I would love to use your method of installing Guacamole, but I'm having trouble using it on Windows (I'm using Docker Desktop with WSL2). Bringing up the containers works fine, but the scripts throw some errors (even with Git for Windows installed). This doesn't matter for the reset.sh script, since I know how to delete some folders, but how to fix this error that prepare.sh gives me:

docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start containuacamole/bin/initdb.sh": stat C:/Program Files/Git/opt/guacamole/bin/initdb.sh: no such file or directory: unknown.

That error is shown after this command in prepare.sh:

docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > /init/initdb.sql

Any clue on what to do?

I kind of like using portainer and helps me since the server is at remote location so instead of docker compose up, will this work via portiner stack?

Hello, I had a previous oznu guacamole setup. It is no longer maintained. I have the backup.sql from my postgres there. Where would I find the postgres.sql in your guacamole-docker-compose?

If I can understand the location, I can use this to import it.

  psql -U username -d dbname < filename.sql

Any help is really appreciated!

Hi in which container would you find the log for failed attempts to log in, and which folder in that container

thanks
Carl

Awesome work, got up and running in a minute!

However, the self-signed certs are inconvenient and I dont have my own certificates. Since nginx is already included in the docker compose stack, can we please have support for generating and automatic renewing of LetsEncrypt certs?

This will make it even more amazing! Thanks :)

Hello,

I am having trouble with configuring the Remote IP Valve like described in the official config here:
https://guacamole.apache.org/doc/gug/reverse-proxy.html

The file exists in /home/guacamole/tomcat/conf/server.xml inside the docker container.
Making changes to it via docker exec doesn't work since guacamole would need to be restarted.

I've also tried mounting the file like this:

volumes:
  - ./server.xml:/home/guacamole/tomcat/conf/server.xml

but then guacamole doesn't start since the created file systems cannot be accessed due to permission problems.

Another thing I tried is setting up a GUACAMOLE_HOME folder via volumes. But as far as I understand it changes in that folder do not carry over to conf/server.xml

Does someone know how to modify the docker-compose.yml to be able to edit server.xml?

Best,
Paul

The nginx_guacamole suddenly stop working.
log of nginx

2022/04/26 14:42:41 [emerg] 1#1: no "events" section in configuration
nginx: [emerg] no "events" section in configuration
2022/04/26 14:43:44 [emerg] 1#1: no "events" section in configuration
2022/04/26 14:41:40 [emerg] 1#1: no "events" section in configuration

Volume for the config file
/home/user/guacamole-docker-compose/nginx/nginx.conf | /etc/nginx/nginx.conf

docker-compose.yml

version: '2.0'

# networks
# create a network 'guacnetwork_compose' in mode 'bridged'
networks:
  guacnetwork_compose:
    driver: bridge

# services
services:
  # guacd
  guacd:
    container_name: guacd_compose
    image: guacamole/guacd
    networks:
      guacnetwork_compose:
    restart: always
    volumes:
    - ./drive:/drive:rw
    - ./record:/record:rw
  # postgres
  postgres:
    container_name: postgres_guacamole_compose
    environment:
      PGDATA: /var/lib/postgresql/data/guacamole
      POSTGRES_DB: guacamole_db
      POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234
      POSTGRES_USER: guacamole_user
    image: postgres:13.4
    networks:
      guacnetwork_compose:
    restart: always
    volumes:
    - ./init:/docker-entrypoint-initdb.d:ro
    - ./data:/var/lib/postgresql/data:rw

  # guacamole
  guacamole:
    container_name: guacamole_compose
    depends_on:
    - guacd
    - postgres
    environment:
      GUACD_HOSTNAME: guacd
      POSTGRES_DATABASE: guacamole_db
      POSTGRES_HOSTNAME: postgres
      POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234
      POSTGRES_USER: guacamole_user
    image: guacamole/guacamole
    links:
    - guacd
    networks:
      guacnetwork_compose:
    ports:
## enable next line if not using nginx
##    - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /.
## enable next line when using nginx
    - 8080/tcp
    restart: always

########### optional ##############
  # nginx
  nginx:
   container_name: nginx_guacamole_compose
   restart: always
   image: nginx
   volumes:
   - ./nginx/ssl/self.cert:/etc/nginx/ssl/self.cert:ro
   - ./nginx/ssl/self-ssl.key:/etc/nginx/ssl/self-ssl.key:ro
   - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
   - ./nginx/mysite.template:/etc/nginx/conf.d/default.conf:ro
   ports:
   - 8443:443
   links:
   - guacamole
   networks:
     guacnetwork_compose:
   # run nginx
   command: /bin/bash -c "nginx -g 'daemon off;'"
# nginx-debug-mode
#   command: /bin/bash -c "nginx-debug -g 'daemon off;'"
####################################################################################

-rw-r--r-- 1 user group 661 Nov 13 10:29 guacamole-docker-compose/nginx/nginx.conf:

### AAA
user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}
daemon off;

You can see the events{} part is right in there.

other containers
[guacd_compose]
[guacamole_compose]
[postgres_guacamole_compos]
are working fine

I just clone this repo , and change nothing , just run prepare.sh and docker-compose up -d
containers runs ok , but when I try to open https://my_ip:8443
there's an error message , even I dont have a chance to enter id and password ...

An error has occurred and this action cannot be completed. If the problem persists, please notify your system administrator or check your system logs.

and docker-compose logs show many messages , I paste to pastedbin
https://pastebin.com/e4HctqQx

something catch my eyes .

Error querying database.  Cause: org.postgresql.util.PSQLException: ERROR: relation "guacamole_user" does not exist

and I find that init/initdb.sql is 0 byte.

2020-03-19 09:22:33 [chchang@zorin guacamole-docker-compose]$ ls init/ -lart
總計 8
drwxr-xr-x 2 chchang chchang 4096  3月 19 09:08 .
-rwxr-xr-x 1 chchang chchang    0  3月 19 09:21 initdb.sql
drwxr-xr-x 8 chchang chchang 4096  3月 19 09:21 ..
2020-03-19 09:22:35 [chchang@zorin guacamole-docker-compose]$ 

I dont know what's the matter , and have no idea how to solve
any sugestions ?

Most of my servers have SSH Password Auth disabled and I have been using SSH keys to manage them. Is there any way I can upload my SSH keys and use them for connections?

You can edit user-mapping.xml in Guacamole normally but the docker image doesnt have a text editor or permissions to install one.

I've been tearing my hair out, please can you provide assistance?

Thanks in advance, also great work!

Hello,

first of all thank you for creating the compose script.

I have deployed the containers exactly as described here.

Unfortunately I cannot connect to a basic RDP host.

I am getting desperate.

The target host is a current domain Windows Server 2019.

• NLA was turned off and on as a test.
• The Ignore certificate checkbox is set.
• Credentials were entered in a wide variety of notations.

However, the error pattern and the logs of the guacd and guacamole container have not changed.

Do I have to do anything else to connect to a RDP host with this construct?

