Guacamole¶
| Description / name | Input element |
|---|---|
| Your domain name |
Overview¶
Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
Deployment¶
sb install sandbox-guacamole
Usage¶
Visit https://guacamole.iYOUR_DOMAIN_NAMEi.
Basics¶
-
Log in with user and password
guacadmin. Change the default user and password immediately.
Enable Extensions (Optional)¶
Guacamole supports various authentication extensions that can be enabled through your Inventory. Add any of the following options to enable specific extensions:
Enable time-based one-time passwords for enhanced security:
guacamole_docker_envs_custom:
OPT_TOTP: "Y"
Enable LDAP authentication:
guacamole_docker_envs_custom:
OPT_LDAP: "Y"
Enable RADIUS authentication:
guacamole_docker_envs_custom:
OPT_RADIUS: "Y"
Enable Duo two-factor authentication:
guacamole_docker_envs_custom:
OPT_DUO: "Y"
Enable Central Authentication Service:
guacamole_docker_envs_custom:
OPT_CAS: "Y"
Enable OpenID Connect authentication:
guacamole_docker_envs_custom:
OPT_OPENID: "Y"
Enable SAML authentication:
guacamole_docker_envs_custom:
OPT_SAML: "Y"
Enable HTTP header-based authentication:
guacamole_docker_envs_custom:
OPT_HEADER: "Y"
After adding any extension options, run sb install sandbox-guacamole to apply changes.
Role Defaults¶
Use the Inventory to customize variables. (1)
-
Example override
guacamole_name: "custom_value"Avoid overriding variables ending in
_defaultWhen overriding variables that end in
_default(likeguacamole_docker_envs_default), you replace the entire default configuration. Future updates that add new default values will not be applied to your setup, potentially breaking functionality.Instead, use the corresponding
_customvariable (likeguacamole_docker_envs_custom) to add your changes. Custom values are merged with defaults, ensuring you receive updates.
guacamole_name
# Type: string
guacamole_name: guacamole
guacamole_role_totp_enable
# Type: bool (true/false)
guacamole_role_totp_enable: false
guacamole_role_ldap_enable
# Type: bool (true/false)
guacamole_role_ldap_enable: false
guacamole_role_radius_enable
# Type: bool (true/false)
guacamole_role_radius_enable: false
guacamole_role_duo_enable
# Type: bool (true/false)
guacamole_role_duo_enable: false
guacamole_role_cas_enable
# Type: bool (true/false)
guacamole_role_cas_enable: false
guacamole_role_openid_enable
# Type: bool (true/false)
guacamole_role_openid_enable: false
guacamole_role_saml_enable
# Type: bool (true/false)
guacamole_role_saml_enable: false
guacamole_role_header_enable
# Type: bool (true/false)
guacamole_role_header_enable: false
guacamole_role_web_subdomain
# Type: string
guacamole_role_web_subdomain: "{{ guacamole_name }}"
guacamole_role_web_domain
# Type: string
guacamole_role_web_domain: "{{ user.domain }}"
guacamole_role_web_port
# Type: string
guacamole_role_web_port: "8080"
guacamole_role_web_url
# Type: string
guacamole_role_web_url: "{{ 'https://' + (lookup('role_var', '_web_subdomain', role='guacamole') + '.' + lookup('role_var', '_web_domain', role='guacamole')
if (lookup('role_var', '_web_subdomain', role='guacamole') | length > 0)
else lookup('role_var', '_web_domain', role='guacamole')) }}"
guacamole_role_dns_record
# Type: string
guacamole_role_dns_record: "{{ lookup('role_var', '_web_subdomain', role='guacamole') }}"
guacamole_role_dns_zone
# Type: string
guacamole_role_dns_zone: "{{ lookup('role_var', '_web_domain', role='guacamole') }}"
guacamole_role_dns_proxy
# Type: bool (true/false)
guacamole_role_dns_proxy: "{{ dns_proxied }}"
guacamole_role_traefik_sso_middleware
# Type: string
guacamole_role_traefik_sso_middleware: ""
