Dockerfile.bullseye

# Dockerfile for guacamole, forked from oznu/docker-guacamole
#
# Maintained by Antoine Besnier <nouanda@laposte.net>
#
# 2022-12-19 - changelog maintained in README

FROM library/tomcat:9.0.80-jdk21-openjdk-bullseye

ENV GUACAMOLE_HOME=/app/guacamole \
  PGDATA=/config/postgres \
  POSTGRES_USER=guacamole \
  POSTGRES_DB=guacamole_db \
  S6OVERLAY_VER=3.2.0.0 \
  POSTGREJDBC_VER=42.7.4 \
  GUAC_DOWN_PATH=https://dlcdn.apache.org/guacamole \
  GUAC_VER=1.5.5 \
  GUAC_VER_PATH=1.5.5 \
  PG_MAJOR=13

RUN apt-get update && apt-get upgrade -y && \
    apt-get install -y \
      curl \
      xz-utils \
# Apply the s6-overlay
&& cd /tmp \
&& curl -OfsSL https://github.com/just-containers/s6-overlay/releases/download/v${S6OVERLAY_VER}/s6-overlay-noarch.tar.xz \
&& curl -OfsSL https://github.com/just-containers/s6-overlay/releases/download/v${S6OVERLAY_VER}/s6-overlay-x86_64.tar.xz \
&& curl -OfsSL https://github.com/just-containers/s6-overlay/releases/download/v${S6OVERLAY_VER}/s6-overlay-aarch64.tar.xz \
&& curl -OfsSL https://github.com/just-containers/s6-overlay/releases/download/v${S6OVERLAY_VER}/s6-overlay-symlinks-noarch.tar.xz \
&& curl -OfsSL https://github.com/just-containers/s6-overlay/releases/download/v${S6OVERLAY_VER}/syslogd-overlay-noarch.tar.xz \
&& tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz \
    && if [ "$(arch)" = "x86_64" ] ; then tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz; else tar -C / -Jxpf /tmp/s6-overlay-aarch64.tar.xz; fi  \
    && tar -C / -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz \
    && tar -C / -Jxpf /tmp/syslogd-overlay-noarch.tar.xz \
    && cd / && rm /tmp/*.tar.xz \
# Create guacamole directories
&&  mkdir -p ${GUACAMOLE_HOME} \ 
              ${GUACAMOLE_HOME}/lib \
              ${GUACAMOLE_HOME}/extensions \
              ${GUACAMOLE_HOME}/extensions-available \
&& cd ${GUACAMOLE_HOME} \
# Install dependencies
&& echo "deb http://deb.debian.org/debian bullseye-backports main contrib non-free" > /etc/apt/sources.list.d/backports.list && \
    apt-get update && apt-get upgrade -y -t bullseye-security && \
    apt-get upgrade -y -t bullseye-backports && \
    apt-get install -y \
      freerdp2-dev \
      ghostscript \
      libavcodec-dev \
      libavformat-dev \
      libavutil-dev \
      libcairo2-dev \
      libfreerdp-client2-2 \
      libjpeg62-turbo-dev \
      libjpeg-dev \
      libossp-uuid-dev \
      libpango1.0-dev \
      libpng-dev \
      libpulse-dev \
      libssh2-1-dev \
      libssl-dev \
      libswscale-dev \
      libtelnet-dev \
      libtool-bin \
      libvncserver-dev \
      libvorbis-dev \
      libwebp-dev \
      libwebsockets-dev \
      make \
      postgresql-${PG_MAJOR} \
      xmlstarlet \
# Link FreeRDP to where guac expects it to be
&& ( ln -s /usr/local/lib/freerdp /usr/lib/arm-linux-gnueabihf/freerdp ||  \
     ln -s /usr/local/lib/freerdp /usr/lib/x86_64-linux-gnu/freerdp ||  \
     ln -s /usr/local/lib/freerdp /usr/lib/aarch64-linux-gnu/freerdp || true ) \
# Install guacamole-server \
  && export LDFLAGS="-lrt" \
  && curl -SLO "${GUAC_DOWN_PATH}/${GUAC_VER_PATH}/source/guacamole-server-${GUAC_VER}.tar.gz" \
  && tar -xzf guacamole-server-${GUAC_VER}.tar.gz \
  && cd guacamole-server-${GUAC_VER} \
  && autoreconf -fi \
  && ./configure --enable-allow-freerdp-snapshots \
  && make -j$(getconf _NPROCESSORS_ONLN) \
  && make install \
