28andrew · February 19, 2021 00:45
diff --git a/docker-compose.yml b/docker-compose.yml
 ####################################################################################
 # docker-compose file for Apache Guacamole
 # created by PCFreak 2017-06-28
 #
 # Apache Guacamole is a clientless remote desktop gateway. It supports standard
 # protocols like VNC, RDP, and SSH. We call it clientless because no plugins or
 # client software are required. Thanks to HTML5, once Guacamole is installed on
 # a server, all you need to access your desktops is a web browser.
 ####################################################################################
 #
 # What does this file do?
 #
 # Using docker-compose it will:
 #
 # - create a network 'guacnetwork_compose' with the 'bridge' driver.
 # - create a service 'guacd_compose' from 'guacamole/guacd' connected to 'guacnetwork'
 # - create a service 'postgres_guacamole_compose' (1) from 'postgres' connected to 'guacnetwork'
 # - create a service 'guacamole_compose' (2)  from 'guacamole/guacamole/' conn. to 'guacnetwork'
 # - create a service 'nginx_guacamole_compose' (3) from 'nginx' connected to 'guacnetwork'
 #
 # (1)
 #  DB-Init script is in './init/initdb.sql' it has been created executing
 #  'docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > ./init/initdb.sql'
 #  once.
 #  DATA-DIR       is in './data'
 #  If you want to change the DB password change all lines with 'POSTGRES_PASSWORD:' and
 #  change it to your needs before first start.
 #  To start from scratch delete './data' dir completely
 #  './data' will hold all data after first start!
 #  The initdb.d scripts are only executed the first time the container is started
 #  (and the database files are empty). If the database files already exist then the initdb.d
 #  scripts are ignored (e.g. when you mount a local directory or when docker-compose saves
 #  the volume and reuses it for the new container).
 #
 #  !!!!! MAKE SURE your folder './init' is executable (chmod +x ./init)
 #  !!!!! or 'initdb.sql' will be ignored!
 #  
 #  './data' will hold all data after first start!
 #
 # (2)
 #  Make sure you use the same value for 'POSTGRES_USER' and 'POSTGRES_PASSWORD'
 #  as configured under (1)
 #
 # (3)
 #  ./nginx/nginx.conf will be mapped read-only into the container at /etc/nginx/nginx.conf
 #  ./nginx/mysite.template will be mapped into the container at /etc/nginx/conf.d/mysite.template
 #  ./nginx/ssl will be mapped into the container at /etc/nginx/ssl
 #  At startup a self-signed certificate will be created. If you want to use your own certs
 #  just remove the part that generates the certs from the 'command' section and replace
 #  'self-ssl.key' and 'self.cert' with your certificate.
 #  To debug nginx replace '&& nginx -g 'daemon off' with '&& nginx-debug -g 'daemon off'
 #  nginx will export port 8443 to the outside world, make sure that this port is reachable
 #  on your system from the "outside world". All other traffice is only internal.
 #
 #  You could remove the entire 'nginx' service from this file if you want to use your own
 #  reverse proxy in front of guacamole. If doing so, make sure you change the line
 #       - 8080/tcp
 #   to   - 8080:8080/tcp
 #  within the 'guacamole' service. This will expose the guacamole webinterface directly
 #  on port 8080 and you can use it for your own purposes.
 #  Do note, guacamole is available on :8080/guacamole, not /.
 #
 # !!!!! FOR INITAL SETUP (after git clone) run ./prepare.sh once
 #
 # !!!!! FOR A FULL RESET (WILL ERASE YOUR DATABASE, YOUR FILES, YOUR RECORDS AND CERTS) DO A
 # !!!!!  ./reset.sh
 #
 #
 # The initial login to the guacamole webinterface is:
 #
 #     Username: guacadmin
 #     Password: guacadmin
 #
 # Make sure you change it immediately!
 #
 # version            date              comment
 # 0.1                2017-06-28        initial release
 # 0.2                2017-10-09        minor fixes + internal GIT push
 # 0.3                2017-10-09        minor fixes + public GIT push
 # 0.4                2019-08-14        creating of ssl certs now in prepare.sh
 #                                      simplified nginx startup commands
 ####################################################################################

 version: '2.0'

 # networks
 # create a network 'guacnetwork_compose' in mode 'bridged'
 networks:
  guacnetwork_compose:
    driver: bridge

