Quickly Set Up Guacamole Using Docker

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.

Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.

The Guacamole manual can be found here, but because the project is broken into 2 or more peices, it can take a bit of poking around and toggling between sections to find the exact steps one needs to quickly get up and running from scratch using Docker.

Guacamole uses a guacd service to actually handle remote desktop connections, and a separate front-end based on Tomcat that talks directly to the guacd service. To handle authentication, the web-app needs to have one of several authentication resources enabled. Since I didn’t want to connect with any exisitng authentication provider, I used the mysql database backend for Guacamole’s authentication and configuration.

The following steps use simple docker run commands from scripts or the command-line, and don’t assume the use of Stacks or Swarm clusters. This setup should be fine for setting up on a local network, but care should be taken if opened to the internet.

These docker images will be pulled from the respective repositories when the commands are run:

• guacamole/guacd The remote connection daemon
• guacamole/guacamole The web-app interface
• mysql The authentication and configuration backend

LOCALGUACDIR=/myguacdir
MYSQLROOTPASS=myguacamoledatabasepass

# Initialize some specific database objects used by Guacamole for auth and config
cd $LOCALGUACDIR && docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > initdb.sql

# Run mysql docker
docker run -d --name guac-mysql \
      --mount=type=bind,source="${LOCALGUACDIR}/initdb.sql",target="/docker-entrypoint-initdb.d/initdb.sql" \
      -e MYSQL_ROOT_PASSWORD=${MYSQLROOTPASS} \
      -e MYSQL_DATABASE=guacamole \
      mysql "--default-authentication-plugin=mysql_native_password"

# Run the daemon
docker run --name some-guacd -d guacamole/guacd

# Run the web-app and connect the mysql and guacd containers
# Forward external port 8083 to the Tomcat's 8080
docker run --name some-guacamole \
    --link some-guacd:guacd        \
    --link guac-mysql:mysql \
    -e MYSQL_DATABASE=guacamole \
    -e MYSQL_USER=root \
    -e MYSQL_PASSWORD=${MYSQLROOTPASS} \
    -d -p 8083:8080 guacamole/guacamole

The interface can be accessed at http://localhost:8083/guacamole. There is a default admin user called guacadmin and password (same). Definitely change this once everything is setup and running!