Rakesh,
I took another look at the initial information you provided, and have
several other comments - please see below.
Also, please read through the Guacamole manual - you have several issues
with the configuration files, here, most of which will have no impact, but
some of which will cause issues, and the manual covers a lot of the
configuration you're doing, here.
>
> * guacd and guacamole docker file details - *
>
> -------------------------------------------------------------------------------------------------------------------------
> guacd:
> container_name: guacd
> image: guacamole/guacd
> restart: unless-stopped
> volumes:
> - /guacamole-data:/guacamole-data:rw
> -
> /guacamole-data/guacd-recordings:/guacamole-data/guacd-recordings:rw
>
> guacamole:
> container_name: guacamole
> image: 'guacamole/guacamole:latest'
> restart: unless-stopped
> environment:
> GUACD_HOSTNAME: '***'
> MYSQL_HOSTNAME: '***'
> MYSQL_DATABASE: '***'
> MYSQL_USER: '***'
> MYSQL_PASSWORD: '***'
> TOTP_ENABLED: "true"
> ACCEPT_EULA: "Y"
> EXTENSIONS: "auth-totp,history-recording-storage"
> GUACD_LOG_LEVEL: 'info'
> GUACD_LOG_SQL: 'true'
> GUACD_LOG_DB: 'true'
> GUACD_RECORDINGS_ENABLED: 'true'
> GUACD_RECORDINGS_PATH: '/guacamole-data/guacd-recordings'
> depends_on:
> - guacdb
> - guacd
> ports:
> - "80:8080"
> - "443:8080"
> volumes:
> - /guacamole-data:/guacamole-data:rw
> -
> /guacamole-data/guacd-recordings:/guacamole-data/guacd-recordings:rw
> -
> /guacamole-data/guacamole.properties:/etc/guacamole/guacamole.properties:rw
> - /guacamole-data/server.xml:/usr/local/tomcat/conf/server.xml
>
> volumes:
> guacdb-data:
> guacamole-data:
>
> --------------------------------------------------------------------------------------------------------------------------
>
>
Several issues, here:
* EXTENSIONS has no meaning to the "guacamole" container.
* GUACD_RECORDINGS_ENABLED and GUACD_RECORDINGS_PATH have no meaning to the
guacamole container. The extension will be loaded when you pass
RECORDING_SEARCH_PATH with the path of your recordings (within the
container).
* Mapping port 443 to port 8080 is almost certainly not a good idea - this
results in a HTTP page being presented on an HTTPS port, but with no HTTPS
configuration.
* Mapping guacamole.properties and server.xml as volumes will almost
certainly break things - and you shouldn't really need to do it.
>
> *Contents of guacamole.properties is below -*
>
> -------------------------------------------------------------------------------------------------------------------------
> root@guacamole:~# cat /guacamole-data/guacamole.properties
> # Hostname and port of guacd proxy
> guacd-hostname: guacd
> guacd-port: 4822
>
> # MySQL properties
> mysql-hostname: '***'
> mysql-port: 3306
> mysql-database: '***'
> mysql-username: '***'
> mysql-password: '***'
>
> # Enable support for TOTP
> totp-enabled: true
>
> # Enable session recording
> recording-path: /guacamole-data/guacd-recordings
> recording-search-path: /guacamole-data/guacd-recordings
> recording-enabled: true
> recording-read-only: false
> recording-download-path: /guacamole-data/guacd-recordings
> recording-exclude-output: false
> recording-exclude-mouse: false
> recording-exclude-touch: false
> recording-include-mouse: true
> recording-include-touch: true
> recording-auto-create-path: true
>
> # Real IP header configuration for logging the actual client IP address
> remote-ip-header: X-Forwarded-For
> remote-ip: true
> root@guacamole:~#
>
> ------------------------------------------------------------------------------------------------------------------
>
>
A few issues, here:
* The Guacamole container builds out its configuration automatically.
There's no reason you need to provide this file manually.
* The only "recording" option that is valid in guacamole.properties is
"recording-search-path" - and this will be added automatically if you set
RECORDING_SEARCH_PATH.