 # services
 services:
  # guacd
  guacd:
    container_name: guacd_compose
    image: guacamole/guacd
    networks:
      guacnetwork_compose:
    restart: always
    volumes:
    - ./drive:/drive:rw
    - ./record:/record:rw
  # postgres
  # postgres:
    # container_name: postgres_guacamole_compose
    # environment:
      # PGDATA: /var/lib/postgresql/data/guacamole
      # POSTGRES_DB: guacamole_db
      # POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234
      # POSTGRES_USER: guacamole_user
    # image: postgres
    # networks:
      # guacnetwork_compose:
    # restart: always
    # volumes:
    # - ./init:/docker-entrypoint-initdb.d:ro
    # - ./data:/var/lib/postgresql/data:rw

  # guacamole
  guacamole:
    container_name: guacamole_compose
    depends_on:
    - guacd
    # - postgres
    environment:
      GUACD_HOSTNAME: guacd
      MYSQL_DATABASE: guacamole_db
      MYSQL_PORT: 3306
      MYSQL_HOSTNAME: host.docker.internal
      MYSQL_PASSWORD: PASSWORD
      MYSQL_USER: guacamole_user
    image: guacamole/guacamole
    links:
    - guacd
    networks:
      guacnetwork_compose:
    ports:
 ## enable next line if not using nginx
 ##    - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /.
 ## enable next line when using nginx
    - 11443:8080/tcp
    extra_hosts:
      - "host.docker.internal:host-gateway"
    restart: always

 ########### optional ##############
  # nginx
  # nginx:
   # container_name: nginx_guacamole_compose
   # restart: always
   # image: nginx
   # volumes:
   # - ./nginx/ssl/self.cert:/etc/nginx/ssl/self.cert:ro
   # - ./nginx/ssl/self-ssl.key:/etc/nginx/ssl/self-ssl.key:ro
   # - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
   # - ./nginx/mysite.template:/etc/nginx/conf.d/default.conf:ro
   # ports:
   # - 11443:443
   # links:
   # - guacamole
   # networks:
     # guacnetwork_compose:
   # # run nginx
   # command: /bin/bash -c "nginx -g 'daemon off;'"
 # nginx-debug-mode
 #   command: /bin/bash -c "nginx-debug -g 'daemon off;'"
 ####################################################################################
diff --git a/host nginx reverse proxy b/host nginx reverse proxy
 location /guacamole/ {
 		proxy_pass http://localhost:11443/guacamole/;
 		proxy_buffering off;
 		proxy_http_version 1.1;
 		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 		proxy_set_header Upgrade $http_upgrade;
 		proxy_set_header Connection $http_connection;
 		access_log off;
 }
	####################################################################################
	# docker-compose file for Apache Guacamole
	# created by PCFreak 2017-06-28
	#
	# Apache Guacamole is a clientless remote desktop gateway. It supports standard
	# protocols like VNC, RDP, and SSH. We call it clientless because no plugins or
	# client software are required. Thanks to HTML5, once Guacamole is installed on
	# a server, all you need to access your desktops is a web browser.
	####################################################################################
	#
	# What does this file do?
	#
	# Using docker-compose it will:
	#
	# - create a network 'guacnetwork_compose' with the 'bridge' driver.
	# - create a service 'guacd_compose' from 'guacamole/guacd' connected to 'guacnetwork'
	# - create a service 'postgres_guacamole_compose' (1) from 'postgres' connected to 'guacnetwork'
	# - create a service 'guacamole_compose' (2) from 'guacamole/guacamole/' conn. to 'guacnetwork'
	# - create a service 'nginx_guacamole_compose' (3) from 'nginx' connected to 'guacnetwork'
	#
	# (1)
	# DB-Init script is in './init/initdb.sql' it has been created executing
	# 'docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > ./init/initdb.sql'
	# once.
	# DATA-DIR is in './data'
	# If you want to change the DB password change all lines with 'POSTGRES_PASSWORD:' and
	# change it to your needs before first start.
	# To start from scratch delete './data' dir completely
	# './data' will hold all data after first start!
	# The initdb.d scripts are only executed the first time the container is started
	# (and the database files are empty). If the database files already exist then the initdb.d
	# scripts are ignored (e.g. when you mount a local directory or when docker-compose saves
	# the volume and reuses it for the new container).
	#
	# !!!!! MAKE SURE your folder './init' is executable (chmod +x ./init)
	# !!!!! or 'initdb.sql' will be ignored!
	#
	# './data' will hold all data after first start!
	#
	# (2)
	# Make sure you use the same value for 'POSTGRES_USER' and 'POSTGRES_PASSWORD'
	# as configured under (1)
	#
	# (3)
	# ./nginx/nginx.conf will be mapped read-only into the container at /etc/nginx/nginx.conf
	# ./nginx/mysite.template will be mapped into the container at /etc/nginx/conf.d/mysite.template
	# ./nginx/ssl will be mapped into the container at /etc/nginx/ssl
	# At startup a self-signed certificate will be created. If you want to use your own certs
	# just remove the part that generates the certs from the 'command' section and replace
	# 'self-ssl.key' and 'self.cert' with your certificate.
	# To debug nginx replace '&& nginx -g 'daemon off' with '&& nginx-debug -g 'daemon off'
	# nginx will export port 8443 to the outside world, make sure that this port is reachable
	# on your system from the "outside world". All other traffice is only internal.
	#
	# You could remove the entire 'nginx' service from this file if you want to use your own
	# reverse proxy in front of guacamole. If doing so, make sure you change the line
	# - 8080/tcp
	# to - 8080:8080/tcp
	# within the 'guacamole' service. This will expose the guacamole webinterface directly
	# on port 8080 and you can use it for your own purposes.
	# Do note, guacamole is available on :8080/guacamole, not /.
	#
	# !!!!! FOR INITAL SETUP (after git clone) run ./prepare.sh once
	#
	# !!!!! FOR A FULL RESET (WILL ERASE YOUR DATABASE, YOUR FILES, YOUR RECORDS AND CERTS) DO A
	# !!!!! ./reset.sh
	#
	#
	# The initial login to the guacamole webinterface is:
	#
	# Username: guacadmin
	# Password: guacadmin
	#
	# Make sure you change it immediately!
	#
	# version date comment
	# 0.1 2017-06-28 initial release
	# 0.2 2017-10-09 minor fixes + internal GIT push
	# 0.3 2017-10-09 minor fixes + public GIT push
	# 0.4 2019-08-14 creating of ssl certs now in prepare.sh
	# simplified nginx startup commands
	####################################################################################

