flcontainers / guacamole Goto Github PK

Hi,

I installed the latest version of the container and can't make printing to PDF or sound to work with it using RDP connection.
In the logs, i found this :

guacd[128]: WARNING: Cannot create static channel "rdpdr": failed to load "guac-common-svc" plugin for FreeRDP.
guacd[128]: WARNING: Support for the RDPDR channel (device redirection) could not be loaded. Drive redirection and printing will not work. Sound MAY not work.
guacd[128]: WARNING: Cannot create static channel "rdpsnd": failed to load "guac-common-svc" plugin for FreeRDP.
guacd[128]: WARNING: Support for the RDPSND channel (audio output) could not be loaded. Sound will not work. Drive redirection and printing MAY not work.

I tried to take the plugin files from another release in the freerdp2 folder but without success...
Also tried to reinstall the container but it doesn't work

i got error when im trying to connect guacamole to my ubuntu 22.04 desktop. im hosting guacamole on raspberry pi 4 (ubuntu 20.04). it works fine when im trying to access my raspberry pi 4 through guacamole but errors when im trying to connect guacamole to my ubuntu 22.04 right after i put my username. for the mean time im connecting to my desktop via my raspberry pi (guacamole -> raspberry pi -> desktop). any help is appreciated. thanks.

Apache Tomcat 8.5.x < 8.5.85 Request Smuggling Vulnerability: Upgrade to Apache Tomcat version 8.5.83 or later.

There has been CVE for this, will you update the image? Thanks

CVE-2023-24998

I have tried all the recent 1.5 versions (and latest) and also testing tag all the composes working fine. I do not have logs as I used to have like login IPs, and totp is absolutely not working at all. RPI4 arm64 and VM AMD via portioner. All tried fresh installs and tried -e timezone with or without cannot validate totp.

Hi there,

I used to use oznu's version and since max's version uses a newer postgres version I decided to start from scratch.

so I am mapping the folder data into the container like this:

    volumes:
      - './data:/config'

while data is empty. Upon docker-compose up -d the container starts but its logs say:

postgres: could not access directory "/config/postgres": Permission denied │ /var/run/postgresql:5432 - no response ││ Waiting for postgres to come up... ││ Starting postgres...

docker-compose exec -ti guacamole bash

root@guacamole:/config# ls -al
total 163
drwxrwx---  5     1000 root         6 Apr 21 09:16 .
drwxr-xr-x 24 root     root        26 Apr 21 09:16 ..
drwxr-xr-x  6 root     root         8 Apr 21 09:16 guacamole
drwxrwx---  2 postgres postgres     2 Apr 21 09:16 postgres

root@guacamole:/config# ls -al guacamole/
total 116
drwxr-xr-x 6 root root   8 Apr 21 09:16 .
drwxrwx--- 5 1000 root   6 Apr 21 09:16 ..
drwxr-xr-x 2 root root   4 Apr 21 09:16 extensions
drwxr-xr-x 2 root root   8 Apr 21 09:16 extensions-available
-rw-r--r-- 1 root root 315 Apr 21 09:16 guacamole-auth-header-1.3.0.tar.gz
-rw-r--r-- 1 root root 470 Apr 21 09:16 guacamole.properties
drwxr-xr-x 2 root root   3 Apr 21 09:16 lib
drwxr-xr-x 3 root root   5 Apr 21 09:16 schema

root@guacamole:/config# ls -al postgres/
total 33
drwxrwx--- 2 postgres postgres 2 Apr 21 09:16 .
drwxrwx--- 5     1000 root     6 Apr 21 09:16 ..

I don't see the problem, why can postgres not access the directory it created itself?

Can someone spot a problem?

I believe i have all the settings right, but when i try to access the server via SSH i keep getting asked for keyphrase. I do not have any keyphrase on my key.

