155 lines
6.4 KiB
YAML
155 lines
6.4 KiB
YAML
####################################################################################
|
|
# docker-compose file for Apache Guacamole
|
|
# created by PCFreak 2017-06-28
|
|
#
|
|
# Apache Guacamole is a clientless remote desktop gateway. It supports standard
|
|
# protocols like VNC, RDP, and SSH. We call it clientless because no plugins or
|
|
# client software are required. Thanks to HTML5, once Guacamole is installed on
|
|
# a server, all you need to access your desktops is a web browser.
|
|
####################################################################################
|
|
#
|
|
# What does this file do?
|
|
#
|
|
# Using docker-compose it will:
|
|
#
|
|
# - create a network 'guacnetwork_compose' with the 'bridge' driver.
|
|
# - create a service 'guacd_compose' from 'guacamole/guacd' connected to 'guacnetwork_compose'
|
|
# - create a service 'postgres_guacamole_compose' (1) from 'postgres' connected to 'guacnetwork_compose'
|
|
# - create a service 'guacamole_compose' (2) from 'guacamole/guacamole/' conn. to 'guacnetwork_compose'
|
|
# - create a service 'nginx_guacamole_compose' (3) from 'nginx' connected to 'guacnetwork_compose'
|
|
#
|
|
# (1)
|
|
# DB-Init script is in './init/initdb.sql' it has been created executing
|
|
# 'docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > ./init/initdb.sql'
|
|
# once.
|
|
# DATA-DIR is in './data'
|
|
# If you want to change the DB password change all lines with 'POSTGRES_PASSWORD:' and
|
|
# change it to your needs before first start.
|
|
# To start from scratch delete './data' dir completely
|
|
# './data' will hold all data after first start!
|
|
# The initdb.d scripts are only executed the first time the container is started
|
|
# (and the database files are empty). If the database files already exist then the initdb.d
|
|
# scripts are ignored (e.g. when you mount a local directory or when docker-compose saves
|
|
# the volume and reuses it for the new container).
|
|
#
|
|
# !!!!! MAKE SURE your folder './init' is executable (chmod +x ./init)
|
|
# !!!!! or 'initdb.sql' will be ignored!
|
|
#
|
|
# './data' will hold all data after first start!
|
|
#
|
|
# (2)
|
|
# Make sure you use the same value for 'POSTGRES_USER' and 'POSTGRES_PASSWORD'
|
|
# as configured under (1)
|
|
#
|
|
# (3)
|
|
# ./nginx/templates folder will be mapped read-only into the container at /etc/nginx/templates
|
|
# and according to the official nginx container docs the guacamole.conf.template will be
|
|
# placed in /etc/nginx/conf.d/guacamole.conf after container startup.
|
|
# ./nginx/ssl will be mapped into the container at /etc/nginx/ssl
|
|
# prepare.sh creates a a self-signed certificate. If you want to use your own certs
|
|
# just remove the part that generates the certs from prepare.sh and replace
|
|
# 'self-ssl.key' and 'self.cert' with your certificate.
|
|
# nginx will export port 8443 to the outside world, make sure that this port is reachable
|
|
# on your system from the "outside world". All other traffic is only internal.
|
|
#
|
|
# You could remove the entire 'nginx' service from this file if you want to use your own
|
|
# reverse proxy in front of guacamole. If doing so, make sure you change the line
|
|
# from - 8080/tcp
|
|
# to - 8080:8080/tcp
|
