Running on Fedora 22. Versions of software are:
guacd-0.9.5-3.fc22.x86_64
guacamole-0.9.3-2.fc22.noarch
libguac-client-vnc-0.9.5-3.fc22.x86_64
x11vnc-0.9.13-13.fc22.x86_64
tigervnc-server-minimal-1.4.3-8.fc22.x86_64
We get no indication looking at the journal that quacd sees any request to connect to a host.
-- Unit guacd.service has finished starting up.
--
-- The start-up result is done.
Aug 07 19:52:49 spruce systemd[1]: Starting Guacamole proxy daemon...
-- Subject: Unit guacd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit guacd.service has begun starting up.
Aug 07 19:52:49 spruce guacd[28104]: Guacamole proxy daemon (guacd) version 0.9.5 started
Aug 07 19:52:49 spruce guacd[28104]: guacd[28104]: INFO: Guacamole proxy daemon (guacd) version 0.9.5 started
Aug 07 19:52:49 spruce guacd[28104]: Successfully bound socket to host 10.2.2.2, port 4822
Aug 07 19:52:49 spruce guacd[28104]: Listening on host 10.2.2.2, port 4822
Aug 07 19:52:49 spruce guacd[28104]: guacd[28104]: DEBUG: Successfully bound socket to host 10.2.2.2, port 4822
Aug 07 19:52:49 spruce guacd[28104]: guacd[28104]: INFO: Listening on host 10.2.2.2, port 4822
If we attempt to connect to a host after logging into the guacamole web page we see the following in the journal.
Aug 07 20:38:05 spruce firefox.desktop[28726]: WARNING: content window passed to PrivateBrowsingUtils.isWindowPrivate. Use isContentWindowPrivate instead (but only for frame scripts).
Aug 07 20:38:05 spruce firefox.desktop[28726]: pbu_isWindowPrivate@resource://gre/modules/PrivateBrowsingUtils.jsm:25:14
Aug 07 20:38:05 spruce firefox.desktop[28726]: nsBrowserAccess.prototype.openURI@chrome://browser/content/browser.js:15418:21
Aug 07 20:38:05 spruce firefox.desktop[28726]: GuacUI.openObject@http://spruce.highley-recommended.com:8080/guacamole/scripts/guac-ui.js:150:19
Aug 07 20:38:05 spruce firefox.desktop[28726]: GuacUI.openConnection@http://spruce.highley-recommended.com:8080/guacamole/scripts/guac-ui.js:129:5
Aug 07 20:38:05 spruce firefox.desktop[28726]: GuacamoleRootUI.reset/group_view.onconnectionclick@http://spruce.highley-recommended.com:8080/guacamole/scripts/root-ui.js:282:9
Aug 07 20:38:05 spruce firefox.desktop[28726]: addConnection/guacui_connection.onclick@http://spruce.highley-recommended.com:8080/guacamole/scripts/guac-ui.js:1141:17
Aug 07 20:38:05 spruce firefox.desktop[28726]: GuacUI.ListConnection/<@http://spruce.highley-recommended.com:8080/guacamole/scripts/guac-ui.js:303:13
cat guacamole.properties
# Hostname and port of guacamole proxy
guacd-hostname: spruce.highley-recommended.com
guacd-port: 4822
# Auth provider class (authenticates user/pass combination, needed if using the provided login screen)
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
basic-user-mapping: /etc/guacamole/user-mapping.xml
guacd-ssl: true
<user-mapping><!-- Per-user authentication and config information --><!-- authorize username="USERNAME" password="PASSWORD"> <protocol>vnc</protocol> <param name="hostname">localhost</param> <param name="port">5900</param> <param name="password">VNCPASS</param> </authorize--><!-- Another user, but using md5 to hash the password (example below uses the md5 hash of "PASSWORD") --><authorizeusername="dhighley"password="94c060e2139d9fb0383aba64f89e1e03"encoding="md5"><!-- First authorized connection --><connectionname="spruce.highley-recommended.com"><protocol>vnc</protocol><paramname="hostname">spruce.highley-recommended.com</param><paramname="port">5901</param><paramname="password">okidoki</param></connection><!-- Second authorized connection --><connectionname="douglas.highley-recommended.com"><protocol>vnc</protocol><paramname="hostname">douglas.highley-recommended.com</param><paramname="port">5900</param><paramname="password">okidoki</param></connection></authorize></user-mapping>
Last edit: Michael Jumper 2015-08-10
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
While I can tell you this particular combination will work, combining different versions of Guacamole (in this case 0.9.5 and 0.9.3) is not supported and can cause problems. There is no guarantee of compatibility between different 0.9.x releases. Please use the same version for both guacd and the web application, preferably by following the install instructions in our manual, rather than distribution packages. If you do this, be sure to uninstall the distribution packages prior to building guacamole-server.
