GUACAMOLE-27: Add Docker image from old guacamole-docker repository. Update license.

guacamole-docker/.dockerignore

@@ -0,0 +1,3 @@
+*~
+.git
+.gitignore

guacamole-docker/.gitignore

@@ -0,0 +1 @@
+*~

guacamole-docker/Dockerfile

@@ -0,0 +1,46 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+#
+# Dockerfile for guacamole-client
+#
+
+# Start from Tomcat image
+FROM tomcat:8.0.20-jre7
+MAINTAINER Michael Jumper <mike.jumper@guac-dev.org>
+
+# Version info
+ENV \
+    GUAC_VERSION=0.9.9      \
+    GUAC_JDBC_VERSION=0.9.9 \
+    GUAC_LDAP_VERSION=0.9.9
+
+# Add configuration scripts
+COPY bin /opt/guacamole/bin/
+
+# Download and install latest guacamole-client and authentication
+RUN \
+    /opt/guacamole/bin/download-guacamole.sh "$GUAC_VERSION" /usr/local/tomcat/webapps && \
+    /opt/guacamole/bin/download-jdbc-auth.sh "$GUAC_JDBC_VERSION" /opt/guacamole       && \
+    /opt/guacamole/bin/download-ldap-auth.sh "$GUAC_LDAP_VERSION" /opt/guacamole
+
+# Start Guacamole under Tomcat, listening on 0.0.0.0:8080
+EXPOSE 8080
+CMD ["/opt/guacamole/bin/start.sh" ]
+

