Skip to content

Guacamole with MySQL on Ubuntu (Docker Version)

Many of you have used my previous scripts for installing Guacamole directly, this is an updated version which uses Docker to greatly simplify the process! All you have to do is type two passwords, the MySQL ROOT Password and the Guacamole database user password. Run as root!

Update: Should now work with Guacamole 0.9.12

#!/bin/bash
# WORKING ON UBUNTU 16.04 LTS

VERSION="0.9.12"

#Install Stuff
apt-get update
apt-get install docker.io mysql-client wget jq curl

SERVER=$(curl -s 'https://www.apache.org/dyn/closer.cgi?as_json=1' | jq --raw-output '.preferred|rtrimstr("/")')

read -s -p "Enter the password that will be used for MySQL Root: " MYSQLROOTPASSWORD
read -s -p "Enter the password that will be used for the Guacamole database: " GUACDBUSERPASSWORD

# Download the guacamole auth files for MySQL
wget ${SERVER}/incubator/guacamole/${VERSION}-incubating/binary/guacamole-auth-jdbc-${VERSION}-incubating.tar.gz
tar -xzf guacamole-auth-jdbc-${VERSION}-incubating.tar.gz

# Start MySQL
docker run --restart=always --detach --name=mysql --env="MYSQL_ROOT_PASSWORD=$MYSQLROOTPASSWORD" --publish 3306:3306 mysql

# Create the Guacamole database and the user account

# SQL Code
SQLCODE="
create database guacamole_db;
create user 'guacamole_user'@'%' identified by '$GUACDBUSERPASSWORD';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'%';
flush privileges;"

# Execute SQL Code
echo $SQLCODE | mysql -h 127.0.0.1 -P 3306 -u root -p$MYSQLROOTPASSWORD

cat guacamole-auth-jdbc-${VERSION}-incubating/mysql/schema/*.sql | mysql -u root -p$MYSQLROOTPASSWORD -h 127.0.0.1 -P 3306 guacamole_db

docker run --restart=always --name guacd -d guacamole/guacd
docker run --restart=always --name guacamole  --link mysql:mysql --link guacd:guacd -e MYSQL_HOSTNAME=127.0.0.1 -e MYSQL_DATABASE=guacamole_db -e MYSQL_USER=guacamole_user -e MYSQL_PASSWORD=$GUACDBUSERPASSWORD --detach -p 8080:8080 guacamole/guacamole

rm -rf guacamole-auth-jdbc-${VERSION}-incubating*

As usual, connect via :8080/guacamole/ and login with guacadmin/guacadmin to begin configuration.

Published inTech

36 Comments

  1. Alex Hansen Alex Hansen

    Thanks for your efforts! I had already set up an Ubuntu VM with guacamole/guacd using your “standard” script, so I thought I’d try an adaptation of this script to install Docker versions of guacamole, guacd, and mysql on my Mac. This worked, with the following notes:
    1) Download and install Docker for Mac via its installer package.
    2) curl is a system built-in on macOS/OS X , but folks would need to get the other executables (mysql, wget, jq) by other means.
    3) I had to make ‘$guacdbuserpassword’ upper-case in SQLCODE .
    4) the mysql commands timed out for me with “ERROR 2013 (HY000): Lost connection to MySQL server at ‘reading authorization packet’, system error: 0” when run in the script, but manually running the commands worked for me.

    • Chase Chase

      Thanks, I corrected the GUACDBUSERPASSWORD issue and re-arranged the curl and jq apt-get installs on the website

  2. Chase –

    FWIW 0.9.12 is out and it took a bit for me to figure out the right(?) way to upgrade the docker images. I did double check to make sure there was no schema changes (downloaded the schema .sql files by hand). After that I ran the following commands:

    docker pull guacamole/guacd
    docker pull guacamole/guacamole
    docker rm -f guacamole
    docker rm -f guacd
    docker run –restart=always –name guacd -d guacamole/guacd
    docker run –restart=always –name guacamole –link mysql:mysql –link guacd:guacd -e MYSQL_HOSTNAME=127.0.0.1 -e MYSQL_DATABASE=guacamole_db -e MYSQL_USER=guacamole_user -e MYSQL_PASSWORD=PASSWORD –detach -p 8080:8080 guacamole/guacamole

    Also, I noticed that the script as posted is still referencing glyptodon instead of guacamole. I think you might have had a regression on that

  3. Pablo Ramos Pablo Ramos

    Hi Chase! Great tutorial/script. I’m already running Guacamole installed by manual instructions from apache website, and it’s a wonderful tool. By the way, I’m accessing Guacamole from my phone, but on trying to show the client menu (swiping my finger on screen to right from the left border), I can not make it appear. Do you have notice about problems like that? Thanks for your help.

  4. I tried getting this working because this seemed like it would teach me a few things (docker for the most part). It all worked extremely well. I can log in with the default user, change the password, create connections, etc.

