Hi,
I am running a small guacamole installation in docker behing traefik.
Here is my docker compose file:
networks:
guacnetwork_compose:
driver: bridge
enable_ipv6: true
ipam:
driver: default
config:
- subnet: 172.16.238.0/24
gateway: 172.16.238.1
- subnet: my_v6_prefix::/80
gateway: my_v6_gateway::1
services:
guacd:
container_name: guacd_compose
image: guacamole/guacd:1.5.3
networks:
guacnetwork_compose:
restart: always
volumes:
- ./drive:/drive:rw
- ./record:/record:rw
# postgres
postgres:
container_name: postgres_guacamole_compose
environment:
PGDATA: /var/lib/postgresql/data/guacamole
POSTGRES_DB: guacamole_db
POSTGRES_PASSWORD: 'my-postgres-password'
POSTGRES_USER: guacamole_user
image: postgres:13.4
networks:
guacnetwork_compose:
restart: always
volumes:
- ./init:/docker-entrypoint-initdb.d:ro
- ./data:/var/lib/postgresql/data:rw
# guacamole
guacamole:
container_name: guacamole_compose
depends_on:
- guacd
- postgres
- traefik
environment:
GUACD_HOSTNAME: guacd
POSTGRES_DATABASE: guacamole_db
POSTGRES_HOSTNAME: postgres
POSTGRES_PASSWORD: 'my-postgres-password'
POSTGRES_USER: guacamole_user
image: guacamole/guacamole
links:
- guacd
networks:
guacnetwork_compose:
ports:
- 8080/tcp
restart: always
labels:
- "traefik.enable=true"
- "traefik.http.routers.guacamole_compose.rule=Host(`guacamole.example.org`) ||
Host(`guacamole4.example.org`) || Host(`guacamole6.example.org`)"
- "traefik.http.routers.guacamole_compose.tls.certresolver=myresolver"
- "traefik.http.routers.guacamole_compose.entrypoints=websecure"
- "traefik.http.routers.guacamole_compose.middlewares=add-guacamole"
- "traefik.http.services.guacamole_compose.loadbalancer.server.port=8080"
- "traefik.http.middlewares.add-guacamole.addprefix.prefix=/guacamole"
traefik:
container_name: traefik_guacamole_compose
image: traefik:latest
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
#-
"--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory";
- "--certificatesresolvers.myresolver.acme.email=mh+my-addr...@example.de"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
networks:
guacnetwork_compose:
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
This used to work until I did a new docker compose pull after some weeks
of running without updates. Now, all I get instead of the login page is
an error page and the log entries:
postgres_guacamole_compose | 2025-07-27 10:07:51.655 UTC [52] FATAL: password
authentication failed for user "guacamole_user"
postgres_guacamole_compose | 2025-07-27 10:07:51.655 UTC [52] DETAIL: Password does not
match for user "guacamole_user".
postgres_guacamole_compose | Connection matched pg_hba.conf line 99: "host all
all all md5"
postgres_guacamole_compose | 2025-07-27 10:07:51.660 UTC [53] FATAL: password
authentication failed for user "guacamole_user"
postgres_guacamole_compose | 2025-07-27 10:07:51.660 UTC [53] DETAIL: Password does not
match for user "guacamole_user".
postgres_guacamole_compose | Connection matched pg_hba.conf line 99: "host all
all all md5"
guacamole_compose | 10:07:51.661 [http-nio-8080-exec-3] WARN
o.a.g.e.AuthenticationProviderFacade - The "postgresql" authentication provider has
encountered an internal error which will halt the authentication process. If this is unexpected or
you are the developer of this authentication provider, you may wish to enable debug-level logging.
If this is expected and you wish to ignore such failures in the future, please set
"skip-if-unavailable: postgresql" within your guacamole.properties.
guacamole_compose | 10:07:51.662 [http-nio-8080-exec-3] ERROR
o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
guacamole_compose | ### Error querying database. Cause:
org.postgresql.util.PSQLException: FATAL: password authentication failed for user
"guacamole_user"
guacamole_compose | ### The error may exist in
org/apache/guacamole/auth/jdbc/user/UserMapper.xml
guacamole_compose | ### The error may involve
org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne
guacamole_compose | ### The error occurred while executing a query
guacamole_compose | ### Cause: org.postgresql.util.PSQLException: FATAL:
password authentication failed for user "guacamole_user"
How would I verify whether my-postgres-password actually works? The
postgres container doesn't seem to expose a port to the host, and the
guacamole container doesnt have a command line client installed. When I
try psql -h 127.0.0.1 from the postgres container, authentication
succeeds without asking for a password.
What is going worng here? Is it possible that my update brought me to a
guacamole version that cannot talk any more to the ancient postgres
13.4 I am running?
Would it help to update postgresql?
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org
