search

boschkundendienst / guacamole-docker-compose

Guacamole with docker-compose using PostgreSQL, nginx with SSL (self-signed)
GNU General Public License v3.0
955 stars 398 forks source link

guacamole will not load login screen #73

Closed an0wak closed 1 year ago

an0wak commented 1 year ago

Hi,

So gone brand new install. Ran through some troubleshooting but cannot login.

Presented with. image

sudo docker container logs nginx_guacamole_compose

/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
20-envsubst-on-templates.sh: Running envsubst on /etc/nginx/templates/guacamole.conf.template to /etc/nginx/conf.d/guacamole.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2023/05/26 06:02:06 [notice] 1#1: using the "epoll" event method
2023/05/26 06:02:06 [notice] 1#1: nginx/1.25.0
2023/05/26 06:02:06 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2023/05/26 06:02:06 [notice] 1#1: OS: Linux 5.10.0-23-amd64
2023/05/26 06:02:06 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2023/05/26 06:02:06 [notice] 1#1: start worker processes
2023/05/26 06:02:06 [notice] 1#1: start worker process 35
2023/05/26 06:02:06 [notice] 1#1: start worker process 36

Found error about guacamole_user but password is standard. sudo docker container logs guacamole_compose 

26-May-2023 06:02:06.859 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:   Apache Tomcat/8.5.89
26-May-2023 06:02:06.862 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          May 9 2023 16:21:47 UTC
26-May-2023 06:02:06.862 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 8.5.89.0
26-May-2023 06:02:06.862 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
26-May-2023 06:02:06.863 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            5.10.0-23-amd64
26-May-2023 06:02:06.863 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
26-May-2023 06:02:06.863 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /opt/java/openjdk/jre
26-May-2023 06:02:06.863 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.8.0_372-b07
26-May-2023 06:02:06.864 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Temurin
26-May-2023 06:02:06.864 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /home/guacamole/tomcat
26-May-2023 06:02:06.864 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /usr/local/tomcat
26-May-2023 06:02:06.865 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/home/guacamole/tomcat/conf/logging.properties
26-May-2023 06:02:06.865 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
26-May-2023 06:02:06.865 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
26-May-2023 06:02:06.866 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
26-May-2023 06:02:06.866 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
26-May-2023 06:02:06.866 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
26-May-2023 06:02:06.867 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/home/guacamole/tomcat
26-May-2023 06:02:06.867 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
26-May-2023 06:02:06.867 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/home/guacamole/tomcat/temp
26-May-2023 06:02:06.867 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.36] using APR version [1.7.0].
26-May-2023 06:02:06.868 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [{4}].
26-May-2023 06:02:06.868 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
26-May-2023 06:02:06.874 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 3.0.2 15 Mar 2022]
26-May-2023 06:02:06.968 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
26-May-2023 06:02:06.992 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 874 ms
26-May-2023 06:02:07.025 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
26-May-2023 06:02:07.026 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/8.5.89]
26-May-2023 06:02:07.047 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/home/guacamole/tomcat/webapps/guacamole.war]
26-May-2023 06:02:09.093 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipp.
06:02:09.736 [localhost-startStop-1] INFO  o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/home/guacamole/.guacamole".
06:02:09.861 [localhost-startStop-1] INFO  o.a.g.GuacamoleServletContextListener - Read configuration parameters from "/home/guacamole/.guacamole/guacamole.properties".
06:02:09.864 [localhost-startStop-1] INFO  o.a.g.rest.auth.HashTokenSessionMap - Sessions will expire after 60 minutes of inactivity.
06:02:11.484 [localhost-startStop-1] INFO  o.a.g.extension.ExtensionModule - Extension "PostgreSQL Authentication" (postgresql) loaded.
06:02:11.705 [localhost-startStop-1] INFO  o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support...
26-May-2023 06:02:13.338 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/home/guacamole/tomcat/webapps/guacamole.war] has finished in [6,290] ms
26-May-2023 06:02:13.343 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
26-May-2023 06:02:13.363 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 6370 ms
06:02:35.623 [http-nio-8080-exec-8] WARN  o.a.g.e.AuthenticationProviderFacade - The "postgresql" authentication provider has encountered an internal error which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, y.
06:02:35.630 [http-nio-8080-exec-8] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
### Error querying database.  Cause: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "guacamole_user"
### The error may exist in org/apache/guacamole/auth/jdbc/user/UserMapper.xml
### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
### The error occurred while executing a query
### Cause: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "guacamole_user"

sudo docker container logs postgres_guacamole_compose

PostgreSQL Database directory appears to contain a database; Skipping initialization