Just wanted to let you know :-)
https://guacamole.apache.org/releases/1.5.0/

hi there,

all I did was change my docker-compose.yml file to reflect the new image version and now when starting i see this error repeating endlessly:

guacamole    | Starting postgres...                                                                                                                  
guacamole    | postgres: could not access directory "/config/postgres": Permission denied                                                            
guacamole    | /var/run/postgresql:5432 - no response                                                                                                
guacamole    | Waiting for postgres to come up...                                           

This is definitely a problem with the permissions of the mounted volume for postgresql:

    volumes:                                                                                                                                         
      - './data:/config'                                                                                                                             
      - './shared-folder:/tmp/shared-folder'   

has anything changed regarding the users which run guacamole or postgres inside your image?

if I start 1.3 I see these permissions

ls -aln data/                                                                                                      
drwx------ 19  103 105 26 Jan 26 15:07 postgres 

and with 1.4

ls -aln data/                                                                                                      
drwx------ 19  102 104 26 Jan 26 15:07 postgres 

so it looks like the user/group IDs have changed but for some reason 1.4 still fails even though when I simply change my docker-compose.yml file to use 1.3 again, the folder permissions get immediately reset and it all works.

Open for any ideas. Did anyone manage to straight upgrade from 1.3 to 1.4?

Might very well be related to #13

Would it be possible to enable "enable-environment-properties" in the guacamole.properties file so that any setting required can still be accessed if using a volume, and for overall convenience? Not great with docker yet, otherwise I would attempt a pr.

Postgres and other services don't shutdown correctly at container stop...

Need to review that part properly...

I've recently updated to the 1.5.2 container without changing anything in my docker-compose file and now I am no longer prompted to enter my 2fa after signing in. It simple logs me in and I can view my connections. Is there something I need to change?

When typing "docker run
-p 8060:8060
-v </home/space/guacamole>:/config
maxwaldorf/guacamole"

I get the error that there is no directory or file for config. What do I, do to fix this? i tried creating config as a directory and an empty file but I get the same error

Hi !

I installed your guacamole container and realized that it doesn't come with ghostscript installed (which is mandatory for the "print to pdf" option).
I ssh in the container and installed it manually ("apt update" and "apt install ghostscript") and it's working.

It would be great if the container came with ghostscript pre-installed.

Thanks !

Thanks for your nice image!
I can't install in an aarch64 device, I get this error:

# docker run -p 8080:8080 -v /storage/guacamole:/config maxwaldorf/guacamole
Unable to find image 'maxwaldorf/guacamole:latest' locally
latest: Pulling from maxwaldorf/guacamole
docker: no matching manifest for linux/arm/v8 in the manifest list entries.

# uname -a
Linux X88King 4.9.269 #1 SMP PREEMPT Wed Jul 27 09:00:53 CEST 2022 aarch64 GNU/Linux

using your container for some time now, thank you for it.
Currently facing the "issue" of the updated postgres version. Managed to back up old database, but currently struggling to import it back.
any hint?
backup up ver 1.4.1, renamed postgres folder, started new ver 1.4.2. Then tried to reimport, but this won't work for me (database is locked...)

Hello, thanks so much for this repo.
I am getting this problem though

I am getting 404 when trying to access it.

Help please?

curl -vvv localhost:8080/guacamole
*   Trying ::1:8080...
* Connected to localhost (::1) port 8080 (#0)
> GET /guacamole HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.74.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 404
< Content-Type: text/html;charset=utf-8
< Content-Language: en
< Content-Length: 760
< Date: Sun, 19 Feb 2023 14:52:07 GMT
<
* Connection #0 to host localhost left intact
<!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 – Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [&#47;guacamole] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/8.5.78</h3></body></html>

I had update docker container to version 1.5.0.

Now, I can't enter in my control panel, because the login not working with previuous data.

I've investigated and there seems to be a problem with the guacamole program.
It seems that the connection to the database is broken.

Any solutions?

Hi,

coming from oznu guacamole container, i've made the switch and discovered, that with older OS (eg: Windows 7), as soon as i click on start menu button, i get disconnected.
I find references (disconnect right mouse click) in google and thee it is a bug in freerdp 2.0
I disn't have this with the oznu container

Regards

Matt

Hi there,

guacamole is apparently not vulnerable to the log4j vulnerability => https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-1474?filter=allissues

but seeing that I had already started looking into security issues, I started checking the images I run with trivy and was surprised by the high number of findings. I had a look at your Dockerfile and its based upon: tomcat:jdk15-openjdk-slim-buster so I was wondering if that is no longer being maintained?
The latter findings (see below) are obviously are on Guacamole's side not much we can do about them.