The guacd-ssl property likely does not do what you think it does. Setting guacd-ssl to true causes the Guacamole web application to connect to guacd through SSL/TLS. It is not how you configure HTTPS. If you do mean to use guacd-ssl, it will only work if your guacd is actually configured to use SSL (see the server_certificate and server_key options in the section on configuring guacd and the documentation regarding the guacd-ssl property). This is useful if you wish to secure the connection between the web application and guacd, but is a very uncommon configuration, as that network is usually trusted. Again, this is not necessary to use Guacamole through HTTPS, and setting this property does not enable HTTPS - that is out of Guacamole's purview (see below).
If your intent is to serve Guacamole over HTTPS, you need to configure Tomcat or use a reverse proxy like Apache or Nginx to do this. It is a relatively common point of confusion to search within the Guacamole docs for a means of enabling SSL, and thus misuse guacd-ssl, but such things are configured within the application server (Tomcat) or a proxy. Use of the distribution packages may further exacerbate this confusion, as they mask the need for Tomcat and its role in a Guacamole deployment, and give the illusion that Guacamole is somehow standalone.
Please try removing the guacd-ssl property, restart Tomcat, and see if that solves the issue. Failing that, please check your Tomcat logs. If guacd does not log anything for connection attempts, then the connection to guacd itself (from Tomcat) must be failing, and that error will be logged, though the logging of 0.9.3 will not be anywhere near as good as the latest.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
OK, point 1 the RPMs are not appearing to be maintained. I removed everything and installed docker. Following the 0.9.7 manual I should be able to install, fage instructions for someone who has never used docker, by doing docker run --name some-guacd -d glyptodon/guacd. Which fails with:
docker run --name highley-guace -d glyptondon/guacd
Unable to find image 'glyptondon/guacd:latest' locally
Trying to pull repository docker.io/glyptondon/guacd ... not found
Error: image glyptondon/guacd:latest not found
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Still no joy. The following does not work as there is no mysql container:
docker run --name some-guacamole --link some-guacd:guacd \
--link some-mysql:mysql \
-e MYSQL_DATABASE=guacamole_db \
-e MYSQL_USER=guacamole_user \
-e MYSQL_PASSWORD=some_password \
-d -p 8080:8080 glyptodon/guacamole
So I installed mariadb and changed the above command to:
docker run --name some-guacamole --link some-guacd:guacd \
-e MYSQL_DATABASE=guacamole_db \
-e MYSQL_USER=guacamole_user \
-e MYSQL_PASSWORD=some_password \
-d -p 8080:8080 glyptodon/guacamole
That fails with the following:
docker start high-guacamole
Error response from daemon: Cannot start container high-guacamole: Error starting userland proxy: listen tcp 0.0.0.0:8080: bind: address already in use
Error: failed to start containers: [high-guacamole]
Restarted tomcat and docker, nothing seems to clear this issue. Firewall has port open.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Regarding the typo - too many n's. It's "glyptodon", not "glyptondon".
As for port 8080 - the "glyptodon/guacamole" image contains Tomcat. If you have Tomcat already running outside of Docker, then that Tomcat will likely be using port 8080 already, and Docker will be unable to start a container which listens on that same port, hence the error.
You will need to either shutdown the Tomcat running externally to the Docker container, or use a different port for Docker:
If you only installed Tomcat in the first place for the sake of Guacamole, and you now intend to use Docker instead, I'd recommend simply uninstalling Tomcat and trying again.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Before deploying Guacamole with the intent of using MySQL for authentication, please ensure that you have each of the following already prepared:
A Docker container running the glyptodon/guacd image. Guacamole needs guacd in order to function, and the Guacamole Docker image depends on a linked Docker container running guacd.
