necouchman commented on code in PR #805: URL: https://github.com/apache/guacamole-client/pull/805#discussion_r1124805311
########## guacamole-docker/README.md: ########## @@ -228,6 +228,49 @@ The process for doing this via the `sqlcmd` utilities included with SQLServer is documented in [the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-sqlserver). +Enabling guacd ssl +================ +This explains how to enable ssl between guacamole and guacd using a self signed certificat. Review Comment: `certificate` Here, and several other places below in this file. ########## guacamole-docker/README.md: ########## @@ -228,6 +228,49 @@ The process for doing this via the `sqlcmd` utilities included with SQLServer is documented in [the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-sqlserver). +Enabling guacd ssl +================ +This explains how to enable ssl between guacamole and guacd using a self signed certificat. + +1. Generate a new certificat +You need to create the new certificat on the guacd host. + +```shell +openssl genrsa -out /etc/guacd/server.key 2048 +openssl req -new -key /etc/guacd/server.key -out /etc/guacd/cert.csr +openssl x509 -in /etc/guacd/cert.csr -out /etc/guacd/server.crt -req -signkey /etc/guacd/server.key -days 3650 +openssl pkcs12 -export -in /etc/guacd/server.crt -inkey /etc/guacd/server.key -out /etc/guacd/server.p12 -CAfile ca.crt -caname root +``` +2. Configure guacd + +On debian, edit /etc/default/guacd and modify the following variables. +``` +# listen on all interface +LISTEN_ADDRESS=0.0.0.0 + +# certificats +DAEMON_ARGS=-C /etc/guacd/server.crt -K /etc/guacd/server.key +``` +restart guacd! + +3. Deploy Guacamole + +```shell +docker run --name some-guacamole \ + -e GUACOMOLE_SSL_KEYSTORE_FILE=/home/guacamole/certs/server.p12 \ + -e GUACOMOLE_SSL_KEYSTORE_PASS=changeme \ + -e GUACD_SSL=true \ + -e GUACD_PORT=4822 \ + -e GUACD_HOSTNAME=hostname \ + -v <path to certificat>:/home/guacamole/certs \ + ... + -d -p 8080:8080 guacamole/guacamole +``` + +4. From the guacamole web interface, add a new connexion and enable SSL/TLS whenever using a guacd proxy. Review Comment: `connexion` -> `connection` ########## guacamole-docker/README.md: ########## @@ -228,6 +228,49 @@ The process for doing this via the `sqlcmd` utilities included with SQLServer is documented in [the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-sqlserver). +Enabling guacd ssl +================ +This explains how to enable ssl between guacamole and guacd using a self signed certificat. + +1. Generate a new certificat +You need to create the new certificat on the guacd host. + +```shell +openssl genrsa -out /etc/guacd/server.key 2048 +openssl req -new -key /etc/guacd/server.key -out /etc/guacd/cert.csr +openssl x509 -in /etc/guacd/cert.csr -out /etc/guacd/server.crt -req -signkey /etc/guacd/server.key -days 3650 +openssl pkcs12 -export -in /etc/guacd/server.crt -inkey /etc/guacd/server.key -out /etc/guacd/server.p12 -CAfile ca.crt -caname root +``` +2. Configure guacd + +On debian, edit /etc/default/guacd and modify the following variables. +``` +# listen on all interface +LISTEN_ADDRESS=0.0.0.0 + +# certificats +DAEMON_ARGS=-C /etc/guacd/server.crt -K /etc/guacd/server.key +``` +restart guacd! Review Comment: Why are these steps required for a Docker install? Wouldn't this be steps that would work if you're running guacd natively? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
