Enable SSL between GUACD and Guacamole web server (Tomcat)

Question

i'm trying to figure out how and where to set right configuration to get working SSL beetween guacd and server guacamole (tomcat web srv).

I am using docker solution environment and i am bit confused where put right configuration. Let me explain what i've understood and hope someone can clarify me.

• guacamole.properties and guacd.conf has to be on same $GUACAMOLE_HOME dir (guacamole container)? or guacamole.properties has to be put inside guacamole container and guacd.conf inside guacd container? (If Yes, under which directory, in guacd container?)

Below container commands :

docker run --name guacd_ssl --restart=always -v /opt/docker_data/guacd:/opt/local -e GUACD_LOG_LEVEL=debug -p 57822:4822 -d guacamole/guacd

docker run --name guacamole-1.2.0-SSL --restart=always -e MYSQL_DATABASE=guacamole_db -e MYSQL_USER=guacamole_user -e MYSQL_PASSWORD=password -e --link guacd_ssl:guacd --link db_guacamole:mysql -v /opt/docker_data/guacamole:/opt/local -e GUACAMOLE_HOME=/opt/local -e GUACD_PORT=57822 -e GUACD-SSL=true -d -p 8090:8080 guacamole/guacamole:latest

Now, certificates where are to be putted? in /opt/docker_data/guacamole (host dir) or into /opt/docker_data/guacd (host dir) ?

Configuration files:

guacd.conf

[ssl]

server_certificate = /opt/local/cert.pem
server_key = /opt/local/key.pem

guacamole.properties

guacd-ssl: true

Can you help me understand? Regards

Answer 1

To enable SSL for guacd in docker environment, you will need to copy SSL certificate and key into the guacd container. You can do so by creating a customized image atop of the guacd image or via volume mount. If you want to take the first option, you can find guacd Dockerfile at here.

guacamole-properties and guacd.conf are two different files.

guacamole-properties is the configuration file for guacamole-client while guacd.conf is the configuration file for guacamole-server(guacd). Usually, you will place both files in /etc/guacamole/. For docker, the situation is slightly different.

In docker, the default GUACAMOLE_HOME for the guacamole-client container is located at /root/.guacamole. You can find the guacamole.properties file here.

For guacd, you can place your guacd.conf in /etc/guacamole/.

For the certificate and key, you can place it anywhere you like as long as you mentioned the path in guacd.conf.