From 32c2618ca92038989220e433d78c242421a31c95 Mon Sep 17 00:00:00 2001
From: Thomas John Wesolowski <wojoinc@iastate.edu>
Date: Thu, 9 Aug 2018 22:06:24 -0500
Subject: [PATCH 1/7] GUACAMOLE-626: Add Docker secret support for MySQL and
 Postgres

Add support for reading from docker secret files. New script prefers environment variables ending with _FILE over normal variables, meaning that Docker secrets will take precedence. You can, however, mix variable types, ex. MYSQL_USER uses a normal environment variable, while MYSQL_PASSWORD uses a secret.
---
 guacamole-docker/bin/start.sh | 84 ++++++++++++++++++++++++++++-------
 1 file changed, 68 insertions(+), 16 deletions(-)

diff --git a/guacamole-docker/bin/start.sh b/guacamole-docker/bin/start.sh
index 9054a08f7..7035edf04 100755
--- a/guacamole-docker/bin/start.sh
+++ b/guacamole-docker/bin/start.sh
@@ -125,13 +125,13 @@ END
         exit 1;
     fi
 
-    # Verify required parameters are present
-    if [ -z "$MYSQL_USER" -o -z "$MYSQL_PASSWORD" -o -z "$MYSQL_DATABASE" ]; then
-        cat <<END
+    MYSQL_MISSING_VARS=`cat <<END
 FATAL: Missing required environment variables
 -------------------------------------------------------------------------------
 If using a MySQL database, you must provide each of the following
-environment variables:
+environment variables or their corresponding Docker secrets by appending _FILE
+to the environment variable, and setting the value to the path of the 
+corresponding secret:
 
     MYSQL_USER         The user to authenticate as when connecting to
                        MySQL.
@@ -141,16 +141,39 @@ environment variables:
 
     MYSQL_DATABASE     The name of the MySQL database to use for Guacamole
                        authentication.
-END
+END`
+
+    # Verify that the required Docker secrets are present, else, default to their normal environment variables
+    if [ -n "$MYSQL_USER_FILE" ]; then
+        set_property "mysql-username" `cat $MYSQL_USER_FILE`
+    elif [ -n "$MYSQL_USER" ]; then
+        set_property "mysql-username" "$MYSQL_USER"
+    else
+        cat "$MYSQL_MISSING_VARS"
+        exit 1;
+    fi
+    
+    if [ -n "$MYSQL_PASSWORD_FILE" ]; then
+        set_property "mysql-password" `cat $MYSQL_PASSWORD_FILE`
+    elif [ -n "$MYSQL_PASSWORD" ]; then
+        set_property "mysql-password" "$MYSQL_PASSWORD"
+    else
+        cat "$MYSQL_MISSING_VARS"
+        exit 1;
+    fi
+
+    if [ -n "$MYSQL_DATABASE_FILE" ]; then
+        set_property "mysql-database" `cat $MYSQL_DATABASE_FILE`
+    elif [ -n "$MYSQL_DATABASE" ]; then
+        set_property "mysql-database" "$MYSQL_DATABASE"
+    else
+        cat "$MYSQL_MISSING_VARS"
         exit 1;
     fi
 
     # Update config file
     set_property "mysql-hostname" "$MYSQL_HOSTNAME"
     set_property "mysql-port"     "$MYSQL_PORT"
-    set_property "mysql-database" "$MYSQL_DATABASE"
-    set_property "mysql-username" "$MYSQL_USER"
-    set_property "mysql-password" "$MYSQL_PASSWORD"
 
     set_optional_property               \
         "mysql-absolute-max-connections" \
@@ -221,13 +244,13 @@ END
         exit 1;
     fi
 
-    # Verify required parameters are present
-    if [ -z "$POSTGRES_USER" -o -z "$POSTGRES_PASSWORD" -o -z "$POSTGRES_DATABASE" ]; then
-        cat <<END
+    POSTGRES_MISSING_VARS=`cat <<END
 FATAL: Missing required environment variables
 -------------------------------------------------------------------------------
 If using a PostgreSQL database, you must provide each of the following
-environment variables:
+environment variables or their corresponding Docker secrets by appending _FILE
+to the environment variable, and setting the value to the path of the 
+corresponding secret:
 
