dmi3mis · September 22, 2025 09:40 · Mar 10, 2024 · Mar 10, 2024 · Dec 8, 2023 · Dec 8, 2023
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -1,6 +1,6 @@
-cat /etc/httpd/conf.d/domain.tld.conf
+cat /etc/httpd/conf.d/guac.dmi3lab.online.conf
 <VirtualHost *:80>
-    ServerName domain.tld
+    ServerName guac.dmi3lab.online
 
     RewriteEngine On
     RewriteCond %{HTTPS} off

diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,51 @@
+cat /etc/httpd/conf.d/domain.tld.conf
+<VirtualHost *:80>
+    ServerName domain.tld
+
+    RewriteEngine On
+    RewriteCond %{HTTPS} off
+    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+    RewriteCond %{SERVER_NAME} =guac.dmi3lab.online
+    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName guac.dmi3lab.online
+
+    # Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
+    RewriteEngine On
+    ProxyPreserveHost On
+    AllowEncodedSlashes NoDecode
+
+    ProxyPass / http://192.168.1.55:8080/ nocanon
+    ProxyPassReverse / http://192.168.1.55:8080/
+
+    RewriteCond %{HTTP:Upgrade} websocket [NC]
+    RewriteCond %{HTTP:Connection} upgrade [NC]
+    RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
+    RewriteRule .? "ws://localhost:8080/%1" [P,L]
+
+    # Enable h2, h2c and http1.1
+    Protocols h2 h2c http/1.1
+
+    # Solves slow upload speeds caused by http2
+    H2WindowSize 5242880
+
+    # TLS
+    SSLEngine               on
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
+    SSLCertificateFile /etc/letsencrypt/live/guac.dmi3lab.online/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/guac.dmi3lab.online/privkey.pem
+
+    # Disable HTTP TRACE method.
+    TraceEnable off
+    <Files ".ht*">
+        Require all denied
+    </Files>
+
+    # Support big file uploads
+    LimitRequestBody 0
+</VirtualHost>
diff --git a/Set Up Apache Guacamole With Podman.md b/Set Up Apache Guacamole With Podman.md
@@ -13,7 +13,7 @@ podman pod create \
 mkdir -p "guacamole-db/docker-entrypoint-initdb.d"
 
 chcon -t container_file_t -R $(pwd)/guacamole-db
-chown mysql:mysql -R $(pwd)/guacamole-db
+chown 27:27 -R $(pwd)/guacamole-db
 
 # files are scanned in order
 # create the user and database first and initialize it next

diff --git a/Set Up Apache Guacamole With Podman.md b/Set Up Apache Guacamole With Podman.md
@@ -12,6 +12,9 @@ podman pod create \
 # the directory the database container will scan for initialization scripts
 mkdir -p "guacamole-db/docker-entrypoint-initdb.d"
 
+chcon -t container_file_t -R $(pwd)/guacamole-db
+chown mysql:mysql -R $(pwd)/guacamole-db
+
 # files are scanned in order
 # create the user and database first and initialize it next
 # localhost doesn't work for the user with podman; must be 127.0.0.1
@@ -45,6 +48,7 @@ podman run -d \
   --name=YOUR_GUACD_CONTAINER_NAME \
   --pod=YOUR_POD_NAME \
   --restart unless-stopped \
+  -e GUACD_LOG_LEVEL=debug \
   docker.io/guacamole/guacd
 ```
 
@@ -63,6 +67,7 @@ podman run -d \
   -e MYSQL_PASSWORD=YOUR_GUACAMOLE_PASSWORD \
   -e GUACD_HOSTNAME=127.0.0.1 \
   -e GUACD_PORT=4822 \
+  -e WEBAPP_CONTEXT=ROOT \
   --restart unless-stopped \
   docker.io/guacamole/guacamole
 ```
diff --git a/Set Up Apache Guacamole With Podman.md b/Set Up Apache Guacamole With Podman.md
@@ -0,0 +1,68 @@
+## Create a pod to hold containers
+
+```
+podman pod create \
+  --name YOUR_POD_NAME \
+  -p 8080:8080
+```
+
+## Create database initialization scripts
+
+```
+# the directory the database container will scan for initialization scripts
+mkdir -p "guacamole-db/docker-entrypoint-initdb.d"
+
+# files are scanned in order
+# create the user and database first and initialize it next
+# localhost doesn't work for the user with podman; must be 127.0.0.1
+echo "CREATE USER 'YOUR_GUACAMOLE_USERNAME'@'127.0.0.1' IDENTIFIED BY 'YOUR_GUACAMOLE_PASSWORD';" > guacamole-db/docker-entrypoint-initdb.d/01_initdb.sql
+echo "CREATE DATABASE YOUR_GUACAMOLE_DATABASE_NAME;" >> guacamole-db/docker-entrypoint-initdb.d/01_initdb.sql
+echo "GRANT ALL PRIVILEGES ON YOUR_GUACAMOLE_DATABASE_NAME.* TO 'YOUR_GUACAMOLE_USERNAME'@'127.0.0.1';" >> guacamole-db/docker-entrypoint-initdb.d/01_initdb.sql
+echo "USE YOUR_GUACAMOLE_DATABASE_NAME;" > guacamole-db/docker-entrypoint-initdb.d/02_initdb.sql
+podman run --rm docker.io/guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql >> guacamole-db/docker-entrypoint-initdb.d/02_initdb.sql
+```
+
+## Create the database
+
+```
+# the directory the database stores its data in
+mkdir guacamole-db/data
+
+podman run -d \
+  --name=YOUR_DATABASE_CONTAINER_NAME \
+  --pod=YOUR_POD_NAME \
+  -e MARIADB_ROOT_PASSWORD=YOUR_DATABASE_ROOT_PASSWORD \
+  -v $(pwd)/guacamole-db/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d \
+  -v $(pwd)/guacamole-db/data:/var/lib/mysql \
+  --restart unless-stopped \
+  docker.io/mariadb:latest
+```
+
+## Start guacd
+
+```
+podman run -d \
+  --name=YOUR_GUACD_CONTAINER_NAME \
+  --pod=YOUR_POD_NAME \
+  --restart unless-stopped \
+  docker.io/guacamole/guacd
+```
+
+## Start guacamole
+
+```
+# must specify database and guacd params to connect within a pod
+# must use 127.0.0.1, not localhost
+podman run -d \
+  --name=YOUR_GUACAMOLE_WEBAPP_CONTAINER_NAME \
+  --pod=YOUR_POD_NAME \
+  -e MYSQL_HOSTNAME=127.0.0.1 \
+  -e MYSQL_PORT=3306 \
+  -e MYSQL_DATABASE=YOUR_GUACAMOLE_DATABASE_NAME \
+  -e MYSQL_USER=YOUR_GUACAMOLE_USERNAME \
+  -e MYSQL_PASSWORD=YOUR_GUACAMOLE_PASSWORD \
+  -e GUACD_HOSTNAME=127.0.0.1 \
+  -e GUACD_PORT=4822 \
+  --restart unless-stopped \
+  docker.io/guacamole/guacamole
+```