😎
Docs
  • Tamm - Docs
  • Azure
    • Sentinel KQL Samples
    • Managed Identities
    • Deploy Sentinel with Terraform
  • Docker
    • Allow standard user to interact with Docker
    • Install Docker
    • Installing and working with Traefik
    • Installing specific version of Docker
    • Deploy Guacamole
    • Traefik geoblock
    • Unpoller Prometheus UCG Ultra
  • HomeAssistant
    • HAOS install on Proxmox
    • Zigbee2MQTT
    • HAOS Reverse Proxy
    • ZBDongle-E
  • Kali
    • Enable RDP
  • Kubernetes
    • Cert manager with Cloudflare
    • On prem loadbalancer metallb
    • Nginx ingress
    • Cloudinit Rancher ubuntu
    • Rancher Ubuntu 18.04 node template
    • Velero with minio backend
    • vsphere pvc (in-tree)
    • Velero cheat sheet
    • nginx annotations examples
  • Linux
    • Expand lvm disk vmware
    • Expand lvm disk fresh install
    • Disk usage
    • flush-dns
    • Netplan config example
    • Add user in photon OS
    • SSH-Keys
    • Set timezone
    • sudo nopasswd
    • Add custom alias
    • Rocky Linux commands
  • macOS
    • Uninstall System extensions
    • 1Password Github setup
  • Microsoft 365
    • Powershell Cheat sheet
  • Portainer
    • Install Portainer
    • Add docker node
  • Powershell
    • GenericList example
    • Mixed stuff n things
    • Synopsis Template
    • Powershell Oh-my-posh
    • Powershell Sync Profile
    • Cleanup and install MS Graph module
  • Proxmox
    • Disable No Subscription notification
    • Import from vmware error
    • Proxmox commands
    • Proxmox on Intel NUC
    • Proxmox E1000
  • Terraform
    • Getting started
    • Deploy Sentinel
  • Unifi
    • Unifi Network App (migration)
    • Slow vlan throughput
    • interface-explanation
  • Windows
    • Network settings access denied
    • Windows GVLK Keys
    • Windows Server 2025
Powered by GitBook
On this page

Was this helpful?

  1. Docker

Deploy Guacamole

PreviousInstalling specific version of DockerNextTraefik geoblock

Last updated 8 months ago

Was this helpful?

Some cred to: (I use MariaDB instead of postgres)

  1. Spin up the database container (needed to extract the intidb.sql - there are probably other ways but most seems to be doing it like this)

  2. example docker-compose

services:
  guacdb:
    container_name: guacamoledb
    image: mariadb:11.2
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: '<insert-root-password>'
      MYSQL_DATABASE: 'guacamole_db'
      MYSQL_USER: 'guacamole_user'
      MYSQL_PASSWORD: '<insert-user-password>'
    volumes:
      - 'guac_mariadb_data:/var/lib/mysql'
volumes:
  guac_mariadb_data:

  1. ssh to your docker node and run: docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sql

  2. Then copy the initdb.sql into the database container deployment: docker cp initdb.sql guacamoledb:/initdb.sql

  3. Enter the shell on the database container: docker exec -it guacamoledb bash

  4. Import: cat initdb.sql | mariadb -u root -p guacamole_db (enter root password when asked)

  5. exit

  6. Stop the db container: docker-compose down

  7. Edit the docker-compose.yml

  8. default port is 8080, change to whatever depending on how you reverse proxy it

services:
  guacdb:
    container_name: guacamoledb
    image: mariadb:latest
    restart: unless-stopped
    networks:
      - traefik-proxy
    environment:
      MYSQL_ROOT_PASSWORD: '<root-password>'
      MYSQL_DATABASE: 'guacamole_db'
      MYSQL_USER: 'guacamole_user'
      MYSQL_PASSWORD: '<mysql-user-pass>'
    volumes:
      - 'guac_mariadb_data:/var/lib/mysql'
  guacd:
    container_name: guacd
    image: guacamole/guacd:latest
    restart: unless-stopped
    networks:
      - traefik-proxy
  guacamole:
    container_name: guacamole
    image: guacamole/guacamole:latest
    restart: unless-stopped
    networks:
      - traefik-proxy
    environment:
      GUACD_HOSTNAME: "guacd"
      MYSQL_HOSTNAME: "guacdb"
      MYSQL_DATABASE: "guacamole_db"
      MYSQL_USER: "guacamole_user"
      MYSQL_PASSWORD: "<mysql-user-pass>"
      TOTP_ENABLED: "true"
    depends_on:
      - guacdb
      - guacd
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.guac.rule=Host(`guacamole.domain.com`)"
      - "traefik.http.routers.guac.entrypoints=websecure"
      - "traefik.http.routers.guac.tls=true"
      - "traefik.http.services.guac.loadbalancer.server.port=8080"
      - "traefik.http.routers.guac.tls.certresolver=letsencrypt"
      - "traefik.http.routers.guac.tls.domains[0].main=domain.com"
      - "traefik.http.routers.guac.tls.domains[0].sans=*.domain.com"
      - "traefik.http.middlewares.add-guacamole.addprefix.prefix=/guacamole"
      - "traefik.http.routers.guac.middlewares=add-guacamole"
volumes:
  guac_mariadb_data:
networks:
  traefik-proxy:
    external: true

  1. Take note of:

      - "traefik.http.middlewares.add-guacamole.addprefix.prefix=/guacamole"
      - "traefik.http.routers.guac.middlewares=add-guacamole"

Which adds the prefix /guacamole to the url, so https://guacamole.domain.com becomes https://guacamole.domain.com/guacamole which is required for the offical image

https://frigi.ch/en/2023/01/install-guacamole-on-docker-with-traefik-postgres-and-2fa/