    But … I went to create a new user and it fails with a dialog saying “Unexpected Server Error”

    I ran a “docker logs guacamole” and there’s this in the logs:

    03:36:55.550 [http-nio-8080-exec-2] ERROR o.a.g.rest.RESTExceptionWrapper – Unexpected internal error:
    ### Error updating database. Cause: java.sql.SQLException: Field ‘password_date’ doesn’t have a default value
    ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.insert-Inline
    ### The error occurred while setting parameters
    ### SQL: INSERT INTO guacamole_user ( username, password_hash, password_salt, disabled, expired, access_window_start, access_window_end, valid_from, valid_until, timezone ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )
    ### Cause: java.sql.SQLException: Field ‘password_date’ doesn’t have a default value
    13-Feb-2017 03:36:55.551 SEVERE [http-nio-8080-exec-2] null.null Mapped exception to response: 500 (Internal Server Error)

    Any help?

    BTW – running a new vm that I have “apt update; apt upgrade” to the latest. It reports itself as “Ubuntu 16.04.2 LTS”

    And:

    root@guac:~# docker images
    REPOSITORY TAG IMAGE ID CREATED SIZE
    mysql latest 7666f75adb6b 2 weeks ago 405.6 MB
    glyptodon/guacd latest 34d5d942af2e 3 weeks ago 329.8 MB
    glyptodon/guacamole latest 1b557c527e87 3 weeks ago 650.2 MB

    • Chase Chase

      It sounds like there might be an issue with the new password requirement options…? You ran everything for 0.9.11? Or did you do this when it was still 0.9.10?

      • This was a brand new environment and ran the script that’s posted right now. In other words a clean install assuming that it would get 0.9.11

        • Chase Chase

          So it looks like with 0.9.11 they switch from glyptodon to guacamole…I didn’t notice that in the manual so the script has been updated…it’s now guacamole/guacd and guacamole/guacamole..sorry about that. I run the native version myself.

          • awesome! Thanks so much. I blew away all the docker images and re-ran the updated script. All’s working now.

            Appreciate the quick help Chase.

  5. Scott Scott

    Ran the script and the install was clean. Was able to get in, setup accounts, etc. Great! Then when I restarted Ubuntu, I was unable to get back in.

    Checked if the services (i.e. tomcat) were up and nothing was up. I tried to startup the services and got this:

    ……# /etc/init.d/guacd start
    -bash: /etc/init.d/guacd: No such file or directory

    So I did some poking around on the folders others have listed for relevant file locations (i.e. for tomcat, guacamole, etc.) and I have none of the folders. I then did a find to locate the associated files and everything shows up in crazy paths like:

    /var/lib/docker/aufs/mnt/9b843be106246a3eca41e4077f75fd71606d05764a78e5856f408d805591d7bb/usr/local/tomcat

    I’m running 16.10. Any suggestions?

    Thanks.

  6. Nice post!

    For those looking for 2FA and SSL, deploy a KEMP VLB in front of your guacamole with ESP enabled and SSL offload.

    Details at freeloadbalancer.com

  7. jear jear

    +1

  8. I ran the script on a fairly fresh install of Linux Mint. At first I thought everything went great but when I logged on to localhost:8080/guacamole/ using the default username/password, things didn’t seem right. Looking at ‘ docker logs guacamole ‘, it appears there is no “guacamole_db.guacamole_sharing_profile_permission” table. I will investigate further (I just found about guacamole last week) but I was wondering whether you or anyone else had any clues as to what could be causing this?
    Thanks!
    Links to log:
    https://otherrealm.org/logs/guacamole.log
    And screenshot of what the browser interface looks like
    https://otherrealm.org/logs/GuacamoleScreenshot%20from%202016-12-23%2011-21-00.png

  9. jear71 jear71

    Hi ,

    Great integration job indeed. I tested the script 1 or 2 weeks ago and it was working perfectly.
    I decided to use it again this week.

    When I log in with guacadmin/guacadmin, I only see a ‘logout’ in the top-left menu.
    When I open my brower console (firefox on ubuntu and Chrome on Windows), I get 403 and then a 500 errors.

    GET
    http://guacamole:8080/guacamole/api/session/data/mysql/self/permissions [HTTP/1.1 500 Internal Server Error 27ms]

    POST
    http://16.16.22.30:8080/guacamole/api/tokens [HTTP/1.1 403 Forbidden 9ms]

    I noticed that the version is 0.9.10 and not 0.9.9….

    Any idea?

  10. daniel daniel

    If someone can figure the setups for https and TwoFactorAuth (ala google authenticator) then this would be perfect. With or without docker version.

    • Chase Chase

      The simplest method to get HTTPS is to use NGINX. But I’m unaware of any Two Factor methods for Guacamole at this time. However, if you use NGINX you could start here: https://github.com/Arno0x/TwoFactorAuth

  11. Oliver Oliver

    You should add a

    sleep 15

    after

    # Start MySQL
    docker run –restart=always –detach –name=mysql –env=”MYSQL_ROOT_PASSWORD=$MYSQLROOTPASSWORD” –publish 3306:3306 mysql
    sleep 15

    Because if you script your statements into a file and run it using bash the mysql container is not yet up when you try to create the database.