_guacamole_compose_logs.txt
_postgres_guacamole_compose_logs.txt
_guacd_compose_logs.txt

Firstly, thank you so much for posting this. You've made countless lives easier, and I greatly appreciate it.

Is there a straight-forward way to enable TOTP / MFA off the bat here? I tried throwing in some environment variables in the docker-compose-yaml but after reading the Guacamole docs it seems like it might end up being a bit more involved than that.

Any pointers? Thanks in advance.

nginx_guacamole_compose | cp: cannot stat '/etc/nginx/conf.d/mysite.template': No such file or directory
nginx_guacamole_compose exited with code 1

volumes:

• ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
• ./nginx/mysite.template:/etc/nginx/conf.d/mysite.template
• ./nginx/ssl:/etc/nginx/ssl

All of these files get mounted as folders.

Put single quotes around your password, otherwise special char will cause the docker-compose.yml file to fail with str errors.
POSTGRES_PASSWORD: 'ChooseYourOwnPasswordHere1234!!!$$$@@@'

Hi, I'm not an expert of Guacamole.
Probably, this is a very stupid question.

I tried to download your project and started and it's working perfectly.
However, now I have a local docker container that exposes a vnc server on port 5900. How can I connect this container to guacamole?

thanks.

Preface

First of all, thank you very much for producing one of the only passable Guacamole container stacks in Docker-compose.

I ask the following because I'm trying to prepare this docker-compose stuff for Docker Swarm and I've noticed a few potential redundancies and am trying to understand what's possible to cut out. I might also offer a PR when I'm done to offer some insight on how to optimize this stack a bit.

Question itself.

Is this part of the Guacamole requirements or is it possible to skip encrypting traffic passed over host networking?

Hi,

I am having issues connecting to any machine (via RDP, SSH, VNC) outside of the Ubuntu machine that I installed this guacamole docker container on. They are all on the same subnet and can verify that I can ping and SSH into the hosts from within the guacd_compose and guacamole_compose containers.

I'm not running any firewalls on any of the machines. In fact, the remote machines are fresh, vanilla installs of Ubuntu and Windows for the purposes of testing Guacamole for a project. RDP is enabled on Windows and can connect to it via RDP client on another machine running on the same subnet.

In the connection settings, do I need to fill out any information under the 'Guacamole Proxy Paramters (GUACD)' section? I tried 'guacd' as the hostname as it is referenced in the docker-compose.yml file, but still am getting the same error.

Any support would be greatly appreciated! Thank you!

guacamole HTTP interface error when connecting to any remote host (other than localhost):

An internal error has occurred within the Guacamole server, and the connection has been terminated. If the problem persists, please notify your system administrator, or check your system logs. Reconnecting in 6 seconds...'

guacamole_compose logs:

Exception in thread "Thread-34" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed
20:43:08.586 [http-nio-8080-exec-6] INFO  o.a.g.tunnel.TunnelRequestService - User "guacadmin" disconnected from connection "1". Duration: 74 milliseconds
        at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:442)
        at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:314)
        at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:254)
        at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:195)
        at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
        at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152)
        at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53)
        at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253)
20:43:14.999 [http-nio-8080-exec-3] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: java.net.ConnectException: Connection refused (Connection refused)

guacd_compose logs:

guacd[7]: INFO: Connection ID is "$208014e1-862f-4118-8b35-8d275fce7886"
guacd[184]: INFO:       User "@a9bf3404-b84c-4eb9-90d0-30ae30cb8022" joined connection "$208014e1-862f-4118-8b35-8d275fce7886" (1 users now present)
guacd[184]: ERROR:      Unable to connect to any addresses.
guacd[184]: INFO:       User "@a9bf3404-b84c-4eb9-90d0-30ae30cb8022" disconnected (0 users remain)
guacd[184]: INFO:       Last user of connection "$208014e1-862f-4118-8b35-8d275fce7886" disconnected
guacd[7]: INFO: Connection "$208014e1-862f-4118-8b35-8d275fce7886" removed.

Hi,

I used this docker-Image to create my Guacamole inside docker.
But I noticed a problem:
If I want to type a colon, everytime it shows me a "Ö" (german layout).

I also changed the locale with an environment variable to "de_DE.UTF-8", but without any success.

do you have any advise for me?

Thanks.

Sascha

Hi,

I followed your Quick start steps to install and setup things fast. Now I am wondering how to upgrade my Guacamole once the new version is pushed to the Github?

Thank you.

Hey , thank you for the Work.

I have a similar Installation, there is a Guacd.conf .To reach the Guac from outside i Change the hostname to public IP and can reach.

In this Installation i dont find this File.
Not real an issuse ;/

I've been relying on your guacamole-docker-compose project for a few months and it's worked flawlessly.

I recently stopped my containers and decided to pull the latest changes. Afterwards, I could docker-compose up gave me problems--specifically the nginx container. Docker was complaining that I was trying to map a file to a directory.

When I looked at the nginx folder, mysite.template and nginx.conf were directories.

I ran reset.sh and then prepare.sh, and tried again. No dice.

I deleted all folders, git reset --hard, and tried again. Nope.

I then checked out commit aae1 (merge request 3), ran prepare.sh, and docker-compose up, and it worked flawlessly.

Running Docker Engine Community Server 19.0.3.1 on Ubuntu Server 16.

Hi,
i started the docker-compose File - and then the container "guacamole_compose" keeps restarting..

Here the log of the Container.

What am I doing wrong?

