Ideas - Guacamole integration | PlexGuide.com

Ideas Guacamole integration

  • Stop using Chrome! Download the Brave Browser via >>> [Brave.com]
    It's a forked version of Chrome with native ad-blockers and Google's spyware stripped out! Download for Mac, Windows, Android, and Linux!
Welcome to the PlexGuide.com
Serving the Community since 2016!
Register Now

navy2x

Active
Original poster
Donor
May 5, 2018
36
8
Hey Admin! Not that you have a bunch of free time or anything, but any progress on Guacamole integration? I have it running in docker pretty smoothly. I added the traefik labels to get reverse proxy working and its been great. Here is my docker-compose file: https://pastebin.com/RFeQcVtx (*Updated to fix bugs*)

Steps to get this working for you (or anyone else interested before full integration with plexguide):
1. Make sure you have docker-compose installed.
2. Download the docker-compose.yml file and save it in your home directory in a new folder called guacamole.
3. Change the traefik label domains to your domain in the docker-compose.yml file.
4. (Optional) Change the POSTGRES_PASSWORD to anything you want. Make sure to change it in two locations if you do, once in the postgres container and once in the guacamole container.
5. (New instruction) Change the traefik.frontend.rule to properly reflect your domain. Change the "mydomain.com" to your domain. Do it for both guacamole.mydomain.com and guac.mydomain.com.
6. Go to your server command line and change folders into your ~/guacamole folder.
7. Run this:
Code:
sudo docker-compose up init-guac-db
It downloads a file that will automatically initialize the guacamole postgres database on the first run (a very annoying thing to do manually otherwise)
8. Run
Code:
sudo docker-compose up -d
9. You should now have 4 new containers in Portainer: guacamole, guacd, postgres, init-guac-db (this one will be stopped, it is only run once to set up the db)
10. Manually go into each running guacamole container ( guacamole, guacd, postgres) and add them to the "plexguide" network. (I couldn't figure out how to have both bridge and plexguide networks get auto created in the compose file so I did this manually).
11. Go to https://localip:8585/guacamole and it should work. I'm using port 8585 to avoid conflicts with other common apps in Plexguide (namely Traefik if the frontend is enabled).
12. Go to https://guac.yourdomain.com and it should work (traefik AddPrefix rule will internally redirect your connection to https://guac.yourdomain.com/guacamole)
13. Default user and password are both `guacadmin`
14. Create a new user with admin rights.
15. Now you can create a connection, but, DO NOT CREATE a connection without FIRST creating a FOLDER! Otherwise you will be auto connected to your first connection every time you login to guacamole. Its dumb, but make a folder first, and put the connection in that folder.
16. You can add any SSH, RDP or VNC connection.
17. Enjoy! Now you have remote access to your Windows and command line machine from any HTML5 browser!

To get RDP working properly with Windows 10, you need to do a few things. Search in the start menu for "Remote desktop settings" and on the next screen make sure Remote Desktop is Enabled. On this screen click "Advanced settings" and disable "Require computers to use Network Level Authentication to connect."

One more thing needed on Windows 10. Change the following registry key from 2 to 1. Type "regedt32" in the start menu to get started.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
“SecurityLayer”=dword:00000001​


Create a new connection (UNDER A FOLDER) in guacamole. Change the protocol to RDP, then in the Hostname enter the IP address of the Windows 10 computer. After that guacamole should properly to connect!

Guacamole Documentation Link

Edit: Clarification
 
Last edited:

Admin9705

Administrator
Project Manager
Donor
Jan 17, 2018
5,156
2,112
Sounds great! I’ll make it a weekend project
 

navy2x

Active
Original poster
Donor
May 5, 2018
36
8
I have no idea how to convert this to ansible or if it's even possible. Would be really cool though!
 
  • Like
Reactions: 1 user

Admin9705

Administrator
Project Manager
Donor
Jan 17, 2018
5,156
2,112
can make it happen, u started with a good baseline
 

navy2x

Active
Original poster
Donor
May 5, 2018
36
8
Does Guacamole have any use on a headless (command-line only) server?
Yes it does! Say you have multiple headless VMs, you can have guacamole remote connect you to any of them from any HTML5 browser, pretty cool. See screenshots.