* The "remote-ip" lines you have in guacamole.properties are meaningless -
they will not do anything for actually setting the remote IP valve or
headers. If you need the remote IP valve, you should use
"REMOTE_IP_VALVE_ENABLED=true" in your guacamole container configuration.
>
>
>
> *Below are the the recording path and their permissions:*
>
> -------------------------------------------------------------------------------------------------------------------
> root@guacamole:~# cd /guacamole-data/
> root@guacamole:/guacamole-data#
> root@guacamole:/guacamole-data# ls -la
> total 24
> drwxrwxrwx 3 root root 4096 Jul 8 15:00 .
> drwxr-xr-x 24 root root 4096 May 17 20:38 ..
> -rwxrwxrwx 1 root root 820 Jun 7 21:52 guacamole.properties
> drwxrwxrwx 6 1000 1000 4096 Jul 8 15:10 guacd-recordings
> -rwxrwxrwx 1 root root 8126 May 31 20:48 server.xml
>
>
> root@guacamole:/guacamole-data# cd guacd-recordings/
> root@guacamole:/guacamole-data/guacd-recordings# ls -la
> total 7840
> drwxrwxrwx 6 1000 1000 4096 Jul 8 15:10 .
> drwxrwxrwx 3 root root 4096 Jul 8 15:00 ..
> -rwxrwxrwx 1 1000 1000 63514 May 22 21:44
> 04c43a17-eb04-38bb-a48c-8f91cdb183a4
> drwxrwxrwx 2 1000 1000 4096 Jul 8 14:48
> 0a683b88-1992-3185-9a62-22a8e1024a85
> -rwxrwxrwx 1 1000 1000 79712 May 20 19:11
> 0c6cab5d-887b-3329-b174-fef96daac96e
> -rwxrwxrwx 1 1000 1000 73247 May 22 21:23
> 130fa5df-0ada-3460-b747-a1fe9256952f
> -rwxrwxrwx 1 1000 1000 74359 May 20 21:25
> 185bc86d-1b81-392b-8282-be9ddf1afbbc
> -rwxrwxrwx 1 1000 1000 75612 May 22 21:32
> 186fe24a-efda-3be2-969b-f122213bb856
> -rwxrwxrwx 1 1000 1000 74081 Jun 3 21:18
> 18b11912-9982-3d59-a913-1c5bcb5588c5
> -rwxrwxrwx 1 1000 1000 564203 Jun 3 15:37
> 1eaccb9b-e330-3648-90f5-6654f001bb7e
> -rwxrwxrwx 1 1000 1000 85101 May 31 13:55
> 2118ce44-0311-3c71-830a-2837fb08ab9d
> -rwxrwxrwx 1 1000 1000 72431 May 22 21:54
> 22460887-3c4f-3f3a-a0d4-a28ca35c58c8
> drwxrwxrwx 2 1000 1000 4096 Jul 8 14:49
> 225fc3a5-4e34-32f0-a0bd-fb0ec93c533e
> -rwxrwxrwx 1 1000 1000 76262 Jun 3 20:46
> 244b48f5-d986-3473-b528-a7500dd51987
> -rwxrwxrwx 1 1000 1000 383272 May 20 21:20
> 2a845cf4-de12-3f8e-8639-70bc71ad0184
> -rwxrwxrwx 1 1000 1000 269356 May 20 20:21
> 2cf5c723-499d-35a9-83a0-4fd8b5dc5697
> -rwxrwxrwx 1 1000 1000 37885 Jun 5 14:00
> 2e7b96e1-f79b-359e-9f9f-9b2bcf9267b7
> -rwxrwxrwx 1 1000 1000 83565 May 22 22:33
> 31fcf7b5-ea3a-302b-9220-b58091f02cf5
> -rwxrwxrwx 1 1000 1000 63001 May 21 16:45
> 37ab9592-e4af-3230-ac22-d912b06f8d93
> -rwxrwxrwx 1 1000 1000 55179 Jun 7 21:36
> 39396ee4-35b7-384f-b1ac-7596d8522c8c