guacamole-docker/README.md

@@ -0,0 +1,123 @@
+What is Apache Guacamole?
+=========================
+
+[Apache Guacamole](http://guacamole.incubator.apache.org/) is a clientless
+remote desktop gateway. It supports standard protocols like VNC and RDP. We
+call it clientless because no plugins or client software are required.
+
+Thanks to HTML5, once Guacamole is installed on a server, all you need to
+access your desktops is a web browser.
+
+How to use this image
+=====================
+
+Using this image will require an existing, running Docker container with the
+[guacd image](https://registry.hub.docker.com/u/glyptodon/guacd/), and another
+Docker container providing either a PostgreSQL or MySQL database.
+
+The name of the database and all associated credentials are specified with
+environment variables given when the container is created. All other
+configuration information is generated from the Docker links.
+
+Beware that you will need to initialize the database manually. Guacamole will
+not automatically create its own tables, but SQL scripts are provided to do
+this.
+
+Once the Guacamole image is running, Guacamole will be accessible at
+`http://[address of container]:8080/guacamole/`. The instructions below use the
+`-p 8080:8080` option to expose this port at the level of the machine hosting
+Docker, as well.
+
+Deploying Guacamole with PostgreSQL authentication
+--------------------------------------------------
+
+    docker run --name some-guacamole --link some-guacd:guacd \
+        --link some-postgres:postgres      \
+        -e POSTGRES_DATABASE=guacamole_db  \
+        -e POSTGRES_USER=guacamole_user    \
+        -e POSTGRES_PASSWORD=some_password \
+        -d -p 8080:8080 glyptodon/guacamole
+
+Linking Guacamole to PostgreSQL requires three environment variables. If any of
+these environment variables are omitted, you will receive an error message, and
+the image will stop:
+
+1. `POSTGRES_DATABASE` - The name of the database to use for Guacamole authentication.
+2. `POSTGRES_USER` - The user that Guacamole will use to connect to PostgreSQL.
+3. `POSTGRES_PASSWORD` - The password that Guacamole will provide when connecting to PostgreSQL as `POSTGRES_USER`.
+
+### Initializing the PostgreSQL database
+
+If your database is not already initialized with the Guacamole schema, you will
+need to do so prior to using Guacamole. A convenience script for generating the
+necessary SQL to do this is included in the Guacamole image.
+
+To generate a SQL script which can be used to initialize a fresh PostgreSQL
+database
+[as documented in the Guacamole manual](http://guacamole.incubator.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-postgresql):
+
+    docker run --rm glyptodon/guacamole /opt/guacamole/bin/initdb.sh --postgres > initdb.sql
+
+Alternatively, you can use the SQL scripts included with
+[guacamole-auth-jdbc](http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-0.9.6.tar.gz/download).
+
+Once this script is generated, you must:
+
+1. Create a database for Guacamole within PostgreSQL, such as `guacamole_db`.
+2. Run the script on the newly-created database.
+3. Create a user for Guacamole within PostgreSQL with access to the tables and
+   sequences of this database, such as `guacamole_user`.
+
+The process for doing this via the `psql` and `createdb` utilities included
+with PostgreSQL is documented in
+[the Guacamole manual](http://guacamole.incubator.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-postgresql).
+
+Deploying Guacamole with MySQL authentication
+--------------------------------------------------
+
+    docker run --name some-guacamole --link some-guacd:guacd \
+        --link some-mysql:mysql         \
+        -e MYSQL_DATABASE=guacamole_db  \
+        -e MYSQL_USER=guacamole_user    \
+        -e MYSQL_PASSWORD=some_password \
+        -d -p 8080:8080 glyptodon/guacamole
+
+Linking Guacamole to MySQL requires three environment variables. If any of
+these environment variables are omitted, you will receive an error message, and
+the image will stop:
+
+1. `MYSQL_DATABASE` - The name of the database to use for Guacamole authentication.
+2. `MYSQL_USER` - The user that Guacamole will use to connect to MySQL.
+3. `MYSQL_PASSWORD` - The password that Guacamole will provide when connecting to MySQL as `MYSQL_USER`.
+
+### Initializing the MySQL database
+
+If your database is not already initialized with the Guacamole schema, you will
+need to do so prior to using Guacamole. A convenience script for generating the
+necessary SQL to do this is included in the Guacamole image.
+
+To generate a SQL script which can be used to initialize a fresh MySQL database
+[as documented in the Guacamole manual](http://guacamole.incubator.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-mysql):
+
+    docker run --rm glyptodon/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sql
+
+Alternatively, you can use the SQL scripts included with
+[guacamole-auth-jdbc](http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-0.9.6.tar.gz/download).
+
+Once this script is generated, you must:
+
+1. Create a database for Guacamole within MySQL, such as `guacamole_db`.
+2. Create a user for Guacamole within MySQL with access to this database, such
+   as `guacamole_user`.
+3. Run the script on the newly-created database.
+
+The process for doing this via the `mysql` utility included with MySQL is
+documented in
+[the Guacamole manual](http://guacamole.incubator.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-mysql).
+
+Reporting issues
+================
+
+Please report any bugs encountered by opening a new issue in
+[our JIRA](https://issues.apache.org/jira/browse/GUACAMOLE/).
+

guacamole-docker/bin/download-guacamole.sh

@@ -0,0 +1,49 @@
+#!/bin/sh -e
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+##
+## @fn download-guacamole.sh
+##
+## Downloads Guacamole, saving the specified version to "guacamole.war" within
+## the given directory.
+##
+## @param VERSION
+##     The version of guacamole.war to download, such as "0.9.6".
+##
+## @param DESTINATION
+##     The directory to save guacamole.war within.
+##
+
+VERSION="$1"
+DESTINATION="$2"
+
+#
+# Create destination, if it does not yet exist
+#
+
+mkdir -p "$DESTINATION"
+
+#
+# Download guacamole.war, placing in specified destination
+#
+
+echo "Downloading Guacamole version $VERSION to $DESTINATION ..."
+curl -L "http://sourceforge.net/projects/guacamole/files/current/binary/guacamole-${VERSION}.war" > "$DESTINATION/guacamole.war"
+

