consider having in their main course meal every single day. In order to satiate this need, this guide goes into the details of setting up one such platform using docker compose. By the end of this guide, we should have setup a working Apache Guacamole Server on any Linux distribution having docker and docker compose installed that can be leveraged to provide one place to access all of your servers. Whether they are Windows or Linux, Apache Guacamole is here for you.
On our previous post, we got Guacamole installed with XML-based authentication which is quite limiting and does not suit most of the environments. It is hard to add users and every time a user is added in the xml file, Guacamole needs to be restarted. In this follow up guide, we get to see how you can use MariaDB to house all of your users. To add to flavour to the stew, we are going to use Guacamole’s container images instead of installing it from source. Why build from source while it is already packaged as an image we can re-use? That is the beauty of this guide. So where do we start?
Step 1: Install Docker and docker compose
Since we are going to use container images, we are going to need an engine to run our containers. The Guacamole project provides officially-supported Docker images for both Guacamole and guacd which are kept up-to-date with each release. A typical Docker deployment of Guacamole will involve three separate containers, linked together at creation time:
guacamole/guacd
This image provides the guacd daemon, built from the released guacamole-server source with support for VNC, RDP, SSH, telnet, and Kubernetes.
guacamole/guacamole
Provides the Guacamole web application running within Tomcat 8 with support for WebSocket.
A database: PostgreSQL, MySQL, or SQL Server
This can be run as a container or you can use an already installed database instance as we shall be doing in this setup
Install Docker & Docker Compose
To install docker and docker compose, we gladly provide the following guide to set it up in your environment.
Ensure your user account is added to docker group:
sudo usermod -aG docker $USER
newgrp docker
Step 2: Install and setup MariaDB Database
To install MariaDB server, we have to first add the repository with the packages.
curl -LsS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash -s --Once the repo is added proceed to install the packages.
# CentOS 7 / RHEL 7 #
sudo yum install MariaDB-server MariaDB-client MariaDB-backup
# CentOS 8+ / Rocky Linux 8+ #
sudo dnf -qy module disable mariadb
sudo dnf module reset mariadb -y
sudo yum install MariaDB-server MariaDB-client MariaDB-backup
# Ubuntu / Debian
sudo apt update
sudo apt install mariadb-server mariadb-client
Start and enable mariadb database service.
sudo systemctl enable --now mariadbSet Listen address to server’s main IP address.
- Ubuntu / Debian
$ sudo vim /etc/mysql/mariadb.conf.d/50-server.cnf
[mysqld]
bind-address = 0.0.0.0- CentOS / Rocky / RHEL
$ sudo vim /etc/my.cnf.d/server.cnf
[mysqld]
bind-address = 0.0.0.0
Restart mariadb service after the change:
sudo systemctl restart mariadbCreate the database and User then assign permissions
Login to your database and run the queries the follow:
sudo mysql -u rootOnce logged in, run the queries below
CREATE DATABASE guacamole_db;
CREATE USER 'guacamole_user'@'%' IDENTIFIED BY 'StrongPassw0rd';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'%';
FLUSH PRIVILEGES;
QUIT;Generate the database script on a system with docker installed:
In this step, ensure you have docker in the system you will run the command below that will help us generate the sql script we need.
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sqlThat will create the “* initdb.sql*” file in the current directory and has all of the queries we shall use for initialization.
Initialise the database by running the following in your database server. In case you generated the “initdb.sql“ file in a different computer, make sure that it is copied to the database server you intend to use for this setup then run the following in the directory having the file.
cat initdb.sql | sudo mysql -u root -p guacamole_dbAwesome! Now we have initialised the database successfully
Enable access to the MySQL service
If your server is located in different computer in your network, ensure that the port is open and accessible by the host you will use to run Guacamole.
For Rocky/Alma Linux
sudo firewall-cmd --add-service=mysql --permanent && sudo firewall-cmd --reloadFor Debian based systems
sudo ufw allow 3306/tcpStep 3: Create docker-compose file
At this point, everything we need to run Guacamole is ready and we can therefore create the docker compose file that will run our services. Let us do so:
$ vim docker-compose.yaml
version: '3'
services:
guacd:
tty: true
stdin_open: true
image: guacamole/guacd
restart: always
env_file: .env
ports:
- 4822:4822
environment:
MYSQL_DATABASE: "${MYSQL_DATABASE}"
MYSQL_USER: "${MYSQL_USER}"
MYSQL_PASSWORD: "${MYSQL_PASSWORD}"
MYSQL_HOSTNAME: "${MYSQL_HOSTNAME}"
guacamole:
tty: true
stdin_open: true
image: guacamole/guacamole
restart: always
env_file: .env
ports:
- 8080:8080
environment:
MYSQL_DATABASE: "${MYSQL_DATABASE}"
MYSQL_USER: "${MYSQL_USER}"
MYSQL_PASSWORD: "${MYSQL_PASSWORD}"
MYSQL_HOSTNAME: "${MYSQL_HOSTNAME}"
GUACD_HOSTNAME: "${GUACD_HOSTNAME}"Then create the “.env” file that will have the sensitive data to be read as shown by the “env_file: .env” line.
Note the IP addresses used. Ensure they reflect what your environment looks like.
$ vim .env
MYSQL_USER=guacamole_user
MYSQL_PASSWORD=StrongPassw0rd
MYSQL_DATABASE=guacamole_db
MYSQL_HOSTNAME=192.168.207.95
GUACD_HOSTNAME=192.168.207.95Step 4: Start Guacamole Docker Services
At this juncture, everything looks amazing and the last thing is to start our services to ensure that what we have done so far works. In the same directory where the “docker-compose.yaml” file and “.env” file are, run the docker compose command below
$ docker compose up -d
[+] Running 3/3
⠿ Network guacamole_default Created 0.2s
⠿ Container guacamole-guacd-1 Started 0.4s
⠿ Container guacamole-guacamole-1 Started 0.4sCheck to confirm if the containers are running
$ docker ps --format table
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0862da921008 guacamole/guacamole "/opt/guacamole/bin/…" 16 minutes ago Up 16 minutes 192.168.207.95:8080->8080/tcp guacamole-guacamole-1
9b14d70138c1 guacamole/guacd "/bin/sh -c '/usr/lo…" 16 minutes ago Up 16 minutes (healthy) 192.168.207.95:4822->4822/tcp guacamole-guacd-1Now enable access to the 8080 port so that we can view Guacamole via the browser:
For Rocky/Alma Linux
sudo firewall-cmd --add-port=8080/tcp --permanent && sudo firewall-cmd --reloadFor Debian based systems
sudo ufw allow 8080/tcpStep 5: Access Guacamole Web Interface
Open up your browser quick and point it your guacamole service which should be at “http://IP-or-Hostname:8080/guacamole”, You should be happily greeted by the login prompt similar to the one below:
The default credentials are:
Username: guacadmin
Password: guacadminAnd you should be ushered into your instance as shown below as an Admin.
You can now add new users, new connections and begin your adventure.
You can also use other Authentication Methods as shown here:
Last Candy Remarks
You now have a stable Guacamole instance that you can use to flexibly create connections to your remote servers and make your life easier instead of running ssh commands every time especially is you have a huge collection of servers. We thank you for taking some of your time to read through and to also try out what the guide offers. We hope you enjoyed it and it helped you out in your projects. Have a wonderful time!.