> -rwxrwxrwx 1 1000 1000 89579 May 21 15:21
> 40ffc435-4386-3261-9579-557e9aad8512
> -rwxrwxrwx 1 1000 1000 63645 May 22 15:51
> 436364c9-5253-3cf2-ae0c-d3f86537f72e
> -rwxrwxrwx 1 1000 1000 35187 Jun 3 15:37
> 4521dd51-7fed-3453-9c9f-f63b5c1e9ebd
> -rwxrwxrwx 1 1000 1000 31094 Jun 5 14:00
> 4c95bebd-c2ed-3852-b815-0206180ef30f
> -rwxrwxrwx 1 1000 1000 83504 May 22 22:21
> 53c3395a-1c99-354f-ab4c-91f2b6802772
> -rwxrwxrwx 1 1000 1000 63659 May 22 21:43
> 53e2bb04-4b7e-3662-9f0a-6ff2b7c1f030
> -rwxrwxrwx 1 1000 1000 35184 Jun 7 21:56
> 5aa1eeea-94bc-36ed-83c8-857991f1d4f5
> -rwxrwxrwx 1 1000 1000 76432 May 22 20:59
> 5eeffdd9-afb4-320f-91ef-0c082d5a7c8b
> drwxrwxrwx 2 1000 1000 4096 Jul 8 15:08
> 600197f0-19ca-34c4-a591-4f118e6623f0
> -rwxrwxrwx 1 1000 1000 75437 Jun 3 20:51
> 60aab4bb-3f04-3e5c-8186-1216afc27ea3
> drwxrwxrwx 2 1000 1000 4096 Jul 8 15:10
> 64a99485-2466-380c-a456-e67caf264ba6
> -rwxrwxrwx 1 1000 1000 61588 May 22 21:30
> 659cbd66-75dd-385c-af69-15356283bc64
> -rwxrwxrwx 1 1000 1000 93809 Jun 3 15:01
> 6a80d0f5-c6eb-3103-b303-c07056fe7553
> -rwxrwxrwx 1 1000 1000 64767 May 21 18:06
> 7573e188-4d7c-3d83-bdbe-041614f0f1b9
> -rwxrwxrwx 1 1000 1000 258591 May 20 20:47
> 75b6dda2-00c9-330a-869c-f8eaac87d77a
> -rwxrwxrwx 1 1000 1000 81782 May 31 13:40
> 78416a47-bd7f-3d9a-89b3-e460ab668404
> -rwxrwxrwx 1 1000 1000 76214 May 20 21:30
> 7ca0e391-4af9-310e-ae41-f3c7c4f4e36e
> -rwxrwxrwx 1 1000 1000 81417 May 31 20:54
> 7dd7a953-c3f4-390c-b400-4231372e8eba
> -rwxrwxrwx 1 1000 1000 404908 Jun 5 14:00
> 7e55c8fd-f427-3312-a09f-d107ded2a198
> -rwxrwxrwx 1 1000 1000 35291 Jun 7 21:58
> 8ad8e28e-940c-3346-bfd5-d59ffc162e58
> -rwxrwxrwx 1 1000 1000 426745 Jun 3 21:18
> 8ea3f0d9-7257-31d0-8122-0b333375d7a8
> -rwxrwxrwx 1 1000 1000 45161 Jun 7 21:36
> 8fa8f2b6-9794-39cf-beae-2f62d18561f6
> -rwxrwxrwx 1 1000 1000 83649 Jul 8 14:34
> 90214078-4d4c-3131-98b3-656ffbc2f563
> -rwxrwxrwx 1 1000 1000 63260 May 21 16:42
> 938794f2-cd5f-368b-8148-bc11a9cea29c
> -rwxrwxrwx 1 1000 1000 39564 Jun 3 14:59
> 965c2552-a09e-30a9-88d3-8b2687dc8d70
> -rwxrwxrwx 1 1000 1000 74418 May 21 18:03
> a4888a37-ca54-3077-af1b-2dc93b28e79c
> -rwxrwxrwx 1 1000 1000 307405 Jun 3 14:59
> a90cd718-d954-3b5f-8d46-c7355f0290bc
> -rwxrwxrwx 1 1000 1000 67321 May 20 18:55
> a99e3dbc-14e6-3664-8261-2809df888090
> -rwxrwxrwx 1 1000 1000 74278 May 31 20:09
> ace4b7b8-cc98-3fde-a473-ab0d7dbb0f05
> -rwxrwxrwx 1 1000 1000 74287 May 21 14:04
> afba8a25-9b61-30e5-a60e-7be2dee84997
> -rwxrwxrwx 1 1000 1000 88579 May 22 15:51