18-Aug-2022 09:00:48.318 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs= 18-Aug-2022 09:00:48.318 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/home/guacamole/tomcat 18-Aug-2022 09:00:48.319 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat 18-Aug-2022 09:00:48.319 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/home/guacamole/tomcat/temp 18-Aug-2022 09:00:48.319 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.33] using APR version [1.7.0]. 18-Aug-2022 09:00:48.320 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [{4}]. 18-Aug-2022 09:00:48.320 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] 18-Aug-2022 09:00:48.324 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 3.0.2 15 Mar 2022] 18-Aug-2022 09:00:48.484 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"] 18-Aug-2022 09:00:48.525 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 988 ms 18-Aug-2022 09:00:48.585 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina] 18-Aug-2022 09:00:48.585 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/8.5.81] 18-Aug-2022 09:00:48.648 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/home/guacamole/tomcat/webapps/guacamole.war] 18-Aug-2022 09:01:09.370 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name: Apache Tomcat/8.5.81 18-Aug-2022 09:01:09.374 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Jun 8 2022 21:30:15 UTC 18-Aug-2022 09:01:09.374 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 8.5.81.0 18-Aug-2022 09:01:09.374 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux 18-Aug-2022 09:01:09.375 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 5.15.39-1-pve 18-Aug-2022 09:01:09.375 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64 18-Aug-2022 09:01:09.375 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /opt/java/openjdk/jre 18-Aug-2022 09:01:09.376 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_345-b01 18-Aug-2022 09:01:09.376 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Temurin 18-Aug-2022 09:01:09.377 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /home/guacamole/tomcat 18-Aug-2022 09:01:09.377 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /usr/local/tomcat 18-Aug-2022 09:01:09.378 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/home/guacamole/tomcat/conf/logging.properties 18-Aug-2022 09:01:09.378 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 18-Aug-2022 09:01:09.378 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048 18-Aug-2022 09:01:09.379 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources 18-Aug-2022 09:01:09.379 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 18-Aug-2022 09:01:09.379 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs= 18-Aug-2022 09:01:09.379 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/home/guacamole/tomcat 18-Aug-2022 09:01:09.382 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat 18-Aug-2022 09:01:09.382 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/home/guacamole/tomcat/temp 18-Aug-2022 09:01:09.383 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.33] using APR version [1.7.0]. 18-Aug-2022 09:01:09.383 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [{4}]. 18-Aug-2022 09:01:09.383 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] 18-Aug-2022 09:01:09.388 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 3.0.2 15 Mar 2022] 18-Aug-2022 09:01:09.531 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"] 18-Aug-2022 09:01:09.568 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 1003 ms 18-Aug-2022 09:01:09.615 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina] 18-Aug-2022 09:01:09.615 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/8.5.81] 18-Aug-2022 09:01:09.669 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/home/guacamole/tomcat/webapps/guacamole.war] 18-Aug-2022 09:01:14.296 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name: Apache Tomcat/8.5.81 18-Aug-2022 09:01:14.300 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Jun 8 2022 21:30:15 UTC 18-Aug-2022 09:01:14.301 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 8.5.81.0 18-Aug-2022 09:01:14.301 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux 18-Aug-2022 09:01:14.301 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 5.15.39-1-pve 18-Aug-2022 09:01:14.302 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64 18-Aug-2022 09:01:14.302 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /opt/java/openjdk/jre 18-Aug-2022 09:01:14.303 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_345-b01 18-Aug-2022 09:01:14.303 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Temurin 18-Aug-2022 09:01:14.303 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /home/guacamole/tomcat 18-Aug-2022 09:01:14.304 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /usr/local/tomcat 18-Aug-2022 09:01:14.304 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/home/guacamole/tomcat/conf/logging.properties 18-Aug-2022 09:01:14.305 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 18-Aug-2022 09:01:14.305 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048 18-Aug-2022 09:01:14.305 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources 18-Aug-2022 09:01:14.306 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 18-Aug-2022 09:01:14.306 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs= 18-Aug-2022 09:01:14.306 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/home/guacamole/tomcat 18-Aug-2022 09:01:14.307 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat 18-Aug-2022 09:01:14.307 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/home/guacamole/tomcat/temp 18-Aug-2022 09:01:14.307 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.33] using APR version [1.7.0]. 18-Aug-2022 09:01:14.308 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [{4}]. 18-Aug-2022 09:01:14.308 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] 18-Aug-2022 09:01:14.312 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 3.0.2 15 Mar 2022] 18-Aug-2022 09:01:14.460 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"] 18-Aug-2022 09:01:14.493 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 959 ms 18-Aug-2022 09:01:14.552 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina] 18-Aug-2022 09:01:14.552 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/8.5.81] 18-Aug-2022 09:01:14.609 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/home/guacamole/tomcat/webapps/guacamole.war] 18-Aug-2022 09:01:19.964 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name: Apache Tomcat/8.5.81 18-Aug-2022 09:01:19.968 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Jun 8 2022 21:30:15 UTC 18-Aug-2022 09:01:19.968 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 8.5.81.0 18-Aug-2022 09:01:19.969 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux 18-Aug-2022 09:01:19.969 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 5.15.39-1-pve 18-Aug-2022 09:01:19.970 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64 18-Aug-2022 09:01:19.970 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /opt/java/openjdk/jre 18-Aug-2022 09:01:19.970 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_345-b01 18-Aug-2022 09:01:19.971 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Temurin 18-Aug-2022 09:01:19.971 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /home/guacamole/tomcat 18-Aug-2022 09:01:19.971 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /usr/local/tomcat 18-Aug-2022 09:01:19.972 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/home/guacamole/tomcat/conf/logging.properties 18-Aug-2022 09:01:19.972 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 18-Aug-2022 09:01:19.973 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048 18-Aug-2022 09:01:19.973 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources 18-Aug-2022 09:01:19.973 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 18-Aug-2022 09:01:19.974 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs= 18-Aug-2022 09:01:19.974 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/home/guacamole/tomcat 18-Aug-2022 09:01:19.974 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat 18-Aug-2022 09:01:19.974 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/home/guacamole/tomcat/temp 18-Aug-2022 09:01:19.975 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.33] using APR version [1.7.0]. 18-Aug-2022 09:01:19.975 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [{4}]. 18-Aug-2022 09:01:19.976 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] 18-Aug-2022 09:01:19.980 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 3.0.2 15 Mar 2022] 18-Aug-2022 09:01:20.115 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"] 18-Aug-2022 09:01:20.159 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 981 ms 18-Aug-2022 09:01:20.207 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina] 18-Aug-2022 09:01:20.208 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/8.5.81] 18-Aug-2022 09:01:20.247 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/home/guacamole/tomcat/webapps/guacamole.war]

Just ran the script with the quick start instructions on this page. It looks like theres a problem with the certificate happening when I have a look at the docker logs for the Nginx container. Here is the log. I am running this from an Alpine LXC container.

Guac:~/guacamole-docker-compose# docker logs nginx_guacamole_compose 2022/10/20 22:45:37 [emerg] 1#1: cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) nginx: [emerg] cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) 2022/10/20 22:45:39 [emerg] 1#1: cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) nginx: [emerg] cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) 2022/10/20 22:45:40 [emerg] 1#1: cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) nginx: [emerg] cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) 2022/10/20 22:45:42 [emerg] 1#1: cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) nginx: [emerg] cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) 2022/10/20 22:45:43 [emerg] 1#1: cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) nginx: [emerg] cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) 2022/10/20 22:45:45 [emerg] 1#1: cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) nginx: [emerg] cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) 2022/10/20 22:45:48 [emerg] 1#1: cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) nginx: [emerg] cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) 2022/10/20 22:45:55 [emerg] 1#1: cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) nginx: [emerg] cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) 2022/10/20 22:46:08 [emerg] 1#1: cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) nginx: [emerg] cannot load certificate "/etc/nginx/ssl/self.cert": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

WakeOnLAN function was released in version 1.2.0.
http://guacamole.apache.org/releases/1.2.0/

But I couldn't get WOL to connect to my computer, with settings using docker-compose.yml.

I created some yml files and tested the connection,
Error was output and the WOL connection could not be established.

Please help me.

Thank you.

Screen recording file are in a raw Guacamole format. I will need to encode it to a video to be able to watch them. The guacamole format is not a video, and is extremley small.

There is a tool called "guacenc" included with Guacamole that you can use that makes it into a .m4v file. But i don't know where is "guacenc" in container?

