search

abesnier / docker-guacamole

A self-contained guacamole docker container for x64. Remotely connect over SSH, RDP or VNC using HTML5.
https://hub.docker.com/r/abesnier/guacamole
GNU General Public License v3.0
78 stars 14 forks source link

"Creation of WebSocket tunnel to guacd failed" #6

Closed fischer-felix closed 2 years ago

fischer-felix commented 2 years ago

Describe Your Problem:

Error "An internal error has occurred within the Guacamole server, and the connection has been terminated. If the problem persists, please notify your system administrator, or check your system logs." when trying to launch any connection.

Logs:

s6-rc: info: service s6rc-fdholder: starting
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service s6rc-fdholder successfully started
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/30-defaults.sh
cont-init: info: /etc/cont-init.d/30-defaults.sh exited 0
cont-init: info: running /etc/cont-init.d/40-postgres.sh
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
������?The database cluster will be initialized with locale "C.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
������!Data page checksums are disabled.
������@fixing permissions on existing directory /config/postgres ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok
������Finitdb: warning: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.
������5Success. You can now start the database server using:
������J    /usr/lib/postgresql/13/bin/pg_ctl -D /config/postgres -l logfile start
������9cont-init: info: /etc/cont-init.d/40-postgres.sh exited 0
cont-init: info: running /etc/cont-init.d/50-extensions
cont-init: info: /etc/cont-init.d/50-extensions exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service syslogd-prepare: starting
s6-rc: info: service syslogd-prepare successfully started
s6-rc: info: service syslogd-log: starting
s6-rc: info: service syslogd-log successfully started
s6-rc: info: service syslogd: starting
s6-rc: info: service syslogd successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun guacamole (no readiness notification)
services-up: info: copying legacy longrun guacd (no readiness notification)
services-up: info: copying legacy longrun postgres (no readiness notification)
s6-rc: info: service legacy-services successfully started
Starting postgres...
Starting guacamole guacd...
/var/run/postgresql:5432 - no response
Waiting for postgres to come up...
2022-04-03 20:39:19.085 UTC [162] LOG:  starting PostgreSQL 13.5 (Debian 13.5-0+deb11u1) on aarch64-unknown-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
2022-04-03 20:39:19.086 UTC [162] LOG:  listening on IPv6 address "::1", port 5432
2022-04-03 20:39:19.086 UTC [162] LOG:  listening on IPv4 address "127.0.0.1", port 5432
2022-04-03 20:39:19.090 UTC [162] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
guacd[163]: INFO:       Guacamole proxy daemon (guacd) version 1.4.0 started
guacd[163]: INFO:       Listening on host ::1, port 4822
2022-04-03 20:39:19.093 UTC [165] LOG:  database system was shut down at 2022-04-03 20:39:18 UTC
2022-04-03 20:39:19.097 UTC [162] LOG:  database system is ready to accept connections
2022-04-03 20:39:20.078 UTC [173] FATAL:  role "root" does not exist
/var/run/postgresql:5432 - accepting connections
CREATE TYPE
CREATE TYPE
CREATE TYPE
CREATE TYPE
CREATE TYPE
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE INDEX
CREATE TABLE
CREATE INDEX
INSERT 0 1
INSERT 0 1
INSERT 0 6
INSERT 0 3
Starting guacamole client...
NOTE: Picked up JDK_JAVA_OPTIONS:  --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
03-Apr-2022 20:39:20.908 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:   Apache Tomcat/9.0.60
03-Apr-2022 20:39:20.912 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Mar 9 2022 14:52:25 UTC
03-Apr-2022 20:39:20.912 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 9.0.60.0
03-Apr-2022 20:39:20.912 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
03-Apr-2022 20:39:20.912 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            5.4.17-2136.304.4.3.el8uek.aarch64
03-Apr-2022 20:39:20.913 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          aarch64
03-Apr-2022 20:39:20.913 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /usr/local/openjdk-11
03-Apr-2022 20:39:20.913 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           11.0.14.1+1
03-Apr-2022 20:39:20.913 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Oracle Corporation
03-Apr-2022 20:39:20.913 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /usr/local/tomcat
03-Apr-2022 20:39:20.913 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /usr/local/tomcat
03-Apr-2022 20:39:20.926 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.lang=ALL-UNNAMED
03-Apr-2022 20:39:20.926 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.io=ALL-UNNAMED
03-Apr-2022 20:39:20.926 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.util=ALL-UNNAMED
03-Apr-2022 20:39:20.926 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.util.concurrent=ALL-UNNAMED
03-Apr-2022 20:39:20.926 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
03-Apr-2022 20:39:20.926 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties
03-Apr-2022 20:39:20.927 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
03-Apr-2022 20:39:20.927 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
03-Apr-2022 20:39:20.927 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
03-Apr-2022 20:39:20.927 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
03-Apr-2022 20:39:20.927 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
03-Apr-2022 20:39:20.927 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/tomcat
03-Apr-2022 20:39:20.927 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
03-Apr-2022 20:39:20.928 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/tomcat/temp
03-Apr-2022 20:39:20.934 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.31] using APR version [1.7.0].
03-Apr-2022 20:39:20.934 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [true].
03-Apr-2022 20:39:20.934 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
03-Apr-2022 20:39:20.941 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1n  15 Mar 2022]
03-Apr-2022 20:39:21.219 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
03-Apr-2022 20:39:21.244 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [505] milliseconds
03-Apr-2022 20:39:21.291 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
03-Apr-2022 20:39:21.291 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.60]
03-Apr-2022 20:39:21.306 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/usr/local/tomcat/webapps/ROOT.war]
03-Apr-2022 20:39:22.628 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
20:39:22.925 [main] INFO  o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/config/guacamole".
20:39:23.003 [main] INFO  o.a.g.GuacamoleServletContextListener - Read configuration parameters from "/config/guacamole/guacamole.properties".
20:39:23.004 [main] INFO  o.a.g.rest.auth.HashTokenSessionMap - Sessions will expire after 60 minutes of inactivity.
20:39:23.951 [main] INFO  o.a.g.extension.ExtensionModule - Extension "PostgreSQL Authentication" (postgresql) loaded.
20:39:24.064 [main] INFO  o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support...
20:39:24.488 [main] WARN  o.g.jersey.server.wadl.WadlFeature - JAXBContext implementation could not be found. WADL feature is disabled.
03-Apr-2022 20:39:24.714 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/usr/local/tomcat/webapps/ROOT.war] has finished in [3,408] ms
03-Apr-2022 20:39:24.719 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
03-Apr-2022 20:39:24.728 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [3484] milliseconds
20:41:24.329 [http-nio-8080-exec-1] WARN  o.a.g.r.auth.AuthenticationService - Authentication attempt from 10.0.2.100 for user "guacadmin" failed.
20:41:27.706 [http-nio-8080-exec-10] INFO  o.a.g.r.auth.AuthenticationService - User "guacadmin" successfully authenticated from 10.0.2.100.
20:42:08.750 [http-nio-8080-exec-2] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: java.net.ConnectException: Connection refused (Connection refused)
20:42:08.783 [http-nio-8080-exec-9] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: java.net.ConnectException: Connection refused (Connection refused)
20:44:14.232 [http-nio-8080-exec-6] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: java.net.ConnectException: Connection refused (Connection refused)
20:44:14.277 [http-nio-8080-exec-1] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: java.net.ConnectException: Connection refused (Connection refused)
20:44:35.366 [http-nio-8080-exec-1] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: java.net.ConnectException: Connection refused (Connection refused)
20:44:35.412 [http-nio-8080-exec-5] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: java.net.ConnectException: Connection refused (Connection refused)
20:44:57.911 [http-nio-8080-exec-8] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: java.net.ConnectException: Connection refused (Connection refused)
20:44:57.957 [http-nio-8080-exec-9] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: java.net.ConnectException: Connection refused (Connection refused)
20:45:07.842 [http-nio-8080-exec-4] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: java.net.ConnectException: Connection refused (Connection refused)
20:45:07.892 [http-nio-8080-exec-3] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: java.net.ConnectException: Connection refused (Connection refused)
20:45:13.111 [http-nio-8080-exec-5] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: java.net.ConnectException: Connection refused (Connection refused)
20:45:13.151 [http-nio-8080-exec-8] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: java.net.ConnectException: Connection refused (Connection refused)
20:45:59.337 [http-nio-8080-exec-5] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: java.net.ConnectException: Connection refused (Connection refused)
20:45:59.378 [http-nio-8080-exec-8] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: java.net.ConnectException: Connection refused (Connection refused)

