safebox/guacamole-tomcat
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add .gitignore and .ratignore files for various directories
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
gyurix
2025-04-29 21:43:12 +02:00
parent 983ecbfc53
commit be9f66dee9
2167 changed files with 254128 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

236
guacamole-docker/README.md Normal file
View File

@@ -0,0 +1,236 @@
What is Apache Guacamole?
=========================
[Apache Guacamole](http://guacamole.apache.org/) is a clientless remote desktop
gateway. It supports standard protocols like VNC and RDP. We call it clientless
because no plugins or client software are required.
Thanks to HTML5, once Guacamole is installed on a server, all you need to
access your desktops is a web browser.
How to use this image
=====================
Using this image will require an existing, running Docker container with the
[guacd image](https://registry.hub.docker.com/u/guacamole/guacd/), and another
Docker container providing either a PostgreSQL, MySQL or SQLServer database.
The name of the database and all associated credentials are specified with
environment variables given when the container is created. All other
configuration information is generated from the Docker links.
Beware that you will need to initialize the database manually. Guacamole will
not automatically create its own tables, but SQL scripts are provided to do
this.
Once the Guacamole image is running, Guacamole will be accessible at
`http://[address of container]:8080/guacamole/`. The instructions below use the
`-p 8080:8080` option to expose this port at the level of the machine hosting
Docker, as well.
Docker Secrets
==============
The string `_FILE` may be appended to some of the environment variables listed
below if you are using MySQL, PostgreSQL or SQLServer authentication. This will
cause the startup script to load the values for those variables from files
within the container.
This is useful for specifying sensitive info, ie. passwords for
the database, in secured files instead of plaintext environment variables. This
is generally used for loading values from [Docker secrets](https://docs.docker.com/engine/swarm/secrets/#read-more-about-docker-secret-commands),
which are stored at `/run/secrets/<secret_name>` within the container.
It is important to note that the startup script is configured such that:
1. You may mix the use of Docker secrets and normal environment variables.
For example, you may wish to use `MYSQL_USER_FILE` and `MYSQL_PASSWORD_FILE`,
but wish to specify the database name with `MYSQL_DATABASE`
2. If both a normal environment variable and its corresponding secret are defined
in the same command line, or section within a [Compose](https://docs.docker.com/compose/) file,
the secret will take precedence. For instance, if both `MYSQL_PASSWORD`
and `MYSQL_PASSWORD_FILE` are given, `MYSQL_PASSWORD_FILE` will be used.
Deploying Guacamole with PostgreSQL authentication
--------------------------------------------------
docker run --name some-guacamole --link some-guacd:guacd \
--link some-postgres:postgres \
-e POSTGRESQL_DATABASE=guacamole_db \
-e POSTGRESQL_USER=guacamole_user \
-e POSTGRESQL_PASSWORD=some_password \
-e POSTGRESQL_DATABASE_FILE=/run/secrets/<secret_name> \
-e POSTGRESQL_USER_FILE=/run/secrets/<secret_name> \
-e POSTGRESQL_PASSWORD_FILE=/run/secrets/<secret_name> \
-d -p 8080:8080 guacamole/guacamole
Linking Guacamole to PostgreSQL requires three environment variables. If any of
these environment variables are omitted, you will receive an error message, and
the image will stop:
1. `POSTGRESQL_DATABASE` - The name of the database to use for Guacamole
authentication.
2. `POSTGRESQL_USER` - The user that Guacamole will use to connect to PostgreSQL.
3. `POSTGRESQL_PASSWORD` - The password that Guacamole will provide when
connecting to PostgreSQL as `POSTGRESQL_USER`.
4. `POSTGRESQL_DATABASE_FILE` - The path of the docker secret containing the name
of database to use for Guacamole authentication.
5. `POSTGRESQL_USER_FILE` - The path of the docker secret containing the name of
the user that Guacamole will use to connect to PostgreSQL.
6. `POSTGRESQL_PASSWORD_FILE` - The path of the docker secret containing the
password that Guacamole will provide when connecting to PostgreSQL as
`POSTGRESQL_USER.
### Initializing the PostgreSQL database
If your database is not already initialized with the Guacamole schema, you will
need to do so prior to using Guacamole. A convenience script for generating the
necessary SQL to do this is included in the Guacamole image.
To generate a SQL script which can be used to initialize a fresh PostgreSQL
database
[as documented in the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-postgresql):
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > initdb.sql
Alternatively, you can use the SQL scripts included with the
guacamole-auth-jdbc extension from
[the corresponding release](http://guacamole.apache.org/releases/).
Once this script is generated, you must:
1. Create a database for Guacamole within PostgreSQL, such as `guacamole_db`.
2. Run the script on the newly-created database.
3. Create a user for Guacamole within PostgreSQL with access to the tables and
sequences of this database, such as `guacamole_user`.
The process for doing this via the `psql` and `createdb` utilities included
with PostgreSQL is documented in
[the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-postgresql).
Deploying Guacamole with MySQL authentication
--------------------------------------------------
docker run --name some-guacamole --link some-guacd:guacd \
--link some-mysql:mysql \
-e MYSQL_DATABASE=guacamole_db \
-e MYSQL_USER=guacamole_user \
-e MYSQL_PASSWORD=some_password \
-e MYSQL_DATABASE_FILE=/run/secrets/<secret_name> \
-e MYSQL_USER_FILE=/run/secrets/<secret_name> \
-e MYSQL_PASSWORD_FILE=/run/secrets/<secret_name> \
-d -p 8080:8080 guacamole/guacamole
Linking Guacamole to MySQL requires three environment variables. If any of
these environment variables are omitted, you will receive an error message, and
the image will stop:
1. `MYSQL_DATABASE` - The name of the database to use for Guacamole
authentication.
2. `MYSQL_USER` - The user that Guacamole will use to connect to MySQL.
3. `MYSQL_PASSWORD` - The password that Guacamole will provide when connecting
to MySQL as `MYSQL_USER`.
4. `MYSQL_DATABASE_FILE` - The path of the docker secret containing the name of
the database to use for Guacamole authentication.
5. `MYSQL_USER_FILE` - The path of the docker secret containing the name of the
user that Guacamole will use to connect to MySQL.
6. `MYSQL_PASSWORD_FILE` - The path of the docker secret containing the
password that Guacamole will provide when connecting to MySQL
as`MYSQL_USER`.
### Initializing the MySQL database
If your database is not already initialized with the Guacamole schema, you will
need to do so prior to using Guacamole. A convenience script for generating the
necessary SQL to do this is included in the Guacamole image.
To generate a SQL script which can be used to initialize a fresh MySQL database
[as documented in the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-mysql):
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sql
Alternatively, you can use the SQL scripts included with
[guacamole-auth-jdbc](https://github.com/apache/guacamole-client/tree/0.9.10-incubating/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema).
Once this script is generated, you must:
1. Create a database for Guacamole within MySQL, such as `guacamole_db`.
2. Create a user for Guacamole within MySQL with access to this database, such
as `guacamole_user`.
3. Run the script on the newly-created database.
The process for doing this via the `mysql` utility included with MySQL is
documented in
[the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-mysql).
Deploying Guacamole with SQLServer authentication
--------------------------------------------------
Linking Guacamole to SQLServer requires three environment variables. If any of
these environment variables are omitted, you will receive an error message, and
the image will stop:
1. `SQLSERVER_DATABASE` - The name of the database to use for Guacamole
authentication.
2. `SQLSERVER_USER` - The user that Guacamole will use to connect to SQLServer.
3. `SQLSERVER_PASSWORD` - The password that Guacamole will provide when
connecting to SQLServer as `SQLSERVER_USER`.
docker run --name some-guacamole --link some-guacd:guacd \
--link some-sqlserver:sqlserver \
-e SQLSERVER_DATABASE=guacamole_db \
-e SQLSERVER_USER=guacamole_user \
-e SQLSERVER_PASSWORD=some_password \
-d -p 8080:8080 guacamole/guacamole
Alternatively, if you want to store database credentials using Docker secrets,
the following three variables are required and replace the previous three:
1. `SQLSERVER_DATABASE_FILE` - The path of the docker secret containing the name
of database to use for Guacamole authentication.
2. `SQLSERVER_USER_FILE` - The path of the docker secret containing the name of
the user that Guacamole will use to connect to SQLServer.
3. `SQLSERVER_PASSWORD_FILE` - The path of the docker secret containing the
password that Guacamole will provide when connecting to SQLServer as
`SQLSERVER_USER.
docker run --name some-guacamole --link some-guacd:guacd \
--link some-sqlserver:sqlserver \
-e SQLSERVER_DATABASE_FILE=/run/secrets/<secret_name> \
-e SQLSERVER_USER_FILE=/run/secrets/<secret_name> \
-e SQLSERVER_PASSWORD_FILE=/run/secrets/<secret_name> \
-d -p 8080:8080 guacamole/guacamole
### Initializing the SQLServer database
If your database is not already initialized with the Guacamole schema, you will
need to do so prior to using Guacamole. A convenience script for generating the
necessary SQL to do this is included in the Guacamole image.
To generate a SQL script which can be used to initialize a fresh SQLServer
database
[as documented in the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-sqlserver):
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --sqlserver > initdb.sql
Alternatively, you can use the SQL scripts included with the
guacamole-auth-jdbc extension from
[the corresponding release](http://guacamole.apache.org/releases/).
Once this script is generated, you must:
1. Create a database for Guacamole within SQLServer, such as `guacamole_db`.
2. Run the script on the newly-created database.
3. Create a user for Guacamole within SQLServer with access to the tables and
sequences of this database, such as `guacamole_user`.
The process for doing this via the `sqlcmd` utilities included
with SQLServer is documented in
[the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-sqlserver).
Reporting issues
================
Please report any bugs encountered by opening a new issue in
[our JIRA](https://issues.apache.org/jira/browse/GUACAMOLE/).