Here is how you can run it:
docker run --rm -v /tmp:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy:0.18.3 maxwaldorf/guacamole:1.3 | more

and
docker run --rm -v /tmp:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy:0.18.3 tomcat:jdk15-openjdk-slim-buster | more

Here is a quick overview of the findings, without going into the details I am just wondering why maxwaldorf/guacamole:1.3 has way more vulnerabilities than its base image tomcat:jdk15-openjdk-slim-buster?

tomcat:jdk15-openjdk-slim-buster (debian 10.9)                                                                                                       
==============================================                                                                                                       
Total: 126 (UNKNOWN: 0, LOW: 14, MEDIUM: 49, HIGH: 51, CRITICAL: 12) 

maxwaldorf/guacamole:1.3 (debian 10.7)                                                                                                               
======================================                                                                                                               
Total: 2108 (UNKNOWN: 2, LOW: 170, MEDIUM: 1000, HIGH: 789, CRITICAL: 147) 

app/guacamole/extensions-available/guacamole-auth-duo-1.3.0.jar                                                                                      
===============================================================                                                                                      
Total: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0)


app/guacamole/extensions-available/guacamole-auth-ldap-1.3.0.jar                                                                                     
================================================================                                                                                     
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

app/guacamole/extensions-available/guacamole-auth-totp-1.3.0.jar                                                                                     
================================================================                                                                                     
Total: 1 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 0, CRITICAL: 0) 

app/guacamole/extensions/guacamole-auth-jdbc-postgresql-1.3.0.jar                                                                                    
=================================================================                                                                                    
Total: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

usr/local/tomcat/webapps/ROOT.war                                                                                                                    
=================================                                                                                                                    
Total: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 0) 

This image is great - was just wondering if it was possible to compile for ARMv7?

I'd be happy to help if you need.

Is there a way to show the logs when I try to connect via ssh and private key ?

"docker logs guacamole" shows as last line "container started" but when I try to connect, nothing happens in the logs.

I got the right format of the private key already set up in the connection settings, but it is still not connecting.

Maybe somebody can help me?

I'm trying to enable auth-header, and this requires that I add "http-auth-header: Remote-User" to guacamole.properties. What is the best way to inject this?

While I can do this by hand, I'm trying to do this with IaC in kubernetes, so would much rather be able to have this done in an automated fashion.

What are the chances of upgrading this to the new version of 1.4.0? I am new to docker so I don't really have the ability to but will researching how to do it also.

Hi
I installed on my Ubuntu home server your maxwaldorf/guacamole docker container.
By the way, the standard guacamole/guacamole image is not valid for my arm64 system, right?
After entering with the default guacadmin/guacadmin credentials, if I try to change the guacadmin password I get a "Permission denied" error.
I guess this is related with the permissions of the volume /home/ubuntu/docker/guacamole:/config, right?
But even making a chmod 777 to that folder the problem remains.
I noticed that a postgres subfolder with owner systemd-timesync messagebus with permission drwx------ is present!
Any tips on how to solve this?
Thanks

This is what I did, if there's an easier way, please correct me:

• installed additional fonts on the docker host system
• mapped the fonts folder into the container (see third volume)
• select desired (installed) font when configuring a ssh connection within guacamole

    volumes:                                                                                                                                         
      - './data:/config'                                                                                                                             
      - './shared-folder:/tmp/shared-folder'                                                                                                         
      - '/usr/share/fonts:/usr/share/fonts'

As title says, using image maxwaldorf/guacamole:latest paste seems to be not working.
I'm not talking into RDP or SSH sessions in guacamole but into guacamole fields (including login, settings, session clipboard, etc) like in those websites where you cannot copy-paste the confirm email or password text field.

I'm using a custom guacamole.properties to enable openid and use an external postgres DBMS (the future plan is to compile a custom image without postgres, but I have this problem on both the custom image and the original)

I do not know where to look to solve this, tried with multiple browser, clearing cache and from multiple computers.

Thanks in advance!

Custom guacamole.properties:

postgresql-hostname: 172.28.1.2
postgresql-port: 5432
postgresql-database: newguacamole
postgresql-username: guacamole
postgresql-password: XXXXXXXXX
postgresql-auto-create-accounts: true

openid-authorization-endpoint: https://XXXXXX/realms/XXXXXX/protocol/openid-connect/auth
openid-jwks-endpoint: https://XXXXXX/realms/XXXXXX/protocol/openid-connect/certs
openid-issuer: https://XXXXXX/realms/XXXXXX
openid-client-id: guacamole
openid-redirect-uri: https://XXXXXX
openid-username-claim-type: preferred_username
openid-scope: openid email profile
openid-groups-claim-type: groups

extension-priority: *, openid
enable-clipboard-integration: true

Has anyone managed to get an RDP-connection to work? And if so, how?