     POSTGRES_USER      The user to authenticate as when connecting to
                        PostgreSQL.
@@ -237,16 +260,45 @@ environment variables:
 
     POSTGRES_DATABASE  The name of the PostgreSQL database to use for Guacamole
                        authentication.
-END
+END`
+
+    # Verify that the required Docker secrets are present, else, default to their normal environment variables
+    if [ -n "$POSTGRES_USER_FILE" ]; then
+        set_property "postgresql-username" `cat $POSTGRES_USER_FILE`
+    elif [ -n "$POSTGRES_USER" ]; then
+        set_property "postgresql-username" "$POSTGRES_USER"
+    else
+        cat "$POSTGRES_MISSING_VARS"
+        exit 1;
+    fi
+    
+    if [ -n "$POSTGRES_PASSWORD_FILE" ]; then
+        set_property "postgresql-password" `cat $POSTGRES_PASSWORD_FILE`
+    elif [ -n "$POSTGRES_PASSWORD" ]; then
+        set_property "postgresql-password" "$POSTGRES_PASSWORD"
+    else
+        cat "$POSTGRES_MISSING_VARS"
+        exit 1;
+    fi
+
+    if [ -n "$POSTGRES_DATABASE_FILE" ]; then
+        set_property "postgresql-database" `cat $POSTGRES_DATABASE_FILE`
+    elif [ -n "$POSTGRES_DATABASE" ]; then
+        set_property "postgresql-database" "$POSTGRES_DATABASE"
+    else
+        cat "$POSTGRES_MISSING_VARS"
+        exit 1;
+    fi
+
+    # Verify required parameters are present
+    if [ -z "$POSTGRES_USER" -o -z "$POSTGRES_PASSWORD" -o -z "$POSTGRES_DATABASE" ]; then
+        cat 
         exit 1;
     fi
 
     # Update config file
     set_property "postgresql-hostname" "$POSTGRES_HOSTNAME"
     set_property "postgresql-port"     "$POSTGRES_PORT"
-    set_property "postgresql-database" "$POSTGRES_DATABASE"
-    set_property "postgresql-username" "$POSTGRES_USER"
-    set_property "postgresql-password" "$POSTGRES_PASSWORD"
 
     set_optional_property               \
         "postgresql-absolute-max-connections" \

From a7ed572e3b974569f8d25f4e4f86adbfe9e8c828 Mon Sep 17 00:00:00 2001
From: Thomas John Wesolowski <wojoinc@iastate.edu>
Date: Thu, 9 Aug 2018 22:25:23 -0500
Subject: [PATCH 2/7] GUACAMOLE-626: Few additional changes to add secret
 support

Remove bug causing Docker secret for database file to prevent the script from completing successfully.
---
 guacamole-docker/bin/start.sh | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/guacamole-docker/bin/start.sh b/guacamole-docker/bin/start.sh
index 7035edf04..c798300f2 100755
--- a/guacamole-docker/bin/start.sh
+++ b/guacamole-docker/bin/start.sh
@@ -290,12 +290,6 @@ END`
         exit 1;
     fi
 
-    # Verify required parameters are present
-    if [ -z "$POSTGRES_USER" -o -z "$POSTGRES_PASSWORD" -o -z "$POSTGRES_DATABASE" ]; then
-        cat 
-        exit 1;
-    fi
-
     # Update config file
     set_property "postgresql-hostname" "$POSTGRES_HOSTNAME"
     set_property "postgresql-port"     "$POSTGRES_PORT"
@@ -458,13 +452,13 @@ set_property "guacd-port"     "$GUACD_PORT"
 INSTALLED_AUTH=""
 
 # Use MySQL if database specified
-if [ -n "$MYSQL_DATABASE" ]; then
+if [ -n "$MYSQL_DATABASE" -o -n "$MYSQL_DATABASE_FILE" ]; then
     associate_mysql
     INSTALLED_AUTH="$INSTALLED_AUTH mysql"
 fi
 