|
# within the 'guacamole' service. This will expose the guacamole webinterface directly
|
|
# on port 8080 and you can use it for your own purposes.
|
|
# Note: Guacamole is available on :8080/guacamole, not /.
|
|
#
|
|
# !!!!! FOR INITAL SETUP (after git clone) run ./prepare.sh once
|
|
#
|
|
# !!!!! FOR A FULL RESET (WILL ERASE YOUR DATABASE, YOUR FILES, YOUR RECORDS AND CERTS) DO A
|
|
# !!!!! ./reset.sh
|
|
#
|
|
#
|
|
# The initial login to the guacamole webinterface is:
|
|
#
|
|
# Username: guacadmin
|
|
# Password: guacadmin
|
|
#
|
|
# Make sure you change it immediately!
|
|
#
|
|
# version date comment
|
|
# 0.1 2017-06-28 initial release
|
|
# 0.2 2017-10-09 minor fixes + internal GIT push
|
|
# 0.3 2017-10-09 minor fixes + public GIT push
|
|
# 0.4 2019-08-14 creating of ssl certs now in prepare.sh
|
|
# simplified nginx startup commands
|
|
# 0.5 2023-02-24 nginx now uses a template + some minor changes
|
|
# 0.6 2023-03-23 switched to postgres 15.2-alpine
|
|
# 0.61 2024-07-27 fix networks + version 3.0
|
|
# 0.62 2024-07-27 fix
|
|
#####################################################################################
|
|
# networks
|
|
# create a network 'guacnetwork_compose' in mode 'bridged'
|
|
networks:
|
|
guacnetwork_compose:
|
|
driver: bridge
|
|
|
|
# services
|
|
services:
|
|
# guacd
|
|
guacd:
|
|
container_name: guacd_compose
|
|
image: guacamole/guacd
|
|
networks:
|
|
- guacnetwork_compose
|
|
restart: always
|
|
volumes:
|
|
- /home/soenke/docker-data/guacamole-docker-compose/drive:/drive:rw
|
|
- /home/soenke/docker-data/guacamole-docker-compose/record:/record:rw
|
|
# postgres
|
|
postgres:
|
|
container_name: postgres_guacamole_compose
|
|
environment:
|
|
PGDATA: /var/lib/postgresql/data/guacamole
|
|
POSTGRES_DB: guacamole_db
|
|
POSTGRES_PASSWORD: 'ChooseYourOwnPasswordHere1234'
|
|
POSTGRES_USER: guacamole_user
|
|
image: postgres:15.2-alpine
|
|
networks:
|
|
- guacnetwork_compose
|
|
restart: always
|
|
volumes:
|
|
- /home/soenke/docker-data/guacamole-docker-compose/init:/docker-entrypoint-initdb.d:z
|
|
- /home/soenke/docker-data/guacamole-docker-compose/data:/var/lib/postgresql/data:Z
|
|
|
|
# guacamole
|
|
guacamole:
|
|
container_name: guacamole_compose
|
|
depends_on:
|
|
- guacd
|
|
- postgres
|
|
environment:
|
|
GUACD_HOSTNAME: guacd
|
|
POSTGRES_DATABASE: guacamole_db
|
|
POSTGRES_HOSTNAME: postgres
|
|
POSTGRES_PASSWORD: 'ChooseYourOwnPasswordHere1234'
|
|
POSTGRES_USER: guacamole_user
|
|
image: guacamole/guacamole
|
|
networks:
|
|
- guacnetwork_compose
|
|
volumes:
|
|
- /home/soenke/docker-data/guacamole-docker-compose/record:/record:rw
|
|
ports:
|
|
## enable next line if not using nginx
|
|
- 6080:8080/tcp # Guacamole is on :6080/guacamole, not /.
|
|
## enable next line when using nginx
|
|
## - 8080/tcp
|
|
restart: always
|
|
labels:
|
|
kuma.tools.tag.name: 'Tools'
|
|
kuma.tools.tag.color: '#FF9900'
|
|
kuma.homelab.tag.name: 'Homelab'
|
|
kuma.homelab.tag.color: '#FF9955'
|
|
kuma.organization.tag.name: 'Organization'
|
|
kuma.organization.tag.color: '#FF99AA'
|
|
kuma.guacamole.http.name: 'guacamole'
|
|
kuma.guacamole.http.url: 'https://guac.domr.ovh/guacamole'
|
|
kuma.guacamole.http.tag_names: '[{"name": "tools", "value": "" }, {"name": "homelab", "value": "" }]'
|
|
|