Docker快速部署Apache Guacamole

Docker快速部署Apache Guacamole ,实现远程访问

git clone "https://github.com/boschkundendienst/guacamole-docker-compose.git"
cd guacamole-docker-compose
./prepare.sh
docker-compose up -d

https://IP地址:8443/
用户名:guacadmin
密码:guacadmin

docker exec -it -u 0 guacamole_compose /bin/bash  
/home/guacamole/tomcat/webapps/guacamole/translations/en.json  #登陆页面文件
/home/guacamole/tomcat/webapps/guacamole/images  #图像文件，包括logo等

云Docker部署Guacamole经frp中转远程连接Windows
docker启动guacamole

使用Docker安装Guacamole远程网关并配置录像回放

# 创建docker主目录和配置目录
mkdir -p /opt/docker /etc/docker
# 创建docker配置文件
tee /etc/docker/daemon.json <<-'END'
{"data-root": "/opt/docker","log-driver": "json-file","log-opts": {"max-size": "800m","max-file": "50"},"registry-mirrors": ["https://hub-mirror.c.163.com"]
}
END
# 添加阿里docker镜像源
dnf config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装docker docker-compose-plugin
dnf install docker-ce docker-ce
# 启动docker并设置开机自动启动
systemctl enable --now docker
# 查看docker docker-compose版本
docker -v
docker compose version
# 拉取mysql数据库
docker pull mysql:8.0.33-debian
# 拉取guacamole 核心
docker pull guacamole/guacd:1.5.1
# 拉取guacamole Web客户端
docker pull guacamole/guacamole:1.5.1
# 创建程序主目录
mkdir -p /opt/guacamole
# 创建插件目录
mkdir -p /opt/guacamole/extensions
# 创建录像目录
mkdir -p /opt/guacamole/recordings
# 创建数据库初始化脚本目录
mkdir -p /opt/guacamole/initdb.d
# 下载快速链接插件
curl -O https://archive.apache.org/dist/guacamole/1.5.1/binary/guacamole-auth-quickconnect-1.5.1.tar.gz
# 下载录像存储插件
curl -O https://archive.apache.org/dist/guacamole/1.5.1/binary/guacamole-history-recording-storage-1.5.1.tar.gz
# 解压插件
tar -zxvf guacamole-auth-quickconnect-1.5.1.tar.gz
tar -zxvf guacamole-history-recording-storage-1.5.1.tar.gz
# 移动插件至插件目录
mv guacamole-auth-quickconnect-1.5.1/guacamole-auth-quickconnect-1.5.1.jar /opt/guacamole/extensions/
mv guacamole-history-recording-storage-1.5.1/guacamole-history-recording-storage-1.5.1.jar /opt/guacamole/extensions/
# 配置插件目录所有者 1001为guacamole容器内的guacamole用户UID和GID
chown -R 1001.1001 /opt/guacamole/extensions
# 配置插件目录权限
chmod -R 644 /opt/guacamole/extensions
# 配置录像目录所有者
# 1000为guacd容器内的guacd用户UID
# 1001为guacamole容器内的guacamole用户组GID
chown 1000.1001 /opt/guacamole/recordings
# 配置插件目录权限
chmod 2750 /opt/guacamole/recordings
# 运行guacamole容器生成数据库初始化脚本
docker run --rm guacamole/guacamole:1.5.1 /opt/guacamole/bin/initdb.sh --mysql > /opt/guacamole/initdb.d/initdb.sql
# 创建docker-compose.yml容器编排配置文件
vi /opt/guacamole/docker-compose.yml
services:guacamole-mysql:image: mysql:8.0.33-debiancontainer_name: guacamole-mysqlvolumes:- /etc/localtime:/etc/localtime:ro# 数据库数据绑定至guacamole-mysql-data卷- guacamole-mysql-data:/var/lib/mysql# 数据库初始化脚本- /opt/guacamole/initdb.d/initdb.sql:/docker-entrypoint-initdb.d/initdb.sqlcommand:- "--character-set-server=utf8"- "--collation-server=utf8_bin"restart: alwaysenvironment:# 数据库root密码- MYSQL_ROOT_PASSWORD=2477bb2991dd472094d118ad9bafa0ce# 数据库名- MYSQL_DATABASE=guacamole# 数据库用户- MYSQL_USER=guacamole# 数据库密码- MYSQL_PASSWORD=fea78183e72c4e7798e1d803e2d36109expose:- "3306"networks:guacamole_network:guacamole-guacd:image: guacamole/guacd:1.5.1container_name: guacamole-guacdvolumes:- /etc/localtime:/etc/localtime:ro# 录像目录- /opt/guacamole/recordings:/var/lib/guacamole/recordingsrestart: alwaysexpose:- "4822"networks:guacamole_network:guacamole-web:image: guacamole/guacamole:1.5.1container_name: guacamole-webvolumes:- /etc/localtime:/etc/localtime:ro# 录像目录- /opt/guacamole/recordings:/var/lib/guacamole/recordings# 插件目录- /opt/guacamole/extensions:/etc/guacamole/extensionsrestart: alwaysenvironment:# guacd主机名- GUACD_HOSTNAME=guacamole-guacd# guacd端口- GUACD_PORT=4822# 首选认证方式- EXTENSION_PRIORITY=mysql# 数据库主机名- MYSQL_HOSTNAME=guacamole-mysql# 数据库端口- MYSQL_PORT=3306# 数据库名- MYSQL_DATABASE=guacamole# 数据库用户- MYSQL_USER=guacamole# 数据库密码- MYSQL_PASSWORD=fea78183e72c4e7798e1d803e2d36109# guacamole主目录(插件、库、配置等)- GUACAMOLE_HOME=/etc/guacamole# 会话超时时间 单位: 分钟- API_SESSION_TIMEOUT=60ports:- "80:8080"networks:guacamole_network:networks:guacamole_network:name: "guacamole_network"driver: bridgeipam:config:- subnet: 172.31.125.0/24gateway: 172.31.125.1volumes:# 数据库数据卷guacamole-mysql-data:name: "guacamole-mysql-data"
# 进入目录
cd /opt/guacamole
# 启动容器
docker compose up -d

LDAP/AD 身份验证

wget https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-auth-ldap-1.4.0.tar.gz
tar xvzf guacamole-auth-ldap-1.4.0.tar.gz
cd guacamole-auth-ldap-1.4.0/
cp guacamole-auth-ldap-1.4.0.jar /etc/guacamole/extensions/# 在活动目录中新建名为guacadmin的用户
# 在活动目录中新建名为Group_Guacamole_Users的用户组，将guacadmin加入到Group_Guacamole_Users组中，只该用户组中的用户可以登录guacamolevim /etc/guacamole/guacamole.properties#LDAP Properties
ldap-hostname: x.x.x.x
ldap-port: 389
ldap-encryption-method: none
ldap-user-base-dn:DC=domain,DC=local
ldap-search-bind-dn:CN=guacadmin,OU=ou,DC=doman,DC=local
ldap-search-bind-password: Password
ldap-username-attribute: sAMAccountName
ldap-user-search-filter: (memberOf=CN= Group_Guacamole_Users,OU=ou,DC=domain,DC=local)systemctl restart guacd
systemctl restart tomcat