Screenshots:

Screenshot_2022 04 03_22:49:36

Environment:

abesnier commented 2 years ago

Hi, sorry for the delayed response, I've been sick and offline for the past 10 days. This issue appears when there is a configuration error on the guacd side. Can you confirm that your firewall accepts connections on port 4822? Some errors reports I found pointed to the fact that the host needs to be explicitly specified (apparently mostly CentOS users are affected). In your report, that would be the lines

guacd[163]: INFO:       Guacamole proxy daemon (guacd) version 1.4.0 started
guacd[163]: INFO:       Listening on host ::1, port 4822

If the config folder has been properly created, you can edit guacamole.properties with the following lines and restart the container:

guacd-hostname: 127.0.0.1 (or if your machine has a defined hostname, use that defined hostname)
guacd-port:     4822
fischer-felix commented 2 years ago

I edited guacamole.properties in the config directory, however it did not fix the issue. Logs still say 

guacd[150]: INFO:       Guacamole proxy daemon (guacd) version 1.4.0 started
guacd[150]: INFO:       Listening on host ::1, port 4822

and 

20:37:59.569 [http-nio-8080-exec-2] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: java.net.ConnectException: Connection refused (Connection refused)
20:37:59.599 [http-nio-8080-exec-1] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: java.net.ConnectException: Connection refused (Connection refused)

As far as I can see, my firewall config should not matter, but just to rule that out, I have opened up port 4822 everywhere, which changed nothing.

I will probably try some other docker images and see if it is specific to your image or if this is a more common issue.

abesnier commented 2 years ago

I tried to keep looking for solutions for you. Everything I found came back to forcing the host name and port on which guacd will listen. Running a container with a custom guacd.conf worked for me, but in your case, there may be some conflicts between ipv4 and ipv6 (your guacd is listening on ipv6). I am sorry I don't a solution for you, but if you ever find one, even with another image, do not hesitate to share it! Have you tried the official docker images?

fischer-felix commented 2 years ago

I have found MaxWaldof/guacamole to be working well for me, it is a fork of oznu's docker image as well, so should be pretty similar. I also had some issues with RDP, but I'm pretty sure those were related to my server setup and not the actual image. VNC and SSH work flawlessly.

abesnier commented 2 years ago

Thanks for the update! I've checked what is different, and what MaxWaldof does is to force binding the guacd daemon to the 0.0.0.0 address.

I will not change the way guacd is launched, unless I see others with the same issue, as I prefer to let Docker manage the networks settings, but I will add a section in the docker-compose example to disable ipv6, as it boils down to this.

Glad that you found an image that works for you, and sorry I could not find a solution earlier.