Using Portainer to Deploy Guacamole As Web Based Remote Access Gateway (Updated)
The docker and github project (oznu/docker-guacamole) was not been updated since then. There is one person forked original oznu/docker-guacamole and still keep updating it, that is MaxWaldorf/guacamole.
via Blogger http://blog.51sec.org/2022/08/using-portainer-to-deploy-guacamole-as.html
August 27, 2022 at 11:06PM Docker
About 3 years ago, I had a post to show how to use Portainer to deploy Guacamole
The docker and github project (oznu/docker-guacamole) was not been updated since then. There is one person forked original oznu/docker-guacamole and still keep updating it, that is MaxWaldorf/guacamole.
I decided to try it using my Oracle Cloud Free ARM machine to see how the deployment goes. It was surprising smooth for whole deployment experience. This post is to summarize all the steps , including how to RDP into Windows machine and how to use NPM (Nginx Proxy Manager) to add custom domain and ssl support.
Pre-requirements
Videos:
- - Free VPS from Oracle Cloud : https://youtu.be/E9dHA3NBbN8
- - Docker and Portainer installed - https://youtu.be/_gKl_wtY_Gg, https://youtu.be/puMzo6O7dF0
- - Nginx Proxy Manager (NPM) installed - https://youtu.be/_gKl_wtY_Gg
- - Own Domain (optional) - free domain : https://youtu.be/V1xnhqqg4Rw, https://youtu.be/zrhxb8swVGM
Posts:
Deployment Using Docker Run Command
Usage (works for x86_64 and arm64v8, no support for 32 bits)
docker run \
-p 8080:8080 \
-v /root/data/docker_data/guacamole:/config \
maxwaldorf/guacamole
Note: /root/data/docker_data/guacamole is a folder created on the docker host.
Deployment Using Portainer
Create a new container:
maxwaldorf/guacamole
/init
/config
/root/data/docker_data/guacamole
Environment variable will automatically set during creating your docker container. You do not need to manually enter them.
PATH=/usr/lib/postgresql/13/bin:/usr/local/tomcat/bin:/usr/local/openjdk-8/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
JAVA_HOME=/usr/local/openjdk-8
LANG=C.UTF-8
JAVA_VERSION=8u332
CATALINA_HOME=/usr/local/tomcat
TOMCAT_NATIVE_LIBDIR=/usr/local/tomcat/native-jni-lib
LD_LIBRARY_PATH=/usr/local/tomcat/native-jni-lib
GPG_KEYS=05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 5C3C5F3E314C866292F359A8F3AD5C94A67F707E 765908099ACF92702C7D949BFA0C35EA8AA299F1 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23
TOMCAT_MAJOR=8
TOMCAT_VERSION=8.5.78
TOMCAT_SHA512=b50213e64cc1fd3da2847deda1ca13bee4c26663093c11d53c5ecfe4cdec8856e743b4a1d8488e0c0cbe9bf149e755df40a4140f3b155e2195e3bc6335de3512
APPLICATION=guacamole
BUILD_RFC3339=2022-01-25T12:00:00Z
REVISION=local
DESCRIPTION=Guacamole 1.4.0
PACKAGE=MaxWaldorf/guacamole
VERSION=1.4.0
GUAC_VER=1.4.0
GUACAMOLE_HOME=/config/guacamole
PG_MAJOR=13
PGDATA=/config/postgres
POSTGRES_USER=guacamole
POSTGRES_DB=guacamole_db
Restart policy can be set to Unless stopped.
Once all configuration entered, click "Deploy the container" button. Deployment will start. If you have not pull the image before, it will pull image directly from Docker Hub repository.
Access Guacamole web portal
http://<public ip>:8080
default username and password: guacadmin / guacadmin
You will be notified to create your own user name and password.
Access Linux Machines
RDP to access xRDP desktop
1. Username and Password
2. Private key
Private key in Guacamole connection's parameters page will need PEM format file, which is not puttygen generated private key file.
We are able to convert PPK format private key to PEM format using Puttygen this tool. Using Puttygen to load your PPK format private key file, then choose menu Conversions -> Export OpenSSH key to export to a PEM format private key file.
Access Windows Machines
When using Guacamole to access Windows server machine 2016, all seems fine But common issue when trying to use Guacamole to connect to Windows server 2022 machine with default settings like this:
You will get following error message:
"The remote desktop server is currently unreachable. If the problem persists, please notify your system administrator, or check your system logs."
If your username or password is wrong, you will get following error message.
"Log in failed. Please reconnect and try again."
Even we checked "Ignore server certificate", we might still get an error message to say server is unreachable.
Guacamole apparently doesn't work with Windows 10 or Windows Server 2016 RDP naturally so you have to edit the registry to make it work.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
Change “SecurityLayer” value to 1 (Original value is 2)
Verify “UserAuthentication” value is 0 (Original value is 1)
Source: https://mangolassi.it/topic/17846/make-windows-10-server-2016-rdp-work-with-guacamole/2
As long as you checked "Igore server certificate", you will be able to log in now. Security mode can be set to empty or any.
Enabling Extensions
Extensions can be enabled using the
-e EXTENSIONS variable. Multiple extensions can be enabled using a comma separated list without spaces.
For example:
docker run \
-p 8080:8080 \
-v </path/to/config>:/config \
-e "EXTENSIONS=auth-ldap,auth-duo"
maxwaldorf/guacamole
Extension List:
- auth-duo
- auth-header
- auth-jdbc-mysql
- auth-jdbc-postgresql
- auth-jdbc-sqlserver
- auth-json
- auth-ldap
- auth-quickconnect
- auth-sso-openid
- auth-sso-saml
- auth-sso-cas
- auth-totp
Videos
via Blogger http://blog.51sec.org/2022/08/using-portainer-to-deploy-guacamole-as.html
August 27, 2022 at 11:06PM Docker
RSS Feed
