Docker快速部署Apache Guacamole
Docker快速部署Apache Guacamole ,实现远程访问
git clone "https://github.com/boschkundendienst/guacamole-docker-compose.git"
cd guacamole-docker-compose
./prepare.sh
docker-compose up -d
https://IP地址:8443/
用户名:guacadmin
密码:guacadmin
docker exec -it -u 0 guacamole_compose /bin/bash
/home/guacamole/tomcat/webapps/guacamole/translations/en.json #登陆页面文件
/home/guacamole/tomcat/webapps/guacamole/images #图像文件,包括logo等
云Docker部署Guacamole经frp中转远程连接Windows
docker启动guacamole
使用Docker安装Guacamole远程网关并配置录像回放
# 创建docker主目录和配置目录
mkdir -p /opt/docker /etc/docker
# 创建docker配置文件
tee /etc/docker/daemon.json <<-'END'
{
"data-root": "/opt/docker",
"log-driver": "json-file",
"log-opts": {
"max-size": "800m",
"max-file": "50"
},
"registry-mirrors": [
"https://hub-mirror.c.163.com"
]
}
END
# 添加阿里docker镜像源
dnf config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装docker docker-compose-plugin
dnf install docker-ce docker-ce
# 启动docker并设置开机自动启动
systemctl enable --now docker
# 查看docker docker-compose版本
docker -v
docker compose version
# 拉取mysql数据库
docker pull mysql:8.0.33-debian
# 拉取guacamole 核心
docker pull guacamole/guacd:1.5.1
# 拉取guacamole Web客户端
docker pull guacamole/guacamole:1.5.1
# 创建程序主目录
mkdir -p /opt/guacamole
# 创建插件目录
mkdir -p /opt/guacamole/extensions
# 创建录像目录
mkdir -p /opt/guacamole/recordings
# 创建数据库初始化脚本目录
mkdir -p /opt/guacamole/initdb.d
# 下载快速链接插件
curl -O https://archive.apache.org/dist/guacamole/1.5.1/binary/guacamole-auth-quickconnect-1.5.1.tar.gz
# 下载录像存储插件
curl -O https://archive.apache.org/dist/guacamole/1.5.1/binary/guacamole-history-recording-storage-1.5.1.tar.gz
# 解压插件
tar -zxvf guacamole-auth-quickconnect-1.5.1.tar.gz
tar -zxvf guacamole-history-recording-storage-1.5.1.tar.gz
# 移动插件至插件目录
mv guacamole-auth-quickconnect-1.5.1/guacamole-auth-quickconnect-1.5.1.jar /opt/guacamole/extensions/
mv guacamole-history-recording-storage-1.5.1/guacamole-history-recording-storage-1.5.1.jar /opt/guacamole/extensions/
# 配置插件目录所有者 1001为guacamole容器内的guacamole用户UID和GID
chown -R 1001.1001 /opt/guacamole/extensions
# 配置插件目录权限
chmod -R 644 /opt/guacamole/extensions
# 配置录像目录所有者
# 1000为guacd容器内的guacd用户UID
# 1001为guacamole容器内的guacamole用户组GID
chown 1000.1001 /opt/guacamole/recordings
# 配置插件目录权限
chmod 2750 /opt/guacamole/recordings
# 运行guacamole容器生成数据库初始化脚本
docker run --rm guacamole/guacamole:1.5.1 /opt/guacamole/bin/initdb.sh --mysql > /opt/guacamole/initdb.d/initdb.sql
# 创建docker-compose.yml容器编排配置文件
vi /opt/guacamole/docker-compose.yml
services:
guacamole-mysql:
image: mysql:8.0.33-debian
container_name: guacamole-mysql
volumes:
- /etc/localtime:/etc/localtime:ro
# 数据库数据绑定至guacamole-mysql-data卷
- guacamole-mysql-data:/var/lib/mysql
# 数据库初始化脚本
- /opt/guacamole/initdb.d/initdb.sql:/docker-entrypoint-initdb.d/initdb.sql
command:
- "--character-set-server=utf8"
- "--collation-server=utf8_bin"
restart: always
environment:
# 数据库root密码
- MYSQL_ROOT_PASSWORD=2477bb2991dd472094d118ad9bafa0ce
# 数据库名
- MYSQL_DATABASE=guacamole
# 数据库用户
- MYSQL_USER=guacamole
# 数据库密码
- MYSQL_PASSWORD=fea78183e72c4e7798e1d803e2d36109
expose:
- "3306"
networks:
guacamole_network:
guacamole-guacd:
image: guacamole/guacd:1.5.1
container_name: guacamole-guacd
volumes:
- /etc/localtime:/etc/localtime:ro
# 录像目录
- /opt/guacamole/recordings:/var/lib/guacamole/recordings
restart: always
expose:
- "4822"
networks:
guacamole_network:
guacamole-web:
image: guacamole/guacamole:1.5.1
container_name: guacamole-web
volumes:
- /etc/localtime:/etc/localtime:ro
# 录像目录
- /opt/guacamole/recordings:/var/lib/guacamole/recordings
# 插件目录
- /opt/guacamole/extensions:/etc/guacamole/extensions
restart: always
environment:
# guacd主机名
- GUACD_HOSTNAME=guacamole-guacd
# guacd端口
- GUACD_PORT=4822
# 首选认证方式
- EXTENSION_PRIORITY=mysql
# 数据库主机名
- MYSQL_HOSTNAME=guacamole-mysql
# 数据库端口
- MYSQL_PORT=3306
# 数据库名
- MYSQL_DATABASE=guacamole
# 数据库用户
- MYSQL_USER=guacamole
# 数据库密码
- MYSQL_PASSWORD=fea78183e72c4e7798e1d803e2d36109
# guacamole主目录(插件、库、配置等)
- GUACAMOLE_HOME=/etc/guacamole
# 会话超时时间 单位: 分钟
- API_SESSION_TIMEOUT=60
ports:
- "80:8080"
networks:
guacamole_network:
networks:
guacamole_network:
name: "guacamole_network"
driver: bridge
ipam:
config:
- subnet: 172.31.125.0/24
gateway: 172.31.125.1
volumes:
# 数据库数据卷
guacamole-mysql-data:
name: "guacamole-mysql-data"
# 进入目录
cd /opt/guacamole
# 启动容器
docker compose up -d
LDAP/AD 身份验证
wget https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-auth-ldap-1.4.0.tar.gz
tar xvzf guacamole-auth-ldap-1.4.0.tar.gz
cd guacamole-auth-ldap-1.4.0/
cp guacamole-auth-ldap-1.4.0.jar /etc/guacamole/extensions/
# 在活动目录中新建名为guacadmin的用户
# 在活动目录中新建名为Group_Guacamole_Users的用户组,将guacadmin加入到Group_Guacamole_Users组中,只该用户组中的用户可以登录guacamole
vim /etc/guacamole/guacamole.properties
#LDAP Properties
ldap-hostname: x.x.x.x
ldap-port: 389
ldap-encryption-method: none
ldap-user-base-dn:DC=domain,DC=local
ldap-search-bind-dn:CN=guacadmin,OU=ou,DC=doman,DC=local
ldap-search-bind-password: Password
ldap-username-attribute: sAMAccountName
ldap-user-search-filter: (memberOf=CN= Group_Guacamole_Users,OU=ou,DC=domain,DC=local)
systemctl restart guacd
systemctl restart tomcat