Plz help me. Tk U!

How can add totp-auth to my Guacamole (Like “Google Authenticator” )?

I burned more than an hour on this. Mention in the docker-compose and in the readme, that if not using nginx, use :8080/guacamole, not :8080/ as it's currently there.

When trying to connect to an Ubuntu 22.04 server with this guacamole-Docker-Container, the error message "Handshake failed" appears in the log

Hello - thank you for this great project! I would like to use it at work, but it seems like there is no software license on the project. Would it be possible to adopt one? An open source license would reassure us that we are legally permitted to use the code.

I want to change guacamole port from 8080 to 8081
i edited the docker-compose.yml file to port 8081 but it doesn't work, please help!
Here is my docker-compose.yml

version: '2.0'


networks:
  guacnetwork_compose:
    driver: bridge


services:

  guacd:
    container_name: guacd_compose
    image: guacamole/guacd
    networks:
      guacnetwork_compose:
    restart: always
    volumes:
    - ./drive:/drive:rw
    - ./record:/record:rw

  postgres:
    container_name: postgres_guacamole_compose
    environment:
      PGDATA: /var/lib/postgresql/data/guacamole
      POSTGRES_DB: guacamole_db
      POSTGRES_PASSWORD: 'ChooseYourOwnPasswordHere1234'
      POSTGRES_USER: guacamole_user
    image: postgres:13.4-buster
    networks:
      guacnetwork_compose:
    restart: always
    volumes:
    - ./init:/docker-entrypoint-initdb.d:z
    - ./data:/var/lib/postgresql/data:Z


  guacamole:
    container_name: guacamole_compose
    depends_on:
    - guacd
    - postgres
    environment:
      GUACD_HOSTNAME: guacd
      POSTGRES_DATABASE: guacamole_db
      POSTGRES_HOSTNAME: postgres
      POSTGRES_PASSWORD: 'ChooseYourOwnPasswordHere1234'
      POSTGRES_USER: guacamole_user
    image: guacamole/guacamole
    links:
    - guacd
    networks:
      guacnetwork_compose:
    ports:
   - 8081:8081/tcp # Guacamole is on :8080/guacamole, not /.
    restart: always

Looking for a docker compose for guacamole I found this repo and was wondering if it is still up to date and recommended?

I created the GUACAMOLE_HOME directory (located in /Users/myuser) but am having trouble pointing the guacamole_compose container to it. I have GUACAMOLE_HOME set as an Environment Variable Key and the Value is set as the path, /Users/myuser but upon restarting the container the message cp: cannot stat '/Users/myuser/.': No such file or directory appears.

I need this directory to add extensions to guacamole.

I am new to Docker and Gaucamole so any advice helps. Thanks!

I have a new install with this setup, and having the following issues, but basically I can't connect to internal RDP server, and get these errors which seem related: Only thing I changed was commented out the nginx stuff, and change the external port of guacamole to 5080. Any ideas?

guacamole_compose | 17:03:07.288 [http-nio-8080-exec-3] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: Requested tunnel destination does not exist.
g
guacamole_compose | 17:04:18.268 [http-nio-8080-exec-1] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: Connection to guacd timed out.
g

Is there a way to enable TOTP via Docker Compose?
If I define the environment variables (mentioned below), everything starts but it seems like the extension is not loaded.
LDAP at the same time is working fine.

I have added the following in the environment section:

      TOTP_ISSUER: Apache Guacamole
      TOTP_DIGITS: 6
      TOTP_PERIOD: 30
      TOTP_MODE: sha1

If I check the guacamole_compose container the extension is in /opt/guacamole/totp but not in /root/.guacamole/extensions/

Hello and thank you for a wonderful docker-compose setup that takes most of the guesswork out of getting a traditionally frustrating package working flawlessly and effortlessly.

I am, however, having a problem getting addons like TOTP deployed on this build. Would you mind adding documentation on how to get addons working with either the initial docker-compose or after deployment.

Thanks!

i followed the quick start guide to run the guacamole-docker,
i always get a permission denied error when trying to change password for the default account "guacadmin"...
I tried chmod 777 ./data/guacamole -R , create the dir ( mkdir -p ./data/guacamole) before running ./prepare.sh...
nothing works,
and the log from docker logs-f guacamole_compose seems quite normal...
any help would be appreciated.
Thanks

I've run ./prepare.sh and then docker-compose up -d but when I connect to port 8080, I see the Tomcat 8.5.41 "If you're seeing this, you've successfully installed Tomcat. Congratulations!" screen instead of a guacamole login screen. Note that I have nginx running outside the docker-compose stack as a reverse proxy to port 8080 on the guacamole container.

I am using a Ubuntu Linux server with xrdp and MATE Desktop environment.

I've used non-Docker Guacamole for a couple years and always configured Drive redirection as below and its always worked.

However Guacamole-Docker-Compose's Guacamole it doesn't.

Device Redirection
:
:
Enable drive: check-marked
Drive name: shared-drive
Disable file download:
Disable file upload:
Drive path: /home/${GUAC_USERNAME}
Automatically create drive: check-marked
Static channel names: rdpdr

But on my MATE desktop don't get a folder named shared-drive but a folder named the default thinclient-drives

and inside thinclient_drives there is the expected GUACFS directory.

But any attempt to copy a file to either folder fails:

Error opening file “/home/bmullan/thinclient_drives/junk.txt”: No such file or directory

So on my Mate Desktop server I edited XRDP's config:

/etc.xrdp/sesman.ini and manually changed the name in XRDP's config to shared-drive and that fixed the folder name issue as the folder on the Desktop is now named shared-drive

But any attempt to copy a file to that folder still fails fails:

Error opening file “/home/bmullan/thinclient_drives/junk.txt”: No such file or directory

Since this is a Docker Guacamole I'm not sure how to even check some of the normal config files such as:

/etc/guacamole/guacamole.properties

/etc/guacamole/user-mapping.xml

The XRDP config file on my MATE Desktop server assume's a FUSE connection to the

Per the Apache Guacamole documentation:

Device redirection

Device redirection refers to the use of non-display devices over RDP. Guacamole's RDP support currently allows redirection of audio, printing, and disk access, some of which require additional configuration in order to function properly.

Audio redirection will be enabled by default. If Guacamole was correctly installed, and audio redirection is supported by your RDP server, sound should play within remote connections without manual intervention.

Printing requires GhostScript to be installed on the Guacamole server, and allows users to print arbitrary documents directly to PDF. When documents are printed to the redirected printer, the user will receive a PDF of that document within their web browser.

Guacamole provides support for file transfer over RDP by emulating a virtual disk drive. This drive will persist on the Guacamole server, confined within the drive path specified.

I realize my target Desktop is MATE/Linux via XRDP and not Windows but I'd think this should still work correctly as before.

