#### NETWORKS networks: traefik_front_network: external: true back_network_guacamole: driver: bridge attachable: true #### SERVICES services: ### guacd guacd: container_name: guacamole-guacd hostname: guacamole-guacd image: guacamole/guacd:latest networks: - back_network_guacamole restart: always volumes: - ./drive:/drive:rw - ./record:/var/lib/guacamole/recordings:rw ### postgres postgres: container_name: guacamole-postgres hostname: guacamole-postgres image: ${POSTGRES_IMAGE_TAG} environment: PGDATA: ${POSTGRE_DB_DATA} POSTGRES_DB: ${POSTGRE_DB_NAME} POSTGRES_PASSWORD: ${POSTGRE_DB_PASSWORD} POSTGRES_USER: ${POSTGRE_DB_USER} TZ: Europe/Paris networks: - back_network_guacamole healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] interval: 30s timeout: 10s retries: 10 restart: always volumes: - ./init:/docker-entrypoint-initdb.d:ro - ./data:/var/lib/postgresql/data:rw ### adminer adminer: container_name: guacamole-adminer hostname: guacamole-adminer depends_on: - postgres image: adminer restart: always networks: - back_network_guacamole - traefik_front_network labels: - "traefik.enable=true" - "traefik.docker.network=traefik_front_network" # HTTP - "traefik.http.routers.adminer-http.rule=Host(`adminer.tips-of-mine.com`)" - "traefik.http.routers.adminer-http.entrypoints=http" - "traefik.http.routers.adminer-http.priority=49" # HTTPS - "traefik.http.routers.adminer-https.rule=Host(`adminer.tips-of-mine.com`)" - "traefik.http.routers.adminer-https.entrypoints=https" - "traefik.http.routers.adminer-https.tls=true" - "traefik.http.routers.adminer-https.priority=50" - "traefik.http.routers.adminer.service=adminer-service" # Middleware # Service - "traefik.http.services.adminer-service.loadbalancer.server.port=8080" ### guacamole guacamole: container_name: guacamole-app hostname: guacamole-app image: guacamole/guacamole:latest depends_on: - guacd - postgres environment: ### GUACD GUACD_HOME: "/opt/guac_home" GUACD_HOSTNAME: guacd RECORDING_SEARCH_PATH: "/var/lib/guacamole/recordings" ### PostgreSQL POSTGRES_HOSTNAME: postgres POSTGRESQL_PORT: 5432 POSTGRES_DATABASE: guacamole_db POSTGRES_USER: guacamole_user POSTGRES_PASSWORD: 'P@ssword!Here!123456' ### Active Directory # Controler de domaine # LDAP_HOSTNAME: "10.0.4.4" # LDAP_PORT: 389 # LDAP_ENCRYPTION_METHOD: "none" # LDAP_MAX_SEARCH_RESULTS: "10000" # Recherche des utilisateurs # LDAP_USER_BASE_DN: "OU=Utilisateurs,OU=Societe,DC=tips-of-mine,DC=local" # LDAP_USERNAME_ATTRIBUTE: "samAccountName" # LDAP_USER_SEARCH_FILTER: "(&(objectClass=User)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=GDL-Guacamole-Access,OU=Guacamole,OU=Services,OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local))" # Utilisateur pour connexion AD # LDAP_SEARCH_BIND_DN: "CN=Service Guacamole,OU=Services,OU=Societe,DC=tips-of-mine,DC=local" # LDAP_SEARCH_BIND_PASSWORD: "some_password" # Recherche des groupes # LDAP_GROUP_BASE_DN: "OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local" # LDAP_GROUP_SEARCH_FILTER: "(objectClass=Group)" # LDAP_GROUP_NAME_ATTRIBUTE: "cn" # LDAP_MEMBER_AATRIBUTE: "member" ### OpenID OPENID_AUTHORIZATION_ENDPOINT: https://authentik.tips-of-mine.com/application/o/authorize/ OPENID_CLIENT_ID: f71Je39kparABozs1MLcLURECvQMNy9Fih0linvs OPENID_ISSUER: https://authentik.tips-of-mine.com/application/o/guacamole/ OPENID_JWKS_ENDPOINT: https://authentik.tips-of-mine.com/application/o/guacamole/jwks/ OPENID_REDIRECT_URI: https://guacamole.tips-of-mine.com ### # OPENID_AUTHORIZATION_ENDPOINT: https://keycloak.tips-of-mine.local/realms/master/protocol/openid-connect/auth # OPENID_JWKS_ENDPOINT: https://keycloak.tips-of-mine.local/realms/master/protocol/openid-connect/certs # OPENID_ISSUER: https://keycloak.tips-of-mine.local/realms/master # OPENID_CLIENT_ID: guacamole # OPENID_REDIRECT_URI: https://guacamole.tips-of-mine.local # Priority # EXTENSION_PRIORITY: ldap ### Extension Guacamole # TOTP_ENABLED: "true" # TOTP_ISSUER: "Guacamole IT Tips-Of-Mine" # TOTP_DIGITS: 6 # TOTP_PERIOD: 60 # TOTP_MODE: sha1 links: - guacd networks: - traefik_front_network - back_network_guacamole # ports: ## enable next line if not using nginx ## - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /. ## enable next line when using nginx # - 8080/tcp restart: always volumes: - ./guacamole-config:/config - ./guac_home:/opt/guac_home - ./record:/var/lib/guacamole/recordings:ro - ./drive:/drive:rw labels: - "traefik.enable=true" - "traefik.docker.network=traefik_front_network" # HTTP - "traefik.http.routers.guacamole-http.rule=Host(`guacamole.tips-of-mine.com`)" - "traefik.http.routers.guacamole-http.entrypoints=http" - "traefik.http.routers.guacamole-http.priority=49" # HTTPS - "traefik.http.routers.guacamole-https.rule=Host(`guacamole.tips-of-mine.com`)" - "traefik.http.routers.guacamole-https.entrypoints=https" - "traefik.http.routers.guacamole-https.tls=true" - "traefik.http.routers.guacamole-https.priority=50" - "traefik.http.routers.guacamole-https.service=guacamole-service" - "traefik.http.routers.guacamole-https.middlewares=guacamole-addprefix" # Middleware - "traefik.http.middlewares.guacamole-addprefix.addprefix.prefix=/guacamole" # Service - "traefik.http.services.guacamole-service.loadbalancer.server.port=8080"