建立guacamole remote desktop proxy服務

# 建立guacamole remote desktop proxy服務 ![](https://i.imgur.com/Qgv0vJC.png) adopted from Guacamole Manual ## build in docker 需要以下docker image(可從dockerhub下載) [guacamole/guacamole:latest](https://hub.docker.com/r/guacamole/guacamole) [guacamole/guacd:latest](https://hub.docker.com/r/guacamole/guacd) [library/mariadb:latest](https://hub.docker.com/_/mariadb) 為了簡化流程採用docker-compose來架設，所以要安裝docker-compose。 Compose can also be run inside a container ``` sudo curl -L --fail https://github.com/docker/compose/releases/download/1.28.0/run.sh -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose ``` docker-compose.yml [recipe託管](https://github.com/acyang/guacamole) ``` version: '3.8' services: initialized_db: image: guacamole/guacamole:latest command: ["/bin/sh", "-c", "test -e /init/initdb.sql && echo 'initialize script already exists' || /opt/guacamole/bin/initdb.sh --mysql > /init/initdb.sql" ] volumes: - ./init:/init mariadb: container_name: mariadb hostname: mariadb image: library/mariadb:latest restart: always environment: MYSQL_ROOT_PASSWORD: mysql_root_passwd MYSQL_DATABASE: guacamole_db MYSQL_USER: guacamole_user MYSQL_PASSWORD: guacamole_passwd volumes: - ./init:/docker-entrypoint-initdb.d:ro - ./data:/var/lib/mysql:rw depends_on: - initialized_db guacd: container_name: guacd hostname: guacd image: guacamole/guacd:latest restart: always environment: GUACD_LOG_LEVEL: debug guacamole: container_name: guacamole hostname: guacamole image: guacamole/guacamole:latest restart: always links: - guacd - mariadb depends_on: - guacd - mariadb ports: - "8080:8080" environment: GUACD_HOSTNAME: guacd MYSQL_HOSTNAME: mariadb MYSQL_DATABASE: guacamole_db MYSQL_USER: guacamole_user MYSQL_PASSWORD: guacamole_passwd ``` ## build native 待補充 ## config guacamole 預設管理帳號是guacadmin/guacadmin，首次登入後盡快修改。 ### add new connection 從右上角Setting進入新增 ![](https://i.imgur.com/YBzpkvs.png) 在上方navbar選擇connections ![](https://i.imgur.com/adrHwOF.png) 選擇New connection ![](https://i.imgur.com/Stpnb8v.png) VNC的場合，需要填入的就只有PARAMETER中的Network和Authentication ![](https://i.imgur.com/sJjma2g.png) RDP的場合，需要填入的就只有PARAMETER中的Network和Authentication，還需要勾選"Ignore server certificate:" ![](https://i.imgur.com/GkOaUWD.png) PS. 需要檢查 0. VNC/RDP的port 1. OS的防火牆 2. 虛擬機的安全性群組 3. ### add new user 在上方navbar選擇Users ![](https://i.imgur.com/Lga40Zg.png) 選擇New User ![](https://i.imgur.com/CBTqMCV.png) 設定用戶名稱和密碼，再來決定permissions，最後決定該用戶可以看到那些已定義好的連線。 ![](https://i.imgur.com/Lj9Hs1U.png) ## recipe托管至github ### 建立local repo ``` cd guacamole git init echo "init/" > .gitignore echo "data/" >> .gitignore git add . git commit -m "First Commit." ``` ### 建立remote repo 還不會從CLI和API來建立，暫時先以人工方式在github建立空的repo。關鍵字"Personal Access Tokens"，"GitHub API" ### push to remote ``` git remote add origin git@github.com:acyang/guacamole.git git branch -M main git push -u origin main ```