guacamole_role_traefik_middleware_default
# Type: string
guacamole_role_traefik_middleware_default: "{{ traefik_default_middleware }}"
guacamole_role_traefik_middleware_custom
# Type: string
guacamole_role_traefik_middleware_custom: ""
guacamole_role_traefik_certresolver
# Type: string
guacamole_role_traefik_certresolver: "{{ traefik_default_certresolver }}"
guacamole_role_traefik_enabled
# Type: bool (true/false)
guacamole_role_traefik_enabled: true
guacamole_role_traefik_api_enabled
# Type: bool (true/false)
guacamole_role_traefik_api_enabled: false
guacamole_role_traefik_api_endpoint
# Type: string
guacamole_role_traefik_api_endpoint: ""
Container
guacamole_role_docker_container
# Type: string
guacamole_role_docker_container: "{{ guacamole_name }}"
Image
guacamole_role_docker_image_pull
# Type: bool (true/false)
guacamole_role_docker_image_pull: true
guacamole_role_docker_image_repo
# Type: string
guacamole_role_docker_image_repo: "jasonbean/guacamole"
guacamole_role_docker_image_tag
# Type: string
guacamole_role_docker_image_tag: "latest"
guacamole_role_docker_image
# Type: string
guacamole_role_docker_image: "{{ lookup('role_var', '_docker_image_repo', role='guacamole') }}:{{ lookup('role_var', '_docker_image_tag', role='guacamole') }}"
Envs
guacamole_role_docker_envs_default
# Type: dict
guacamole_role_docker_envs_default:
PUID: "{{ uid }}"
PGID: "{{ gid }}"
OPT_MYSQL: "Y"
OPT_TOTP: "{{ 'Y' if lookup('role_var', '_totp_enable', role='guacamole') else omit }}"
OPT_LDAP: "{{ 'Y' if lookup('role_var', '_ldap_enable', role='guacamole') else omit }}"
OPT_RADIUS: "{{ 'Y' if lookup('role_var', '_radius_enable', role='guacamole') else omit }}"
OPT_DUO: "{{ 'Y' if lookup('role_var', '_duo_enable', role='guacamole') else omit }}"
OPT_CAS: "{{ 'Y' if lookup('role_var', '_cas_enable', role='guacamole') else omit }}"
OPT_OPENID: "{{ 'Y' if lookup('role_var', '_openid_enable', role='guacamole') else omit }}"
OPT_SAML: "{{ 'Y' if lookup('role_var', '_saml_enable', role='guacamole') else omit }}"
OPT_HEADER: "{{ 'Y' if lookup('role_var', '_header_enable', role='guacamole') else omit }}"
guacamole_role_docker_envs_custom
# Type: dict
guacamole_role_docker_envs_custom: {}
Volumes
guacamole_role_docker_volumes_default
# Type: list
guacamole_role_docker_volumes_default:
- "{{ lookup('role_var', '_paths_location', role='guacamole') }}/config:/config"
guacamole_role_docker_volumes_custom
# Type: list
guacamole_role_docker_volumes_custom: []
Hostname
guacamole_role_docker_hostname
# Type: string
guacamole_role_docker_hostname: "{{ guacamole_name }}"
Networks
guacamole_role_docker_networks_alias
# Type: string
guacamole_role_docker_networks_alias: "{{ guacamole_name }}"
guacamole_role_docker_networks_default
# Type: list
guacamole_role_docker_networks_default: []
guacamole_role_docker_networks_custom
# Type: list
guacamole_role_docker_networks_custom: []
Restart Policy
guacamole_role_docker_restart_policy
# Type: string
guacamole_role_docker_restart_policy: unless-stopped
State
guacamole_role_docker_state
# Type: string
guacamole_role_docker_state: started
The following advanced options are available via create_docker_container but are not defined in the role. See: docker_container module
Resource Limits
guacamole_role_docker_blkio_weight
# Type: int
guacamole_role_docker_blkio_weight:
guacamole_role_docker_cpu_period
# Type: int
guacamole_role_docker_cpu_period:
guacamole_role_docker_cpu_quota
# Type: int
guacamole_role_docker_cpu_quota:
guacamole_role_docker_cpu_shares
# Type: int
guacamole_role_docker_cpu_shares:
guacamole_role_docker_cpus
# Type: string
guacamole_role_docker_cpus:
guacamole_role_docker_cpuset_cpus