 # Use PostgreSQL if database specified
-if [ -n "$POSTGRES_DATABASE" ]; then
+if [ -n "$POSTGRES_DATABASE" -o -n "$POSTGRES_DATABASE_FILE" ]; then
     associate_postgresql
     INSTALLED_AUTH="$INSTALLED_AUTH postgres"
 fi

From 8788a51199ea36666d36402aa3b2891929f9d3d6 Mon Sep 17 00:00:00 2001
From: Thomas John Wesolowski <wojoinc@iastate.edu>
Date: Thu, 20 Sep 2018 20:54:05 -0500
Subject: [PATCH 3/7] GUACAMOLE-626: Update README.md

Add appropriate documentation for usage of Docker secrets
---
 guacamole-docker/README.md | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/guacamole-docker/README.md b/guacamole-docker/README.md
index 89ea1fa7c..d145b1e56 100644
--- a/guacamole-docker/README.md
+++ b/guacamole-docker/README.md
@@ -28,6 +28,14 @@ Once the Guacamole image is running, Guacamole will be accessible at
 `-p 8080:8080` option to expose this port at the level of the machine hosting
 Docker, as well.
 
+Docker Secrets
+==============
+The string `_FILE` may be appended to some of the environment variables listed below if you are using MySQL or PostgreSQL authentication. This will cause the startup script to load the values for those variables from files within in the container. This is useful for specifying sensitive info, ie. passwords for the database, in secured files instead of plaintext environment variables, and is generally used for loading values from [Docker secrets](https://docs.docker.com/engine/swarm/secrets/#read-more-about-docker-secret-commands), which are stored in `/run/secrets/<secret_name>` within the container.
+
+It is important to note that the startup script is configured such that:
+1. You may mix the use of Docker secrets and normal environment variables. For example, you may wish to use `MYSQL_USER_FILE` and `MYSQL_PASSWORD_FILE`, but wish to specify the database name with `MYSQL_DATABASE`
+2. If both a normal environment variable and its corresponding secret are defined in the same command line or compose file, ie. `MYSQL_PASSWORD` and `MYSQL_PASSWORD_FILE`, precedence is given to the secret.
+
 Deploying Guacamole with PostgreSQL authentication
 --------------------------------------------------
 
@@ -35,7 +43,10 @@ Deploying Guacamole with PostgreSQL authentication
         --link some-postgres:postgres      \
         -e POSTGRES_DATABASE=guacamole_db  \
         -e POSTGRES_USER=guacamole_user    \
-        -e POSTGRES_PASSWORD=some_password \
+        -e POSTGRES_PASSWORD=some_password \        
+        -e POSTGRES_DATABASE_FILE=/run/secrets/<secret_name> \
+        -e POSTGRES_USER_FILE=/run/secrets/<secret_name> \
+        -e POSTGRES_PASSWORD_FILE=/run/secrets/<secret_name> \
         -d -p 8080:8080 guacamole/guacamole
 
 Linking Guacamole to PostgreSQL requires three environment variables. If any of
@@ -45,6 +56,9 @@ the image will stop:
 1. `POSTGRES_DATABASE` - The name of the database to use for Guacamole authentication.
 2. `POSTGRES_USER` - The user that Guacamole will use to connect to PostgreSQL.
 3. `POSTGRES_PASSWORD` - The password that Guacamole will provide when connecting to PostgreSQL as `POSTGRES_USER`.
+4. `POSTGRES_DATABASE_FILE` - The path of the docker secret containing the name of database to use for Guacamole authentication.
+5. `POSTGRES_USER` - The path of the docker secret containing the name of the user that Guacamole will use to connect to PostgreSQL.
+6. `POSTGRES_PASSWORD` - The path of the docker secret containing the password that Guacamole will provide when connecting to PostgreSQL as `POSTGRES_USER`.
 
