Giter Site home page Giter Site logo

guacamole-composition's Introduction

guacamole-composition ๐Ÿฅ‘๐Ÿณ

GitHub Build Status CodeQL Known Vulnerabilities

Creates a Docker composition containing instances of:

  • guacamole clientless remote desktop gateway.
  • guacd server-side proxy for Guacamole.
  • Postgres relational database.
  • cisagov/guacscanner-docker utility for continually scanning the EC2 instances in an AWS VPC and updating the Guacamole connections in the underlying PostgreSQL database.

Running

A sample Docker composition is included in this repository.

To start the composition, use the command: docker compose up

Connect to the Guacamole web interface at: http://localhost/guacamole.

The default credentials are guacadmin, guacadmin - you should change those as soon as possible.

Volumes

postgres

Mount Point Purpose
dbdata Stores all database data for the postgres container
dbinit Stores the postgres initialization script for the guacamole database resources

Ports

This composition exposes the following port to the localhost:

Port Protocol Service Purpose
80 TCP http Guacamole web interface

Secrets

Sample secrets have been provided - you should change these if you use this composition on a publicly-accessible host:

Filename Purpose
postgres_username Text file containing the username of the postgres user used by the guacamole container
postgres_password Text file containing the password of the postgres user used by the guacamole container
private_ssh_key Text file containing the private SSH key to use for SFTP file transfer in Guacamole.
rdp_username Text file containing the username for Guacamole to use when connecting to an instance via RDP.
rdp_password Text file containing the password for Guacamole to use when connecting to an instance via RDP.
vnc_username Text file containing the username for Guacamole to use when connecting to an instance via VNC.
vnc_password Text file containing the password for Guacamole to use when connecting to an instance via VNC.
windows_sftp_base Text file containing the base path for the SFTP directories that Guacamole will use when connecting to a Windows instance via VNC.

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

This project is in the worldwide public domain.

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

guacamole-composition's People

Contributors

dav3r avatar dependabot[bot] avatar felddy avatar hillaryj avatar jmorrowomni avatar jsf9k avatar mcdonnnj avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

maisnamraju fcenobi d3cl4n cadmius

guacamole-composition's Issues

Update from skeleton-generic

This project is still using TravisCI, whereas all of our newer work is using GitHub Actions. Update this project so that it takes advantage of all of the latest goodies from our skeleton-generic project.

Limit the size of Docker logs

๐Ÿ› Summary

Guacamole was temporarily unavailable in env22-production yesterday because the logs associated with the Docker composition filled up the root disk on the Guacamole instance. Limiting the size of the Docker logs will help alleviate this.

See also cisagov/cool-assessment-terraform#202.

To reproduce

Steps to reproduce the behavior:

  1. Spin up an RTA environment (many instances accessible via guacamole).
  2. Wait a few months.
  3. Observe that the root disk on the Guacamole instance fills up.

Expected behavior

There should be no interruption in availability of the Guacamole service.

Any helpful log output or screenshots

root@guac:/usr/bin# df -h
Filesystem       Size  Used Avail Use% Mounted on
udev             1.9G     0  1.9G   0% /dev
tmpfs            388M  756K  387M   1% /run
/dev/nvme0n1p1   7.7G  6.4G  936M  88% /
tmpfs            1.9G     0  1.9G   0% /dev/shm
tmpfs            5.0M     0  5.0M   0% /run/lock
/dev/nvme0n1p15  124M  5.9M  118M   5% /boot/efi
overlay          7.7G  6.4G  936M  88% /var/lib/docker/overlay2/5453e28a36f9ce890a760c86e1f2d5e94f8c6659ad3d229c7c964e370d5ea2a3/merged
shm               64M     0   64M   0% /var/lib/docker/containers/3f5bd5504fc149f9fe74c3abe28c85f3f6e8bfcd7d8bded026d3125efe005060/mounts/shm
overlay          7.7G  6.4G  936M  88% /var/lib/docker/overlay2/570012723f1dbb24eaa5504a75c3d2a346437e6d271d99dca3cfc1f7b91031a8/merged
shm               64M     0   64M   0% /var/lib/docker/containers/16cca99e59f0c08e0bdaef4d79ec6785c2322b9a916c6c79fb62a31929778775/mounts/shm
overlay          7.7G  6.4G  936M  88% /var/lib/docker/overlay2/4f4cba0ebff605b2300ad541baec5879cd00f892a08d9527299d736a31b8b3d6/merged
shm               64M     0   64M   0% /var/lib/docker/containers/9538eabf5828278a1c24c420a700a658b580b0542213a10977e1ef680221781d/mounts/shm
overlay          7.7G  6.4G  936M  88% /var/lib/docker/overlay2/f650455c4ce1035e78ad84f61c6373e68ac123b600067bbbf538788f52f425ce/merged
shm               64M   16K   64M   1% /var/lib/docker/containers/176e7686b05da94828c46c0419398dd7df2b3699bda952447cc312b52f571c1d/mounts/shm
tmpfs            388M     0  388M   0% /run/user/0

Make nginx service listen on port 443, instead of 8443

Currently, the nginx service in the Docker composition listens on port 8443, which means that end users of Guacamole must use a URL like https://guac.mydomain.gov:8443. We want to change that so the URL would simply be https://guac.mydomain.gov.

Upgrade the version of the PostgreSQL Docker image

๐Ÿ’ก Summary

We currently pin to the PostgreSQL Docker image to postgres:13 because of a limitation in the JDBC PostgreSQL driver used in version 1.4.0 of the official Guacamole Docker images. It looks like the JDBC PostgreSQL driver will be updated in the next release of the Guacamole Docker images, at which point we should start using a newer version of the postgres Docker image.

Motivation and context

A newer postgres Docker image is likely more performant and more secure.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.