    Regards,
    Oliver

    • Chase Chase

      I updated the script with a while loop to check for the successful login and interaction with MySQL, it’ll sleep until MySQL is ready to receive the commands to create the database.

  12. Oliver Oliver

    Hi

    Looks promising but does not run on Ubuntu 16.04.1 LTS

    Installation works fine. I get the same error messages as JP did but that seems not to be the problem. I executed statement by statement and checked the MYSQL DB. The tables get created. Even the docker images are running and port 8080 is accessible.

    When accessing the URL: http://guacamole:8080/guacamole (my systems name is guacamole) I see the icon in chromes/IEs tab.

    BUT the page stays empty. No login dialog 🙁

    If I look at the page source I can see some guac specific stuff loaded.

    Any idea why this is not working ?

    BTW, the old style installation (your other post) works fine. But I thought that docker would be cooler. It’s not so fa.

    Regards,
    Oliver

    • Chase Chase

      Can you try this?

      echo "create database guacamole_db; create user 'guacamole_user'@'%' identified by \"$GUACDBUSERPASSWORD\";GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'%';flush privileges;" | mysql -h 127.0.0.1 -P 3306 -u root -p$MYSQLROOTPASSWORD

      Notice the % after the @ instead of localhost? Does that fix it?

      • Ronaldo Ronaldo

        Hello Chase. Great tutorial!

        As Oliver, I can run guacamole, but when I call it from my browser i got the favicon and a 500 error (internal server error) from http://192.168.8.195:8080/guacamole/api/tokens.

        Any Idea on how to solve it?

        Thanks

        • Chase Chase

          Did you try the line in my reply to Oliver?

        • Ronaldo Ronaldo

          I followed your suggestion and changed locahost entries by %. It is now working! Thanks!

      • Oliver Oliver

        Hi Chase

        That did the trick. It works now !

        Now I have a different problem. I defined a RDP Connection and tried to launch it. The target system refused it and guacamole did log me out. Now always when I login it tries to reestablish the connection and counts down from 15 seconds to 0. The only option I have is “Reconnect” or “Logout”.

        So basically the system locked me out. It doesn’t matter which login I use (guacadmin or my created user) it always want’s to establish this broken connection 🙁

        Any idea how to fix this?

        Additional question:

        Would this exact setup instructions work on a Fedora 24 box as well ?

        Regards,
        Oliver

        • Jason Miller Jason Miller

          When it’s trying to reconnect hit “Ctrl+Alt+Shift” which brings up the menu on the left. From there you can go to the “Settings” page. When you only have 1 connection, Guacamole will always try to automatically log you into that one. Just create another bogus entry so that it doesn’t do that anymore.

  13. JP JP

    I see, that makes sense. Well it must be in my environment, I can confirm mysql is running, but mysql-client cannot connect to it. I realize I am running xubuntu rather than ubuntu, same version though, I assumed it would work but there must be something holding me back.

    Great writeup nonetheless, and if I get some time to play with an actual ubuntu machine again I will give it another shot. I am trying to standardize a setup for a lightweight box with a gui to put in client sites as an rdp gateway and also a jumpbox for other maintenance tasks, and having a gui makes it easier for someone filling in to at least verify connectivity and simple stuff like that if I can’t get to it remotely.

  14. JP JP

    Awesome writeup… thanks. I get an error on install and it doesn’t finish, any ideas?

    mysql: [Warning] Using a password on the command line interface can be insecure.
    ERROR 2013 (HY000): Lost connection to MySQL server at ‘reading initial communication packet’, system error: 2
    mysql: [Warning] Using a password on the command line interface can be insecure.
    ERROR 2013 (HY000): Lost connection to MySQL server at ‘reading initial communication packet’, system error: 2

    • Chase Chase

      My first guess is bad MySQL password. There’s no space after The -p and I’m not sure how well special characters are handled

      • JP JP

        So should this line

        read -s -p “Enter the password that will be used for MySQL Root: ” MYSQLROOTPAS$

        actually be
        read -s -p”Enter the password that will be used for MySQL Root: ” MYSQLROOTPAS$

        notice the lack of space between the -p and the first ”

        Or, did I totally misunderstand the script and I should actually be putting something in the script? I am fine with putting my password in the script. My password is alphanumeric only, no special characters.

        Thanks for the reply!

        • Chase Chase

          I’m referring to lines 18 and 20 where you’re passing the password to MySQL in “-u root -p$MYSQLROOTPASSWORD”

    • Chase Chase

      Script is updated, it may fix your issue!

      • Sam Sam

        Hi Chase,

        I am trying to run it on Centos using yum and it is fail, is there any differences that I may miss

        Thanks

        Sam

        • Chase Chase

          If you could be more specific than “It fails” that might help.

Leave a Reply

Your email address will not be published. Required fields are marked *