dmi3mis/Set Up Apache Guacamole With Podman.md

## gistfile1.txt
cat /etc/httpd/conf.d/guac.dmi3lab.online.conf
<VirtualHost *:80>
    ServerName guac.dmi3lab.online

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    RewriteCond %{SERVER_NAME} =guac.dmi3lab.online
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
    ServerName guac.dmi3lab.online

    # Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
    RewriteEngine On
    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode

    ProxyPass / http://192.168.1.55:8080/ nocanon
    ProxyPassReverse / http://192.168.1.55:8080/

    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
    RewriteRule .? "ws://localhost:8080/%1" [P,L]

    # Enable h2, h2c and http1.1
    Protocols h2 h2c http/1.1

    # Solves slow upload speeds caused by http2
    H2WindowSize 5242880

    # TLS
    SSLEngine               on
    SSLProtocol             -all +TLSv1.2 +TLSv1.3
    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
    SSLHonorCipherOrder     off
    SSLSessionTickets       off
    SSLCertificateFile /etc/letsencrypt/live/guac.dmi3lab.online/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/guac.dmi3lab.online/privkey.pem

    # Disable HTTP TRACE method.
    TraceEnable off
    <Files ".ht*">
        Require all denied
    </Files>

    # Support big file uploads
    LimitRequestBody 0
</VirtualHost>

## Set Up Apache Guacamole With Podman.md

      
    Raw
  

              Set Up Apache Guacamole With Podman.md
            
          
    Create a pod to hold containers

podman pod create \
  --name YOUR_POD_NAME \
  -p 8080:8080

Create database initialization scripts

# the directory the database container will scan for initialization scripts
mkdir -p "guacamole-db/docker-entrypoint-initdb.d"

chcon -t container_file_t -R $(pwd)/guacamole-db
chown 27:27 -R $(pwd)/guacamole-db

# files are scanned in order
# create the user and database first and initialize it next
# localhost doesn't work for the user with podman; must be 127.0.0.1
echo "CREATE USER 'YOUR_GUACAMOLE_USERNAME'@'127.0.0.1' IDENTIFIED BY 'YOUR_GUACAMOLE_PASSWORD';" > guacamole-db/docker-entrypoint-initdb.d/01_initdb.sql
echo "CREATE DATABASE YOUR_GUACAMOLE_DATABASE_NAME;" >> guacamole-db/docker-entrypoint-initdb.d/01_initdb.sql
echo "GRANT ALL PRIVILEGES ON YOUR_GUACAMOLE_DATABASE_NAME.* TO 'YOUR_GUACAMOLE_USERNAME'@'127.0.0.1';" >> guacamole-db/docker-entrypoint-initdb.d/01_initdb.sql
echo "USE YOUR_GUACAMOLE_DATABASE_NAME;" > guacamole-db/docker-entrypoint-initdb.d/02_initdb.sql
podman run --rm docker.io/guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql >> guacamole-db/docker-entrypoint-initdb.d/02_initdb.sql

Create the database

# the directory the database stores its data in
mkdir guacamole-db/data

podman run -d \
  --name=YOUR_DATABASE_CONTAINER_NAME \
  --pod=YOUR_POD_NAME \
  -e MARIADB_ROOT_PASSWORD=YOUR_DATABASE_ROOT_PASSWORD \
  -v $(pwd)/guacamole-db/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d \
  -v $(pwd)/guacamole-db/data:/var/lib/mysql \
  --restart unless-stopped \
  docker.io/mariadb:latest

Start guacd

podman run -d \
  --name=YOUR_GUACD_CONTAINER_NAME \
  --pod=YOUR_POD_NAME \
  --restart unless-stopped \
  -e GUACD_LOG_LEVEL=debug \
  docker.io/guacamole/guacd

Start guacamole

# must specify database and guacd params to connect within a pod
# must use 127.0.0.1, not localhost
podman run -d \
  --name=YOUR_GUACAMOLE_WEBAPP_CONTAINER_NAME \
  --pod=YOUR_POD_NAME \
  -e MYSQL_HOSTNAME=127.0.0.1 \
  -e MYSQL_PORT=3306 \
  -e MYSQL_DATABASE=YOUR_GUACAMOLE_DATABASE_NAME \
  -e MYSQL_USER=YOUR_GUACAMOLE_USERNAME \
  -e MYSQL_PASSWORD=YOUR_GUACAMOLE_PASSWORD \
  -e GUACD_HOSTNAME=127.0.0.1 \
  -e GUACD_PORT=4822 \
  -e WEBAPP_CONTEXT=ROOT \
  --restart unless-stopped \
  docker.io/guacamole/guacamole
	cat /etc/httpd/conf.d/guac.dmi3lab.online.conf
	<VirtualHost *:80>
	ServerName guac.dmi3lab.online

	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
	RewriteCond %{SERVER_NAME} =guac.dmi3lab.online
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
	</VirtualHost>

	<VirtualHost *:443>
	ServerName guac.dmi3lab.online

	# Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
	RewriteEngine On
	ProxyPreserveHost On
	AllowEncodedSlashes NoDecode

	ProxyPass / http://192.168.1.55:8080/ nocanon
	ProxyPassReverse / http://192.168.1.55:8080/

	RewriteCond %{HTTP:Upgrade} websocket [NC]
	RewriteCond %{HTTP:Connection} upgrade [NC]
	RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
	RewriteRule .? "ws://localhost:8080/%1" [P,L]

	# Enable h2, h2c and http1.1
	Protocols h2 h2c http/1.1

	# Solves slow upload speeds caused by http2
	H2WindowSize 5242880

	# TLS
	SSLEngine on
	SSLProtocol -all +TLSv1.2 +TLSv1.3
	SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
	SSLHonorCipherOrder off
	SSLSessionTickets off
	SSLCertificateFile /etc/letsencrypt/live/guac.dmi3lab.online/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/guac.dmi3lab.online/privkey.pem

	# Disable HTTP TRACE method.
	TraceEnable off
	<Files ".ht*">
	Require all denied
	</Files>

	# Support big file uploads
	LimitRequestBody 0
	</VirtualHost>