Docker deployment of guacd with Keeper Connection Manager
Image: keeper/guacd
keeper/guacd
is a Dockerized deployment of guacd, the Apache Guacamole proxy daemon, with support for VNC, RDP, SSH, K8s, MySQL, PostgreSQL, SQL Server and telnet. It is normally used to provide a guacd instance for a container using the keeper/guacamole
image.
To start a guacd instance which listens on TCP port 4822:
where some-guacd
is the name you wish to assign to your container.
The guacd logs are useful if debugging unexpected behavior of the remote desktop or failure to connect, as it is guacd that handles protocol-specific communication. To view the guacd logs:
By default, these logs will show messages only at the "info" level or above. This can be overridden when the container is created using the LOG_LEVEL
environment variable.
ACCEPT_EULA
The ACCEPT_EULA
environment variable must be set to "Y" to indicate your acceptance of the Keeper Connection Manager EULA. This Docker image may not be used except under the terms of the EULA.
CA_CERTIFICATES
This variable is optional and specifies the contents of one or more certificates used by your internal certificate authority (CA), in PEM form. When specified, SSL/TLS connections to other servers will be verified against these certificates, including connections to RDP servers and Remote Browser Isolation sessions that use SSL/TLS.
Below is an example guacd
section of docker-compose.yml
with 2 certificates:
GUACD_UID
This variable is optional and specifies the numeric UID which should be assigned to the user that the guacd service runs as. If omitted, the guacd service will run with the UID of the reduced-privilege user created by the Keeper Connection Manager package for guacd.
This is mainly useful if guacd will need to write to a volume mount whose file permissions may not match those of the keeper/guacd
Docker image.
GUACD_GID
This variable is optional and specifies the numeric GID which should be assigned to the group that the guacd service runs as. If omitted, the guacd service will run with the GID of the reduced-privilege group created by the Keeper Connection Manager package for guacd.
This is mainly useful if guacd will need to write to a volume mount whose file permissions may not match those of the keeper/guacd
Docker image.
LOG_LEVEL
This variable is optional and specifies the lowest level of log message that should be displayed. In order of increasing verbosity, valid values are: "error", "warning", "info", "debug", "trace".
The default log level is "info".
AUTOFILL_RULES
This variable is optional and specifies the full contents of the /etc/guacamole/autofill-rules.yml
file that can be used to configure autofill of username/password in the Remote Browser Isolation protocol.