B1D5BDD2-8E19-4386-9875-28CC4D668125.png9BDCB92F-1A74-4829-BF58-AB6D925FD828.pngCE7D258B-372E-49B4-818F-B7D6771126C1.jpeg
 

clinch123

The Newb
Apr 7, 2018
63
30
Great process! Just had three issues that I came across.

First was of no consequence, had to change Version '3' to Version '2'

Second one was for the DB password, you mention you can change it in step 4. I changed it and received errors indicating that the creds were bad. I know it is due to step 4 because I refreshed from a snapshot and did not change and it booted right up. Was there a second password I had to change?

Lastly, I seem to be able to browse locally but remote receive a 404, Ill wait a little bit to make sure but wanted to know if you had any suggestions.
 

navy2x

Active
Original poster
Donor
May 5, 2018
36
8
Great process! Just had three issues that I came across.

First was of no consequence, had to change Version '3' to Version '2'

Second one was for the DB password, you mention you can change it in step 4. I changed it and received errors indicating that the creds were bad. I know it is due to step 4 because I refreshed from a snapshot and did not change and it booted right up. Was there a second password I had to change?

Lastly, I seem to be able to browse locally but remote receive a 404, Ill wait a little bit to make sure but wanted to know if you had any suggestions.
Thanks! Glad you got it working (at least somewhat).

1. I'm not sure why, maybe due to the version of docker-compose you have installed?

2. The POSTGRES_PASSWORD is in the compose file twice. Once in the postgres container and once in the guacamole container. Did you change it in both places?

3. If http://localIP:8585 works then does http://externalIP:8585 work? You will have to forward that port to your internal IP for this test. Docker then forwards 8585 to 8080 internally which is the default port that the Tomcat instance uses in the guacamole container. If you get that working then its probably something wrong with Traefik. Go to the traefik dashboard and see if it is seeing your guac.domain.com label. You will likely have to enable the dashboard in the "/opt/plexguide/ansible/roles/traefik2/templates/traefik.toml" file.

What version of traefik are you using? It must be V2.
 
Last edited:

clinch123

The Newb
Apr 7, 2018
63
30
1. I'm not sure why, maybe due to the version of docker-compose you have installed?

2. The POSTGRES_PASSWORD is in the compose file twice. Once in the postgres container and once in the guacamole container. Did you change it in both places?

3. If http://localIP:8585 works then does http://externalIP:8585 work? You will have to forward that port to your internal IP. Docker then forwards 8585 to 8080 internally which is the default port that the Tomcat instance uses in the guacamole container. If you get that working then its probably something wrong with Traefik. Go to the traefik dashboard and see if it is seeing your guac.domain.com label. You will likely have to enable the dashboard in the "/opt/plexguide/ansible/roles/traefik2/templates/traefik.toml" file.

What version of traefik are you using? It must be V2.
Yeah, im using v2 for traefik.

1 - Yes i believe "sudo apt-get install docker-compose is installing v2 for some reason looking into it"

2 - No i did not. I will look into that and let you know. (Maybe Edit the original post to call that out to avoid confusion until it is scripted)

3 - Your post reminded me to look at the logs for Traefik itself. It looks to be due to the compose file lines below. Maybe due to using V2 instead of V3, Im hoping once I figure out the first issue this will resolve.


('domain' is a placeholder while posting online)
time="2018-06-14T11:40:58-05:00" level=error msg="Error creating route for frontend frontend-Host-guacamole-domain-net-guac-domain-net-AddPrefix-guacamole-1: error parsing rule: error parsing rule: ' guac.domain.net'. Unknown function: ' guac.domain.net'",

time="2018-06-14T11:40:58-05:00" level=error msg="Skipping frontend frontend-Host-guacamole-domain-net-guac-domain-net-AddPrefix-guacamole-1..."
 

navy2x

Active
Original poster
Donor
May 5, 2018
36
8
Woups, my bad. I didn't have an instruction to actually change your domain name haha. I edited my post, changed #4 and #5.

