Apache Guacamole managed by EGroupware
Guacamole makes RDP or VNC desktops available via html5 inside EGroupware. EGroupware supplies account information, authentication via OpenID Connect and allows to manage connections.
- Installs all tables (or views) for Apache Guacamole
- Everything account-related is a view, not a table
- EGroupware UI to create connections (Admin >> Guacamole >> Connections)
- One has to use EGroupware to assign permissions to connections
- Guacamole UI can be used to set advanced connection options
The app requires accounts stored in SQL. A workaround for using LDAP or ActiveDirectory for account storage (not just authentication), is to regularly use setup to migrate users and groups to SQL.
- Installation must happen on same physical machine as EGroupware itself
- You already installed EGroupware itself AND secured the installation with https / a certificate under it's final domain-name eg. https://example.org/egroupware
- MariaDB/MySQL can be used by user root without entering a password, create a /root/my.cnf file with following content:
[client]
password = my secret root password
apt update
HTTP_HOST=example.org apt install egroupware-guacamole
- Apache Guacamole website
- Using Guacamole section of Guacamole manual
- Administration section of Guacamole manual (keep in mind to use EGroupware UI to assign connection permissions!)
- Frequently Asked Questions from Guacamole
- Guacamole installation instructions for EGroupware
- Guacamole category in our forum (German)
- Guacamole EGroupware application repo on GitHub
- check the log of the guacamole container (almost all of the problem below are reported there!)
docker logs -f guacamole
- check MariaDB/MySQL is not bound on localhost (package tries to change that to docker0 address 172.17.0.1)
netstat -ln | grep 3306
tcp 0 0 172.17.0.1:3306 0.0.0.0:* LISTEN
- enable OpenID Connect request log in EGroupware (Administration > Applications > OpenID Connect / OAuth > Request log)
- if Guacamole can not talk to EGroupware (because your firewall is blocking access from inside to the external IP / NAT traversal), you can set the docker0 IP for the external hostname by uncommenting the following in /etc/egroupware-guacamole/docker-compose.yaml (be careful as indention by space is important in YAML files!)
# set the ip-address of your docker host AND your official DNS name so Guacamole
# can access EGroupware without the need to go over your firewall
extra_hosts:
- "example.org:172.17.0.1"
After uncommenting and replacing example.org with your actual domain you need to recreate the container:
cd /etc/egroupware-guacamole
docker-compose stop guacamole
docker-compose rm -f guacamole
docker-compose up -d guacamole
- Guacamole requires a websocket connection! If you use your firewall or something else to terminate https (eg. a Synology), you have to configure it to proxy websockets too! Use developer tools of your browser an check for failed websocket messages on the console or pending websockets in the network tab.
- ask for help under Guacamole category in our forum or buy a support budget from EGroupware GmbH
| Language: |  |
- General information
- Distribution specific instructions
- Update recommendations and troubleshooting
- Tuning EGroupware for higher number of users
- Docker-compose installation: Linux, Windows, Mac, Synology, QNAP
- Configure IMAP push
- IMAP Push Notifications for Dovecot 2.2+
- Using EGroupware Mail server with ActiveDirectory
CTI / Computer Telephone Integration
Using SmallPART with a LMS (Moodle, OpenOLAT, ...)
Synchronisation between Untis / Webuntis and EGroupware
Development