64
guacamole-docker/bin/build-guacamole.sh Executable file
View File

@@ -0,0 +1,64 @@
#!/bin/bash -e
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
##
## @fn build-guacamole.sh
##
## Builds Guacamole, saving "guacamole.war" and all applicable extension .jars
## using the guacamole-client source contained within the given directory.
## Extension files will be grouped by their associated type, identical to
## extracting the .tar.gz files included with each Guacamole release except
## that version numbers are stripped from directory and .jar file names.
##
## The build process is split across multiple scripts within the
## /opt/guacamole/build.d directory. Additional steps may be added to the
## build process by adding .sh scripts to this directory. Any such scripts MUST
## be shell scripts ending with a ".sh" extension and MUST be written for bash
## (the shell used by this entrypoint).
##
## @param BUILD_DIR
## The directory which currently contains the guacamole-client source and
## in which the build should be performed.
##
## @param DESTINATION
## The directory to save guacamole.war within, along with all extension
## .jars. Note that this script will create extension-specific
## subdirectories within this directory, and files will thus be grouped by
## extension type.
##
##
## The directory which currently contains the guacamole-client source and in
## which the build should be performed.
##
BUILD_DIR="$1"
##
## The directory to save guacamole.war within, along with all extension .jars.
## Note that this script will create extension-specific subdirectories within
## this directory, and files will thus be grouped by extension type.
##
DESTINATION="$2"
# Run all scripts within the "build.d" directory
for SCRIPT in /opt/guacamole/build.d/*.sh; do
source "$SCRIPT"
done