  && cd .. \
  && rm -rf guacamole-server-${GUAC_VER}.tar.gz guacamole-server-${GUAC_VER} \
  && ldconfig \
# Install guacamole-client and postgres auth adapter
  && set -xe \
  && rm -rf ${CATALINA_HOME}/webapps/ROOT \
  && curl -SLo ${CATALINA_HOME}/webapps/ROOT.war "${GUAC_DOWN_PATH}/${GUAC_VER_PATH}/binary/guacamole-${GUAC_VER}.war" \
  && curl -SLo ${GUACAMOLE_HOME}/lib/postgresql-${POSTGREJDBC_VER}.jar "https://jdbc.postgresql.org/download/postgresql-${POSTGREJDBC_VER}.jar" \                
  && curl -SLO "${GUAC_DOWN_PATH}/${GUAC_VER_PATH}/binary/guacamole-auth-jdbc-${GUAC_VER}.tar.gz" \
  && tar -xzf guacamole-auth-jdbc-${GUAC_VER}.tar.gz \
  && cp -R guacamole-auth-jdbc-${GUAC_VER}/postgresql/guacamole-auth-jdbc-postgresql-${GUAC_VER}.jar ${GUACAMOLE_HOME}/extensions/ \
  && cp -R guacamole-auth-jdbc-${GUAC_VER}/postgresql/schema ${GUACAMOLE_HOME}/ \
  && rm -rf guacamole-auth-jdbc-${GUAC_VER} guacamole-auth-jdbc-${GUAC_VER}.tar.gz \
# Add optional extensions
  && for i in auth-duo auth-quickconnect auth-header auth-ldap auth-json auth-totp history-recording-storage; do \         
    echo "${GUAC_DOWN_PATH}/${GUAC_VER}/binary/guacamole-${i}-${GUAC_VER}.tar.gz" \
    && curl -SLO "${GUAC_DOWN_PATH}/${GUAC_VER_PATH}/binary/guacamole-${i}-${GUAC_VER}.tar.gz" \
    && tar -xzf guacamole-${i}-${GUAC_VER}.tar.gz \
    && cp guacamole-${i}-${GUAC_VER}/guacamole-${i}-${GUAC_VER}.jar ${GUACAMOLE_HOME}/extensions-available/ \
    && rm -rf guacamole-${i}-${GUAC_VER} guacamole-${i}-${GUAC_VER}.tar.gz \
  ;done \
# Special case for SSO extension as it bundles CAS, SAML and OpenID in subfolders
# I keep the for loop, just in case future releases of guacamole bundles other extensions...
  && curl -SLO "${GUAC_DOWN_PATH}/${GUAC_VER_PATH}/binary/guacamole-auth-sso-${GUAC_VER}.tar.gz" \
  && tar -xzf guacamole-auth-sso-${GUAC_VER}.tar.gz \
  && for i in cas openid saml; do \
    cp guacamole-auth-sso-${GUAC_VER}/${i}/guacamole-auth-sso-${i}-${GUAC_VER}.jar ${GUACAMOLE_HOME}/extensions-available/ \
  ;done \
  && rm -rf guacamole-auth-sso-${GUAC_VER} guacamole-auth-sso-${GUAC_VER}.tar.gz \
# Special case for Vault extension. Currently supports only ksm, but it seems there are plans for future providers 
# I keep the for loop, just in case future releases of guacamole bundles other extensions...
  && curl -SLO "${GUAC_DOWN_PATH}/${GUAC_VER_PATH}/binary/guacamole-vault-${GUAC_VER}.tar.gz" \
  && tar -xzf guacamole-vault-${GUAC_VER}.tar.gz \
  && for i in ksm; do \
    cp guacamole-vault-${GUAC_VER}/${i}/guacamole-vault-${i}-${GUAC_VER}.jar ${GUACAMOLE_HOME}/extensions-available/ \
  ;done \
  && rm -rf guacamole-vault-${GUAC_VER} guacamole-vault-${GUAC_VER}.tar.gz \
# Clean-up
    && apt-get purge -y binutils curl git make\
    && apt-get autoremove --purge -y \
    && apt-get autoclean -y \
    && apt-get clean -y \
    && rm -rf /var/lib/apt/lists/* \
    && rm -rf /tmp/* /var/tmp/*

COPY ./guacamole-branding-${GUAC_VER}.jar ${GUACAMOLE_HOME}/extensions
COPY ./guacamole-branding-${GUAC_VER}.jar ${GUACAMOLE_HOME}/extensions-available

ENV PATH=/usr/lib/postgresql/${PG_MAJOR}/bin:$PATH
ENV GUACAMOLE_HOME=/config/guacamole
ENV GUACD_LOG_LEVEL=info
ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0

COPY root /

WORKDIR /config

EXPOSE 8080

ENTRYPOINT [ "/init" ]

HEALTHCHECK  --timeout=3s CMD wget --no-verbose --tries=1 --spider http://localhost:8080 || exit 1