> b6f97ac6-c03e-3fe1-9a1b-7a754d32418e
> -rwxrwxrwx 1 1000 1000 502159 Jun 3 16:02
> bbae6fd3-b4f1-303a-a181-2a1976a97209
> -rwxrwxrwx 1 1000 1000 73630 May 21 16:32
> c7e096e6-b8ed-3171-ac69-54061a222e00
> -rwxrwxrwx 1 1000 1000 383418 Jun 5 16:24
> cd603d5d-e0a4-30c3-a45b-15e770b564c3
> -rwxrwxrwx 1 1000 1000 63162 May 22 22:24
> cf7fd0fc-8e92-38a5-8fd9-64dc6085f7ec
> -rwxrwxrwx 1 1000 1000 81760 May 20 19:11
> da7cb142-d5f5-3683-ad22-98b1a1f132b4
> -rwxrwxrwx 1 1000 1000 63467 May 22 21:42
> db946cbd-5b0a-3ac2-8616-e92bfd3daaa6
> -rwxrwxrwx 1 1000 1000 34479 Jun 5 16:24
> e2d4036a-8a8e-39dd-bf43-d5104a44afac
> -rwxrwxrwx 1 1000 1000 62594 May 22 21:34
> e3a8d919-8c0b-389e-bff7-52525268b465
> -rwxrwxrwx 1 1000 1000 75387 May 21 16:37
> edb9f282-35e6-3a10-bf3f-f1bdabb43aa5
> -rwxrwxrwx 1 1000 1000 84376 May 20 19:30
> f2081b80-0746-372e-871e-aba7663cb687
> -rwxrwxrwx 1 1000 1000 403534 Jun 3 20:46
> f812f461-10e7-313d-8691-950ebd294090
> -rwxrwxrwx 1 1000 1000 33958 Jun 3 20:51
> f845d64e-834b-3457-9671-41983ad0eed0
> -rwxrwxrwx 1 1000 1000 74934 May 22 21:50
> f865900f-bbef-335b-94a5-7dc6b219910e
> -rwxrwxrwx 1 1000 1000 73723 May 20 21:20
> f91a88a4-65d4-3844-9a68-55ce0733f044
> -rwxrwxrwx 1 1000 1000 499364 May 20 20:05
> f921ed8e-def9-3a43-b2bd-35571571df92
> -rwxrwxrwx 1 1000 1000 64320 May 21 16:43
> fdf244e0-cdd9-3fa7-ab2d-03773b22ba5c
> -rwxrwxrwx 1 1000 1000 36692 Jul 5 17:12 IP-guacadmin-20240705-114252
> -rwxrwxrwx 1 1000 1000 42034 Jun 7 22:00 recording
> -rwxrwxrwx 1 1000 1000 33630 Jun 7 22:01 recording.1
> root@guacamole:/guacamole-data/guacd-recordings#
>
> --------------------------------------------------------------------------------------------------------------------------------
>
>
This should be fine, although if your host system uses SELinux you may need
to make sure to account for SELinux context.
> *3. Have you configured your connections to record into the correct
> location with the ${HISTORY_PATH} and ${HISTORY_UUID} tokens?*
> Yes, used below path -
>
> *Recording path: */guacamole-data/guacd-recordings/${HISTORY_UUID}
> *Recording name: *${HISTORY_UUID}
> *Automatically create recording path: *checked(also tried uncheck mark on
> this option)
>
>
As mentioned before, the Recording path should be
"${HISTORY_PATH}/${HISTORY_UUID}", and then recording name should be
something human-readable.
Please correct those issues - in particular, do not try to pass your own
guacamole.properties or server.xml file in, and make sure you're using the
appropriate variables with the containers.
-Nick