39
guacamole-docker/bin/entrypoint.sh Executable file
View File

@@ -0,0 +1,39 @@
#!/bin/bash -e
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
##
## @fn entrypoint.sh
##
## (Re-)configures the Apache Guacamole web application based on the values of
## environment variables, deploys the web application beneath a bundled copy of
## Apache Tomcat, and starts Tomcat.
##
## The startup process is split across multiple scripts within the
## /opt/guacamole/entrypoint.d directory. Additional steps may be added to the
## startup process by adding .sh scripts to this directory. Any such scripts
## MUST be shell scripts ending with a ".sh" extension and MUST be written for
## bash (the shell used by this entrypoint).
##
# Run all scripts within the "entrypoint.d" directory
for SCRIPT in /opt/guacamole/entrypoint.d/*.sh; do
source "$SCRIPT"
done

73
guacamole-docker/bin/initdb.sh Executable file
View File

@@ -0,0 +1,73 @@
#!/bin/sh -e
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
##
## @fn initdb.sh
##
## Generates a database initialization SQL script for a database of the given
## type. The SQL will be sent to STDOUT.
##
## @param DATABASE
## The database to generate the SQL script for. This may be either
## "--postgresql", for PostgreSQL, "--mysql" for MySQL, or "--sqlserver" for Microsoft SQL Server.
##
DATABASE="$1"
##
## Prints usage information for this shell script and exits with an error code.
## Calling this function will immediately terminate execution of the script.
##
incorrect_usage() {
cat <<END
USAGE: /opt/guacamole/bin/initdb.sh [--postgresql | --mysql | --sqlserver]
END
exit 1
}
# Validate parameters
if [ "$#" -ne 1 ]; then
echo "Wrong number of arguments."
incorrect_usage
fi
#
# Produce script
#
case $DATABASE in
--postgresql)
cat /opt/guacamole/extensions/guacamole-auth-jdbc/postgresql/schema/*.sql
;;
--mysql)
cat /opt/guacamole/extensions/guacamole-auth-jdbc/mysql/schema/*.sql
;;
--sqlserver)
cat /opt/guacamole/extensions/guacamole-auth-jdbc/sqlserver/schema/*.sql
;;
*)
echo "Bad database type: $DATABASE"
incorrect_usage
esac

62
guacamole-docker/build.d/000-build-and-install-guacamole.sh Normal file
View File

@@ -0,0 +1,62 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
##
## @fn 000-build-and-install-guacamole.sh
##
## Builds the Guacamole web application and all main extensions, installing the
## resulting binaries to standard locations within the Docker image. After the
## build and install process, the resulting binaries can be found beneath:
##
## /opt/guacamole/webapp:
## The web application, "guacamole.war".
##
## /opt/guacamole/extensions:
## All extensions, each within their own subdirectory and identical to the
## result of extracting a released .tar.gz except that version numbers of been
## stripped.
##
#
# Build guacamole.war and all extensions, applying any provided Maven build
# arguments
#
cd "$BUILD_DIR"
mvn $MAVEN_ARGUMENTS package
#
# Copy built web application (guacamole.war) to destination location
#
mkdir -p "$DESTINATION/webapp"
cp guacamole/target/*.war "$DESTINATION/webapp/guacamole.war"
#
# Extract all extensions to destination location, stripping version number
# suffix from .jar files and top-level directory name
#
mkdir -p "$DESTINATION/extensions"
find extensions/ -path "**/target/*.tar.gz" -exec tar -xzf "{}" \
-C "$DESTINATION/extensions" \
--xform='s#^\([^/]*\)-[0-9]\+\.[0-9]\+\.[0-9]\+#\1#g' \
--xform='s#-[0-9]\+\.[0-9]\+\.[0-9]\+\(\.jar$\)#\1#g' \
";"

119
guacamole-docker/build.d/010-map-guacamole-extensions.sh Normal file
View File