A Docker container running the mysql image.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Running on Fedora 22. Versions of software are:
guacd-0.9.5-3.fc22.x86_64
guacamole-0.9.3-2.fc22.noarch
libguac-client-vnc-0.9.5-3.fc22.x86_64
x11vnc-0.9.13-13.fc22.x86_64
tigervnc-server-minimal-1.4.3-8.fc22.x86_64
We get no indication looking at the journal that quacd sees any request to connect to a host.
If we attempt to connect to a host after logging into the guacamole web page we see the following in the journal.
cat guacamole.properties
cat guacd.conf
cat user-mapping.xml
Last edit: Michael Jumper 2015-08-10
A few points:
guacd-ssl
property likely does not do what you think it does. Settingguacd-ssl
totrue
causes the Guacamole web application to connect to guacd through SSL/TLS. It is not how you configure HTTPS. If you do mean to useguacd-ssl
, it will only work if your guacd is actually configured to use SSL (see theserver_certificate
andserver_key
options in the section on configuring guacd and the documentation regarding theguacd-ssl
property). This is useful if you wish to secure the connection between the web application and guacd, but is a very uncommon configuration, as that network is usually trusted. Again, this is not necessary to use Guacamole through HTTPS, and setting this property does not enable HTTPS - that is out of Guacamole's purview (see below).If your intent is to serve Guacamole over HTTPS, you need to configure Tomcat or use a reverse proxy like Apache or Nginx to do this. It is a relatively common point of confusion to search within the Guacamole docs for a means of enabling SSL, and thus misuse
guacd-ssl
, but such things are configured within the application server (Tomcat) or a proxy. Use of the distribution packages may further exacerbate this confusion, as they mask the need for Tomcat and its role in a Guacamole deployment, and give the illusion that Guacamole is somehow standalone.Please try removing the
guacd-ssl
property, restart Tomcat, and see if that solves the issue. Failing that, please check your Tomcat logs. If guacd does not log anything for connection attempts, then the connection to guacd itself (from Tomcat) must be failing, and that error will be logged, though the logging of 0.9.3 will not be anywhere near as good as the latest.OK, point 1 the RPMs are not appearing to be maintained. I removed everything and installed docker. Following the 0.9.7 manual I should be able to install, fage instructions for someone who has never used docker, by doing docker run --name some-guacd -d glyptodon/guacd. Which fails with:
docker run --name highley-guace -d glyptondon/guacd
Unable to find image 'glyptondon/guacd:latest' locally
Trying to pull repository docker.io/glyptondon/guacd ... not found
Error: image glyptondon/guacd:latest not found
Should have been vague instead of fage above.
Never mind, must have been some typo in the command. Copy paste worked.
Still no joy. The following does not work as there is no mysql container:
docker run --name some-guacamole --link some-guacd:guacd \ --link some-mysql:mysql \ -e MYSQL_DATABASE=guacamole_db \ -e MYSQL_USER=guacamole_user \ -e MYSQL_PASSWORD=some_password \ -d -p 8080:8080 glyptodon/guacamole
So I installed mariadb and changed the above command to:
docker run --name some-guacamole --link some-guacd:guacd \ -e MYSQL_DATABASE=guacamole_db \ -e MYSQL_USER=guacamole_user \ -e MYSQL_PASSWORD=some_password \ -d -p 8080:8080 glyptodon/guacamole
That fails with the following:
docker start high-guacamole
Error response from daemon: Cannot start container high-guacamole: Error starting userland proxy: listen tcp 0.0.0.0:8080: bind: address already in use
Error: failed to start containers: [high-guacamole]
Restarted tomcat and docker, nothing seems to clear this issue. Firewall has port open.
Regarding the typo - too many n's. It's "glyptodon", not "glyptondon".
As for port 8080 - the "glyptodon/guacamole" image contains Tomcat. If you have Tomcat already running outside of Docker, then that Tomcat will likely be using port 8080 already, and Docker will be unable to start a container which listens on that same port, hence the error.
You will need to either shutdown the Tomcat running externally to the Docker container, or use a different port for Docker:
If you only installed Tomcat in the first place for the sake of Guacamole, and you now intend to use Docker instead, I'd recommend simply uninstalling Tomcat and trying again.
Stuck again. Not able to find a container for mysql or mariadb or postgres and the quacamole container requires a database in docker.
Yes, you will need to create a MySQL / MariaDB / PostgreSQL container before creating the Guacamole container if you intend to use the Docker images.
From http://guac-dev.org/doc/gug/guacamole-docker.html: