From 0cdc0df11f5e0263d37ae43fd67c2976ecc0bb31 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 17:28:33 -0500 Subject: [PATCH 01/27] Somewhat basic setup. Still incomplete. --- templates/Guacamole/0/README.md | 5 +- templates/Guacamole/0/docker-compose.yml | 115 +++++++++++++--------- templates/Guacamole/0/rancher-compose.yml | 84 +++++----------- 3 files changed, 92 insertions(+), 112 deletions(-) diff --git a/templates/Guacamole/0/README.md b/templates/Guacamole/0/README.md index b891d90..7ae68c2 100644 --- a/templates/Guacamole/0/README.md +++ b/templates/Guacamole/0/README.md @@ -1 +1,4 @@ -# Guacamole \ No newline at end of file +# Guacamole + +### To-do List +* Allow LDAP authentication in place of MySQL authentication \ No newline at end of file diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 8dd69b7..e051432 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -1,49 +1,66 @@ -database-data: - image: busybox - labels: - io.rancher.container.start_once: 'true' - net: none - entrypoint: /bin/true - volumes: - - /var/lib/mysql - - /docker-entrypoint-initdb.d -database: - image: mariadb - environment: - MYSQL_DATABASE: ${guacamole_db} - MYSQL_ONETIME_PASSWORD: 'true' - MYSQL_PASSWORD: ${guacamole_password} - MYSQL_RANDOM_ROOT_PASSWORD: 'true' - MYSQL_USER: ${guacamole_user} - volumes_from: - - database-data - labels: - io.rancher.sidekicks: setup-get-db-script, database-data -setup-get-db-script: - image: glyptodon/guacamole:0.9.10-incubating - net: none - volumes_from: - - database-data - command: - - bash - - -c - - /opt/guacamole/bin/initdb.sh --mysql > /docker-entrypoint-initdb.d/initdb.sql - labels: - io.rancher.container.start_once: 'true' -guacd: - image: glyptodon/guacd:0.9.10-incubating -guacamole: - image: glyptodon/guacamole:0.9.10-incubating - environment: - MYSQL_DATABASE: ${guacamole_db} - MYSQL_HOSTNAME: database - MYSQL_PASSWORD: ${guacamole_password} - MYSQL_USER: ${guacamole_user} - links: - - guacd:guacd - ports: - - ${public_port}:8080/tcp - command: - - /bin/bash - - -c - - cd /usr/local/tomcat/webapps;rm -rf ROOT/; ln -s guacamole.war ROOT.war; /opt/guacamole/bin/start.sh; \ No newline at end of file +version: '2' + +services: + guacamole: + image: guacamole/guacamole + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + + labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} + {{- if .Values.TRAEFIK_HOST}} + traefik.enable: true + ### Start Web Segment + traefik.web.frontend.entryPoints: http,https + traefik.web.frontend.headers.forceSTSHeader: true + traefik.web.frontend.headers.SSLRedirect: true + traefik.web.frontend.headers.STSPreload: true + traefik.web.frontend.headers.STSSeconds: 15552000 + traefik.web.frontend.redirect.entryPoint: https + traefik.web.frontend.redirect.permanent: true + traefik.web.frontend.rule: Host:${TRAEFIK_HOST} + traefik.web.port: "8080" + ### End Web Segment + {{- else}} + traefik.enable: false + {{- end}} + links: + - guacd + - mysql + networks: + - public-proxy + ports: + - "${WEB_PORT}:8080" + restart: on-failure + guacd: + image: guacamole/guacd + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + labels: + networks: + ports: + restart: on-failure + mysql: + image: + dns: + - 1.1.1.1 + - 1.0.0.1 + environment: + MYSQL_DATABASE: guacamole_db + MYSQL_USER: guacamole_user + MYSQL_PASSWORD: password + labels: + networks: + ports: + restart: on-failure + +networks: + public-proxy: + external: true \ No newline at end of file diff --git a/templates/Guacamole/0/rancher-compose.yml b/templates/Guacamole/0/rancher-compose.yml index 32c9fd9..4c51c82 100644 --- a/templates/Guacamole/0/rancher-compose.yml +++ b/templates/Guacamole/0/rancher-compose.yml @@ -6,70 +6,30 @@ catalog: # minimum_rancher_version: # maximum_rancher_version: # upgrade_from: + # uuid: questions: - - variable: "guacamole_db" - label: "MySQL Database Name" - description: "Your MYSQL guacamole database name" - default: "guacamole_db" - required: true - type: "string" + - variable: "HOST_LABEL" + label: "Host Label Key/Value Pair" + description: | + The Key/Value pair on the host which the stack should be deployed. + default: "host.id=Host1" + required: false + type: string - - variable: "guacamole_user" - label: "MySQL Database User" - description: "Your MYSQL guacamole user name" - required: true - default: "guacamole_user" - type: "string" + - variable: "TRAEFIK_HOST" + label: "Public Host Domain" + description: | + The host that Traefik will use to provide public access. + Leaving this empty will disable Traefik on this stack. + default: "subdomain.domain.tld" + required: false + type: string - - variable: "guacamole_password" - label: "MySQL Database Password" - description: "Your MYSQL guacamole user password. Defaults to \"guacamole_password\"" + - variable: "WEB_PORT" + label: "Local Web Port" + description: | + The port to locally access the web interface on. + default: "10700" required: true - default: "guacamole_password" - type: "password" - - - variable: "public_port" - label: "Public Port" - description: "The public port that Guacamole listens on, defaults to 8080" - required: true - default: 8080 - type: "int" - -services: - guacamole: - scale: 1 - health_check: - healthy_threshold: 2 - response_timeout: 2000 - port: 8080 - unhealthy_threshold: 3 - initializing_timeout: 60000 - interval: 2000 - strategy: recreate - request_line: GET "/guacamole" "HTTP/1.0" - reinitializing_timeout: 60000 - guacd: - scale: 1 - health_check: - healthy_threshold: 2 - response_timeout: 2000 - port: 4822 - unhealthy_threshold: 3 - initializing_timeout: 60000 - interval: 2000 - strategy: recreate - reinitializing_timeout: 60000 - setup-get-db-script: - scale: 1 - database: - scale: 1 - health_check: - healthy_threshold: 2 - response_timeout: 2000 - port: 3306 - unhealthy_threshold: 3 - initializing_timeout: 60000 - interval: 2000 - strategy: recreate - reinitializing_timeout: 60000 \ No newline at end of file + type: string \ No newline at end of file From d56255a21a19b875fcf07c8ca8976133cc61e65e Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:16:09 -0500 Subject: [PATCH 02/27] Completed configuration, now to test --- templates/Guacamole/0/docker-compose.yml | 24 ++++++++++++++++++----- templates/Guacamole/0/rancher-compose.yml | 24 +++++++++++++++++++++++ 2 files changed, 43 insertions(+), 5 deletions(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index e051432..7e2c1c6 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -44,23 +44,37 @@ services: - 1.0.0.1 environment: labels: - networks: - ports: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} restart: on-failure mysql: - image: + image: mysql:latest dns: - 1.1.1.1 - 1.0.0.1 environment: + MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} MYSQL_DATABASE: guacamole_db MYSQL_USER: guacamole_user - MYSQL_PASSWORD: password + MYSQL_PASSWORD: ${DB_USER_PASS} labels: + io.rancher.container.pull_image: always + {{- if .Values.HOST_LABEL}} + io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} + {{- end}} networks: - ports: + db-admin: + aliases: + - guacamole restart: on-failure + volumes: + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql # MySQL Database to be persistent networks: + db-admin: + external: true public-proxy: external: true \ No newline at end of file diff --git a/templates/Guacamole/0/rancher-compose.yml b/templates/Guacamole/0/rancher-compose.yml index 4c51c82..4ec108d 100644 --- a/templates/Guacamole/0/rancher-compose.yml +++ b/templates/Guacamole/0/rancher-compose.yml @@ -32,4 +32,28 @@ catalog: The port to locally access the web interface on. default: "10700" required: true + type: string + + - variable: "DB_ROOT_PASS" + label: "MySQL Root Password" + description: | + A secure password to be used by the "root" MySQL user. + # default: + required: true + type: password + + - variable: "DB_USER_PASS" + label: "MySQL User Password" + description: | + A secure password to be used by the "nextcloud_user" MySQL user. + # default: + required: true + type: password + + - variable: "DATA_DIR" + label: "Data Directory" + description: | + The directory to store persistent data for the stack. + default: "Personal/Nextcloud" + required: true type: string \ No newline at end of file From fb29548894071093eba0017a07d62ecbc4ad6c85 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:22:05 -0500 Subject: [PATCH 03/27] Updated names --- templates/Guacamole/0/rancher-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/Guacamole/0/rancher-compose.yml b/templates/Guacamole/0/rancher-compose.yml index 4ec108d..bf0f58e 100644 --- a/templates/Guacamole/0/rancher-compose.yml +++ b/templates/Guacamole/0/rancher-compose.yml @@ -45,7 +45,7 @@ catalog: - variable: "DB_USER_PASS" label: "MySQL User Password" description: | - A secure password to be used by the "nextcloud_user" MySQL user. + A secure password to be used by the "guacamole_user" MySQL user. # default: required: true type: password @@ -54,6 +54,6 @@ catalog: label: "Data Directory" description: | The directory to store persistent data for the stack. - default: "Personal/Nextcloud" + default: "Personal/Guacamole" required: true type: string \ No newline at end of file From 70b81ccf072ac58e637ef3cca0ba6a0102c3aaa1 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:23:05 -0500 Subject: [PATCH 04/27] Set default version --- templates/Guacamole/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/config.yml b/templates/Guacamole/config.yml index 0082952..95762a4 100644 --- a/templates/Guacamole/config.yml +++ b/templates/Guacamole/config.yml @@ -1,7 +1,7 @@ name: Apache Guacamole description: | Status: NOT READY -# version: +version: latest #category: maintainer: WilliamMiceli # license: From 63f3b26d307c4f165fcda0cc0c79d7e61cc6e9df Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:26:08 -0500 Subject: [PATCH 05/27] Slight cleanup --- templates/Guacamole/0/docker-compose.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 7e2c1c6..60d8cc9 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -6,8 +6,6 @@ services: dns: - 1.1.1.1 - 1.0.0.1 - environment: - labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} @@ -42,7 +40,6 @@ services: dns: - 1.1.1.1 - 1.0.0.1 - environment: labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} From 38c9bed6afc17025a9b9e594403cca06d753c3b3 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:31:24 -0500 Subject: [PATCH 06/27] Added tags and updated README --- templates/Guacamole/0/README.md | 5 +++++ templates/Guacamole/0/docker-compose.yml | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/templates/Guacamole/0/README.md b/templates/Guacamole/0/README.md index 7ae68c2..484b4e9 100644 --- a/templates/Guacamole/0/README.md +++ b/templates/Guacamole/0/README.md @@ -1,4 +1,9 @@ # Guacamole +Using official images only: +* guacamole/guacamole:latest +* guacamole/guacd:latest +* mysql:latest + ### To-do List * Allow LDAP authentication in place of MySQL authentication \ No newline at end of file diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 60d8cc9..c165832 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -2,7 +2,7 @@ version: '2' services: guacamole: - image: guacamole/guacamole + image: guacamole/guacamole:latest dns: - 1.1.1.1 - 1.0.0.1 @@ -36,7 +36,7 @@ services: - "${WEB_PORT}:8080" restart: on-failure guacd: - image: guacamole/guacd + image: guacamole/guacd:latest dns: - 1.1.1.1 - 1.0.0.1 From 556325c20293105b1fc583f7b0a0278cf465177a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:43:14 -0500 Subject: [PATCH 07/27] Also sync time with host --- templates/Guacamole/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index c165832..035c8e1 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -67,6 +67,7 @@ services: - guacamole restart: on-failure volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql # MySQL Database to be persistent From c1555a13b8bdf9c1ebaefb37909bc684d200d998 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:47:28 -0500 Subject: [PATCH 08/27] Added required environment variables --- templates/Guacamole/0/docker-compose.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 035c8e1..1b6867e 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -6,6 +6,11 @@ services: dns: - 1.1.1.1 - 1.0.0.1 + environment: + MYSQL_HOSTNAME: mysql + MYSQL_DATABASE: guacamole_db + MYSQL_USER: guacamole_user + MYSQL_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} From ea160ec2fe31b4fd698e103c62fbd76a8a2a45d7 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 23:00:59 -0500 Subject: [PATCH 09/27] Updated ToDos --- templates/Guacamole/0/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/Guacamole/0/README.md b/templates/Guacamole/0/README.md index 484b4e9..6eb7b41 100644 --- a/templates/Guacamole/0/README.md +++ b/templates/Guacamole/0/README.md @@ -6,4 +6,5 @@ Using official images only: * mysql:latest ### To-do List -* Allow LDAP authentication in place of MySQL authentication \ No newline at end of file +* Allow LDAP authentication in place of MySQL authentication +* Make database initialization automatic, or provide instructions for it \ No newline at end of file From 68505b1ec43190a786d8a4ce3b62372ce6d964aa Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 15:33:26 -0500 Subject: [PATCH 10/27] Minor updates, also now using Postgres --- templates/Guacamole/0/docker-compose.yml | 53 ++++++++++-------------- 1 file changed, 21 insertions(+), 32 deletions(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 1b6867e..a06d75e 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -7,39 +7,33 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - MYSQL_HOSTNAME: mysql - MYSQL_DATABASE: guacamole_db - MYSQL_USER: guacamole_user - MYSQL_PASSWORD: ${DB_USER_PASS} + POSTGRES_HOSTNAME: postgres + POSTGRES_DATABASE: guacamole_db + POSTGRES_USER: guacamole_user + POSTGRES_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - {{- if .Values.TRAEFIK_HOST}} traefik.enable: true ### Start Web Segment traefik.web.frontend.entryPoints: http,https traefik.web.frontend.headers.forceSTSHeader: true + traefik.web.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.redirect.entryPoint: https - traefik.web.frontend.redirect.permanent: true traefik.web.frontend.rule: Host:${TRAEFIK_HOST} traefik.web.port: "8080" ### End Web Segment - {{- else}} - traefik.enable: false - {{- end}} links: - guacd - - mysql - networks: - - public-proxy - ports: - - "${WEB_PORT}:8080" + - postgres restart: on-failure + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system guacd: image: guacamole/guacd:latest dns: @@ -50,34 +44,29 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} + traefik.enable: false restart: on-failure - mysql: - image: mysql:latest + volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + postgres: + image: postgres:alpine dns: - 1.1.1.1 - 1.0.0.1 environment: - MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} - MYSQL_DATABASE: guacamole_db - MYSQL_USER: guacamole_user - MYSQL_PASSWORD: ${DB_USER_PASS} + POSTGRES_DB: guacamole_db + POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS} + POSTGRES_USER: guacamole_user + POSTGRES_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - networks: - db-admin: - aliases: - - guacamole + traefik.enable: false restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql # MySQL Database to be persistent - -networks: - db-admin: - external: true - public-proxy: - external: true \ No newline at end of file + - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data \ No newline at end of file From 7c9c0b05198a2f7aa8cf95029e9105e30c8a140d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 15:38:22 -0500 Subject: [PATCH 11/27] Fixed Rancher questions --- templates/Guacamole/0/docker-compose.yml | 2 +- templates/Guacamole/0/rancher-compose.yml | 23 +++++++---------------- 2 files changed, 8 insertions(+), 17 deletions(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index a06d75e..09d9112 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -24,7 +24,7 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.rule: Host:${TRAEFIK_HOST} + traefik.web.frontend.rule: Host:${TRAEFIK_HOSTNAME} traefik.web.port: "8080" ### End Web Segment links: diff --git a/templates/Guacamole/0/rancher-compose.yml b/templates/Guacamole/0/rancher-compose.yml index bf0f58e..b71dddc 100644 --- a/templates/Guacamole/0/rancher-compose.yml +++ b/templates/Guacamole/0/rancher-compose.yml @@ -17,35 +17,26 @@ catalog: required: false type: string - - variable: "TRAEFIK_HOST" - label: "Public Host Domain" + - variable: "TRAEFIK_HOSTNAME" + label: "Public Hostname" description: | - The host that Traefik will use to provide public access. - Leaving this empty will disable Traefik on this stack. + The FQDN which Traefik should use to provide public access. default: "subdomain.domain.tld" - required: false - type: string - - - variable: "WEB_PORT" - label: "Local Web Port" - description: | - The port to locally access the web interface on. - default: "10700" required: true type: string - variable: "DB_ROOT_PASS" - label: "MySQL Root Password" + label: "Database Root Password" description: | - A secure password to be used by the "root" MySQL user. + A secure password to be used by the "root" user. # default: required: true type: password - variable: "DB_USER_PASS" - label: "MySQL User Password" + label: "Database User Password" description: | - A secure password to be used by the "guacamole_user" MySQL user. + A secure password to be used by the "guacamole_user" user. # default: required: true type: password From 0c2618b0c2a7fc8c7c551551e024cb2df5390002 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 16:15:51 -0500 Subject: [PATCH 12/27] Explicitly defined guacd hostname --- templates/Guacamole/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 09d9112..a1bb51b 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -7,6 +7,7 @@ services: - 1.1.1.1 - 1.0.0.1 environment: + GUACD_HOSTNAME: guacd POSTGRES_HOSTNAME: postgres POSTGRES_DATABASE: guacamole_db POSTGRES_USER: guacamole_user From ada430be5252980bbf4458cfa48ab41563a8fc93 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 16:28:31 -0500 Subject: [PATCH 13/27] Added shared volume for setup files --- templates/Guacamole/0/docker-compose.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index a1bb51b..b6ea2ed 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -35,6 +35,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Setup:/Setup guacd: image: guacamole/guacd:latest dns: @@ -70,4 +71,5 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data \ No newline at end of file + - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data + - /RancherCattle/${DATA_DIR}/Setup:/Setup \ No newline at end of file From 9b926aed59c5559cb7e8e2f1d35fd9e200a2ec89 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 16:57:56 -0500 Subject: [PATCH 14/27] Changed back to mysql --- templates/Guacamole/0/docker-compose.yml | 28 ++++++++++++------------ 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index b6ea2ed..c278ea0 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -8,10 +8,10 @@ services: - 1.0.0.1 environment: GUACD_HOSTNAME: guacd - POSTGRES_HOSTNAME: postgres - POSTGRES_DATABASE: guacamole_db - POSTGRES_USER: guacamole_user - POSTGRES_PASSWORD: ${DB_USER_PASS} + MYSQL_HOSTNAME: mysql + MYSQL_DATABASE: guacamole_db + MYSQL_USER: guacamole_user + MYSQL_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} @@ -30,12 +30,12 @@ services: ### End Web Segment links: - guacd - - postgres + - mysql restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Setup:/Setup + - /RancherCattle/${DATA_DIR}/Setup:/setup guacd: image: guacamole/guacd:latest dns: @@ -51,16 +51,16 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - postgres: - image: postgres:alpine + mysql: + image: mysql:5 dns: - 1.1.1.1 - 1.0.0.1 environment: - POSTGRES_DB: guacamole_db - POSTGRES_ROOT_PASSWORD: ${DB_ROOT_PASS} - POSTGRES_USER: guacamole_user - POSTGRES_PASSWORD: ${DB_USER_PASS} + MYSQL_DB: guacamole_db + MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} + MYSQL_USER: guacamole_user + MYSQL_PASSWORD: ${DB_USER_PASS} labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} @@ -71,5 +71,5 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/data - - /RancherCattle/${DATA_DIR}/Setup:/Setup \ No newline at end of file + - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql + - /RancherCattle/${DATA_DIR}/Setup:/setup \ No newline at end of file From 4b00b089faedc5a18206c2d0c4e0e85a9fd6eda5 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 17:05:31 -0500 Subject: [PATCH 15/27] Fixed environment variable name --- templates/Guacamole/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index c278ea0..551ca50 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -57,7 +57,7 @@ services: - 1.1.1.1 - 1.0.0.1 environment: - MYSQL_DB: guacamole_db + MYSQL_DATABASE: guacamole_db MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS} MYSQL_USER: guacamole_user MYSQL_PASSWORD: ${DB_USER_PASS} From f306f394700e8d55fd3ebc4dbd8725c12860c05f Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 17:41:00 -0500 Subject: [PATCH 16/27] Testing adding a prefix to the path --- templates/Guacamole/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 551ca50..a7acf8f 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -25,7 +25,7 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.rule: Host:${TRAEFIK_HOSTNAME} + traefik.web.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole" traefik.web.port: "8080" ### End Web Segment links: From 23f9ddffa3692d4b60406a30f46545a90aace687 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 17:41:19 -0500 Subject: [PATCH 17/27] Changed default to have hosted on Controller --- templates/Guacamole/0/rancher-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/0/rancher-compose.yml b/templates/Guacamole/0/rancher-compose.yml index b71dddc..7aefee8 100644 --- a/templates/Guacamole/0/rancher-compose.yml +++ b/templates/Guacamole/0/rancher-compose.yml @@ -13,7 +13,7 @@ catalog: label: "Host Label Key/Value Pair" description: | The Key/Value pair on the host which the stack should be deployed. - default: "host.id=Host1" + default: "host.id=Controller" required: false type: string From ade6f1fc353bf51123cebaeee6b37a72e03f6a51 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 17:41:42 -0500 Subject: [PATCH 18/27] Updated with installation instructions --- templates/Guacamole/0/README.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/templates/Guacamole/0/README.md b/templates/Guacamole/0/README.md index 6eb7b41..453f2f5 100644 --- a/templates/Guacamole/0/README.md +++ b/templates/Guacamole/0/README.md @@ -1,10 +1,13 @@ # Guacamole -Using official images only: -* guacamole/guacamole:latest -* guacamole/guacd:latest -* mysql:latest +## Initial Setup -### To-do List -* Allow LDAP authentication in place of MySQL authentication -* Make database initialization automatic, or provide instructions for it \ No newline at end of file +On the "guacamole" container, run: +`` + +On the "mysql" container, run: +`cat /setup/initdb.sql | mysql -u root -p guacamole_db` + +## Post-Installation + +Make sure you create your own user account and delete the "guacadmin" user (or at very least change the password) \ No newline at end of file From 45ff58c16f8e6658cc96268272c11a00c2888002 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 17:43:51 -0500 Subject: [PATCH 19/27] Made note for later --- templates/Guacamole/0/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/templates/Guacamole/0/README.md b/templates/Guacamole/0/README.md index 453f2f5..949c574 100644 --- a/templates/Guacamole/0/README.md +++ b/templates/Guacamole/0/README.md @@ -10,4 +10,7 @@ On the "mysql" container, run: ## Post-Installation -Make sure you create your own user account and delete the "guacadmin" user (or at very least change the password) \ No newline at end of file +Make sure you create your own user account and delete the "guacadmin" user (or at very least change the password) + +## TODO +* Allow adding extensions \ No newline at end of file From a467667184adbdf9d86430af60670a16dcb1c4eb Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 17:45:39 -0500 Subject: [PATCH 20/27] Added setup instruction --- templates/Guacamole/0/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/0/README.md b/templates/Guacamole/0/README.md index 949c574..b9cc313 100644 --- a/templates/Guacamole/0/README.md +++ b/templates/Guacamole/0/README.md @@ -3,7 +3,7 @@ ## Initial Setup On the "guacamole" container, run: -`` +`/opt/guacamole/bin/initdb.sh --mysql > /setup/initdb.sql` On the "mysql" container, run: `cat /setup/initdb.sql | mysql -u root -p guacamole_db` From 81e746ed91bd29ab4072efd31b7b5f58735f749a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 18:27:56 -0500 Subject: [PATCH 21/27] Testing some fine-tuning changes --- templates/Guacamole/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index a7acf8f..d3dc2d4 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -25,7 +25,7 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole" + traefik.web.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole; PathPrefixStrip: /guacamole" traefik.web.port: "8080" ### End Web Segment links: From 08b414fe228ba452bbe497e1f57840019674d8d9 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 18:40:10 -0500 Subject: [PATCH 22/27] Found actual reason for the issue --- templates/Guacamole/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index d3dc2d4..a7acf8f 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -25,7 +25,7 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole; PathPrefixStrip: /guacamole" + traefik.web.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole" traefik.web.port: "8080" ### End Web Segment links: From adbe17efc1702b176573fbc35cb749d173a1912d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 18:43:12 -0500 Subject: [PATCH 23/27] Testing separation of SSL and non-SSL This is to attempt at not having the path prefix added twice on the initial connection to the site --- templates/Guacamole/0/docker-compose.