@@ -0,0 +1,119 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
##
## @fn 010-map-guacamole-extensions.sh
##
## Maps all installed Guacamole extensions (built in a previous step) to their
## corresponding environment variable prefixes, adding symbolic links so that
## the changes to the contents of GUACAMOLE_HOME can be easily made by the
## container's entrypoint based on which environment variables are set, without
## requiring that the entrypoint be specifically aware of all supported
## environment variables.
##
##
## Reads a mapping of Guacamole extension to environment variable prefix from
## STDIN, creating a hierarchy of directories and symbolic links on the
## filesystem that can be easily consumed by the container's entrypoint later.
##
## Each mapping consists of a single line with two values separated by
## whitespace, where the first (leftmost) value is the path to the directory
## containing the extension .jar file (relative to /opt/guacamole/extensions)
## and the second (rightmost) value is the environment variable prefix used by
## that extension. For readability, periods may be used in lieu of spaces.
##
## After mapping has occurred, the resulting mappings are located beneath
## /opt/guacamole/environment. They consist of directories named after the
## provided environment variable prefixes, where the contents of those
## directories are subsets of the contents of GUACAMOLE_HOME that would need to
## be added to the actual GUACAMOLE_HOME to enable that extension.
##
map_extensions() {
# Read through each provided path/prefix mapping pair
mkdir -p "$DESTINATION/environment"
tr . ' ' | while read -r EXT_PATH VAR_PREFIX; do
# Add mappings only for extensions that were actually built as part of
# the build process (some extensions, like the RADIUS support, will
# only be built if specific build arguments are provided)
if [ -d "$DESTINATION/extensions/$EXT_PATH/" ]; then
echo "Mapped: $EXT_PATH -> $VAR_PREFIX"
mkdir -p "$DESTINATION/environment/$VAR_PREFIX/extensions"
ln -s "$DESTINATION/extensions/$EXT_PATH"/*.jar "$DESTINATION/environment/$VAR_PREFIX/extensions/"
else
echo "Skipped: $EXT_PATH (not built)"
fi
done
}
#
# This section is a mapping of all bundled extensions to their corresponding
# variable prefixes. Each line consists of a whitespace-separated pair of
# extension path (the relative directory containing the .jar file) to that
# extension's variable prefix. For readability, a period may be used in lieu of
# a space.
#
# NOTES:
#
# (1) The actual variables used by each extension are not determined here, but
# rather by the transformation of their configuration properties to variables
# ("lowercase-with-dashes" to "UPPERCASE_WITH_UNDERSCORES"). The variable
# prefixes listed here should be chosen to match the prefixes resulting from
# that transformation of the extensions' properties.
#
# (2) The paths on the left side of this mapping are the paths of the extension
# .jar files relative to the "/opt/guacamole/extensions" directory used by the
# container to store extensions prior to use. They are identical to the paths
# used by the distribution .tar.gz files provided with each Guacamole release,
# except that the version numbers have been stripped from the top-level path.
#
# (3) The script processing this file uses these prefixes to define and process
# an additional "ENABLED" variable (ie: "BAN_ENABLED", "TOTP_ENABLED", etc.)
# that can be used to enable/disable an extension entirely regardless of the
# presence/absence of other variables with the prefix. This allows extensions
# that need no configuration to be easily enabled. It also allows extensions
# that already have configuration present to be easily disabled without
# requiring that all other configuration be removed.
#
map_extensions <<'EOF'
guacamole-auth-ban..........................BAN_
guacamole-auth-duo..........................DUO_
guacamole-auth-header.......................HTTP_AUTH_
guacamole-auth-jdbc/mysql...................MYSQL_
guacamole-auth-jdbc/postgresql..............POSTGRESQL_
guacamole-auth-jdbc/sqlserver...............SQLSERVER_
guacamole-auth-json.........................JSON_
guacamole-auth-ldap.........................LDAP_
guacamole-auth-quickconnect.................QUICKCONNECT_
guacamole-auth-radius.......................RADIUS_
guacamole-auth-restrict.....................RESTRICT_
guacamole-auth-sso/cas......................CAS_
guacamole-auth-sso/openid...................OPENID_
guacamole-auth-sso/saml.....................SAML_
guacamole-auth-sso/ssl......................SSL_AUTH_
guacamole-auth-totp.........................TOTP_
guacamole-display-statistics................DISPLAY_STATISTICS_
guacamole-history-recording-storage.........RECORDING_
guacamole-vault/ksm.........................KSM_
EOF

99
guacamole-docker/build.d/020-download-drivers.sh Normal file
View File

@@ -0,0 +1,99 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
##
## @fn 020-download-drivers.sh
##
## Downloads all JDBC drivers required by the various supported databases. Each
## downloaded driver is stored beneath /opt/guacamole/drivers, with symbolic
## links added to the mappings beneath /opt/guacamole/environment to ensure any
## required drivers are added to GUACAMOLE_HOME if necessary to support a
## requested database.
##
##
## Downloads the JDBC driver at the given URL, storing the driver's .jar file
## under the given name and environment variable prefix. The downloaded .jar
## file is stored such that it is pulled into GUACAMOLE_HOME automatically if
## environment variables with that prefix are used.
##
## If the URL is for a .tar.gz file and not a .jar file, the .jar will be
## automatically extracted from the .tar.gz as it is downloaded.
##
## @param VAR_PREFIX
## The environment variable prefix used by the extension that requires the
## driver.
##
## @param URL
## The URL that the driver should be downloaded from.
##
## @param DEST_JAR
## The filename to assign to the downloaded .jar file. This is mainly
## needed to ensure that the drivers bundled with the image have names that
## are predictable and reliable enough that they can be consumed by
## third-party use of this image.
##
download_driver() {
local VAR_PREFIX="$1"
local URL="$2"
local DEST_JAR="$3"
# Ensure primary destination path for .jar file exists
local DEST_PATH="$DESTINATION/drivers/"
mkdir -p "$DEST_PATH"
# Download requested .jar file, extracting from .tar.gz if necessary
if [[ "$URL" == *.tar.gz ]]; then
curl -L "$URL" | tar -xz \
--wildcards \
--no-anchored \
--no-wildcards-match-slash \
--to-stdout \
"*.jar" > "$DEST_PATH/$DEST_JAR"
else
curl -L "$URL" > "$DEST_PATH/$DEST_JAR"
fi
# Add any required link to ensure the .jar file is loaded along with the
# extension that requires it
mkdir -p "$DESTINATION/environment/$VAR_PREFIX/lib"
ln -s "$DEST_PATH/$DEST_JAR" "$DESTINATION/environment/$VAR_PREFIX/lib/"
}
#
# Download and link any required JDBC drivers
#
# MySQL JDBC driver
download_driver "MYSQL_" \
"https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-$MYSQL_JDBC_VERSION.tar.gz" \
"mysql-jdbc.jar"
# PostgreSQL JDBC driver
download_driver "POSTGRESQL_" \
"https://jdbc.postgresql.org/download/postgresql-$PGSQL_JDBC_VERSION.jar" \
"postgresql-jdbc.jar"
# SQL Server JDBC driver
download_driver "SQLSERVER_" \
"https://github.com/microsoft/mssql-jdbc/releases/download/v$MSSQL_JDBC_VERSION/mssql-jdbc-$MSSQL_JDBC_VERSION.jre8.jar" \
"mssql-jdbc.jar"

