Initial commit

This commit is contained in:
Manuel 2022-08-28 16:51:11 +02:00
commit 3d8657c5b5
Signed by: Manuel
GPG key ID: 4085037435E1F07A
5 changed files with 145 additions and 0 deletions

5
.env Normal file
View file

@ -0,0 +1,5 @@
#CADDY_HTTP=127.0.0.1:80
#CADDY_HTTPS=127.0.0.1:443
#IPV4_NETWORK=
#IPV6_NETWORK=
#DISPLAY=

24
README.md Normal file
View file

@ -0,0 +1,24 @@
# Desktop in Docker
This serves as a reference for how to run an arbitrary desktop environment, window manager or single application in docker and served securely in Browser using Guacamole.
## Run
First we need to prepare the database because Guacamole is a bit special in this regard.
It should also ask you what domain Caddy should use to serve Guacamole on, it should automatically try to get a valid certificate for your domain.
```
$ ./prepare.sh
Domain Guacamole should be served on [localhost]: desktop.mydomain.com
Preparing folder guacamole/init and creating guacamole/init/initdb.sql
done
```
After that you can already start the containers using `docker-compose up -d`
## Config
There are a few environment variables you can set in `.env` that are used by `docker-compose` for the `compose.yml`.
If you want to serve it locally for tesing you can uncomment `CADDY_HTTP` and `CADDY_HTTPS` in the reference `.env` file. By default docker makes it listen on port `80` and `443` on all interfaces.

12
caddy/Caddyfile Normal file
View file

@ -0,0 +1,12 @@
{
servers {
protocol {
experimental_http3
}
}
}
localhost {
redir / /guacamole/ 308
reverse_proxy guacamole:8080
}

86
compose.yml Normal file
View file

@ -0,0 +1,86 @@
---
x-restart-policy: &restart_policy
restart: unless-stopped
x-pull-policy: &pull_policy
pull_policy: always
x-compose-defaults: &compose_defaults
<<: *restart_policy
<<: *pull_policy
networks:
desktop:
services:
caddy:
<<: *compose_defaults
image: caddy:2-alpine
container_name: caddy
ports:
- ${CADDY_HTTP:-80}:80
- ${CADDY_HTTPs:-443}:443
- ${CADDY_HTTPs:-443}:443/udp # HTTP/3
volumes:
- ./caddy/data:/data
- ./caddy/Caddyfile:/etc/caddy/Caddyfile
guacd:
<<: *compose_defaults
image: guacamole/guacd:latest
container_name: guacd
volumes:
- ./guacamole/drive:/drive:rw
- ./guacamole/record:/record:rw
guacamole:
<<: *compose_defaults
image: guacamole/guacamole:latest
container_name: guacamole
depends_on:
- guacd
- postgres
links:
- guacd
- postgres
environment:
GUACD_HOSTNAME: guacd
EXTENSIONS: auth-totp
POSTGRES_DATABASE: guacamole_db
POSTGRES_HOSTNAME: postgres
POSTGRES_PASSWORD: 'SuperSecretPassword1234'
POSTGRES_USER: guacamole_user
volumes:
- ./guacamole/data:/config
expose:
- 8080/tcp
postgres:
<<: *compose_defaults
image: postgres:14-alpine
container_name: postgres-guacamole
environment:
POSTGRES_INITDB_ARGS: --auth-host=md5 # Guacamole cannot handle scram-sha-256
PGDATA: /var/lib/postgresql/data/guacamole
POSTGRES_DB: guacamole_db
POSTGRES_PASSWORD: 'SuperSecretPassword1234'
POSTGRES_USER: guacamole_user
volumes:
- ./guacamole/init:/docker-entrypoint-initdb.d:z
- postgres:/var/lib/postgresql/data
expose:
- 5432/tcp
volumes:
postgres:
driver: local
networks:
desktop:
name: "desktop"
driver: bridge
driver_opts:
com.docker.network.bridge.name: br-desktop
enable_ipv6: true
ipam:
driver: default
config:
- subnet: ${IPV4_NETWORK:-172.20.1}.0/24
- subnet: ${IPV6_NETWORK:-fd17:20:200:10::/64}

18
prepare.sh Executable file
View file

@ -0,0 +1,18 @@
#!/bin/sh
# check if docker is running
if ! (docker ps >/dev/null 2>&1)
then
echo "docker daemon not running, will exit here!"
exit
fi
read -e -p "Domain Guacamole should be served on [localhost]: " DOMAIN
DOMAIN=${DOMAIN:-localhost}
sed -i "s/localhost/$DOMAIN/g" caddy/Caddyfile
echo "Preparing folder guacamole/init and creating guacamole/init/initdb.sql"
mkdir -p ./guacamole/init
chmod -R +x ./guacamole/init
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > ./guacamole/init/initdb.sql
echo "done"