I've changed the registry edits on the host but no matter which combination of authentication methods I choose (this is on an AD) I get connection refused.

According to Microsoft - they want you to log in with AzureAD\[email protected] but when I tried it on a windows-machine I got in with AzureAD<localusername> instead.

So - has anyone managed, and if so how?

Hi. My guacamole container was automatically upgraded with watchtower so I didn't do any backups (and I'm not sure how to do it)
Is there a way to upgrade my databases to the new Postrgres version?
Could you please post the steps to take? Thx in advance

Thanks for sharing this container image. I am running into a postgres issue when trying to run this as part of a docker-compose script:

version: "2"
services:
  ubuntu-instance:
    image: danielguerra/ubuntu-xrdp:20.04
    container_name: docker-ubuntu-instance
    environment:
      - shm-size=1g
      - hostname=terminalserver
    ports:
      - "2222:22"
      - 3389:3389
  guacamole-instance:
    image: maxwaldorf/guacamole
    container_name: docker-guacamole-instance
    volumes:
        - ~/guacamole-conf:/config
        - db:/var/lib/postgresql/data
    ports:
        - 8080:8080
volumes:
  db:

Here is the error message I am getting

docker-guacamole-instance | 2021-04-10 15:45:46.296 UTC [321] FATAL:  database files are incompatible with server
docker-guacamole-instance | 2021-04-10 15:45:46.296 UTC [321] DETAIL:  The data directory was initialized by PostgreSQL version 9.6, which is not compatible with this version 11.10 (Debian 11.10-0+deb10u1).

Any ideas why this might be happening?

Hi,

I try to use your docker image in a odroid n2+ (arm64), but i have this error :
/init: 37: exec: s6-overlay-suexec: Exec format error

this was my docker-compose file
version: '3.7'
services:
guacamole:
image: abesnier/guacamole
volumes:
- type: bind
source: /.../config
target: /config
ports:
- 8080:8080/tcp

Could you help me ?
Thanks in advance.

Below extensions not work:

• saml
• openid
• cas
• sqlserver
• postgresql
• mysql

I can send a PR to fix this.

Hey there. Great work! Best way to have guacamole working in arm ever!
Wondering if and how can we make the web app work through https, instead of http:8080.

Thanks.

I keep getting the below issue and for the life of me cannot figure out why the permissions wont work and wont reset

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 30-defaults.sh: executing...
[cont-init.d] 30-defaults.sh: exited 0.
[cont-init.d] 40-postgres.sh: executing...
chown: changing ownership of '/config/postgres': Operation not permitted
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "C.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

initdb: could not access directory "/config/postgres": Permission denied
[cont-init.d] 40-postgres.sh: exited 1.
[cont-init.d] 50-extensions: executing...
cat: /config/.database-version: No such file or directory
[cont-init.d] 50-extensions: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting postgres...
Starting guacamole guacd...
[services.d] done.
/var/run/postgresql:5432 - no response
Waiting for postgres to come up...
postgres: could not access the server configuration file "/config/postgres/postgresql.conf": Permission denied
guacd[268]: INFO: Guacamole proxy daemon (guacd) version 1.3.0 started
guacd[268]: INFO: Listening on host 127.0.0.1, port 4822
Starting postgres...
postgres: could not access the server configuration file "/config/postgres/postgresql.conf": Permission denied

how to modify page index please

Hi
When I try to paste to any editbox of the settings web page using Firefox I always get a blank result.
If I do the same with Chrome I do not have that problem.
I even tried a Firefox on another PC and the result is the same: I can not paste the clipboard text that is cleared in the process.

The strange is that I have a guacamole in another server (this time using a guacamole/guacamole image since it is a amd64 server) and I do not have this copy/paste issue on both browsers (Chrome and Firefox).