 ### Initializing the PostgreSQL database
 
@@ -81,6 +95,9 @@ Deploying Guacamole with MySQL authentication
         -e MYSQL_DATABASE=guacamole_db  \
         -e MYSQL_USER=guacamole_user    \
         -e MYSQL_PASSWORD=some_password \
+        -e MYSQL_DATABASE_FILE=/run/secrets/<secret_name> \
+        -e MYSQL_USER_FILE=/run/secrets/<secret_name> \
+        -e MYSQL_PASSWORD_FILE=/run/secrets/<secret_name> \
         -d -p 8080:8080 guacamole/guacamole
 
 Linking Guacamole to MySQL requires three environment variables. If any of
@@ -90,6 +107,9 @@ the image will stop:
 1. `MYSQL_DATABASE` - The name of the database to use for Guacamole authentication.
 2. `MYSQL_USER` - The user that Guacamole will use to connect to MySQL.
 3. `MYSQL_PASSWORD` - The password that Guacamole will provide when connecting to MySQL as `MYSQL_USER`.
+4. `MYSQL_DATABASE_FILE` - The path of the docker secret containing the name of database to use for Guacamole authentication.
+5. `MYSQL_USER` - The path of the docker secret containing the name of the user that Guacamole will use to connect to MySQL.
+6. `MYSQL_PASSWORD` - The path of the docker secret containing the password that Guacamole will provide when connecting to MySQL as `MYSQL_USER`.
 
 ### Initializing the MySQL database
 

From 307eb943db14e2439264b445aef6c14779086397 Mon Sep 17 00:00:00 2001
From: Thomas Wesolowski <wojoinc@gmail.com>
Date: Thu, 20 Sep 2018 23:17:00 -0500
Subject: [PATCH 4/7] GUACAMOLE-626: Remove backticks, replace with function

---
 guacamole-docker/bin/start.sh | 92 +++++++++++++++++++----------------
 1 file changed, 51 insertions(+), 41 deletions(-)

diff --git a/guacamole-docker/bin/start.sh b/guacamole-docker/bin/start.sh
index c798300f2..0fceb72da 100755
--- a/guacamole-docker/bin/start.sh
+++ b/guacamole-docker/bin/start.sh
@@ -84,6 +84,29 @@ set_optional_property() {
 
 }
 
+# Print error message regarding missing required variables for MySQL authentication
+mysql_missing_vars() {
+   cat <<END
+FATAL: Missing required environment variables
+-------------------------------------------------------------------------------
+If using a MySQL database, you must provide each of the following
+environment variables or their corresponding Docker secrets by appending _FILE
+to the environment variable, and setting the value to the path of the 
+corresponding secret:
+
+    MYSQL_USER         The user to authenticate as when connecting to
+                       MySQL.
+
+    MYSQL_PASSWORD     The password to use when authenticating with MySQL as
+                       MYSQL_USER.
+
+    MYSQL_DATABASE     The name of the MySQL database to use for Guacamole
+                       authentication.
+END
+    exit 1;
+}
+
+
 ##
 ## Adds properties to guacamole.properties which select the MySQL
 ## authentication provider, and configure it to connect to the linked MySQL
@@ -125,23 +148,6 @@ END
         exit 1;
     fi
 
-    MYSQL_MISSING_VARS=`cat <<END
-FATAL: Missing required environment variables
--------------------------------------------------------------------------------
-If using a MySQL database, you must provide each of the following
-environment variables or their corresponding Docker secrets by appending _FILE
-to the environment variable, and setting the value to the path of the 
-corresponding secret:
-
-    MYSQL_USER         The user to authenticate as when connecting to
-                       MySQL.
-
-    MYSQL_PASSWORD     The password to use when authenticating with MySQL as
-                       MYSQL_USER.
-
-    MYSQL_DATABASE     The name of the MySQL database to use for Guacamole
-                       authentication.
-END`
 
     # Verify that the required Docker secrets are present, else, default to their normal environment variables
     if [ -n "$MYSQL_USER_FILE" ]; then
@@ -149,7 +155,7 @@ END`
     elif [ -n "$MYSQL_USER" ]; then
         set_property "mysql-username" "$MYSQL_USER"
     else
-        cat "$MYSQL_MISSING_VARS"
+        mysql_missing_vars
         exit 1;
     fi
     
@@ -158,7 +164,7 @@ END`
     elif [ -n "$MYSQL_PASSWORD" ]; then
         set_property "mysql-password" "$MYSQL_PASSWORD"
     else
-        cat "$MYSQL_MISSING_VARS"
+        mysql_missing_vars
         exit 1;
     fi
 