4. (Optional) Change the POSTGRES_PASSWORD to anything you want. Make sure to change it in two locations if you do, once in the postgres container and once in the guacamole container.
5. (New instruction) Change the traefik.frontend.rule in the guacamole container to properly reflect your domain. Change the "mydomain.com" part to your domain. Do it for both guacamole.mydomain.com and guac.mydomain.com.

---- Automatically Merged Double Post ----

FYI, if you use this tutorial (linked in #1 of my post) you should get the latest version of docker-compose.

https://www.digitalocean.com/community/tutorials/how-to-install-docker-compose-on-ubuntu-16-04
 
Last edited:
  • Like
Reactions: 1 user

clinch123

The Newb
Apr 7, 2018
63
30
Update:

Issue 1 was solved by reverting to previous snapshot and using this process to ensure Docker-Compose can use Version 3 (It seems it also requires Docker 18, dont know which iteration updated that)

https://docs.docker.com/compose/install/

Issue 2 was solved by ensuring that both passwords were changed instead of just one


Issue 3 is still being stubborn. It still doesnt like this part of the docker-compose.yml. It seems to be reading the space as part of the string, for now I simplified it to one domain and used a CNAME entry instead. It is getting through now but receiving bad gateway. Uggh, why do I enjoy computers when I hate their guts...

labels:
traefik.enable: "true"
traefik.frontend.redirect.entryPoint: "https"
traefik.frontend.rule: "Host:guacamole.mydomain.com; guac.mydomain.com; AddPrefix: /guacamole"
traefik.port: "8585"
network_mode: bridge
 
Last edited:

navy2x

Active
Original poster
Donor
May 5, 2018
36
8
try changing the label traefik.port to 8080. I think I posted my old docker-compose file. I'm currently using 8080 and not 8585.
 

clinch123

The Newb
Apr 7, 2018
63
30
try changing the label traefik.port to 8080. I think I posted my old docker-compose file. I'm currently using 8080 and not 8585.
That did the trick! Its so pretty... Thanks for the help!

I think for this to be very long term though we will have to find a way to move the port from 8080 as that is a very common port.
 
Last edited:

navy2x

Active
Original poster
Donor
May 5, 2018
36
8
Sweet! Thanks for helping correct my mistakes. Hopefully it helps others.

Yes it is a common port, but we are using 8585 externally. Only the container and internal traefik processes see 8080, so I think its fine. I'll update my docker-compose to 8080.
 

clinch123

The Newb
Apr 7, 2018
63
30
Navy, I glanced at my config again and noticed I was using 8080:8080 for the port mapping. I tried changing it to 8585:8080 and received the dreaded blank page again. (Traefik was set to 8080). Could you glance at your config and see what you have for Port Mapping and the Traefik Port? Since I can get it on 8080 is suspect the port mapping is a little off.
 

navy2x

Active
Original poster
Donor
May 5, 2018
36
8
My port mapping for the guacamole container is 8585:8080. My traefik.port label is 8080.

Does it still work locally? Try changing it back to 8585? What do the guacamole container logs say?

8080 should work regardless. Maybe also try clearing your cache? Or re-run the docker-compose up -d command?

Or you know what, just keep it at 8080:8080, unless you have another program that needs 8080 it should be fine.
 

clinch123

The Newb
Apr 7, 2018
63
30
Okay, ill try playing around with it. Thanks for the guidance. I do need it off 8080 eventually as I am hoping to get Nagios and Unifi Controller eventually setup. I guess ill have to play with it till the thing decides to work lol. Thanks again
 

macfreaker

Experienced+
Jul 16, 2018
145
59
Will this be implemented? Looks really nice because lot of ports and also 22 are blocked on my office pc.
 

Admin9705

Administrator
Project Manager
Donor
Jan 17, 2018
5,156
2,112
i don't have the time to do it :D anyone can push if they want
 

Recommend NewsGroups

      Up To a 58% Discount!

Trending