guacamole-docker/bin/download-jdbc-auth.sh

@@ -0,0 +1,83 @@
+#!/bin/sh -e
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+##
+## @fn download-jdbc-auth.sh
+##
+## Downloads JDBC authentication support, including any required JDBC drivers.
+## The downloaded files will be grouped by their associated database type, with
+## all MySQL files being placed within the "mysql/" subdirectory of the
+## destination, and all PostgreSQL files being placed within the "postgresql/"
+## subdirectory of the destination.
+##
+## @param VERSION
+##     The version of guacamole-auth-jdbc to download, such as "0.9.6".
+##
+## @param DESTINATION
+##     The directory to save downloaded files within. Note that this script
+##     will create database-specific subdirectories within this directory,
+##     and downloaded files will be thus grouped by their respected database
+##     types.
+##
+
+VERSION="$1"
+DESTINATION="$2"
+
+#
+# Create destination, if it does not yet exist
+#
+
+mkdir -p "$DESTINATION"
+
+#
+# Download Guacamole JDBC auth
+#
+
+echo "Downloading JDBC auth version $VERSION ..."
+curl -L "http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-$VERSION.tar.gz" | \
+tar -xz                  \
+    -C "$DESTINATION"    \
+    --wildcards          \
+    --no-anchored        \
+    --strip-components=1 \
+    "*.jar"              \
+    "*.sql"
+
+#
+# Download MySQL JDBC driver
+#
+
+echo "Downloading MySQL Connector/J ..."
+curl -L "http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.35.tar.gz" | \
+tar -xz                        \
+    -C "$DESTINATION/mysql/"   \
+    --wildcards                \
+    --no-anchored              \
+    --no-wildcards-match-slash \
+    --strip-components=1       \
+    "mysql-connector-*.jar"
+
+#
+# Download PostgreSQL JDBC driver
+#
+
+echo "Downloading PostgreSQL JDBC driver ..."
+curl -L "https://jdbc.postgresql.org/download/postgresql-9.4-1201.jdbc41.jar" > "$DESTINATION/postgresql/postgresql-9.4-1201.jdbc41.jar"
+

guacamole-docker/bin/download-ldap-auth.sh

@@ -0,0 +1,62 @@
+#!/bin/sh -e
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+##
+## @fn download-ldap-auth.sh
+##
+## Downloads LDAP authentication support. The LDAP authentication .jar file
+## will be placed within the specified destination directory.
+##
+## @param VERSION
+##     The version of guacamole-auth-ldap to download, such as "0.9.6".
+##
+## @param DESTINATION
+##     The directory to save downloaded files within.
+##
+
+VERSION="$1"
+DESTINATION="$2"
+
+#
+# Use ldap/ subdirectory within DESTINATION.
+#
+
+DESTINATION="$DESTINATION/ldap"
+
+#
+# Create destination, if it does not yet exist
+#
+
+mkdir -p "$DESTINATION"
+
+#
+# Download Guacamole LDAP auth
+#
+
+echo "Downloading LDAP auth version $VERSION ..."
+curl -L "http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-ldap-$VERSION.tar.gz" | \
+tar -xz               \
+    -C "$DESTINATION" \
+    --wildcards       \
+    --no-anchored     \
+    --xform="s#.*/##" \
+    "*.jar"           \
+    "*.ldif"
+