I did find this long thread on problems w/Docker and FUSE:
Docker for Linux - FUSE issues

I also found:

New Features in Docker 20.10 - includes fuse-overlay-fs

Supports FUSE-OverlayFS

Mounting OverlayFS without the root is not supported on most host operating systems except Ubuntu and Debian. So, Rootless Docker 19.03 running on a non-Ubuntu/non-Debian host could not deduplicate files using OverlayFS.

Docker 20.10 supports FUSE-OverlayFS, which is an unprivileged alternative for OverlayFS and works on any host with kernel ≥ 4.18.

Docker 20.10 automatically falls back into FUSE-OverlayFS when OverlayFS is not functional but FUSE-OverlayFS is functional.

Not being a knowledgeable Docker user though I'm not sure how to interpret all of this from the Docker point of view such as does it have to be enabled in the Docker container etc?

Any ideas why the FUSE connection to the Docker/Guacamole Server doesn't work?

Hi,

First of all thank you for your efforts, it helps someone who has no clue what he is doing like me :).

Anyways I did setup everything without changing the configuration at all once I enter through Https://ip-address:8443

I get the below error:

An error occurred.
Sorry, the page you are looking for is currently unavailable.
Please try again later.

If you are the system administrator of this resource then you should check the error log for details.

Faithfully yours, nginx.

After checking my ngnix logs:

192.168.1.17 - - [04/Feb/2022:11:27:24 +0000] "GET / HTTP/1.1" 400 657 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36" "-"
192.168.1.17 - - [04/Feb/2022:11:27:24 +0000] "GET /favicon.ico HTTP/1.1" 400 657 "http://ip.address:8443/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36" "-"
2022/02/04 11:28:32 [error] 10#10: *5 connect() failed (113: No route to host) while connecting to upstream, client: 192.168.1.17, server: localhost, request: "GET / HTTP/2.0", upstream: "http://172.18.0.3:8080/guacamole/", host: "ip.address:8443"
192.168.1.17 - - [04/Feb/2022:11:28:32 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36" "-"
2022/02/04 11:28:35 [error] 10#10: *5 connect() failed (113: No route to host) while connecting to upstream, client: 192.168.1.17, server: localhost, request: "GET /favicon.ico HTTP/2.0", upstream: "http://172.18.0.3:8080/guacamole/favicon.ico", host: "ip.addres:8443", referrer: "https://ip.addres:8443/"
192.168.1.17 - - [04/Feb/2022:11:28:35 +0000] "GET /favicon.ico HTTP/2.0" 502 497 "https://ip.address:8443/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36" "-"
2022/02/04 11:36:00 [error] 10#10: *9 connect() failed (113: No route to host) while connecting to upstream, client: 192.168.1.17, server: localhost, request: "GET / HTTP/2.0", upstream: "http://172.18.0.3:8080/guacamole/", host: "ip.address:8443"
192.168.1.17 - - [04/Feb/2022:11:36:00 +0000] "GET / HTTP/2.0" 502 497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36" "-"
2022/02/04 11:36:03 [error] 10#10: *9 connect() failed (113: No route to host) while connecting to upstream, client: 192.168.1.17, server: localhost, request: "GET /favicon.ico HTTP/2.0", upstream: "http://172.18.0.3:8080/guacamole/favicon.ico", host: "ip.address:8443", referrer: "https://ip.addres:8443/"
192.168.1.17 - - [04/Feb/2022:11:36:03 +0000] "GET /favicon.ico HTTP/2.0" 502 497 "https://ip.address:8443/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36" "-"

Please let me know if I missed anything.

Thank you again

In the README it says:

Your guacamole server should now be available at https://ip of your server:8443/.

NGINX is redirecting incoming Port 8443 to Port 443 but there's not a "hard" reason that 8443 can't be changed
to something else right?

In my use-case I am already using Port 8443 for something else so the Dockerized Guacamole's attempt to use it also will fail.

Is there a way to change the incoming port to something other than 8443 by specifying it as a docker-compose parameter or in the .yml file?

thanks
brian

Hi,

The project does not work out of the box anymore

I did not use the nginx part and commented it

After a docker-compose up -d, I have the following error while trying to connect to the url:

http://ip-server:8080/guacamole

$ docker logs postgres_guacamole_compose -f
2018-11-13 14:51:13.309 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2018-11-13 14:51:13.309 UTC [1] LOG:  listening on IPv6 address "::", port 5432
2018-11-13 14:51:13.387 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2018-11-13 14:51:13.418 UTC [20] LOG:  database system was shut down at 2018-11-13 14:50:37 UTC
2018-11-13 14:51:13.562 UTC [1] LOG:  database system is ready to accept connections
2018-11-13 14:52:34.566 UTC [29] ERROR:  relation "guacamole_user" does not exist at character 505
2018-11-13 14:52:34.566 UTC [29] STATEMENT:  SELECT
                    guacamole_user.user_id,
                    guacamole_user.username,
                    password_hash,
                    password_salt,
                    password_date,
                    disabled,
                    expired,
                    access_window_start,
                    access_window_end,
                    valid_from,
                    valid_until,
                    timezone,
                    full_name,
                    email_address,
                    organization,
                    organizational_role,
                    MAX(start_date) AS last_active
                FROM guacamole_user
                LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id
                WHERE
                    guacamole_user.username = $1
                GROUP BY guacamole_user.user_id

Nevertheless, I have the correct Apache Tomcat home page at the address:

http://ip-server:8080

Could you please advice on the subject ?

Thank you in advance

I am unable to start an SSH connection in the guacamole web interface. I am trying to ssh from the guacamole container to the host machine the container is running on. I have configured a connection with the correct IP, Port, username, and password in the Guacamole web UI. When I initiate the connection, I get the error shown below.

If I start an interactive shell inside the "guacamole_compose" container with docker exec -u 0 -it <container-id> /bin/bash and install ssh, I can ssh into my other machine successfully, so the problem appears to be with Guacamole and not the container networking.

Screenshot:

stdout of guacamole_compose during the failed connection

2022-10-30T02:29:01.775725526Z 02:29:01.775 [http-nio-8080-exec-3] INFO  o.a.g.r.auth.AuthenticationService - User "connor" successfully authenticated from 192.168.86.21.
2022-10-30T02:29:35.861077387Z 02:29:35.860 [http-nio-8080-exec-8] INFO  o.a.g.tunnel.TunnelRequestService - User "connor" connected to connection "1".
2022-10-30T02:29:36.036393129Z 02:29:36.036 [http-nio-8080-exec-6] INFO  o.a.g.tunnel.TunnelRequestService - User "connor" disconnected from connection "1". Duration: 169 milliseconds
2022-10-30T02:29:51.823690848Z 02:29:51.822 [http-nio-8080-exec-7] INFO  o.a.g.tunnel.TunnelRequestService - User "connor" connected to connection "1".
2022-10-30T02:29:51.882835366Z 02:29:51.882 [http-nio-8080-exec-4] INFO  o.a.g.tunnel.TunnelRequestService - User "connor" disconnected from connection "1". Duration: 59 milliseconds
2022-10-30T02:30:07.749017831Z 02:30:07.748 [http-nio-8080-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - User "connor" connected to connection "1".
2022-10-30T02:30:07.798697585Z 02:30:07.798 [http-nio-8080-exec-1] INFO  o.a.g.tunnel.TunnelRequestService - User "connor" disconnected from connection "1". Duration: 50 milliseconds
2022-10-30T02:30:28.867469981Z 02:30:28.866 [http-nio-8080-exec-9] INFO  o.a.g.tunnel.TunnelRequestService - User "connor" connected to connection "1".
2022-10-30T02:30:28.915395939Z 02:30:28.915 [http-nio-8080-exec-5] INFO  o.a.g.tunnel.TunnelRequestService - User "connor" disconnected from connection "1". Duration: 48 milliseconds

my docker-compose.yml

version: '2.0'