Do you have any idea on what is causing this?
Regards

Hi,

`18-Mar-2023 05:01:12.225 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/8.5.82]
18-Mar-2023 05:01:12.247 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/usr/local/tomcat/webapps/ROOT.war]
18-Mar-2023 05:01:13.911 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
05:01:14.528 [localhost-startStop-1] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/config/guacamole".
05:01:14.665 [localhost-startStop-1] INFO o.a.g.GuacamoleServletContextListener - Read configuration parameters from "/config/guacamole/guacamole.properties".
05:01:14.667 [localhost-startStop-1] INFO o.a.g.rest.auth.HashTokenSessionMap - Sessions will expire after 60 minutes of inactivity.
05:01:15.078 [localhost-startStop-1] INFO o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support...
18-Mar-2023 05:01:16.165 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/usr/local/tomcat/webapps/ROOT.war] has finished in [3,918] ms
18-Mar-2023 05:01:16.168 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
18-Mar-2023 05:01:16.277 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 4079 ms
07:57:48.938 [http-nio-8080-exec-10] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [37.201.221.64, 192.168.15.5] for user "guacadmin" failed.
07:57:53.982 [http-nio-8080-exec-8] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [37.201.221.64, 192.168.15.5] for user "guacadmin" failed.
07:58:09.757 [http-nio-8080-exec-8] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [37.201.221.64, 192.168.15.5] for user "guacadmin" failed.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 30-defaults.sh: executing...
[cont-init.d] 30-defaults.sh: exited 0.
[cont-init.d] 40-postgres.sh: executing...
Database already configured
[cont-init.d] 40-postgres.sh: exited 0.
[cont-init.d] 50-extensions: executing...
[cont-init.d] 50-extensions: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting guacamole guacd...
Starting postgres...
[services.d] done.
/var/run/postgresql:5432 - no response
Waiting for postgres to come up...
guacd[268]: INFO: Guacamole proxy daemon (guacd) version 1.5.0 started
guacd[268]: INFO: Listening on host 0.0.0.0, port 4822
2023-03-18 07:58:42.693 UTC [269] LOG: starting PostgreSQL 13.9 (Debian 13.9-0+deb11u1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
2023-03-18 07:58:42.694 UTC [269] LOG: listening on IPv4 address "127.0.0.1", port 5432
2023-03-18 07:58:42.694 UTC [269] LOG: could not bind IPv6 address "::1": Cannot assign requested address
2023-03-18 07:58:42.694 UTC [269] HINT: Is another postmaster already running on port 5432? If not, wait a few seconds and retry.
2023-03-18 07:58:42.702 UTC [269] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2023-03-18 07:58:42.711 UTC [282] LOG: database system was interrupted; last known up at 2023-03-18 05:01:10 UTC
2023-03-18 07:58:43.021 UTC [282] LOG: database system was not properly shut down; automatic recovery in progress
2023-03-18 07:58:43.028 UTC [282] LOG: redo starts at 0/173C9D8
2023-03-18 07:58:43.028 UTC [282] LOG: invalid record length at 0/173CA10: wanted 24, got 0
2023-03-18 07:58:43.028 UTC [282] LOG: redo done at 0/173C9D8
2023-03-18 07:58:43.055 UTC [269] LOG: database system is ready to accept connections
2023-03-18 07:58:43.676 UTC [290] FATAL: role "root" does not exist
/var/run/postgresql:5432 - accepting connections
Starting guacamole client...
18-Mar-2023 07:58:44.244 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name: Apache Tomcat/8.5.82
18-Mar-2023 07:58:44.246 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Aug 8 2022 21:26:07 UTC
18-Mar-2023 07:58:44.246 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 8.5.82.0
18-Mar-2023 07:58:44.246 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux
18-Mar-2023 07:58:44.246 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 5.15.85-1-pve
18-Mar-2023 07:58:44.247 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
18-Mar-2023 07:58:44.247 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/local/openjdk-8/jre
18-Mar-2023 07:58:44.247 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_342-b07
18-Mar-2023 07:58:44.247 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation
18-Mar-2023 07:58:44.248 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /usr/local/tomcat
18-Mar-2023 07:58:44.248 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /usr/local/tomcat
18-Mar-2023 07:58:44.248 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties
18-Mar-2023 07:58:44.248 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
18-Mar-2023 07:58:44.248 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
18-Mar-2023 07:58:44.249 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
18-Mar-2023 07:58:44.249 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
18-Mar-2023 07:58:44.249 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
18-Mar-2023 07:58:44.252 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/tomcat
18-Mar-2023 07:58:44.252 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
18-Mar-2023 07:58:44.253 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/tomcat/temp
18-Mar-2023 07:58:44.253 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.35] using APR version [1.7.0].
18-Mar-2023 07:58:44.253 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [{4}].
18-Mar-2023 07:58:44.253 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
18-Mar-2023 07:58:44.256 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1n 15 Mar 2022]
18-Mar-2023 07:58:44.326 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
18-Mar-2023 07:58:44.345 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 495 ms
18-Mar-2023 07:58:44.371 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
18-Mar-2023 07:58:44.372 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/8.5.82]
18-Mar-2023 07:58:44.393 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/usr/local/tomcat/webapps/ROOT.war]
18-Mar-2023 07:58:45.699 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
07:58:46.204 [localhost-startStop-1] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/config/guacamole".
07:58:46.324 [localhost-startStop-1] INFO o.a.g.GuacamoleServletContextListener - Read configuration parameters from "/config/guacamole/guacamole.properties".
07:58:46.326 [localhost-startStop-1] INFO o.a.g.rest.auth.HashTokenSessionMap - Sessions will expire after 60 minutes of inactivity.
07:58:46.732 [localhost-startStop-1] INFO o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support...
18-Mar-2023 07:58:47.808 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/usr/local/tomcat/webapps/ROOT.war] has finished in [3,414] ms
18-Mar-2023 07:58:47.810 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
18-Mar-2023 07:58:47.828 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 3482 ms
07:59:10.549 [http-nio-8080-exec-1] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [37.201.221.64, 192.168.15.5] for user "guacadmin" failed.
08:02:11.550 [http-nio-8080-exec-3] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [37.201.221.64, 192.168.15.5] for user "guacadmin" failed.
18-Mar-2023 08:05:43.926 INFO [http-nio-8080-exec-8] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in the request target [/#login ]. The valid characters are defined in RFC 7230 and RFC 3986
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:517)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:513)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:882)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1693)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:750)