guacamole-docker/bin/initdb.sh

@@ -0,0 +1,69 @@
+#!/bin/sh -e
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+##
+## @fn initdb.sh
+##
+## Generates a database initialization SQL script for a database of the given
+## type. The SQL will be sent to STDOUT.
+##
+## @param DATABASE
+##     The database to generate the SQL script for. This may be either
+##     "--postgres", for PostgreSQL, or "--mysql" for MySQL.
+##
+
+DATABASE="$1"
+
+##
+## Prints usage information for this shell script and exits with an error code.
+## Calling this function will immediately terminate execution of the script.
+##
+incorrect_usage() {
+    cat <<END
+USAGE: /opt/guacamole/bin/initdb.sh [--postgres | --mysql]
+END
+    exit 1
+}
+
+# Validate parameters
+if [ "$#" -ne 1 ]; then
+    echo "Wrong number of arguments."
+    incorrect_usage
+fi
+
+#
+# Produce script
+#
+
+case $DATABASE in
+
+    --postgres)
+        cat /opt/guacamole/postgresql/schema/*.sql
+        ;;
+
+    --mysql)
+        cat /opt/guacamole/mysql/schema/*.sql
+        ;;
+
+    *)
+        echo "Bad database type: $DATABASE"
+        incorrect_usage
+esac
+

