search

boschkundendienst / guacamole-docker-compose

Guacamole with docker-compose using PostgreSQL, nginx with SSL (self-signed)
GNU General Public License v3.0
983 stars 410 forks source link

How can add totp-auth to my Guacamole (Like “Google Authenticator” )? #18

Closed investlab closed 3 years ago

investlab commented 3 years ago

How can add totp-auth to my Guacamole (Like “Google Authenticator” )?

jtagcat commented 3 years ago

Put it behind Authelia.

boschkundendienst commented 3 years ago

How can add totp-auth to my Guacamole (Like “Google Authenticator” )?

There is an official TOTP Plugin available here. But to use it with guacamole-docker-compose you have to expose the GUACAMOLE_HOME and GUACAMOLE_HOME/extensions folder so that you can store the extension there.

I did this with another plugin by changing the docker-compose.yml in the # guacamole section like this (see the 2 volumes entries):

services
...
…
 # guacamole
  guacamole:
    container_name: guacamole_compose
    depends_on:
    - guacd
    - postgres
    environment:
      GUACD_HOSTNAME: guacd
      POSTGRES_DATABASE: guacamole_db
      POSTGRES_HOSTNAME: postgres
      POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234
      POSTGRES_USER: guacamole_user
      # set custom GUACAMOLE_HOME within container
      GUACAMOLE_HOME: /guachome
    volumes:
    - ./guachome:/guachome
    - ./extensions:/guachome/extensions
    image: guacamole/guacamole
    links:
    - guacd
    networks:
      guacnetwork_compose:
    ports:
## enable next line if not using nginx
##    - 8080:8080/tcp
## enable next line when using nginx
    - 8080/tcp
    restart: always

I also used a custom guacamole.properties file which I put at ./guachome/cuacamole.properties with the following content:

# guacamole.properties
enable-environment-properties: true
http-auth-header: REMOTEUSER

and put the extension in ./extensions/. So from outside of the container my file structure for the 2 exposed folders looks like this:

[opc@testinstance0815 guacamole-docker-compose]$ find extensions/
extensions/
 extensions/guacamole-auth-header-1.2.0.jar
 extensions/guacamole-auth-quickconnect-1.3.0.jar
guachome/
 guachome/extensions
 guachome/guacamole.properties

Most of it it is described in the official docs.

Please understand, that this Repo here is just my personal quick & dirty guacamole implementation which I can not give more support with but thanks for using it or at least taking a look at it.