Before Update, it works perfektly.

Best Regards,
Mitch`

Hello!
I tried using this image and aside of the very easy setup, i always had this issue:
https://issues.apache.org/jira/browse/GUACAMOLE-1504

Now this is fixed, i wanted to ask if it's possible to update this image beyond that fix, so that ed25519 can be used.

That's all! I look forward to your reply!

Trying to pull the latest image with docker pull flcontainers/guacamole and the output is:

Using default tag: latest
Error response from daemon: manifest for flcontainers/guacamole:latest not found: manifest unknown: manifest unknown

Hello,

I have an issue when i tried to change the authentication method.
When i follow the documentation to activate auth-totp for example, it's not working.
I copy the file "guacamole-auth-totp-1.3.0.jar" from "extensions-available" to "extensions" and i remove the file "guacamole-auth-jdbc-postgresql-1.3.0.jar"
I modify the file "guacamole.properties:" to use totp.
When i restart the container, the file "guacamole-auth-totp-1.3.0.jar" is always replaced by "guacamole-auth-jdbc-postgresql-1.3.0.jar".
I have the same issue when i try any other authentication method.

Do i do something wrong ?
Can you have a look please ?

Information about the setup:

• Raspberry Pi 4, running on arm64v8.
• portainer and docker are well installed.

After pulling the image from the docker hub via the docker pull maxwaldorf/guacamole I ran the container using the following command without the -d tag, so I can monitor:
sudo docker run --name=guacamole -p 8080:8080 --restart=always -v guacamole:/config maxwaldorf/guacamole

I received the following feedback block:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 30-defaults.sh: executing...
[cont-init.d] 30-defaults.sh: exited 0.
[cont-init.d] 40-postgres.sh: executing...
Database already configured
[cont-init.d] 40-postgres.sh: exited 0.
[cont-init.d] 50-extensions: executing...
[cont-init.d] 50-extensions: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting postgres...
Starting guacamole guacd...
[services.d] done.
/var/run/postgresql:5432 - no response
Waiting for postgres to come up...
2021-08-06 15:08:06.949 UTC [266] FATAL: database files are incompatible with server
2021-08-06 15:08:06.949 UTC [266] DETAIL: The data directory was initialized by PostgreSQL version 9.6, which is not compatible with this version 11.10 (Debian 11.10-0+deb10u1).
guacd[267]: INFO: Guacamole proxy daemon (guacd) version 1.3.0 started
guacd[267]: INFO: Listening on host 127.0.0.1, port 4822
Starting postgres...
2021-08-06 15:08:07.952 UTC [283] FATAL: database files are incompatible with server
2021-08-06 15:08:07.952 UTC [283] DETAIL: The data directory was initialized by PostgreSQL version 9.6, which is not compatible with this version 11.10 (Debian 11.10-0+deb10u1).
/var/run/postgresql:5432 - no response
Waiting for postgres to come up...