47
guacamole-docker/build.d/999-verify-sanity.sh Normal file
View File

@@ -0,0 +1,47 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
##
## @fn 999-verify-sanity.sh
##
## Performs sanity checks on the results of the build that verify the image
## contains everything it is expected to contain, including all built
## extensions. If symbolic links were not correctly constructed, or some built
## extensions were not mapped to environment variable prefixes, this script
## will log errors and fail the build.
##
# Perform basic sanity checks that the symbolic links used to associated
# environment variables with extensions/libraries have been correctly created,
# bailing out if any problems are found.
(
# Search for any broken symbolic links intended to map files for
# environment variables
find "$DESTINATION/environment/" -xtype l | sed 's/^/Broken link: /'
# Search for extensions that have not been mapped to any environment
# variables at all
comm -23 \
<(find "$DESTINATION/extensions/" -name "*.jar" -exec realpath "{}" ";" | sort -u) \
<(find "$DESTINATION/environment/" -path "**/extensions/*.jar" -exec realpath "{}" ";" | sort -u) \
| sed 's/^/Unmapped extension: /'
) | sed 's/^/ERROR: /' | (! grep .) >&2 || exit 1

136
guacamole-docker/entrypoint.d/000-migrate-docker-links.sh Normal file
View File

@@ -0,0 +1,136 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
##
## @fn 000-migrate-docker-links.sh
##
## Checks for usage of any Docker links that were formerly supported
## but are now deprecated, warning when any deprecated Docker links are
## encountered. Until support for Docker links is entirely removed, the values
## of environment variables that are injected by Docker for deprecated Docker
## links are automatically reassigned to currently supported variables.
##
##
## Unsets all environment variables whose names start with the given prefix.
##
## @param LEGACY_VAR_PREFIX
## The name prefix of the environment variables that should be unset.
##
unset_starts_with() {
local LEGACY_VAR_PREFIX="$1"
local LEGACY_VAR_NAME
# Unset all environment variables starting with the given prefix
while read -r LEGACY_VAR_NAME; do
unset "$LEGACY_VAR_NAME"
done < <(awk 'BEGIN{for(v in ENVIRON) print v}' | grep "^$LEGACY_VAR_PREFIX")
}
##
## Checks for usage of the given deprecated Docker link, automatically
## assigning the values of its associated environment variables to the given
## set of currently supported environment variables. If usage of the
## deprecated Docker link is found, a warning is printed to STDERR.
##
## @param LEGACY_LINK_NAME
## The name of the Docker link that's deprecated, as would be provided to
## the "docker" command with the "--link" option.
##
## @param LEGACY_LINK_PORT_NUMBER
## The TCP port number used by the service originally pointed to by the
## deprecated Docker link. This will be the port number exposed by the
## Docker image customarily used for that service.
##
## @param CURRENT_ADDR_VAR_NAME
## The name of the environment variable that is currently supported and
## represents the IP addresss or hostname of the service originally pointed
## to by the deprecated Docker link.
##
## @param CURRENT_PORT_VAR_NAME
## The name of the environment variable that is currently supported and
## represents the TCP port of the service originally pointed to by the
## deprecated Docker link.
##
deprecate_link() {
local LEGACY_LINK_NAME="$1"
local LEGACY_LINK_PORT_NUMBER="$2"
local CURRENT_ADDR_VAR_NAME="$3"
local CURRENT_PORT_VAR_NAME="$4"
# Determine names of environment variables injected by Docker for the link
# having the given name
local LEGACY_LINK_VAR_PREFIX="`echo "$LEGACY_LINK_NAME" | tr 'a-z' 'A-Z'`"
local LEGACY_LINK_VAR_TCP_PREFIX="${LEGACY_LINK_VAR_PREFIX}_PORT_${LEGACY_LINK_PORT_NUMBER}_TCP"
local LEGACY_ADDR_VAR_NAME="${LEGACY_LINK_VAR_TCP_PREFIX}_ADDR"
local LEGACY_PORT_VAR_NAME="${LEGACY_LINK_VAR_TCP_PREFIX}_PORT"
# NOTE: We pull these values early to ensure we can safely unset the
# legacy variables without losing the ability to reassign those values to
# the proper variables later
local LEGACY_LINK_ADDR="${!LEGACY_ADDR_VAR_NAME}"
local LEGACY_LINK_PORT="${!LEGACY_PORT_VAR_NAME}"
if [ -n "$LEGACY_LINK_ADDR" -o -n "$LEGACY_LINK_PORT" ]; then
echo "WARNING: The \"$LEGACY_LINK_NAME\" Docker link has been deprecated in favor of the \"$CURRENT_ADDR_VAR_NAME\" and \"$CURRENT_PORT_VAR_NAME\" environment variables. Please migrate your configuration when possible, as Docker considers the linking feature to be legacy and support for Docker links may be removed in future releases. See: https://docs.docker.com/engine/network/links/" >&2
#
# Clear out any environment variables related to the legacy link (NOTE:
# this is necessary not only to clean the environment of variables that
# aren't actually used, but also to avoid tripping warnings about
# legacy "POSTGRES_" variable naming).
#
# The variables that Docker will set are documented here:
#
# https://docs.docker.com/engine/network/links/
#
unset "${LEGACY_LINK_VAR_PREFIX}_NAME"
unset "${LEGACY_LINK_VAR_PREFIX}_PORT"
unset_starts_with "${LEGACY_LINK_VAR_TCP_PREFIX}_"
unset_starts_with "${LEGACY_LINK_VAR_PREFIX}_ENV_"
# A variable containing just the prefix documented by Docker is also
# injected, but this is not documented at the above URL
unset "$LEGACY_LINK_VAR_TCP_PREFIX"
# Migrate legacy Docker link values over to the proper variables
export "$CURRENT_ADDR_VAR_NAME"="$LEGACY_LINK_ADDR"
export "$CURRENT_PORT_VAR_NAME"="$LEGACY_LINK_PORT"
fi
}
# Legacy Docker link support for connecting the webapp image with guacd
deprecate_link "guacd" 4822 "GUACD_HOSTNAME" "GUACD_PORT"
# Legacy Docker link support for connecting the webapp image with the various
# supported databases
deprecate_link "mysql" 3306 "MYSQL_HOSTNAME" "MYSQL_PORT"
deprecate_link "postgres" 5432 "POSTGRESQL_HOSTNAME" "POSTGRESQL_PORT"
deprecate_link "sqlserver" 1433 "SQLSERVER_HOSTNAME" "SQLSERVER_PORT"
# No other Docker links have been historically supported by the
# "guacamole/guacamole" image.