@@ -167,7 +173,7 @@ END`
     elif [ -n "$MYSQL_DATABASE" ]; then
         set_property "mysql-database" "$MYSQL_DATABASE"
     else
-        cat "$MYSQL_MISSING_VARS"
+        mysql_missing_vars
         exit 1;
     fi
 
@@ -201,6 +207,28 @@ END`
 
 }
 
+# Print error message regarding missing required variables for PostgreSQL authentication
+postgres_missing_vars() {
+    cat <<END
+FATAL: Missing required environment variables
+-------------------------------------------------------------------------------
+If using a PostgreSQL database, you must provide each of the following
+environment variables or their corresponding Docker secrets by appending _FILE
+to the environment variable, and setting the value to the path of the 
+corresponding secret:
+
+    POSTGRES_USER      The user to authenticate as when connecting to
+                       PostgreSQL.
+
+    POSTGRES_PASSWORD  The password to use when authenticating with PostgreSQL
+                       as POSTGRES_USER.
+
+    POSTGRES_DATABASE  The name of the PostgreSQL database to use for Guacamole
+                       authentication.
+END
+    exit 1;
+}
+
 ##
 ## Adds properties to guacamole.properties which select the PostgreSQL
 ## authentication provider, and configure it to connect to the linked
@@ -244,31 +272,13 @@ END
         exit 1;
     fi
 
-    POSTGRES_MISSING_VARS=`cat <<END
-FATAL: Missing required environment variables
--------------------------------------------------------------------------------
-If using a PostgreSQL database, you must provide each of the following
-environment variables or their corresponding Docker secrets by appending _FILE
-to the environment variable, and setting the value to the path of the 
-corresponding secret:
-
-    POSTGRES_USER      The user to authenticate as when connecting to
-                       PostgreSQL.
-
-    POSTGRES_PASSWORD  The password to use when authenticating with PostgreSQL
-                       as POSTGRES_USER.
-
-    POSTGRES_DATABASE  The name of the PostgreSQL database to use for Guacamole
-                       authentication.
-END`
-
     # Verify that the required Docker secrets are present, else, default to their normal environment variables
     if [ -n "$POSTGRES_USER_FILE" ]; then
         set_property "postgresql-username" `cat $POSTGRES_USER_FILE`
     elif [ -n "$POSTGRES_USER" ]; then
         set_property "postgresql-username" "$POSTGRES_USER"
     else
-        cat "$POSTGRES_MISSING_VARS"
+        postgres_missing_vars
         exit 1;
     fi
     
@@ -277,7 +287,7 @@ END`
     elif [ -n "$POSTGRES_PASSWORD" ]; then
         set_property "postgresql-password" "$POSTGRES_PASSWORD"
     else
-        cat "$POSTGRES_MISSING_VARS"
+        postgres_missing_vars
         exit 1;
     fi
 
@@ -286,7 +296,7 @@ END`
     elif [ -n "$POSTGRES_DATABASE" ]; then
         set_property "postgresql-database" "$POSTGRES_DATABASE"
     else
-        cat "$POSTGRES_MISSING_VARS"
+        postgres_missing_vars
         exit 1;
     fi
 

From 3bb3fc0f704ea55c739deb3ba236561dd730e472 Mon Sep 17 00:00:00 2001
From: Thomas John Wesolowski <wojoinc@iastate.edu>
Date: Fri, 18 Jan 2019 23:34:21 -0600
Subject: [PATCH 5/7] GUACAMOLE-626: Update README for fomatting and clarity

Add `_FILE` suffix where missing
Clarify Docker Secrets section
Reformat line length to match the rest of the file
---
 guacamole-docker/README.md | 41 ++++++++++++++++++++++++++++----------
 1 file changed, 30 insertions(+), 11 deletions(-)

diff --git a/guacamole-docker/README.md b/guacamole-docker/README.md
index d145b1e56..04e64e5c9 100644
--- a/guacamole-docker/README.md
+++ b/guacamole-docker/README.md
@@ -30,11 +30,22 @@ Docker, as well.
 