2023-05-26 06:02:05.354 UTC [1] LOG:  starting PostgreSQL 15.2 on x86_64-pc-linux-musl, compiled by gcc (Alpine 12.2.1_git20220924-r4) 12.2.1 20220924, 64-bit
2023-05-26 06:02:05.354 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2023-05-26 06:02:05.355 UTC [1] LOG:  listening on IPv6 address "::", port 5432
2023-05-26 06:02:05.380 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2023-05-26 06:02:05.416 UTC [24] LOG:  database system was shut down at 2023-05-26 05:51:14 UTC
2023-05-26 06:02:05.427 UTC [1] LOG:  database system is ready to accept connections
2023-05-26 06:02:35.593 UTC [29] FATAL:  password authentication failed for user "guacamole_user"
2023-05-26 06:02:35.593 UTC [29] DETAIL:  Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2023-05-26 06:02:35.620 UTC [30] FATAL:  password authentication failed for user "guacamole_user"
2023-05-26 06:02:35.620 UTC [30] DETAIL:  Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2023-05-26 06:07:05.515 UTC [22] LOG:  checkpoint starting: time
2023-05-26 06:07:05.551 UTC [22] LOG:  checkpoint complete: wrote 3 buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.008 s, sync=0.004 s, total=0.037 s; sync files=2, longest=0.002 s, average=0.002 s; distance=0 kB, estimate=0 kB

sudo docker container logs guacd_compose

guacd[1]: INFO: Guacamole proxy daemon (guacd) version 1.5.2 started
guacd[1]: INFO: Listening on host 0.0.0.0, port 4822

My docker-compose.yml Note: Under guacamole changed POSTGRES* --> POSTGRESQL*, as it was spitting out a warning. but apart from this nothing else.

version: '2.0'

# networks
# create a network 'guacnetwork_compose' in mode 'bridged'
networks:
  guacnetwork_compose:
    driver: bridge

# services
services:
  # guacd
  guacd:
    container_name: guacd_compose
    image: guacamole/guacd
    networks:
      guacnetwork_compose:
    restart: always
    volumes:
    - ./drive:/drive:rw
    - ./record:/record:rw
  # postgres
  postgres:
    container_name: postgres_guacamole_compose
    environment:
      PGDATA: /var/lib/postgresql/data/guacamole
      POSTGRES_DB: guacamole_db
      POSTGRES_PASSWORD: 'ThisIsAPassword123'
      POSTGRES_USER: guacamole_user
    image: postgres:15.2-alpine
    networks:
      guacnetwork_compose:
    restart: always
    volumes:
    - ./init:/docker-entrypoint-initdb.d:z
    - ./data:/var/lib/postgresql/data:Z

  # guacamole
  guacamole:
    container_name: guacamole_compose
    depends_on:
    - guacd
    - postgres
    environment:
      GUACD_HOSTNAME: guacd
      POSTGRESQL_DATABASE: guacamole_db
      POSTGRESQL_HOSTNAME: postgres
      POSTGRESQL_PASSWORD: 'ThisIsAPassword123'
      POSTGRESQL_USER: guacamole_user
    image: guacamole/guacamole
    links:
    - guacd
    networks:
      guacnetwork_compose:
    ports:
## enable next line if not using nginx
##    - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /.
## enable next line when using nginx
    - 8080/tcp
    restart: always

########### optional ##############
  # nginx
  nginx:
   container_name: nginx_guacamole_compose
   restart: always
   image: nginx
   volumes:
   - ./nginx/templates:/etc/nginx/templates:ro
   - ./nginx/ssl/self.cert:/etc/nginx/ssl/self.cert:ro
   - ./nginx/ssl/self-ssl.key:/etc/nginx/ssl/self-ssl.key:ro
   ports:
   - 8443:443
   links:
   - guacamole
   networks:
     guacnetwork_compose:
stephzero1 commented 1 year ago

Related to: https://github.com/boschkundendienst/guacamole-docker-compose/issues/70

an0wak commented 1 year ago

70 is not the same error message. The one I am getting has something to do with "guacamole_user" account password. I followed the documentation. Note there was #72 also the following which I fixed locally.

boschkundendienst commented 1 year ago

besides the problem you found in prepare.sh (already fixed) everything works. (tested 1 minute ago). You can not just change variable names in the docker-compose.yml. Only (if ever) change the value but not the variable name.

Your guacamole can not connect to postgres because you changed the variable names of postgres so the postgres docker daemon does not know which user is allowed to connect. As you can read here, the variables must have defined names!

https://hub.docker.com/_/postgres

POSTGRES_USER and NOT POSTGRESQL_USER

Be more careful when changing things.

Thanks for reporting the other bug in prepare.sh

an0wak commented 1 year ago

The reason I changed them was that when looking at the logs of guacamole_compose these appeared.

WARNING: POSTGRES_HOSTNAME detected, please use POSTGRESQL_HOSTNAME for further deployments.
WARNING: POSTGRES_DATABASE detected, please use POSTGRESQL_DATABASE for further deployments.
WARNING: POSTGRES_USER detected, please use POSTGRESQL_USER for further deployments.
WARNING: POSTGRES_PASSWORD detected, please use POSTGRESQL_PASSWORD for further deployments.
Lapeno94 commented 1 year ago

this helped me:

  1. open terminal in postgre
  2. run bash
  3. run the following command: psql -U guacamole_user -d guacamole_db -f ./docker-entrypoint-initdb.d/initdb.sql
boschkundendienst commented 1 year ago

psql -U guacamole_user -d guacamole_db -f ./docker-entrypoint-initdb.d/initdb.sql

That is exactly what the prepare script does.

dsl101 commented 7 months ago

Just ended up here, and what wasn't clear to me was that after running the very first docker compose up -d, the db init script was run, but after that, just taking the services down and back up again after changing the docker-compose.yaml (e.g. changing the username / password in postgres) isn't sufficient. The database initdb is only triggered if the database doesn't exist, so sudo rm -f ./data/gaucamole is also required if you don't want to run reset.sh and clear absolutely everything. What @Lapeno94 posted I guess would also re-run that initialisation with the updated password details.