117
guacamole-docker/entrypoint.d/010-migrate-legacy-variables.sh Normal file
View File

@@ -0,0 +1,117 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
##
## @fn 010-migrate-legacy-variables.sh
##
## Checks for usage of any environment variables that were formerly supported
## but are now deprecated, warning when any deprecated variables are
## encountered. Until support for a deprecated variable is entirely removed,
## the value provided for the deprecated variable is automatically assigned to
## the currently-supported variable.
##
##
## Checks for usage of the given deprecated environment variable, automatically
## assigning its value to the given currently-supported environment variable.
## If usage of the deprecated variable is found, a warning is printed to
## STDERR.
##
## @param LEGACY_VAR_NAME
## The name of the environment variable that's deprecated.
##
## @param CURRENT_VAR_NAME
## The name of the environment variable that is currently supported and
## replaces the deprecated variable.
##
deprecate_variable() {
local LEGACY_VAR_NAME="$1"
local CURRENT_VAR_NAME="$2"
if [ -n "${!LEGACY_VAR_NAME}" ]; then
echo "WARNING: The \"$LEGACY_VAR_NAME\" environment variable has been deprecated in favor of \"$CURRENT_VAR_NAME\". Please migrate your configuration when possible, as support for the older name may be removed in future releases." >&2
export "$CURRENT_VAR_NAME"="${!LEGACY_VAR_NAME}"
fi
}
##
## Checks for usage of any environment variables using the given deprecated
## prefix, automatically assigning their values to corresponding environment
## variables having the given currently-supported prefix. If usage of the
## deprecated prefix is found, a warning is printed to STDERR.
##
## @param LEGACY_VAR_PREFIX
## The environment variable prefix that's deprecated.
##
## @param CURRENT_VAR_PREFIX
## The environment variable prefix that is currently supported and
## replaces the deprecated variable prefix.
##
deprecate_variable_prefix() {
local LEGACY_VAR_PREFIX="$1"
local CURRENT_VAR_PREFIX="$2"
local LEGACY_VAR_NAME
local CURRENT_VAR_NAME
local HAS_LEGACY_VARIABLES=0
# Automatically reassign all "POSTGRES_*" variables to "POSTGRESQL_*"
while read -r LEGACY_VAR_NAME; do
HAS_LEGACY_VARIABLES=1
CURRENT_VAR_NAME="$CURRENT_VAR_PREFIX${LEGACY_VAR_NAME#$LEGACY_VAR_PREFIX}"
export "$CURRENT_VAR_NAME"="${!LEGACY_VAR_NAME}"
unset "$LEGACY_VAR_NAME"
done < <(awk 'BEGIN{for(v in ENVIRON) print v}' | grep "^$LEGACY_VAR_PREFIX")
if [ "$HAS_LEGACY_VARIABLES" = "1" ]; then
echo "WARNING: The \"$LEGACY_VAR_PREFIX\" prefix for environment variables has been deprecated in favor of the \"$CURRENT_VAR_PREFIX\" prefix. Please migrate your configuration when possible, as support for the older prefix may be removed in future releases." >&2
export "$CURRENT_VAR_NAME"="$LEGACY_VAR_NAME"
fi
}
# The old "*_USER" style for configuring the user account to be used to access
# the database is being replaced with "*_USERNAME" such that all environment
# variables exactly correspond to the names of configuration properties from
# guacamole.properties.
deprecate_variable "MYSQL_USER" "MYSQL_USERNAME"
deprecate_variable "POSTGRES_USER" "POSTGRESQL_USERNAME"
deprecate_variable "POSTGRESQL_USER" "POSTGRESQL_USERNAME"
deprecate_variable "SQLSERVER_USER" "SQLSERVER_USERNAME"
# The old "POSTGRES_" prefix for configuring usage of PostgreSQL is being
# replaced with "POSTGRESQL_" such that all environment variables exactly
# correspond to the names of configuration properties from
# guacamole.properties.
deprecate_variable_prefix "POSTGRES_" "POSTGRESQL_"
# The old "PROXY_*" names for attributes supported by RemoteIpValve are being
# replaced with "REMOTE_IP_VALVE_*" attributes that more closely and
# predictably match their attribute names
deprecate_variable "PROXY_ALLOWED_IPS_REGEX" "REMOTE_IP_VALVE_INTERNAL_PROXIES"
deprecate_variable "PROXY_IP_HEADER" "REMOTE_IP_VALVE_REMOTE_IP_HEADER"
deprecate_variable "PROXY_PROTOCOL_HEADER" "REMOTE_IP_VALVE_PROTOCOL_HEADER"
# NOTE: PROXY_BY_HEADER never worked as there is no "remoteIpProxiesHeader" attribute for RemoteIpValve
# The old "LOGBACK_LEVEL" environment variable has been replaced with
# "LOG_LEVEL" for consistency with the guacd image
deprecate_variable "LOGBACK_LEVEL" "LOG_LEVEL"