# Type: string
guacamole_role_docker_cpuset_cpus:
guacamole_role_docker_cpuset_mems
# Type: string
guacamole_role_docker_cpuset_mems:
guacamole_role_docker_kernel_memory
# Type: string
guacamole_role_docker_kernel_memory:
guacamole_role_docker_memory
# Type: string
guacamole_role_docker_memory:
guacamole_role_docker_memory_reservation
# Type: string
guacamole_role_docker_memory_reservation:
guacamole_role_docker_memory_swap
# Type: string
guacamole_role_docker_memory_swap:
guacamole_role_docker_memory_swappiness
# Type: int
guacamole_role_docker_memory_swappiness:
guacamole_role_docker_shm_size
# Type: string
guacamole_role_docker_shm_size:
Security & Devices
guacamole_role_docker_cap_drop
# Type: list
guacamole_role_docker_cap_drop:
guacamole_role_docker_cgroupns_mode
# Type: string
guacamole_role_docker_cgroupns_mode:
guacamole_role_docker_device_cgroup_rules
# Type: list
guacamole_role_docker_device_cgroup_rules:
guacamole_role_docker_device_read_bps
# Type: list
guacamole_role_docker_device_read_bps:
guacamole_role_docker_device_read_iops
# Type: list
guacamole_role_docker_device_read_iops:
guacamole_role_docker_device_requests
# Type: list
guacamole_role_docker_device_requests:
guacamole_role_docker_device_write_bps
# Type: list
guacamole_role_docker_device_write_bps:
guacamole_role_docker_device_write_iops
# Type: list
guacamole_role_docker_device_write_iops:
guacamole_role_docker_devices
# Type: list
guacamole_role_docker_devices:
guacamole_role_docker_devices_default
# Type: string
guacamole_role_docker_devices_default:
guacamole_role_docker_groups
# Type: list
guacamole_role_docker_groups:
guacamole_role_docker_privileged
# Type: bool (true/false)
guacamole_role_docker_privileged:
guacamole_role_docker_security_opts
# Type: list
guacamole_role_docker_security_opts:
guacamole_role_docker_user
# Type: string
guacamole_role_docker_user:
guacamole_role_docker_userns_mode
# Type: string
guacamole_role_docker_userns_mode:
Networking
guacamole_role_docker_dns_opts
# Type: list
guacamole_role_docker_dns_opts:
guacamole_role_docker_dns_search_domains
# Type: list
guacamole_role_docker_dns_search_domains:
guacamole_role_docker_dns_servers
# Type: list
guacamole_role_docker_dns_servers:
guacamole_role_docker_domainname
# Type: string
guacamole_role_docker_domainname:
guacamole_role_docker_exposed_ports
# Type: list
guacamole_role_docker_exposed_ports:
guacamole_role_docker_hosts
# Type: dict
guacamole_role_docker_hosts:
guacamole_role_docker_hosts_use_common
# Type: bool (true/false)
guacamole_role_docker_hosts_use_common:
guacamole_role_docker_ipc_mode
# Type: string
guacamole_role_docker_ipc_mode:
guacamole_role_docker_links
# Type: list
guacamole_role_docker_links:
guacamole_role_docker_network_mode
# Type: string
guacamole_role_docker_network_mode:
guacamole_role_docker_pid_mode
# Type: string
guacamole_role_docker_pid_mode:
guacamole_role_docker_ports
# Type: list
guacamole_role_docker_ports:
guacamole_role_docker_uts
# Type: string
guacamole_role_docker_uts:
Storage
guacamole_role_docker_keep_volumes
# Type: bool (true/false)
guacamole_role_docker_keep_volumes:
guacamole_role_docker_mounts
# Type: list
guacamole_role_docker_mounts:
guacamole_role_docker_storage_opts
# Type: dict
guacamole_role_docker_storage_opts:
guacamole_role_docker_tmpfs
# Type: list
guacamole_role_docker_tmpfs:
guacamole_role_docker_volume_driver
# Type: string
guacamole_role_docker_volume_driver:
guacamole_role_docker_volumes_from
# Type: list
guacamole_role_docker_volumes_from:
guacamole_role_docker_volumes_global
# Type: bool (true/false)
guacamole_role_docker_volumes_global:
