Docker deployment of MySQL with Keeper Connection Manager
Image: keeper/guacamole-db-mysql
keeper/guacamole-db-mysql is a Dockerized deployment of MySQL, built off Docker's official MySQL image which is automatically initialized with the Apache Guacamole database schema. It is built using the packages provided by Keeper Connection Manager and made available under the same EULA. It is normally used to provide a MySQL database for a container using the keeper/guacamole image.
In addition to the environment variables documented below, all environment variables supported by the official Docker MySQL image are accepted, as the official MySQL image forms the basis of this image.
ACCEPT_EULAThe ACCEPT_EULA environment variable must be set to "Y" to indicate your acceptance of the Keeper Connection Manager EULA. This Docker image may not be used except under the terms of the EULA.
MYSQL_RANDOM_ROOT_PASSWORDThis is an optional variable. Set to a non-empty value, like yes, to generate a random initial password for the root user (using pwgen). The generated root password will be printed to stdout (GENERATED ROOT PASSWORD: .....).
GUACAMOLE_DATABASEThe name of the database to create and initialized for use with Apache Guacamole. This environment variable is required and ultimately maps to the MYSQL_DATABASE environment variable of the official MySQL image.
The GUACAMOLE_DATABASE variable is provided here for consistency with the other Guacamole-specific variables, but may be omitted if MYSQL_DATABASE is provided.
GUACAMOLE_ADMIN_PASSWORDThis is the Administrator password for the guacadmin user.
GUACAMOLE_USERNAME and GUACAMOLE_PASSWORDThe username and password to use for the MySQL database user specific to the Guacamole web application. This pair of variables differ from the MYSQL_USER and MYSQL_PASSWORD environment variables provided by the official MySQL image in that the created user has limited privileges, being granted only what privileges are absolutely required for Guacamole to run.
The GUACAMOLE_USERNAME and GUACAMOLE_PASSWORD are not strictly required, as the user created with MYSQL_USER and MYSQL_PASSWORD may be used instead, however they are strongly recommended to ensure the Principle of Least Privilege is followed.
Rather than pass data directly in environment variables, a _FILE suffix may be added to any environment variable supported by this image to force that variable to be read from the named file within the container. As Docker secrets store sensitive data within files beneath /run/secrets/ within the container, this can be used to load sensitive data from Docker secrets.
For example, to load the username and password for the limited-privilege user specific to the Guacamole web application from Docker secrets:
docker run --name some-guacamole-db \
-e ACCEPT_EULA=Y \
-e MYSQL_RANDOM_ROOT_PASSWORD=yes \
-e GUACAMOLE_ADMIN_PASSWORD=some_password \
-e GUACAMOLE_DATABASE=guacamole_db \
-e GUACAMOLE_USERNAME_FILE=/run/secrets/mysql-username \
-e GUACAMOLE_PASSWORD_FILE=/run/secrets/mysql-password \
-d keeper/guacamole-db-mysqlDocker deployment of Pre-Initialized Database Images with Keeper Connection Manager
For convenience, Docker images for both MySQL and PostgreSQL are provided which automatically initialize themselves using the Apache Guacamole database schema:
An instance of MySQL, automatically initialized with the Apache Guacamole database schema.
An instance of PostgreSQL, automatically initialized with the Apache Guacamole database schema.
Each of these images:
Is based off Docker's official images for the same databases, and thus each accepts the same core environment variables.
Accepts a common set of Guacamole-specific environment variables defining the name to be used for Guacamole's database and the reduced-privilege credentials to be used by Guacamole to execute queries.
Requires the same ACCEPT_EULA environment variable as the keeper/guacamole and keeper/guacd images.
The images may be used as part of an entirely Dockerized deployment of Apache Guacamole, or separately as an easier method of deploying a functional, pre-initialized, and supported database. When combined with the keeper/guacamole and keeper/guacd images using docker-compose, an entire deployment of Apache Guacamole can be created and managed using a single docker-compose.yml.
Docker deployment of Postgres with Keeper Connection Manager
Image: keeper/guacamole-db-postgres
keeper/guacamole-db-postgres is a Dockerized deployment of PostgreSQL, built off which is automatically initialized with the Apache Guacamole database schema. It is built using the packages provided by Keeper Connection Manager and made available under the same . It is normally used to provide a PostgreSQL database for a container using the image.
In addition to the environment variables documented below, all environment variables supported by are accepted, as the official PostgreSQL image forms the basis of this image.
ACCEPT_EULAThe ACCEPT_EULA environment variable must be set to "Y" to indicate your acceptance of the . This Docker image may not be used except under the terms of the EULA.
POSTGRES_PASSWORDThe PostgreSQL administrator password.
GUACAMOLE_DATABASEThe name of the database to create and initialized for use with Apache Guacamole. This environment variable ultimately maps to the POSTGRES_DB environment variable of the official PostgreSQL image. If omitted, the default value defined by the official PostgreSQL image will be used.
The GUACAMOLE_DATABASE variable is provided here for consistency with the other Guacamole-specific variables and may be omitted if POSTGRES_DB is provided.
GUACAMOLE_ADMIN_PASSWORDThis is the Administrator password for the guacadmin user.
GUACAMOLE_USERNAME and GUACAMOLE_PASSWORDThe username and password to use for the PostgreSQL database user specific to the Guacamole web application. This pair of variables differ from the POSTGRES_USER and POSTGRES_PASSWORD environment variables provided by in that the created user has limited privileges, being granted only what privileges are absolutely required for Guacamole to run.
The GUACAMOLE_USERNAME and GUACAMOLE_PASSWORD are not strictly required, as the user created with POSTGRES_USER and POSTGRES_PASSWORD may be used instead, however they are strongly recommended to ensure the is followed.
Rather than pass data directly in environment variables, a _FILE suffix may be added to any environment variable supported by this image to force that variable to be read from the named file within the container. As Docker secrets store sensitive data within files beneath /run/secrets/ within the container, this can be used to load sensitive data from Docker secrets.
For example, to load the username and password for the limited-privilege user specific to the Guacamole web application from Docker secrets:
docker run --name some-guacamole-db \
-e ACCEPT_EULA=Y \
-e GUACAMOLE_DATABASE=guacamole_db \
-e POSTGRES_PASSWORD=some_password \
-e GUACAMOLE_ADMIN_PASSWORD=some_password \
-e GUACAMOLE_USERNAME_FILE=/run/secrets/postgres-username \
-e GUACAMOLE_PASSWORD_FILE=/run/secrets/postgres-password \
-d keeper/guacamole-db-postgres