111
guacamole-docker/entrypoint.d/100-generate-guacamole-home.sh Normal file
View File

@@ -0,0 +1,111 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
##
## @fn 010-generate-guacamole-home.sh
##
## Automatically generates a temporary, skeleton GUACAMOLE_HOME to be used for
## this run of the container. GUACAMOLE_HOMEs from previous runs are
## automatically deleted prior to creating the new skeleton. A
## randomly-generated temporary directory is used instead of a standard
## directory like "/etc/guacamole" to allow users to use "/etc/guacamole" as a
## basis for their own configuration.
##
##
## The directory to copy/link over as a basis for the GUACAMOLE_HOME actually
## used by the Guacamole web application. Any configuration generated by this
## container will be overlaid on top of this configuration. To achieve the
## overlay, symbolic links will be created for all files inside and beneath
## this directory. Only the guacamole.properties file will be copied instead of
## using symbolic links (to ensure property generation performed by the
## container does not potentially modify an external file).
##
GUACAMOLE_HOME_TEMPLATE="$GUACAMOLE_HOME"
##
## Tests whether a given property is set within the guacamole.properties file
## in GUACAMOLE_HOME.
##
## @param PROPERTY_NAME
## The name of the property to check.
##
## @returns
## Zero if the given property is set to any value within
## guacamole.properties, non-zero otherwise.
##
is_property_set() {
local PROPERTY_NAME="$1"
grep "^[[:space:]]*$PROPERTY_NAME\>" "$GUACAMOLE_HOME/guacamole.properties" &> /dev/null
}
#
# Start with a fresh GUACAMOLE_HOME
#
rm -rf /tmp/guacamole-home.*
GUACAMOLE_HOME="`mktemp -p /tmp -d guacamole-home.XXXXXXXXXX`"
mkdir -p "$GUACAMOLE_HOME/"{lib,extensions}
cat > "$GUACAMOLE_HOME/guacamole.properties" <<EOF
# guacamole.properties - generated `date`
EOF
#
# Copy contents of provided GUACAMOLE_HOME template, if any
#
if [ -e "$GUACAMOLE_HOME_TEMPLATE" ]; then
# Create links for any libraries provided in the template GUACAMOLE_HOME
find "$GUACAMOLE_HOME_TEMPLATE/lib" -mindepth 1 -maxdepth 1 \
-exec ln -sv "{}" "$GUACAMOLE_HOME/lib/" ";"
# Create links for any extensions provided in the template GUACAMOLE_HOME
find "$GUACAMOLE_HOME_TEMPLATE/extensions" -mindepth 1 -maxdepth 1 \
-exec ln -sv "{}" "$GUACAMOLE_HOME/extensions/" ";"
# Create links for all other files directly within the template
# GUACAMOLE_HOME
find "$GUACAMOLE_HOME_TEMPLATE" -mindepth 1 -maxdepth 1 \
-name guacamole.properties -o -name lib -o -name extensions -prune \
-o -exec ln -sv "{}" "$GUACAMOLE_HOME/" ";"
# Add any properties provided within template GUACAMOLE_HOME
if [ -e "$GUACAMOLE_HOME_TEMPLATE/guacamole.properties" ]; then
cat "$GUACAMOLE_HOME_TEMPLATE/guacamole.properties" >> "$GUACAMOLE_HOME/guacamole.properties"
fi
fi
# Enable reading of properties directly from environment variables unless
# overridden
if ! is_property_set "enable-environment-properties"; then
cat >> "$GUACAMOLE_HOME/guacamole.properties" <<'EOF'
#
# NOTE: The following was automatically added by the container entrypoint to
# allow all Guacamole configuration properties to be automatically read from
# environment variables. If this is not desired, you can override this behavior
# by specifying the "enable-environment-properties" variable yourself in your
# own guacamole.properties file.
#
enable-environment-properties: true
EOF
fi

50
guacamole-docker/entrypoint.d/500-generate-tomcat-catalina-base.sh Normal file
View File