# networks
# create a network 'guacnetwork_compose' in mode 'bridged'
networks:
  guacnetwork_compose:
    driver: bridge

# services
services:
  # guacd
  guacd:
    container_name: guacd_compose
    image: guacamole/guacd
    networks:
      guacnetwork_compose:
    restart: unless-stopped
    volumes:
    - /zlocal/docker-data/guacamole/guacd/drive:/drive:rw
    - /zlocal/docker-data/guacamole/guacd/record:/record:rw
  # postgres
  postgres:
    container_name: postgres_guacamole_compose
    environment:
      PGDATA: /var/lib/postgresql/data/guacamole
      POSTGRES_DB: guacamole_db
      POSTGRES_PASSWORD: '********'
      POSTGRES_USER: guacamole_user
    image: postgres:13.4-buster
    networks:
      guacnetwork_compose:
    restart: unless-stopped
    volumes:
    - /zlocal/docker-data/guacamole/posgres/init:/docker-entrypoint-initdb.d:z
    - /zlocal/docker-data/guacamole/posgres/data:/var/lib/postgresql/data:Z

  # guacamole
  guacamole:
    container_name: guacamole_compose
    depends_on:
    - guacd
    - postgres
    environment:
      GUACD_HOSTNAME: guacd
      POSTGRES_DATABASE: guacamole_db
      POSTGRES_HOSTNAME: postgres
      POSTGRES_PASSWORD: '********'
      POSTGRES_USER: guacamole_user
    image: guacamole/guacamole
    links:
    - guacd
    networks:
      guacnetwork_compose:
    ports:
## enable next line if not using nginx
## enable next line when using nginx
     - 8080:8080/tcp
    restart: unless-stopped

remove nginx, and use postgres:9.6.9/postgres:13

gen initdb.sql

docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > ./init/initdb.sql

full yml

version: '2.0'

# create a network 'guacnetwork_compose' in mode 'bridged'
networks:
  guacnetwork_compose:
    driver: bridge

# services
services:
  # guacd
  guacd:
    container_name: guacd_compose
    image: guacamole/guacd
    networks:
      guacnetwork_compose: null
    restart: always
    volumes:
      - ./drive:/drive:rw
      - ./record:/record:rw
  # postgres
  postgres:
    container_name: postgres_guacamole_compose
    environment:
      PGDATA: /var/lib/postgresql/data/guacamole
      POSTGRES_DB: guacamole_db
      POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234
      POSTGRES_USER: guacamole_user
    image: postgres:9.6.9
    networks:
      guacnetwork_compose: null
    restart: always
    volumes:
      - ./init:/docker-entrypoint-initdb.d:ro
      - ./data:/var/lib/postgresql/data:rw

  # guacamole
  guacamole:
    container_name: guacamole_compose
    depends_on:
      - guacd
      - postgres
    environment:
      GUACD_HOSTNAME: guacd
      POSTGRES_DATABASE: guacamole_db
      POSTGRES_HOSTNAME: postgres
      POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234
      POSTGRES_USER: guacamole_user
    image: guacamole/guacamole
    links:
      - guacd
    networks:
      guacnetwork_compose: null
    ports:
      - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /.