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index a7acf8f..020f0fd 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -18,16 +18,19 @@ services: io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} traefik.enable: true - ### Start Web Segment - traefik.web.frontend.entryPoints: http,https - traefik.web.frontend.headers.forceSTSHeader: true - traefik.web.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) - traefik.web.frontend.headers.SSLRedirect: true - traefik.web.frontend.headers.STSPreload: true - traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole" - traefik.web.port: "8080" - ### End Web Segment + ### Start HTTP Segment + traefik.http.frontend.entryPoints: http + traefik.http.frontend.headers.SSLRedirect: true + ### End HTTP Segment + ### Start HTTPS Segment + traefik.https.frontend.entryPoints: https + traefik.https.frontend.headers.forceSTSHeader: true + traefik.https.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) + traefik.https.frontend.headers.STSPreload: true + traefik.https.frontend.headers.STSSeconds: 15552000 + traefik.https.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole" + traefik.https.port: "8080" + ### End HTTPS Segment links: - guacd - mysql From 5f6121c2b3777223d94af14895bb1cc8d1b2207b Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 18:47:56 -0500 Subject: [PATCH 24/27] Fixed issue of no matching rule --- templates/Guacamole/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 020f0fd..c1ccb02 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -21,6 +21,7 @@ services: ### Start HTTP Segment traefik.http.frontend.entryPoints: http traefik.http.frontend.headers.SSLRedirect: true + traefik.http.frontend.rule: Host:${TRAEFIK_HOSTNAME} ### End HTTP Segment ### Start HTTPS Segment traefik.https.frontend.entryPoints: https From 4e26df51aa171ab388dd0bb09108fb334c4c976a Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 18:51:51 -0500 Subject: [PATCH 25/27] Port possibly required --- templates/Guacamole/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index c1ccb02..dd5b026 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -22,6 +22,7 @@ services: traefik.http.frontend.entryPoints: http traefik.http.frontend.headers.SSLRedirect: true traefik.http.frontend.rule: Host:${TRAEFIK_HOSTNAME} + traefik.http.port: "1" ### End HTTP Segment ### Start HTTPS Segment traefik.https.frontend.entryPoints: https From 7ed3a603e87bfe04e52ab9b859012dfe5fdfe22d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 18:52:24 -0500 Subject: [PATCH 26/27] Changed port in case of healthcheck issues --- templates/Guacamole/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index dd5b026..0550b09 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -22,7 +22,7 @@ services: traefik.http.frontend.entryPoints: http traefik.http.frontend.headers.SSLRedirect: true traefik.http.frontend.rule: Host:${TRAEFIK_HOSTNAME} - traefik.http.port: "1" + traefik.http.port: "8080" ### End HTTP Segment ### Start HTTPS Segment traefik.https.frontend.entryPoints: https From b7c6e17ae48829ac29fab90b639e9077c2ad5e63 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 16 Jan 2019 18:59:01 -0500 Subject: [PATCH 27/27] Added notes --- templates/Guacamole/0/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index 0550b09..e919025 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -18,7 +18,7 @@ services: io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} traefik.enable: true - ### Start HTTP Segment + ### Start HTTP Segment (Each EntryPoint has it's own segment, that way on initial HTTP connection, the prefix isn't added twice) traefik.http.frontend.entryPoints: http traefik.http.frontend.headers.SSLRedirect: true traefik.http.frontend.rule: Host:${TRAEFIK_HOSTNAME} @@ -40,7 +40,7 @@ services: volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - - /RancherCattle/${DATA_DIR}/Setup:/setup + - /RancherCattle/${DATA_DIR}/Setup:/setup # Used to make initial setup much simpler guacd: image: guacamole/guacd:latest dns: @@ -77,4 +77,4 @@ services: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattle/${DATA_DIR}/Database:/var/lib/mysql - - /RancherCattle/${DATA_DIR}/Setup:/setup \ No newline at end of file + - /RancherCattle/${DATA_DIR}/Setup:/setup # Used to make initial setup much simpler \ No newline at end of file