guacamole_role_docker_working_dir
# Type: string
guacamole_role_docker_working_dir:
Monitoring & Lifecycle
guacamole_role_docker_auto_remove
# Type: bool (true/false)
guacamole_role_docker_auto_remove:
guacamole_role_docker_cleanup
# Type: bool (true/false)
guacamole_role_docker_cleanup:
guacamole_role_docker_force_kill
# Type: string
guacamole_role_docker_force_kill:
guacamole_role_docker_healthcheck
# Type: dict
guacamole_role_docker_healthcheck:
guacamole_role_docker_healthy_wait_timeout
# Type: int
guacamole_role_docker_healthy_wait_timeout:
guacamole_role_docker_init
# Type: bool (true/false)
guacamole_role_docker_init:
guacamole_role_docker_kill_signal
# Type: string
guacamole_role_docker_kill_signal:
guacamole_role_docker_log_driver
# Type: string
guacamole_role_docker_log_driver:
guacamole_role_docker_log_options
# Type: dict
guacamole_role_docker_log_options:
guacamole_role_docker_oom_killer
# Type: bool (true/false)
guacamole_role_docker_oom_killer:
guacamole_role_docker_oom_score_adj
# Type: int
guacamole_role_docker_oom_score_adj:
guacamole_role_docker_output_logs
# Type: bool (true/false)
guacamole_role_docker_output_logs:
guacamole_role_docker_paused
# Type: bool (true/false)
guacamole_role_docker_paused:
guacamole_role_docker_recreate
# Type: bool (true/false)
guacamole_role_docker_recreate:
guacamole_role_docker_restart_retries
# Type: int
guacamole_role_docker_restart_retries:
guacamole_role_docker_stop_timeout
# Type: int
guacamole_role_docker_stop_timeout:
Other Options
guacamole_role_docker_capabilities
# Type: list
guacamole_role_docker_capabilities:
guacamole_role_docker_cgroup_parent
# Type: string
guacamole_role_docker_cgroup_parent:
guacamole_role_docker_commands
# Type: list
guacamole_role_docker_commands:
guacamole_role_docker_create_timeout
# Type: int
guacamole_role_docker_create_timeout:
guacamole_role_docker_entrypoint
# Type: string
guacamole_role_docker_entrypoint:
guacamole_role_docker_env_file
# Type: string
guacamole_role_docker_env_file:
guacamole_role_docker_labels
# Type: dict
guacamole_role_docker_labels:
guacamole_role_docker_labels_use_common
# Type: bool (true/false)
guacamole_role_docker_labels_use_common:
guacamole_role_docker_read_only
# Type: bool (true/false)
guacamole_role_docker_read_only:
guacamole_role_docker_runtime
# Type: string
guacamole_role_docker_runtime:
guacamole_role_docker_sysctls
# Type: list
guacamole_role_docker_sysctls:
guacamole_role_docker_ulimits
# Type: list
guacamole_role_docker_ulimits:
guacamole_role_autoheal_enabled
# Enable or disable Autoheal monitoring for the container created when deploying
# Type: bool (true/false)
guacamole_role_autoheal_enabled: true
guacamole_role_cas_enable
# Type: string
guacamole_role_cas_enable:
guacamole_role_depends_on
# List of container dependencies that must be running before the container start
# Type: string
guacamole_role_depends_on: ""
guacamole_role_depends_on_delay
# Delay in seconds before starting the container after dependencies are ready
# Type: string (quoted number)
guacamole_role_depends_on_delay: "0"
guacamole_role_depends_on_healthchecks
# Enable healthcheck waiting for container dependencies
# Type: string ("true"/"false")
guacamole_role_depends_on_healthchecks:
guacamole_role_diun_enabled
# Enable or disable Diun update notifications for the container created when deploying
# Type: bool (true/false)
guacamole_role_diun_enabled: true
guacamole_role_dns_enabled
# Enable or disable automatic DNS record creation for the container
# Type: bool (true/false)
guacamole_role_dns_enabled: true
guacamole_role_docker_controller