	version: '2.0'

	# networks
	# create a network 'guacnetwork_compose' in mode 'bridged'
	networks:
	guacnetwork_compose:
	driver: bridge

	# services
	services:
	# guacd
	guacd:
	container_name: guacd_compose
	image: guacamole/guacd
	networks:
	guacnetwork_compose:
	restart: always
	volumes:
	- ./drive:/drive:rw
	- ./record:/record:rw
	# postgres
	# postgres:
	# container_name: postgres_guacamole_compose
	# environment:
	# PGDATA: /var/lib/postgresql/data/guacamole
	# POSTGRES_DB: guacamole_db
	# POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234
	# POSTGRES_USER: guacamole_user
	# image: postgres
	# networks:
	# guacnetwork_compose:
	# restart: always
	# volumes:
	# - ./init:/docker-entrypoint-initdb.d:ro
	# - ./data:/var/lib/postgresql/data:rw

	# guacamole
	guacamole:
	container_name: guacamole_compose
	depends_on:
	- guacd
	# - postgres
	environment:
	GUACD_HOSTNAME: guacd
	MYSQL_DATABASE: guacamole_db
	MYSQL_PORT: 3306
	MYSQL_HOSTNAME: host.docker.internal
	MYSQL_PASSWORD: PASSWORD
	MYSQL_USER: guacamole_user
	image: guacamole/guacamole
	links:
	- guacd
	networks:
	guacnetwork_compose:
	ports:
	## enable next line if not using nginx
	## - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /.
	## enable next line when using nginx
	- 11443:8080/tcp
	extra_hosts:
	- "host.docker.internal:host-gateway"
	restart: always

	########### optional ##############
	# nginx
	# nginx:
	# container_name: nginx_guacamole_compose
	# restart: always
	# image: nginx
	# volumes:
	# - ./nginx/ssl/self.cert:/etc/nginx/ssl/self.cert:ro
	# - ./nginx/ssl/self-ssl.key:/etc/nginx/ssl/self-ssl.key:ro
	# - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
	# - ./nginx/mysite.template:/etc/nginx/conf.d/default.conf:ro
	# ports:
	# - 11443:443
	# links:
	# - guacamole
	# networks:
	# guacnetwork_compose:
	# # run nginx
	# command: /bin/bash -c "nginx -g 'daemon off;'"
	# nginx-debug-mode
	# command: /bin/bash -c "nginx-debug -g 'daemon off;'"
	####################################################################################
	location /guacamole/ {
	proxy_pass http://localhost:11443/guacamole/;
	proxy_buffering off;
	proxy_http_version 1.1;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $http_connection;
	access_log off;
	}