-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GUACAMOLE-1746: Docker Allow usage of custom keystore and custom certificat #805
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few spelling corrections, but I'm also concerned about the nature of the instructions added to the README.md file.
The instructions seem to cover a scenario where you're running guacd natively on a system but you're running guacamole-client in a Docker container. This is a perfectly valid scenario; however, I'm not sure that the README for guacamole-client within Docker should include instructions that are specific to guacd - either Docker-based or natively installed. It might be better to document that in either the gaucamole-server repo or the Docker chapter in the User Guide (guacamole-manual), and just put a note, here, that refers people to one of those two places?
You need to create the new certificate on the guacd host, see https://github.com/apache/guacamole-server/blob/master/README | ||
or https://github.com/apache/guacamole-server/blob/master/src/guacd-docker/README.md depending | ||
on the version you will use (standalone vs docker). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suspect we should document this somewhere in the Guacamole User Guide (Manual), and link to that instead of linking directly to the Github repository.
@ronansalmon Any chance we can wrap this one up? |
Hey ! So, how should we proceed ? |
I would add some thoughts: For reference: I had a similar approach here sirux88@e02d2be. My use case was using a self signed cert for LDAP |
The |
I still can't find it. But if you're saying it's used I'm ok with this |
For reference, here's the code path: Property Declaration (standardized as part of guacamole-ext)guacamole-client/guacamole-ext/src/main/java/org/apache/guacamole/environment/Environment.java Lines 61 to 69 in ac6e501
Property Retrieval (via a
|
@Override | |
public GuacamoleProxyConfiguration getDefaultGuacamoleProxyConfiguration() | |
throws GuacamoleException { | |
// Parse guacd hostname/port/ssl properties | |
return new GuacamoleProxyConfiguration( | |
getProperty(Environment.GUACD_HOSTNAME, DEFAULT_GUACD_HOSTNAME), | |
getProperty(Environment.GUACD_PORT, DEFAULT_GUACD_PORT), | |
getProperty(Environment.GUACD_SSL, DEFAULT_GUACD_SSL) | |
); | |
} |
(Voluntary) Usage of Retrieved Values
Implementations aren't strictly required to use getDefaultGuacamoleProxyConfiguration()
, but most do, either explicitly or implicitly via SimpleConnection
.
Line 206 in ac6e501
GuacamoleProxyConfiguration proxyConfig = environment.getDefaultGuacamoleProxyConfiguration(); |
Line 462 in ac6e501
GuacamoleProxyConfiguration defaultConfig = environment.getDefaultGuacamoleProxyConfiguration(); |
etc.
…YSTORE_PASS to JAVA_KEYSTORE_FILE and JAVA_KEYSTORE_PASS
@sirux88 Done |
The start script handles custom keystore/certificat.