guacamole-docker/bin/start.sh

@@ -0,0 +1,410 @@
+#!/bin/sh -e
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+##
+## @fn start.sh
+##
+## Automatically configures and starts Guacamole under Tomcat. Guacamole's
+## guacamole.properties file will be automatically generated based on the
+## linked database container (either MySQL or PostgreSQL) and the linked guacd
+## container. The Tomcat process will ultimately replace the process of this
+## script, running in the foreground until terminated.
+##
+
+GUACAMOLE_HOME="$HOME/.guacamole"
+GUACAMOLE_EXT="$GUACAMOLE_HOME/extensions"
+GUACAMOLE_LIB="$GUACAMOLE_HOME/lib"
+GUACAMOLE_PROPERTIES="$GUACAMOLE_HOME/guacamole.properties"
+
+##
+## Sets the given property to the given value within guacamole.properties,
+## creating guacamole.properties first if necessary.
+##
+## @param NAME
+##     The name of the property to set.
+##
+## @param VALUE
+##     The value to set the property to.
+##
+set_property() {
+
+    NAME="$1"
+    VALUE="$2"
+
+    # Ensure guacamole.properties exists
+    if [ ! -e "$GUACAMOLE_PROPERTIES" ]; then
+        mkdir -p "$GUACAMOLE_HOME"
+        echo "# guacamole.properties - generated `date`" > "$GUACAMOLE_PROPERTIES"
+    fi
+
+    # Set property
+    echo "$NAME: $VALUE" >> "$GUACAMOLE_PROPERTIES"
+
+}
+
+##
+## Sets the given property to the given value within guacamole.properties only
+## if a value is provided, creating guacamole.properties first if necessary.
+##
+## @param NAME
+##     The name of the property to set.
+##
+## @param VALUE
+##     The value to set the property to, if any. If omitted or empty, the
+##     property will not be set.
+##
+set_optional_property() {
+
+    NAME="$1"
+    VALUE="$2"
+
+    # Set the property only if a value is provided
+    if [ -n "$VALUE" ]; then
+        set_property "$NAME" "$VALUE"
+    fi
+
+}
+
+##
+## Adds properties to guacamole.properties which select the MySQL
+## authentication provider, and configure it to connect to the linked MySQL
+## container. If a MySQL database is explicitly specified using the
+## MYSQL_HOSTNAME and MYSQL_PORT environment variables, that will be used
+## instead of a linked container.
+##
+associate_mysql() {
+
+    # Use linked container if specified
+    if [ -n "$MYSQL_NAME" ]; then
+        MYSQL_HOSTNAME="$MYSQL_PORT_3306_TCP_ADDR"
+        MYSQL_PORT="$MYSQL_PORT_3306_TCP_PORT"
+    fi
+
+    # Use default port if none specified
+    MYSQL_PORT="${MYSQL_PORT-3306}"
+
+    # Verify required connection information is present
+    if [ -z "$MYSQL_HOSTNAME" -o -z "$MYSQL_PORT" ]; then
+        cat <<END
+FATAL: Missing MYSQL_HOSTNAME or "mysql" link.
+-------------------------------------------------------------------------------
+If using a MySQL database, you must either:
+
+(a) Explicitly link that container with the link named "mysql".
+
+(b) If not using a Docker container for MySQL, explicitly specify the TCP
+    connection to your database using the following environment variables:
+
+    MYSQL_HOSTNAME     The hostname or IP address of the MySQL server. If not
+                       using a MySQL Docker container and corresponding link,
+                       this environment variable is *REQUIRED*.
+
+    MYSQL_PORT         The port on which the MySQL server is listening for TCP
+                       connections. This environment variable is option. If
+                       omitted, the standard MySQL port of 3306 will be used.
+END
+        exit 1;
+    fi
+
+    # Verify required parameters are present
+    if [ -z "$MYSQL_USER" -o -z "$MYSQL_PASSWORD" -o -z "$MYSQL_DATABASE" ]; then
+        cat <<END
+FATAL: Missing required environment variables
+-------------------------------------------------------------------------------
+If using a MySQL database, you must provide each of the following
+environment variables:
+
+    MYSQL_USER         The user to authenticate as when connecting to
+                       MySQL.
+
+    MYSQL_PASSWORD     The password to use when authenticating with MySQL as
+                       MYSQL_USER.
+
+    MYSQL_DATABASE     The name of the MySQL database to use for Guacamole
+                       authentication.
+END
+        exit 1;
+    fi
+
+    # Update config file
+    set_property "mysql-hostname" "$MYSQL_HOSTNAME"
+    set_property "mysql-port"     "$MYSQL_PORT"
+    set_property "mysql-database" "$MYSQL_DATABASE"
+    set_property "mysql-username" "$MYSQL_USER"
