Docker快速部署Apache Guacamole

Docker快速部署Apache Guacamole ,实现远程访问

git clone "https://github.com/boschkundendienst/guacamole-docker-compose.git"
cd guacamole-docker-compose
./prepare.sh
docker-compose up -d

https://IP地址:8443/
用户名:guacadmin
密码:guacadmin

docker exec -it -u 0 guacamole_compose /bin/bash  
/home/guacamole/tomcat/webapps/guacamole/translations/en.json  #登陆页面文件
/home/guacamole/tomcat/webapps/guacamole/images  #图像文件，包括logo等

云Docker部署Guacamole经frp中转远程连接Windows
docker启动guacamole

使用Docker安装Guacamole远程网关并配置录像回放

# 创建docker主目录和配置目录
mkdir -p /opt/docker /etc/docker
# 创建docker配置文件
tee /etc/docker/daemon.json <<-'END'
{
    "data-root": "/opt/docker",
    "log-driver": "json-file",
    "log-opts": {
        "max-size": "800m",
        "max-file": "50"
    },
    "registry-mirrors": [
        "https://hub-mirror.c.163.com"
    ]
}
END
# 添加阿里docker镜像源
dnf config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装docker docker-compose-plugin
dnf install docker-ce docker-ce
# 启动docker并设置开机自动启动
systemctl enable --now docker
# 查看docker docker-compose版本
docker -v
docker compose version
# 拉取mysql数据库
docker pull mysql:8.0.33-debian
# 拉取guacamole 核心
docker pull guacamole/guacd:1.5.1
# 拉取guacamole Web客户端
docker pull guacamole/guacamole:1.5.1
# 创建程序主目录
mkdir -p /opt/guacamole
# 创建插件目录
mkdir -p /opt/guacamole/extensions
# 创建录像目录
mkdir -p /opt/guacamole/recordings
# 创建数据库初始化脚本目录
mkdir -p /opt/guacamole/initdb.d
# 下载快速链接插件
curl -O https://archive.apache.org/dist/guacamole/1.5.1/binary/guacamole-auth-quickconnect-1.5.1.tar.gz
# 下载录像存储插件
curl -O https://archive.apache.org/dist/guacamole/1.5.1/binary/guacamole-history-recording-storage-1.5.1.tar.gz
# 解压插件
tar -zxvf guacamole-auth-quickconnect-1.5.1.tar.gz
tar -zxvf guacamole-history-recording-storage-1.5.1.tar.gz
# 移动插件至插件目录
mv guacamole-auth-quickconnect-1.5.1/guacamole-auth-quickconnect-1.5.1.jar /opt/guacamole/extensions/
mv guacamole-history-recording-storage-1.5.1/guacamole-history-recording-storage-1.5.1.jar /opt/guacamole/extensions/
# 配置插件目录所有者 1001为guacamole容器内的guacamole用户UID和GID
chown -R 1001.1001 /opt/guacamole/extensions
# 配置插件目录权限
chmod -R 644 /opt/guacamole/extensions
# 配置录像目录所有者
# 1000为guacd容器内的guacd用户UID
# 1001为guacamole容器内的guacamole用户组GID
chown 1000.1001 /opt/guacamole/recordings
# 配置插件目录权限
chmod 2750 /opt/guacamole/recordings
# 运行guacamole容器生成数据库初始化脚本
docker run --rm guacamole/guacamole:1.5.1 /opt/guacamole/bin/initdb.sh --mysql > /opt/guacamole/initdb.d/initdb.sql
# 创建docker-compose.yml容器编排配置文件
vi /opt/guacamole/docker-compose.yml
services:
  guacamole-mysql:
      image: mysql:8.0.33-debian
      container_name: guacamole-mysql
      volumes:
        - /etc/localtime:/etc/localtime:ro
        # 数据库数据绑定至guacamole-mysql-data卷
        - guacamole-mysql-data:/var/lib/mysql
        # 数据库初始化脚本
        - /opt/guacamole/initdb.d/initdb.sql:/docker-entrypoint-initdb.d/initdb.sql
      command:
        - "--character-set-server=utf8"
        - "--collation-server=utf8_bin"
      restart: always
      environment:
        # 数据库root密码
        - MYSQL_ROOT_PASSWORD=2477bb2991dd472094d118ad9bafa0ce
        # 数据库名
        - MYSQL_DATABASE=guacamole
        # 数据库用户
        - MYSQL_USER=guacamole
        # 数据库密码
        - MYSQL_PASSWORD=fea78183e72c4e7798e1d803e2d36109
      expose:
        - "3306"
      networks:
        guacamole_network:

  guacamole-guacd:
    image: guacamole/guacd:1.5.1
    container_name: guacamole-guacd
    volumes:
      - /etc/localtime:/etc/localtime:ro
      # 录像目录
      - /opt/guacamole/recordings:/var/lib/guacamole/recordings
    restart: always
    expose:
        - "4822"
    networks:
      guacamole_network:

  guacamole-web:
    image: guacamole/guacamole:1.5.1
    container_name: guacamole-web
    volumes:
      - /etc/localtime:/etc/localtime:ro
      # 录像目录
      - /opt/guacamole/recordings:/var/lib/guacamole/recordings
      # 插件目录
      - /opt/guacamole/extensions:/etc/guacamole/extensions
    restart: always
    environment:
      # guacd主机名
      - GUACD_HOSTNAME=guacamole-guacd
      # guacd端口
      - GUACD_PORT=4822
      # 首选认证方式
      - EXTENSION_PRIORITY=mysql
      # 数据库主机名
      - MYSQL_HOSTNAME=guacamole-mysql
      # 数据库端口
      - MYSQL_PORT=3306
      # 数据库名
      - MYSQL_DATABASE=guacamole
      # 数据库用户
      - MYSQL_USER=guacamole
      # 数据库密码
      - MYSQL_PASSWORD=fea78183e72c4e7798e1d803e2d36109
      # guacamole主目录(插件、库、配置等)
      - GUACAMOLE_HOME=/etc/guacamole
      # 会话超时时间 单位: 分钟
      - API_SESSION_TIMEOUT=60
    ports:
      - "80:8080"
    networks:
      guacamole_network:


networks:
  guacamole_network:
    name: "guacamole_network"
    driver: bridge
    ipam:
      config:
        - subnet: 172.31.125.0/24
          gateway: 172.31.125.1


volumes:
  # 数据库数据卷
  guacamole-mysql-data:
    name: "guacamole-mysql-data"
# 进入目录
cd /opt/guacamole
# 启动容器
docker compose up -d

LDAP/AD 身份验证

wget https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-auth-ldap-1.4.0.tar.gz
tar xvzf guacamole-auth-ldap-1.4.0.tar.gz
cd guacamole-auth-ldap-1.4.0/
cp guacamole-auth-ldap-1.4.0.jar /etc/guacamole/extensions/

# 在活动目录中新建名为guacadmin的用户
# 在活动目录中新建名为Group_Guacamole_Users的用户组，将guacadmin加入到Group_Guacamole_Users组中，只该用户组中的用户可以登录guacamole

vim /etc/guacamole/guacamole.properties

#LDAP Properties
ldap-hostname: x.x.x.x
ldap-port: 389
ldap-encryption-method: none
ldap-user-base-dn:DC=domain,DC=local
ldap-search-bind-dn:CN=guacadmin,OU=ou,DC=doman,DC=local
ldap-search-bind-password: Password
ldap-username-attribute: sAMAccountName
ldap-user-search-filter: (memberOf=CN= Group_Guacamole_Users,OU=ou,DC=domain,DC=local)

systemctl restart guacd
systemctl restart tomcat