search

flcontainers / guacamole

A Docker Container for Apache Guacamole, a client-less remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH over HTML5. For x64, arm64 and ppc64le.
https://hub.docker.com/r/flcontainers/guacamole
GNU General Public License v3.0
322 stars 60 forks source link

Updating to latest container broke TOTP #82

Closed stb109 closed 1 year ago

stb109 commented 1 year ago

I've recently updated to the 1.5.2 container without changing anything in my docker-compose file and now I am no longer prompted to enter my 2fa after signing in. It simple logs me in and I can view my connections. Is there something I need to change?

snodemon540 commented 1 year ago

I am observing the same behavior during an update from 1.5.0 additionally, 1.5.2 is ignoring the customized logon image via branding.jar. It appears that the EXTENSIONS variable is being ignored. /config/guacamole/extensions does not contain guacamole-auth-totp-1.5.2.jar after using the EXTENSIONS variable. The file does still exist within /config/guacamole/extensions-available.

Update My deployment was fairly simple and small, so I removed the existing container and redeployed the image from scratch. The container now respects the TOTP extension. Unfortunately, it is still preventing me from persistently adding branding.jar to the extensions dir. Upon container restart, the folder appears to be re-created based on folder ages. It appears that it's being caused by "_startup.sh"

Iggloovortex commented 1 year ago

EDIT: My issue was because Portainer had an environment variable that incorrectly specified the container version as 1.5.1

removed it to resolve

Resolved for me

snodemon540 commented 1 year ago

Unfortunately, this wasn't the issue in my situation. Even after the clean install, I continue to face issues with custom branding as well. I still believe it's related to the startup.sh implementation.

Iggloovortex commented 1 year ago

in my digging after you got me started, i discovered /startup.sh runs another script /usr/local/bin/_startup.sh whose first step is to rm -r both /config/guacamole/extensions and extensions-available then recreate them by cp from /app/

you'd need a way to circumvent that process to keep your config i believe

MaxWaldorf commented 1 year ago

this delete is mandatory to deletes previous extensions when new version is set...

If you see a better way, please propose a PR to dev branch...

masseysan commented 7 months ago

@MaxWaldorf, I didn't want to open a new issue but is there a way the GUAC_VER variable can be set without creating an environmental variable? I'm by no means a wiz, but I do see it mentioned a great deal in the dockerfile so I can understand why it needs to be set.

Reason I bring this up is I had a similar experience when updating from 1.5.3 > 1.5.4, removing the old variable (GUAC_VER : 1.5.3) did resolve my issue and a new one (GUAC_VER : 1.5.4) was automatically generated. I do forsee this being an issue again down when the image is updated to the next version.