+    set_property "mysql-password" "$MYSQL_PASSWORD"
+
+    set_optional_property               \
+        "mysql-absolute-max-connections" \
+        "$MYSQL_ABSOLUTE_MAX_CONNECTIONS"
+
+    set_optional_property               \
+        "mysql-default-max-connections" \
+        "$MYSQL_DEFAULT_MAX_CONNECTIONS"
+
+    set_optional_property                     \
+        "mysql-default-max-group-connections" \
+        "$MYSQL_DEFAULT_MAX_GROUP_CONNECTIONS"
+
+    set_optional_property                        \
+        "mysql-default-max-connections-per-user" \
+        "$MYSQL_DEFAULT_MAX_CONNECTIONS_PER_USER"
+
+    set_optional_property                              \
+        "mysql-default-max-group-connections-per-user" \
+        "$MYSQL_DEFAULT_MAX_GROUP_CONNECTIONS_PER_USER"
+
+    # Add required .jar files to GUACAMOLE_LIB and GUACAMOLE_EXT
+    ln -s /opt/guacamole/mysql/mysql-connector-*.jar "$GUACAMOLE_LIB"
+    ln -s /opt/guacamole/mysql/guacamole-auth-*.jar "$GUACAMOLE_EXT"
+
+}
+
+##
+## Adds properties to guacamole.properties which select the PostgreSQL
+## authentication provider, and configure it to connect to the linked
+## PostgreSQL container. If a PostgreSQL database is explicitly specified using
+## the POSTGRES_HOSTNAME and POSTGRES_PORT environment variables, that will be
+## used instead of a linked container.
+##
+associate_postgresql() {
+
+    # Use linked container if specified
+    if [ -n "$POSTGRES_NAME" ]; then
+        POSTGRES_HOSTNAME="$POSTGRES_PORT_5432_TCP_ADDR"
+        POSTGRES_PORT="$POSTGRES_PORT_5432_TCP_PORT"
+    fi
+
+    # Use default port if none specified
+    POSTGRES_PORT="${POSTGRES_PORT-5432}"
+
+    # Verify required connection information is present
+    if [ -z "$POSTGRES_HOSTNAME" -o -z "$POSTGRES_PORT" ]; then
+        cat <<END
+FATAL: Missing POSTGRES_HOSTNAME or "postgres" link.
+-------------------------------------------------------------------------------
+If using a PostgreSQL database, you must either:
+
+(a) Explicitly link that container with the link named "postgres".
+
+(b) If not using a Docker container for PostgreSQL, explicitly specify the TCP
+    connection to your database using the following environment variables:
+
+    POSTGRES_HOSTNAME  The hostname or IP address of the PostgreSQL server. If
+                       not using a PostgreSQL Docker container and
+                       corresponding link, this environment variable is
+                       *REQUIRED*.
+
+    POSTGRES_PORT      The port on which the PostgreSQL server is listening for
+                       TCP connections. This environment variable is option. If
+                       omitted, the standard PostgreSQL port of 5432 will be
+                       used.
+END
+        exit 1;
+    fi
+
+    # Verify required parameters are present
+    if [ -z "$POSTGRES_USER" -o -z "$POSTGRES_PASSWORD" -o -z "$POSTGRES_DATABASE" ]; then
+        cat <<END
+FATAL: Missing required environment variables
+-------------------------------------------------------------------------------
+If using a PostgreSQL database, you must provide each of the following
+environment variables:
+
+    POSTGRES_USER      The user to authenticate as when connecting to
+                       PostgreSQL.
+
+    POSTGRES_PASSWORD  The password to use when authenticating with PostgreSQL
+                       as POSTGRES_USER.
+
+    POSTGRES_DATABASE  The name of the PostgreSQL database to use for Guacamole
+                       authentication.
+END
+        exit 1;
+    fi
+
+    # Update config file
+    set_property "postgresql-hostname" "$POSTGRES_HOSTNAME"
+    set_property "postgresql-port"     "$POSTGRES_PORT"
+    set_property "postgresql-database" "$POSTGRES_DATABASE"
+    set_property "postgresql-username" "$POSTGRES_USER"
+    set_property "postgresql-password" "$POSTGRES_PASSWORD"
+
+    set_optional_property               \
+        "postgresql-absolute-max-connections" \
+        "$POSTGRES_ABSOLUTE_MAX_CONNECTIONS"
+
+    set_optional_property                    \
+        "postgresql-default-max-connections" \
+        "$POSTGRES_DEFAULT_MAX_CONNECTIONS"
+
+    set_optional_property                          \
+        "postgresql-default-max-group-connections" \
+        "$POSTGRES_DEFAULT_MAX_GROUP_CONNECTIONS"
+
+    set_optional_property                             \
+        "postgresql-default-max-connections-per-user" \