 Docker Secrets
 ==============
-The string `_FILE` may be appended to some of the environment variables listed below if you are using MySQL or PostgreSQL authentication. This will cause the startup script to load the values for those variables from files within in the container. This is useful for specifying sensitive info, ie. passwords for the database, in secured files instead of plaintext environment variables, and is generally used for loading values from [Docker secrets](https://docs.docker.com/engine/swarm/secrets/#read-more-about-docker-secret-commands), which are stored in `/run/secrets/<secret_name>` within the container.
+The string `_FILE` may be appended to some of the environment variables listed 
+below if you are using MySQL or PostgreSQL authentication. This will cause the 
+startup script to load the values for those variables from files within
+the container. This is useful for specifying sensitive info, ie. passwords for 
+the database, in secured files instead of plaintext environment variables. This
+is generally used for loading values from [Docker secrets](https://docs.docker.com/engine/swarm/secrets/#read-more-about-docker-secret-commands), which are stored at 
+`/run/secrets/<secret_name>` within the container.
 
 It is important to note that the startup script is configured such that:
-1. You may mix the use of Docker secrets and normal environment variables. For example, you may wish to use `MYSQL_USER_FILE` and `MYSQL_PASSWORD_FILE`, but wish to specify the database name with `MYSQL_DATABASE`
-2. If both a normal environment variable and its corresponding secret are defined in the same command line or compose file, ie. `MYSQL_PASSWORD` and `MYSQL_PASSWORD_FILE`, precedence is given to the secret.
+1. You may mix the use of Docker secrets and normal environment variables. 
+For example, you may wish to use `MYSQL_USER_FILE` and `MYSQL_PASSWORD_FILE`, 
+but wish to specify the database name with `MYSQL_DATABASE`
+2. If both a normal environment variable and its corresponding secret are defined
+in the same command line, or section with in a [Compose](https://docs.docker.com/compose/)file, 
+the secret will take precedence. For instance, if both `MYSQL_PASSWORD` 
+and `MYSQL_PASSWORD_FILE` are given, `MYSQL_PASSWORD_FILE` will be used.
 
 Deploying Guacamole with PostgreSQL authentication
 --------------------------------------------------
@@ -55,10 +66,14 @@ the image will stop:
 
 1. `POSTGRES_DATABASE` - The name of the database to use for Guacamole authentication.
 2. `POSTGRES_USER` - The user that Guacamole will use to connect to PostgreSQL.
-3. `POSTGRES_PASSWORD` - The password that Guacamole will provide when connecting to PostgreSQL as `POSTGRES_USER`.
-4. `POSTGRES_DATABASE_FILE` - The path of the docker secret containing the name of database to use for Guacamole authentication.
-5. `POSTGRES_USER` - The path of the docker secret containing the name of the user that Guacamole will use to connect to PostgreSQL.
-6. `POSTGRES_PASSWORD` - The path of the docker secret containing the password that Guacamole will provide when connecting to PostgreSQL as `POSTGRES_USER`.
+3. `POSTGRES_PASSWORD` - The password that Guacamole will provide when connecting to 
+PostgreSQL as `POSTGRES_USER`.
+4. `POSTGRES_DATABASE_FILE` - The path of the docker secret containing the name of database 
+to use for Guacamole authentication.
+5. `POSTGRES_USER_FILE` - The path of the docker secret containing the name of the 
+user that Guacamole will use to connect to PostgreSQL.
+6. `POSTGRES_PASSWORD_FILE` - The path of the docker secret containing the password 
+that Guacamole will provide when connecting to PostgreSQL as `POSTGRES_USER.
 
 ### Initializing the PostgreSQL database
 
@@ -106,10 +121,14 @@ the image will stop:
 
