From 3d8657c5b5cd6b821dbf863effca85917410dbc3 Mon Sep 17 00:00:00 2001
From: Manuel <git@huesers.de>
Date: Sun, 28 Aug 2022 16:51:11 +0200
Subject: [PATCH] Initial commit

---
 .env            |  5 +++
 README.md       | 24 ++++++++++++++
 caddy/Caddyfile | 12 +++++++
 compose.yml     | 86 +++++++++++++++++++++++++++++++++++++++++++++++++
 prepare.sh      | 18 +++++++++++
 5 files changed, 145 insertions(+)
 create mode 100644 .env
 create mode 100644 README.md
 create mode 100644 caddy/Caddyfile
 create mode 100644 compose.yml
 create mode 100755 prepare.sh

diff --git a/.env b/.env
new file mode 100644
index 0000000..d99ccca
--- /dev/null
+++ b/.env
@@ -0,0 +1,5 @@
+#CADDY_HTTP=127.0.0.1:80
+#CADDY_HTTPS=127.0.0.1:443
+#IPV4_NETWORK=
+#IPV6_NETWORK=
+#DISPLAY=
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..d87bb0f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,24 @@
+# Desktop in Docker
+
+This serves as a reference for how to run an arbitrary desktop environment, window manager or single application in docker and served securely in Browser using Guacamole.
+
+## Run
+
+First we need to prepare the database because Guacamole is a bit special in this regard.
+
+It should also ask you what domain Caddy should use to serve Guacamole on, it should automatically try to get a valid certificate for your domain.
+
+```
+$ ./prepare.sh
+Domain Guacamole should be served on [localhost]: desktop.mydomain.com
+Preparing folder guacamole/init and creating guacamole/init/initdb.sql
+done
+```
+
+After that you can already start the containers using `docker-compose up -d`
+
+## Config
+
+There are a few environment variables you can set in `.env` that are used by `docker-compose` for the `compose.yml`.
+
+If you want to serve it locally for tesing you can uncomment `CADDY_HTTP` and `CADDY_HTTPS` in the reference `.env` file. By default docker makes it listen on port `80` and `443` on all interfaces.
diff --git a/caddy/Caddyfile b/caddy/Caddyfile
new file mode 100644
index 0000000..82f2ce4
--- /dev/null
+++ b/caddy/Caddyfile
@@ -0,0 +1,12 @@
+{
+	servers {
+		protocol {
+			experimental_http3
+		}
+	}
+}
+
+localhost {
+	redir / /guacamole/ 308
+	reverse_proxy guacamole:8080
+}
diff --git a/compose.yml b/compose.yml
new file mode 100644
index 0000000..c24435c
--- /dev/null
+++ b/compose.yml
@@ -0,0 +1,86 @@
+---
+x-restart-policy: &restart_policy
+  restart: unless-stopped
+x-pull-policy: &pull_policy
+  pull_policy: always
+x-compose-defaults: &compose_defaults
+  <<: *restart_policy
+  <<: *pull_policy
+  networks:
+    desktop:
+
+services:
+  caddy:
+    <<: *compose_defaults
+    image: caddy:2-alpine
+    container_name: caddy
+    ports:
+      - ${CADDY_HTTP:-80}:80
+      - ${CADDY_HTTPs:-443}:443
+      - ${CADDY_HTTPs:-443}:443/udp # HTTP/3
+    volumes:
+      - ./caddy/data:/data
+      - ./caddy/Caddyfile:/etc/caddy/Caddyfile
+
+  guacd:
+    <<: *compose_defaults
+    image: guacamole/guacd:latest
+    container_name: guacd
+    volumes:
+      - ./guacamole/drive:/drive:rw
+      - ./guacamole/record:/record:rw
+
+  guacamole:
+    <<: *compose_defaults
+    image: guacamole/guacamole:latest
+    container_name: guacamole
+    depends_on:
+      - guacd
+      - postgres
+    links:
+      - guacd
+      - postgres
+    environment:
+      GUACD_HOSTNAME: guacd
+      EXTENSIONS: auth-totp
+      POSTGRES_DATABASE: guacamole_db
+      POSTGRES_HOSTNAME: postgres
+      POSTGRES_PASSWORD: 'SuperSecretPassword1234'
+      POSTGRES_USER: guacamole_user
+    volumes:
+      - ./guacamole/data:/config
+    expose:
+      - 8080/tcp
+
+  postgres:
+    <<: *compose_defaults
+    image: postgres:14-alpine
+    container_name: postgres-guacamole
+    environment:
+      POSTGRES_INITDB_ARGS: --auth-host=md5 # Guacamole cannot handle scram-sha-256
+      PGDATA: /var/lib/postgresql/data/guacamole
+      POSTGRES_DB: guacamole_db
+      POSTGRES_PASSWORD: 'SuperSecretPassword1234'
+      POSTGRES_USER: guacamole_user
+    volumes:
+      - ./guacamole/init:/docker-entrypoint-initdb.d:z
+      - postgres:/var/lib/postgresql/data
+    expose:
+      - 5432/tcp
+
+volumes:
+  postgres:
+    driver: local
+
+networks:
+  desktop:
+    name: "desktop"
+    driver: bridge
+    driver_opts:
+      com.docker.network.bridge.name: br-desktop
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: ${IPV4_NETWORK:-172.20.1}.0/24
+        - subnet: ${IPV6_NETWORK:-fd17:20:200:10::/64}
diff --git a/prepare.sh b/prepare.sh
new file mode 100755
index 0000000..e1d1c3a
--- /dev/null
+++ b/prepare.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+# check if docker is running
+if ! (docker ps >/dev/null 2>&1)
+then
+	echo "docker daemon not running, will exit here!"
+	exit
+fi
+
+read -e -p "Domain Guacamole should be served on [localhost]: " DOMAIN
+DOMAIN=${DOMAIN:-localhost}
+sed -i "s/localhost/$DOMAIN/g" caddy/Caddyfile
+
+echo "Preparing folder guacamole/init and creating guacamole/init/initdb.sql"
+mkdir -p ./guacamole/init
+chmod -R +x ./guacamole/init
+docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > ./guacamole/init/initdb.sql
+echo "done"