+        "$POSTGRES_DEFAULT_MAX_CONNECTIONS_PER_USER"
+
+    set_optional_property                                   \
+        "postgresql-default-max-group-connections-per-user" \
+        "$POSTGRES_DEFAULT_MAX_GROUP_CONNECTIONS_PER_USER"
+
+    # Add required .jar files to GUACAMOLE_LIB and GUACAMOLE_EXT
+    ln -s /opt/guacamole/postgresql/postgresql-*.jar "$GUACAMOLE_LIB"
+    ln -s /opt/guacamole/postgresql/guacamole-auth-*.jar "$GUACAMOLE_EXT"
+
+}
+
+##
+## Adds properties to guacamole.properties which select the LDAP
+## authentication provider, and configure it to connect to the specified LDAP
+## directory.
+##
+associate_ldap() {
+
+    # Verify required parameters are present
+    if [ -z "$LDAP_HOSTNAME" -o -z "$LDAP_USER_BASE_DN" ]; then
+        cat <<END
+FATAL: Missing required environment variables
+-------------------------------------------------------------------------------
+If using an LDAP directory, you must provide each of the following environment
+variables:
+
+    LDAP_HOSTNAME      The hostname or IP address of your LDAP server.
+
+    LDAP_USER_BASE_DN  The base DN under which all Guacamole users will be
+                       located. Absolutely all Guacamole users that will
+                       authenticate via LDAP must exist within the subtree of
+                       this DN.
+END
+        exit 1;
+    fi
+
+    # Update config file
+    set_property          "ldap-hostname"           "$LDAP_HOSTNAME"
+    set_optional_property "ldap-port"               "$LDAP_PORT"
+    set_optional_property "ldap-encryption-method"  "$LDAP_ENCRYPTION_METHOD"
+    set_property          "ldap-user-base-dn"       "$LDAP_USER_BASE_DN"
+    set_optional_property "ldap-username-attribute" "$LDAP_USERNAME_ATTRIBUTE"
+    set_optional_property "ldap-group-base-dn"      "$LDAP_GROUP_BASE_DN"
+    set_optional_property "ldap-config-base-dn"     "$LDAP_CONFIG_BASE_DN"
+
+    set_optional_property     \
+        "ldap-search-bind-dn" \
+        "$LDAP_SEARCH_BIND_DN"
+
+    set_optional_property           \
+        "ldap-search-bind-password" \
+        "$LDAP_SEARCH_BIND_PASSWORD"
+
+    # Add required .jar files to GUACAMOLE_EXT
+    ln -s /opt/guacamole/ldap/guacamole-auth-*.jar "$GUACAMOLE_EXT"
+
+}
+
+##
+## Starts Guacamole under Tomcat, replacing the current process with the
+## Tomcat process. As the current process will be replaced, this MUST be the
+## last function run within the script.
+##
+start_guacamole() {
+    cd /usr/local/tomcat
+    exec catalina.sh run
+}
+
+#
+# Start with a fresh GUACAMOLE_HOME
+#
+
+rm -Rf "$GUACAMOLE_HOME"
+
+#
+# Create and define Guacamole lib and extensions directories
+#
+
+mkdir -p "$GUACAMOLE_EXT"
+mkdir -p "$GUACAMOLE_LIB"
+
+#
+# Point to associated guacd
+#
+
+# Verify required link is present
+if [ -z "$GUACD_PORT_4822_TCP_ADDR" -o -z "$GUACD_PORT_4822_TCP_PORT" ]; then
+    cat <<END
+FATAL: Missing "guacd" link.
+-------------------------------------------------------------------------------
+Every Guacamole instance needs a corresponding copy of guacd running. Link a
+container to the link named "guacd" to provide this.
+END
+    exit 1;
+fi
+
+# Update config file
+set_property "guacd-hostname" "$GUACD_PORT_4822_TCP_ADDR"
+set_property "guacd-port"     "$GUACD_PORT_4822_TCP_PORT"
+
+#
+# Track which authentication backends are installed
+#
+
+INSTALLED_AUTH=""
+
+# Use MySQL if database specified
+if [ -n "$MYSQL_DATABASE" ]; then
+    associate_mysql
+    INSTALLED_AUTH="$INSTALLED_AUTH mysql"
+fi
+
+# Use PostgreSQL if database specified
+if [ -n "$POSTGRES_DATABASE" ]; then
+    associate_postgresql
+    INSTALLED_AUTH="$INSTALLED_AUTH postgres"
+fi
+
+# Use LDAP directory if specified
+if [ -n "$LDAP_HOSTNAME" ]; then
+    associate_ldap
+    INSTALLED_AUTH="$INSTALLED_AUTH ldap"
+fi
+
+#
+# Validate that at least one authentication backend is installed
+#
+
+if [ -z "$INSTALLED_AUTH" ]; then
+    cat <<END
+FATAL: No authentication configured
+-------------------------------------------------------------------------------
+The Guacamole Docker container needs at least one authentication mechanism in
+order to function, such as a MySQL database, PostgreSQL database, or LDAP
+directory.  Please specify at least the MYSQL_DATABASE or POSTGRES_DATABASE
+environment variables, or check Guacamole's Docker documentation regarding
+configuring LDAP.
+END
+    exit 1;
+fi
+
+#
+# Finally start Guacamole (under Tomcat)
+#
+
+start_guacamole
+