Please note that, the last block between "starting postgres..." and "Waiting for postgres to come up..." is a never ending loop!.

Running the following command rm -rf postgres didn't solve the issue and produced the following:

postgres: could not access directory "/config/postgres": No such file or directory
Run initdb or pg_basebackup to initialize a PostgreSQL data directory.
/var/run/postgresql:5432 - no response
Waiting for postgres to come up...

and running s6-setuidgid postgres initdb produced:
s6-envuidgid: fatal: unknown user: postgres

I am getting the tomcat error (see screenshot) with the docker container flcontainers/guacamole:latest (and testing) version. The previous version maxwaldorf/guacamole:1.4.3 is working fine.

After downloading and running the latest container I'm now getting a invalid login message at the top of the screen when trying the default username/password.

Hi there,

I used a different docker image for guacamole but the one i used for years is not longer maintained. So i switched to this one. The old one is on version 1.3 and updating doesn't work somehow. So i get rid of the old data to start from scratch. The container seems to be running but I can't connect. I expect the deamon to listen to port 8080 but instead it seems to listen on different ports in the 4000 area. This is what netstat on the container shows me:

netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:4822 0.0.0.0:* LISTEN 20/guacd
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN -
udp 0 0 0.0.0.0:8472 0.0.0.0:* -

The conainer is up and running and doesn't log any errors but these two:
touch: /opt/tomcat/logs/catalina.out: Permission denied
/opt/tomcat/bin/catalina.sh: line 504: can't create /opt/tomcat/logs/catalina.out: Permission denied

As the log ends with "container started" I don't think that this is a problem. But somehow it doesn't work. This is how the container is created.

docker run -d --name=guacamole
-p 8948:8080
-e PUID=1026
-e PGID=100
-e TZ=Europe/Berlin
-e EXTENSIONS="auth-totp"
-v /volume1/docker/guacamole:/config
--restart always
flcontainers/guacamole

Having trouble establishing RDP connections, not sure if this is related to recent RDP changes on guacomole-server.

apache/guacamole-server#243

docker-guacamole-instance | guacd[271]: INFO:	Creating new client for protocol "rpd"
docker-guacamole-instance | guacd[271]: INFO:	Connection ID is "$74ae545d-51f4-48b9-aea5-f0cad693da48"
docker-guacamole-instance | guacd[533]: WARNING:	Support for protocol "rpd" is not installed

Hey there!

I was wondering if you could add in the guacamole-auth-json extension into the docker container?

Thanks!

Starting guacamole client...
992
/usr/local/tomcat/bin/catalina.sh: line 421: /usr/local/openjdk-8/bin/java: No such file or directory
993
2023-03-17 09:50:52.694 UTC [5753] FATAL: role "root" does not exist
994
/var/run/postgresql:5432 - accepting connections

Hi, I've just downloaded the container and after it having started, when I try to login with the default username/password I get:

An error has occurred and this action cannot be completed. If the problem persists, please notify your system administrator or check your system logs.

Hi, So I spun up a Guacamole container using your docker commands, and it appears to be regularly exiting with error code 137 without reporting an error in the logs. According to my Googling this indicates that the container is running out of memory; however, I only have one VNC connection setup so far and the Container Host VM has 5GB of RAM and it's only really using 50% of it so I'm suspecting there might be a memory leak somewhere in the container.

Sorry if this issue doesn't follow your standards

Hi! I use your image and have been having trouble getting it from Docker Hub. I thought I'd share my workflow file that automatically builds and pushes to the GitHub registry using your own tokens:

# .github/workflows/build-ghcr-docker-image.yml
name: Build Docker Image upon new tag

on:
  push:
    tags:
      - v*

jobs:
  Build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v3
      - name: Login to Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }} 
      - name: Build and Push Docker Image
        uses: docker/build-push-action@v4
        with:
          push: true
          context: . 
          tags: |
            ghcr.io/${{ github.repository }}:${{ github.ref_name }}
            ghcr.io/${{ github.repository }}:latest