VM&ContainerService ContainerNot Use Anymore
,
Source
Edit
History

虛擬桌面 - Apache Guacamole - 已廢棄

前言

其實這個用很長一段時間了但是到了最近重新整理的時候才發現我沒有寫成筆記

參考資料

Apache Guacamole and docker-compose – systems.dance

基本流程

前提

這是一個把DB&AP放在同一個Docker-compose.yml內的作法,也的確後來發現不要刻意去整合DB可能對於container化後比較方便而且要項這冊一樣分切也比較簡單

流程

  1. 先用docker run跑Image內的script來產生initial DB

  2. 用compose file先單獨建立db(並且要定義volumes來保留db)

  3. 在db container內把initial DB塞進db container的DB內(當然會透過volumes保留成果)

  4. 移除單獨的db container(其實不宜除也可以,只不過後面的調整比較囉唆)

  5. 利用compose.yml直接建立相關的container(包括DB container)

實際指令與文件

Pull Image

1
2
3
docker pull guacamole/guacamole
docker pull guacamole/guacd
docker pull mariadb/server

Create initail DB

1
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > guac_db.sql

Create Initial DB Container/Volume

initial.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
version: '3'
services:
  guacdb:
    container_name: guacdb
    image: mariadb/server:latest
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: '<PASSWD_YOU_WANT>'
      MYSQL_DATABASE: 'guacamole_db'
      MYSQL_USER: 'guacamole_user'
      MYSQL_PASSWORD: '<PASSWD_YOU_WANT>'
    volumes:
      - /var/lib/docker/volumes/<Dir_you_want>:/var/lib/mysql

指令

1
2
3
4
5
6
7
8
9
10
11
12
13
# Establish initial DB Container
docker-compose up -d

# Copy initial sql into db container
docker cp guac_db.sql guacdb:/guac_db.sql

# Opening a shell and initializing the db:
docker exec -it guacdb bash
cat /guac_db.sql | mysql -u root -p guacamole_db
exit

# Remove initial DB OS
docker-compose -f /where/is/your/docker-compose down

Service Up

docker-compose.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
version: '3'
services:
  guacdb:
    container_name: guacdb
    image: mariadb/server:latest
    restart: unless-stopped
    networks:
      - traefik
    environment:
      MYSQL_ROOT_PASSWORD: '<PASSWD_YOU_WANT>'
      MYSQL_DATABASE: 'guacamole_db'
      MYSQL_USER: 'guacamole_user'
      MYSQL_PASSWORD: '<PASSWD_YOU_WANT>'
    volumes:
      - /var/lib/docker/volumes/guacamole/db:/var/lib/mysql
  guacd:
    container_name: guacd
    image: guacamole/guacd
    restart: unless-stopped
    networks:
      - traefik
  guacamole:
    container_name: guacamole
    image: 'guacamole/guacamole:latest'
    restart: unless-stopped
    networks:
      - traefik
 #   ports:
 #     - '8080:8080'
    environment:
      GUACD_HOSTNAME: "guacd"
      MYSQL_HOSTNAME: "guacdb"
      MYSQL_DATABASE: "guacamole_db"
      MYSQL_USER: "guacamole_user"
      MYSQL_PASSWORD: "<PASSWD_YOU_WANT>"
    depends_on:
      - guacdb
      - guacd
    labels:
      traefik.enable: true
      traefik.http.routers.guacamole.rule: Host(`<hostname.you.want>`)
      traefik.http.routers.guacamole.tls: true
      traefik.http.routers.guacamole.tls.certresolver: myresolver
      traefik.http.services.guacamole.loadbalancer.server.port: 8080

networks:
  traefik:
    external: true
    name: web-service

廢棄原因

  • 安全性不佳,這個作法等於在防火牆上打個洞

  • 改用wireguard+vnc的方式代替了相對更安全簡單