full log

Starting postgres_guacamole_compose ... done
Starting guacd_compose              ... done
Starting guacamole_compose          ... done
Attaching to guacd_compose, postgres_guacamole_compose, guacamole_compose
guacd_compose | guacd[7]: INFO: Guacamole proxy daemon (guacd) version 1.3.0 started
guacd_compose | guacd[7]: INFO: Listening on host 0.0.0.0, port 4822
postgres_guacamole_compose | The files belonging to this database system will be owned by user "postgres".
postgres_guacamole_compose | This user must also own the server process.
postgres_guacamole_compose |
postgres_guacamole_compose | The database cluster will be initialized with locale "en_US.utf8".
postgres_guacamole_compose | The default database encoding has accordingly been set to "UTF8".
postgres_guacamole_compose | The default text search configuration will be set to "english".
postgres_guacamole_compose |
postgres_guacamole_compose | Data page checksums are disabled.
postgres_guacamole_compose |
postgres_guacamole_compose | fixing permissions on existing directory /var/lib/postgresql/data/guacamole ... ok
postgres_guacamole_compose | creating subdirectories ... ok
postgres_guacamole_compose | selecting default max_connections ... 100
postgres_guacamole_compose | selecting default shared_buffers ... 128MB
postgres_guacamole_compose | selecting dynamic shared memory implementation ... posix
postgres_guacamole_compose | creating configuration files ... ok
guacamole_compose | 13-Jan-2022 13:24:39.211 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:   Apache Tomcat/8.5.73
guacamole_compose | 13-Jan-2022 13:24:39.213 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Nov 11 2021 13:14:36 UTC
guacamole_compose | 13-Jan-2022 13:24:39.213 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 8.5.73.0
guacamole_compose | 13-Jan-2022 13:24:39.214 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:          
     Linux
guacamole_compose | 13-Jan-2022 13:24:39.214 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            5.10.60.1-microsoft-standard-WSL2
guacamole_compose | 13-Jan-2022 13:24:39.214 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
guacamole_compose | 13-Jan-2022 13:24:39.215 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /usr/local/openjdk-8/jre
guacamole_compose | 13-Jan-2022 13:24:39.215 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.8.0_312-b07
guacamole_compose | 13-Jan-2022 13:24:39.216 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Oracle Corporation
guacamole_compose | 13-Jan-2022 13:24:39.216 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /home/guacamole/tomcat
guacamole_compose | 13-Jan-2022 13:24:39.216 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /usr/local/tomcat
guacamole_compose | 13-Jan-2022 13:24:39.218 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/home/guacamole/tomcat/conf/logging.properties
guacamole_compose | 13-Jan-2022 13:24:39.219 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
guacamole_compose | 13-Jan-2022 13:24:39.220 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
guacamole_compose | 13-Jan-2022 13:24:39.220 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
guacamole_compose | 13-Jan-2022 13:24:39.220 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
guacamole_compose | 13-Jan-2022 13:24:39.221 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
guacamole_compose | 13-Jan-2022 13:24:39.221 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/home/guacamole/tomcat
guacamole_compose | 13-Jan-2022 13:24:39.221 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
guacamole_compose | 13-Jan-2022 13:24:39.221 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/home/guacamole/tomcat/temp
guacamole_compose | 13-Jan-2022 13:24:39.221 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.31] using APR version [1.7.0].
guacamole_compose | 13-Jan-2022 13:24:39.222 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [{4}].
guacamole_compose | 13-Jan-2022 13:24:39.222 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
guacamole_compose | 13-Jan-2022 13:24:39.226 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1k  25 Mar 2021]
guacamole_compose | 13-Jan-2022 13:24:39.331 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
guacamole_compose | 13-Jan-2022 13:24:39.347 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
guacamole_compose | 13-Jan-2022 13:24:39.367 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 649 ms
guacamole_compose | 13-Jan-2022 13:24:39.412 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
guacamole_compose | 13-Jan-2022 13:24:39.413 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/8.5.73]
guacamole_compose | 13-Jan-2022 13:24:39.442 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/home/guacamole/tomcat/webapps/guacamole.war]
postgres_guacamole_compose | running bootstrap script ... ok
guacamole_compose | 13-Jan-2022 13:24:40.778 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.  
guacamole_compose | 13:24:41.249 [localhost-startStop-1] INFO  o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/home/guacamole/.guacamole".
guacamole_compose | 13:24:41.391 [localhost-startStop-1] INFO  o.a.g.GuacamoleServletContextListener - Read configuration parameters from "/home/guacamole/.guacamole/guacamole.properties".
guacamole_compose | 13:24:41.456 [localhost-startStop-1] INFO  o.a.g.rest.auth.HashTokenSessionMap - Sessions will expire after 60 minutes of inactivity.
guacamole_compose | 13:24:44.221 [localhost-startStop-1] INFO  o.a.g.extension.ExtensionModule - Extension "PostgreSQL Authentication" (postgresql) loaded.
guacamole_compose | 13:24:44.680 [localhost-startStop-1] INFO  o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support...
postgres_guacamole_compose | performing post-bootstrap initialization ... ok
guacamole_compose | 13-Jan-2022 13:24:46.217 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/home/guacamole/tomcat/webapps/guacamole.war] has finished in [6,774] ms
guacamole_compose | 13-Jan-2022 13:24:46.220 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
guacamole_compose | 13-Jan-2022 13:24:46.229 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 6862 ms    
postgres_guacamole_compose | syncing data to disk ... ok
postgres_guacamole_compose |
postgres_guacamole_compose | Success. You can now start the database server using:
postgres_guacamole_compose |
postgres_guacamole_compose |     pg_ctl -D /var/lib/postgresql/data/guacamole -l logfile start
postgres_guacamole_compose |
postgres_guacamole_compose |
postgres_guacamole_compose | WARNING: enabling "trust" authentication for local connections
postgres_guacamole_compose | You can change this by editing pg_hba.conf or using the option -A, or
postgres_guacamole_compose | --auth-local and --auth-host, the next time you run initdb.
postgres_guacamole_compose | waiting for server to start....LOG:  database system was shut down at 2022-01-13 13:24:45 UTC
postgres_guacamole_compose | LOG:  MultiXact member wraparound protections are now enabled
postgres_guacamole_compose | LOG:  autovacuum launcher started
postgres_guacamole_compose | LOG:  database system is ready to accept connections
postgres_guacamole_compose |  done
postgres_guacamole_compose | server started
postgres_guacamole_compose | CREATE DATABASE
postgres_guacamole_compose |
postgres_guacamole_compose | CREATE ROLE
postgres_guacamole_compose |
postgres_guacamole_compose |
postgres_guacamole_compose | /usr/local/bin/docker-entrypoint.sh: running /docker-entrypoint-initdb.d/initdb.sql
postgres_guacamole_compose | ERROR:  invalid byte sequence for encoding "UTF8": 0xff
postgres_guacamole_compose | psql:/docker-entrypoint-initdb.d/initdb.sql:1: ERROR:  invalid byte sequence for encoding "UTF8": 0xff
postgres_guacamole_compose | LOG:  database system was interrupted; last known up at 2022-01-13 13:24:51 UTC
postgres_guacamole_compose | LOG:  database system was not properly shut down; automatic recovery in progress
postgres_guacamole_compose | LOG:  redo starts at 0/14EEAC0
postgres_guacamole_compose | LOG:  invalid record length at 0/14EEE40: wanted 24, got 0
postgres_guacamole_compose | LOG:  redo done at 0/14EEE18
postgres_guacamole_compose | LOG:  last completed transaction was at log time 2022-01-13 13:24:51.995583+00
postgres_guacamole_compose | LOG:  MultiXact member wraparound protections are now enabled
postgres_guacamole_compose | LOG:  autovacuum launcher started
postgres_guacamole_compose | LOG:  database system is ready to accept connections

when open http://localhost:8080/guacamole/#/

log (relation "guacamole_user" does not exist)

guacamole_compose | 13:27:54.226 [http-nio-8080-exec-6] WARN  o.a.g.e.AuthenticationProviderFacade - The "postgresql" authentication provider has encountered an internal error which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging. If this is expected and you wish to ignore such failures in the future, please set "skip-if-unavailable: postgresql" within your guacamole.properties.
guacamole_compose | 13:27:54.245 [http-nio-8080-exec-6] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:        
guacamole_compose | ### Error querying database.  Cause: org.postgresql.util.PSQLException: ERROR: relation "guacamole_user" does not exist
guacamole_compose |   Position: 543
guacamole_compose | ### The error may exist in org/apache/guacamole/auth/jdbc/user/UserMapper.xml
guacamole_compose | ### The error may involve defaultParameterMap
guacamole_compose | ### The error occurred while setting parameters
guacamole_compose | ### SQL: SELECT             guacamole_user.user_id,             guacamole_entity.entity_id,             guacamole_entity.name,             password_hash,             password_salt,             password_date,             disabled,         
    expired,             access_window_start,             access_window_end,             valid_from,             valid_until,             timezone,             full_name,             email_address,             organization,             organizational_role,             MAX(start_date) AS last_active         FROM guacamole_user         JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id         LEFT JOIN guacamole_user_history ON guacamole_user_history.user_id = guacamole_user.user_id         WHERE             guacamole_entity.name = ?             AND guacamole_entity.type = 'USER'::guacamole_entity_type         
GROUP BY guacamole_user.user_id, guacamole_entity.entity_id;          SELECT             guacamole_user_attribute.user_id,             guacamole_user_attribute.attribute_name,             guacamole_user_attribute.attribute_value         FROM guacamole_user_attribute         JOIN guacamole_user ON guacamole_user.user_id = guacamole_user_attribute.user_id         JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id         WHERE             guacamole_entity.name = ?             AND guacamole_entity.type = 'USER'::guacamole_entity_type
guacamole_compose | ### Cause: org.postgresql.util.PSQLException: ERROR: relation "guacamole_user" does not exist
guacamole_compose |   Position: 543

Developers,

Are there any plans to create a variant of this docker-compose that leverages MySQL instead of PostgreSQL?

