Initial commit

.env

@@ -0,0 +1,5 @@
+#CADDY_HTTP=127.0.0.1:80
+#CADDY_HTTPS=127.0.0.1:443
+#IPV4_NETWORK=
+#IPV6_NETWORK=
+#DISPLAY=

README.md

@@ -0,0 +1,24 @@
+# Desktop in Docker
+
+This serves as a reference for how to run an arbitrary desktop environment, window manager or single application in docker and served securely in Browser using Guacamole.
+
+## Run
+
+First we need to prepare the database because Guacamole is a bit special in this regard.
+
+It should also ask you what domain Caddy should use to serve Guacamole on, it should automatically try to get a valid certificate for your domain.
+
+```
+$ ./prepare.sh
+Domain Guacamole should be served on [localhost]: desktop.mydomain.com
+Preparing folder guacamole/init and creating guacamole/init/initdb.sql
+done
+```
+
+After that you can already start the containers using `docker-compose up -d`
+
+## Config
+
+There are a few environment variables you can set in `.env` that are used by `docker-compose` for the `compose.yml`.
+
+If you want to serve it locally for tesing you can uncomment `CADDY_HTTP` and `CADDY_HTTPS` in the reference `.env` file. By default docker makes it listen on port `80` and `443` on all interfaces.

caddy/Caddyfile

@@ -0,0 +1,12 @@
+{
+	servers {
+		protocol {
+			experimental_http3
+		}
+	}
+}
+
+localhost {
+	redir / /guacamole/ 308
+	reverse_proxy guacamole:8080
+}

compose.yml

@@ -0,0 +1,86 @@
+---
+x-restart-policy: &restart_policy
+  restart: unless-stopped
+x-pull-policy: &pull_policy
+  pull_policy: always
+x-compose-defaults: &compose_defaults
+  <<: *restart_policy
+  <<: *pull_policy
+  networks:
+    desktop:
+
+services:
+  caddy:
+    <<: *compose_defaults
+    image: caddy:2-alpine
+    container_name: caddy
+    ports:
+      - ${CADDY_HTTP:-80}:80
+      - ${CADDY_HTTPs:-443}:443
+      - ${CADDY_HTTPs:-443}:443/udp # HTTP/3
+    volumes:
+      - ./caddy/data:/data
+      - ./caddy/Caddyfile:/etc/caddy/Caddyfile
+
+  guacd:
+    <<: *compose_defaults
+    image: guacamole/guacd:latest
+    container_name: guacd
+    volumes:
+      - ./guacamole/drive:/drive:rw
+      - ./guacamole/record:/record:rw
+
+  guacamole:
+    <<: *compose_defaults
+    image: guacamole/guacamole:latest
+    container_name: guacamole
+    depends_on:
+      - guacd
+      - postgres
+    links:
+      - guacd
+      - postgres
+    environment:
+      GUACD_HOSTNAME: guacd
+      EXTENSIONS: auth-totp
+      POSTGRES_DATABASE: guacamole_db
+      POSTGRES_HOSTNAME: postgres
+      POSTGRES_PASSWORD: 'SuperSecretPassword1234'
+      POSTGRES_USER: guacamole_user
+    volumes:
+      - ./guacamole/data:/config
+    expose:
+      - 8080/tcp
+
+  postgres:
+    <<: *compose_defaults
+    image: postgres:14-alpine
+    container_name: postgres-guacamole
+    environment:
+      POSTGRES_INITDB_ARGS: --auth-host=md5 # Guacamole cannot handle scram-sha-256
+      PGDATA: /var/lib/postgresql/data/guacamole
+      POSTGRES_DB: guacamole_db
+      POSTGRES_PASSWORD: 'SuperSecretPassword1234'
+      POSTGRES_USER: guacamole_user
+    volumes:
+      - ./guacamole/init:/docker-entrypoint-initdb.d:z
+      - postgres:/var/lib/postgresql/data
+    expose:
+      - 5432/tcp
+
+volumes:
+  postgres:
+    driver: local
+
+networks:
+  desktop:
+    name: "desktop"
+    driver: bridge
+    driver_opts:
+      com.docker.network.bridge.name: br-desktop
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: ${IPV4_NETWORK:-172.20.1}.0/24
+        - subnet: ${IPV6_NETWORK:-fd17:20:200:10::/64}

prepare.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+# check if docker is running
+if ! (docker ps >/dev/null 2>&1)
+then
+	echo "docker daemon not running, will exit here!"
+	exit
+fi
+
+read -e -p "Domain Guacamole should be served on [localhost]: " DOMAIN
+DOMAIN=${DOMAIN:-localhost}
+sed -i "s/localhost/$DOMAIN/g" caddy/Caddyfile
+
+echo "Preparing folder guacamole/init and creating guacamole/init/initdb.sql"
+mkdir -p ./guacamole/init
+chmod -R +x ./guacamole/init
+docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > ./guacamole/init/initdb.sql
+echo "done"