@@ -0,0 +1,50 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
##
## 500-generate-tomcat-catalina-base.sh
##
## Automcatically generates a fresh, temporary CATALINA_BASE for Apache Tomcat.
## This allows Tomcat to run as a reduced-privilege user, and allows its
## configuration to be dynamically generated by the container entrypoint at
## startup.
##
#
# Start with a fresh CATALINA_BASE
#
rm -rf /tmp/catalina-base.*
export CATALINA_BASE="`mktemp -p /tmp -d catalina-base.XXXXXXXXXX`"
# User-only writable CATALINA_BASE
for dir in logs temp webapps work; do
mkdir -p $CATALINA_BASE/$dir
done
cp -R /usr/local/tomcat/conf $CATALINA_BASE
cat >> "$CATALINA_BASE/conf/catalina.properties" <<EOF
# Point Guacamole at automatically-generated, temporary GUACAMOLE_HOME
guacamole.home=$GUACAMOLE_HOME
EOF
# Install webapp
ln -sf /opt/guacamole/webapp/guacamole.war $CATALINA_BASE/webapps/${WEBAPP_CONTEXT:-guacamole}.war

88
guacamole-docker/entrypoint.d/700-configure-features.sh Normal file
View File

@@ -0,0 +1,88 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
#
##
## @fn 700-configure-features.sh
##
## Automatically checks all environment variables currently set and performs
## configuration tasks related to those variabels, including installing any
## extensions and external libraries associated with those variables to
## GUACAMOLE_HOME. Only environment variable prefixes are considered; this
## script is not aware of whether an extension actually uses an environment
## variable.
##
##
## Returns whether the feature associated with a particular environment
## variable prefix has configuration values set. Only the presence of
## environment variables having that prefix is checked. Features can also be
## entirely enabled/disabled through setting the [PREFIX_]ENABLED variable to
## true/false respectively, where "[PREFIX_]" is the specified environment
## variable prefix (including trailing underscore).
##
## @param VAR_BASE
## The environment variable prefix to check, including trailing underscore.
##
## @returns
## Zero if the feature associated with the given environment variable
## prefix is enabled, non-zero otherwise.
##
is_feature_enabled() {
local VAR_BASE="$1"
# Allow any feature to be explicitly enabled/disabled using a
# [PREFIX_]ENABLED variable
local ENABLED_VAR="${VAR_BASE}ENABLED"
if [ "${!ENABLED_VAR}" = "true" ]; then
return 0
elif [ "${!ENABLED_VAR}" = "false" ]; then
return 1
fi
# Lacking an explicit request to enable/disable the feature, rely on
# implicit enable/disable via presence of any other variables having the
# given prefix
awk 'BEGIN{for(v in ENVIRON) print v}' | grep "^${VAR_BASE}" > /dev/null
}
# Search environment for enabled extensions/features based on environment
# variable prefixes
for VAR_BASE in /opt/guacamole/environment/*; do
# Skip any directories without at least one corresponding environment
# variable set
is_feature_enabled "$(basename "$VAR_BASE")" || continue
# Execute any associated configuration script
[ ! -e "$VAR_BASE/configure.sh" ] || source "$VAR_BASE/configure.sh"
# Add any required links for extensions/libraries associated with the
# configured extension
for SUBDIR in lib extensions; do
if [ -d "$VAR_BASE/$SUBDIR" ]; then
mkdir -p "$GUACAMOLE_HOME/$SUBDIR/"
ln -s "$VAR_BASE/$SUBDIR"/* "$GUACAMOLE_HOME/$SUBDIR/"
fi
done
done

30
guacamole-docker/entrypoint.d/999-start-tomcat.sh Normal file
View File

@@ -0,0 +1,30 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
##
## @fn 999-start-tomcat.sh
##
## Starts Tomcat. This script replaces the current process with the Tomcat
## process and does not exit.
##
# Start tomcat
cd /usr/local/tomcat
exec catalina.sh run

60
guacamole-docker/environment/REMOTE_IP_VALVE_/configure.sh Normal file
View File

@@ -0,0 +1,60 @@
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
##
## @fn REMOTE_IP_VALVE_/configure.sh
##
## Configures Tomcat to forward the IP addresses of clients behind a proxy if
## the REMOTE_IP_VALVE_ENABLED environment variable is set to "true".
##
##
## Array of all xmlstarlet command-line options necessary to add the
## RemoteIpValve attributes that correspond to various "REMOTE_IP_VALVE_*"
## environment variables.
##
declare -a VALVE_ATTRIBUTES=( --insert '/Server/Service/Engine/Host/Valve[not(@className)]' --type attr -n className -v org.apache.catalina.valves.RemoteIpValve )
# Translate all properties supported by RemoteIpValve into corresponding
# environment variables
for ATTRIBUTE in \
remoteIpHeader \
internalProxies \
proxiesHeader \
trustedProxies \
protocolHeader \
protocolHeaderHttpsValue \
httpServerPort \
httpsServerPort; do
VAR_NAME="REMOTE_IP_VALVE_$(echo "$ATTRIBUTE" | sed 's/\([a-z]\)\([A-Z]\)/\1_\2/g' | tr 'a-z' 'A-Z')"
if [ -n "${!VAR_NAME}" ]; then
VALVE_ATTRIBUTES+=( --insert '/Server/Service/Engine/Host/Valve[@className="org.apache.catalina.valves.RemoteIpValve"]' --type attr -n "$ATTRIBUTE" -v "${!VAR_NAME}" )
else
echo "Using default RemoteIpValve value for \"$ATTRIBUTE\" attribute."
fi
done
# Programmatically add requested RemoteIpValve entry
xmlstarlet edit --inplace \
--insert '/Server/Service/Engine/Host/*' --type elem -n Valve \
"${VALVE_ATTRIBUTES[@]}" \
"$CATALINA_BASE/conf/server.xml"

3
guacamole-docker/mozilla-firefox.pref Normal file
View File

@@ -0,0 +1,3 @@
Package: *
Pin: release o=LP-PPA-mozillateam
Pin-Priority: 1001