Stuart

Hi,

I am getting this error when connecting https://myip

HTTP Status 404 – nicht gefunden

Type Status Report

Message The requested resource [/guacamole/] is not available

Beschreibung The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.
Apache Tomcat/9.0.43

I didn't change the config and nginx is working correctly (I think) because I am being forwarded to tomcat.

Thank you for your help!

I tried to just test this with QuickStart, but the Postgres Container does not start.
docker logs postgres_guacamole_compose
I get following:

mkdir: cannot create directory ‘/var/lib/postgresql/data/guacamole’: Permission denied
mkdir: cannot create directory ‘/var/lib/postgresql/data/guacamole’: Permission denied
mkdir: cannot create directory ‘/var/lib/postgresql/data/guacamole’: Permission denied
mkdir: cannot create directory ‘/var/lib/postgresql/data/guacamole’: Permission denied
mkdir: cannot create directory ‘/var/lib/postgresql/data/guacamole’: Permission denied
mkdir: cannot create directory ‘/var/lib/postgresql/data/guacamole’: Permission denied
mkdir: cannot create directory ‘/var/lib/postgresql/data/guacamole’: Permission denied
mkdir: cannot create directory ‘/var/lib/postgresql/data/guacamole’: Permission denied
mkdir: cannot create directory ‘/var/lib/postgresql/data/guacamole’: Permission denied
mkdir: cannot create directory ‘/var/lib/postgresql/data/guacamole’: Permission denied
mkdir: cannot create directory ‘/var/lib/postgresql/data/guacamole’: Permission denied

everything is running as root, what can I do about it ;)

Hello,

I'm opening this issue to bring to light a problem I had. May be that I'm new to SELinux policies...but err, anyways.

On CentOS7 and CentOS8, while using the base security policy (SELinux), the docker containers for NGinx and Postgress consistently restart and do not ever launch fully.

nginx_guacamole_compose Logs:

2022-04-20T02:25:44.545918000Z 2022/04/20 02:25:44 [emerg] 1#1: open() "/etc/nginx/nginx.conf" failed (13: Permission denied)
2022-04-20T02:25:44.546611000Z nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (13: Permission denied)

postgres_guacamole_compose Logs:

2022-04-20T02:38:25.453551000Z mkdir: cannot create directory ‘/var/lib/postgresql/data/guacamole’: Permission denied
2022-04-20T02:38:26.942927000Z mkdir: cannot create directory ‘/var/lib/postgresql/data/guacamole’: Permission denied

/var/log/audit/audit.log Logs:

type=AVC msg=audit(1650422854.189:2327): avc: denied { read } for pid=24165 comm="nginx" name="nginx.conf" dev="dm-0" ino=68409794 scontext=system_u:system_r:container_t:s0:c88,c837 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
type=AVC msg=audit(1650422854.189:2327): avc: denied { open } for pid=24165 comm="nginx" path="/etc/nginx/nginx.conf" dev="dm-0" ino=68409794 scontext=system_u:system_r:container_t:s0:c88,c837 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
type=AVC msg=audit(1650422855.281:2334): avc: denied { read } for pid=24270 comm="psql" name="initdb.sql" dev="dm-0" ino=33898998 scontext=system_u:system_r:container_t:s0:c42,c397 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
type=AVC msg=audit(1650422855.281:2334): avc: denied { open } for pid=24270 comm="psql" path="/docker-entrypoint-initdb.d/initdb.sql" dev="dm-0" ino=33898998 scontext=system_u:system_r:container_t:s0:c42,c397 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
type=AVC msg=audit(1650422887.887:2484): avc: denied { read } for pid=25303 comm="nginx" name="nginx.conf" dev="dm-0" ino=68409794 scontext=system_u:system_r:container_t:s0:c88,c837 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
type=AVC msg=audit(1650422887.887:2484): avc: denied { open } for pid=25303 comm="nginx" path="/etc/nginx/nginx.conf" dev="dm-0" ino=68409794 scontext=system_u:system_r:container_t:s0:c88,c837 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
type=AVC msg=audit(1650422889.085:2489): avc: denied { read } for pid=24618 comm="postgres" name="global.stat" dev="dm-0" ino=100880705 scontext=system_u:system_r:container_t:s0:c42,c397 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=1

Solution:
AVC denial messages indicates container_t is not a permissive domain, therefore is not possible to write (13: Permission denied). In order to resolve this issue, add container_t in the SELinux.

1. semanage permissive -a container_t
2. semodule -l | grep permissive
   Output:
   permissive_container_t (null)
   permissivedomains (null)

After doing so, killing the docker containers (docker-compose down)
Reset data: ./reset.sh
prep SSL certs for Nginx: ./prepare.sh
Then bring the containers back up: docker-compose up -d

Worked like a charm, but took some digging. Thanks for the phenomenal work!

According to https://guacamole.apache.org/doc/gug/guacamole-docker.html#custom-extensions-and-guacamole-home you are able to install and use guacamole extensions.

Could you provide a standard way within your docker-compose to install extensions?
A default directory to mount and a GUACAMOLE_HOME environment variable to point to it?

Just to be safe for any updates.

Thanks,
Birger

Hi,
I experience issue with VNC connection from guacd_compose.

I can manually connect to VNC server from within guacd_compose container, but I see the errors in logs:

Steps to reproduce:

1. Start selenium browser

docker run -d -p 4444:4444 -p 5910:5900 --shm-size="2g" selenium/standalone-firefox:latest

2. Setup connection in Guacamole
3. Try to connect from Guacamole (default password is: secret)

Investigation:

$ docker exec -ti -u0 guacd_compose nc 10.144.107.99 5910
RFB 003.008
^C$ 

Logs:

guacd[1]: INFO: Connection "$3e281595-953d-4586-9e2b-d4b97dace24a" removed.
guacd[1]: INFO: Creating new client for protocol "vnc"
guacd[1]: INFO: Connection ID is "$10f8c948-cd3d-4550-8f37-ad39d3d2a946"
guacd[1451]: INFO:      Cursor rendering: local
guacd[1451]: INFO:      User "@56aafbd5-f035-4791-adf8-e23280170878" joined connection "$10f8c948-cd3d-4550-8f37-ad39d3d2a946" (1 users now present)
guacd[1451]: ERROR:     Unable to connect to VNC server.
guacd[1451]: INFO:      User "@56aafbd5-f035-4791-adf8-e23280170878" disconnected (0 users remain)
guacd[1451]: INFO:      Last user of connection "$10f8c948-cd3d-4550-8f37-ad39d3d2a946" disconnected
guacd[1]: INFO: Connection "$10f8c948-cd3d-4550-8f37-ad39d3d2a946" removed.

I use Ubuntu 22.04 with standard docker-ce network configuration.

Regards,
Grzegorz