 1. `MYSQL_DATABASE` - The name of the database to use for Guacamole authentication.
 2. `MYSQL_USER` - The user that Guacamole will use to connect to MySQL.
-3. `MYSQL_PASSWORD` - The password that Guacamole will provide when connecting to MySQL as `MYSQL_USER`.
-4. `MYSQL_DATABASE_FILE` - The path of the docker secret containing the name of database to use for Guacamole authentication.
-5. `MYSQL_USER` - The path of the docker secret containing the name of the user that Guacamole will use to connect to MySQL.
-6. `MYSQL_PASSWORD` - The path of the docker secret containing the password that Guacamole will provide when connecting to MySQL as `MYSQL_USER`.
+3. `MYSQL_PASSWORD` - The password that Guacamole will provide when connecting 
+to MySQL as `MYSQL_USER`.
+4. `MYSQL_DATABASE_FILE` - The path of the docker secret containing the name of the 
+database to use for Guacamole authentication.
+5. `MYSQL_USER_FILE` - The path of the docker secret containing the name of the user 
+that Guacamole will use to connect to MySQL.
+6. `MYSQL_PASSWORD_FILE` - The path of the docker secret containing the password 
+that Guacamole will provide when connecting to MySQL as`MYSQL_USER`.
 
 ### Initializing the MySQL database
 

From f1b949196926e98186a31e52c47afdd28468a4ad Mon Sep 17 00:00:00 2001
From: Thomas John Wesolowski <wojoinc@iastate.edu>
Date: Sat, 19 Jan 2019 00:02:29 -0600
Subject: [PATCH 6/7] GUACAMOLE-626: Update README.md

Missed a space
---
 guacamole-docker/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/guacamole-docker/README.md b/guacamole-docker/README.md
index 04e64e5c9..c8f5e886b 100644
--- a/guacamole-docker/README.md
+++ b/guacamole-docker/README.md
@@ -43,7 +43,7 @@ It is important to note that the startup script is configured such that:
 For example, you may wish to use `MYSQL_USER_FILE` and `MYSQL_PASSWORD_FILE`, 
 but wish to specify the database name with `MYSQL_DATABASE`
 2. If both a normal environment variable and its corresponding secret are defined
-in the same command line, or section with in a [Compose](https://docs.docker.com/compose/)file, 
+in the same command line, or section with in a [Compose](https://docs.docker.com/compose/) file, 
 the secret will take precedence. For instance, if both `MYSQL_PASSWORD` 
 and `MYSQL_PASSWORD_FILE` are given, `MYSQL_PASSWORD_FILE` will be used.
 

From f12dd1e2bb6a259f4692c24c6da3a71932b62559 Mon Sep 17 00:00:00 2001
From: Thomas John Wesolowski <wojoinc@iastate.edu>
Date: Sat, 19 Jan 2019 00:12:54 -0600
Subject: [PATCH 7/7] GUACAMOLE-626: Update README.md

Few additional formatting tweaks
---
 guacamole-docker/README.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/guacamole-docker/README.md b/guacamole-docker/README.md
index c8f5e886b..34124b152 100644
--- a/guacamole-docker/README.md
+++ b/guacamole-docker/README.md
@@ -33,18 +33,22 @@ Docker Secrets
 The string `_FILE` may be appended to some of the environment variables listed 
 below if you are using MySQL or PostgreSQL authentication. This will cause the 
 startup script to load the values for those variables from files within
-the container. This is useful for specifying sensitive info, ie. passwords for 
+the container. 
+
+This is useful for specifying sensitive info, ie. passwords for 
 the database, in secured files instead of plaintext environment variables. This
 is generally used for loading values from [Docker secrets](https://docs.docker.com/engine/swarm/secrets/#read-more-about-docker-secret-commands), which are stored at 
 `/run/secrets/<secret_name>` within the container.
 
 It is important to note that the startup script is configured such that:
+
 1. You may mix the use of Docker secrets and normal environment variables. 
 For example, you may wish to use `MYSQL_USER_FILE` and `MYSQL_PASSWORD_FILE`, 
 but wish to specify the database name with `MYSQL_DATABASE`
+
 2. If both a normal environment variable and its corresponding secret are defined
-in the same command line, or section with in a [Compose](https://docs.docker.com/compose/) file, 
-the secret will take precedence. For instance, if both `MYSQL_PASSWORD` 
+in the same command line, or section within a [Compose](https://docs.docker.com/compose/) file, 
+the secret will take precedence. For instance, if both `MYSQL_PASSWORD`
 and `MYSQL_PASSWORD_FILE` are given, `MYSQL_PASSWORD_FILE` will be used.
 
 Deploying Guacamole with PostgreSQL authentication