# Enable or disable Saltbox Docker Controller management for the container
# Type: bool (true/false)
guacamole_role_docker_controller: true
guacamole_role_docker_image_repo
# Type: string
guacamole_role_docker_image_repo:
guacamole_role_docker_image_tag
# Type: string
guacamole_role_docker_image_tag:
guacamole_role_docker_volumes_download
# Type: bool (true/false)
guacamole_role_docker_volumes_download:
guacamole_role_duo_enable
# Type: string
guacamole_role_duo_enable:
guacamole_role_header_enable
# Type: string
guacamole_role_header_enable:
guacamole_role_ldap_enable
# Type: string
guacamole_role_ldap_enable:
guacamole_role_openid_enable
# Type: string
guacamole_role_openid_enable:
guacamole_role_paths_location
# Type: string
guacamole_role_paths_location:
guacamole_role_radius_enable
# Type: string
guacamole_role_radius_enable:
guacamole_role_saml_enable
# Type: string
guacamole_role_saml_enable:
guacamole_role_themepark_addons
# Type: string
guacamole_role_themepark_addons:
guacamole_role_themepark_app
# Type: string
guacamole_role_themepark_app:
guacamole_role_themepark_theme
# Type: string
guacamole_role_themepark_theme:
guacamole_role_totp_enable
# Type: string
guacamole_role_totp_enable:
guacamole_role_traefik_api_endpoint
# Type: dict/omit
guacamole_role_traefik_api_endpoint:
guacamole_role_traefik_api_middleware
# Type: string
guacamole_role_traefik_api_middleware:
guacamole_role_traefik_api_middleware_http
# Type: string
guacamole_role_traefik_api_middleware_http:
guacamole_role_traefik_autodetect_enabled
# Enable Traefik autodetect middleware for the container
# Type: bool (true/false)
guacamole_role_traefik_autodetect_enabled: false
guacamole_role_traefik_certresolver
# Type: string
guacamole_role_traefik_certresolver:
guacamole_role_traefik_crowdsec_enabled
# Enable CrowdSec middleware for the container
# Type: bool (true/false)
guacamole_role_traefik_crowdsec_enabled: false
guacamole_role_traefik_error_pages_enabled
# Enable custom error pages middleware for the container
# Type: bool (true/false)
guacamole_role_traefik_error_pages_enabled: false
guacamole_role_traefik_gzip_enabled
# Enable gzip compression middleware for the container
# Type: bool (true/false)
guacamole_role_traefik_gzip_enabled: false
guacamole_role_traefik_middleware_http
# Type: string
guacamole_role_traefik_middleware_http:
guacamole_role_traefik_middleware_http_api_insecure
# Type: bool (true/false)
guacamole_role_traefik_middleware_http_api_insecure:
guacamole_role_traefik_middleware_http_insecure
# Type: bool (true/false)
guacamole_role_traefik_middleware_http_insecure:
guacamole_role_traefik_priority
# Type: string
guacamole_role_traefik_priority:
guacamole_role_traefik_robot_enabled
# Enable robots.txt middleware for the container
# Type: bool (true/false)
guacamole_role_traefik_robot_enabled: true
guacamole_role_traefik_tailscale_enabled
# Enable Tailscale-specific Traefik configuration for the container
# Type: bool (true/false)
guacamole_role_traefik_tailscale_enabled: false
guacamole_role_traefik_wildcard_enabled
# Enable wildcard certificate for the container
# Type: bool (true/false)
guacamole_role_traefik_wildcard_enabled: true
guacamole_role_web_domain
# Type: string
guacamole_role_web_domain:
guacamole_role_web_fqdn_override
# Override the Traefik fully qualified domain name (FQDN) for the container
# Type: list
guacamole_role_web_fqdn_override:
Example Override
guacamole_role_web_fqdn_override:
- "{{ traefik_host }}"
- "guacamole2.{{ user.domain }}"
- "guacamole.otherdomain.tld"
Note: Include {{ traefik_host }} to preserve the default FQDN alongside your custom entries
guacamole_role_web_host_override
# Override the Traefik web host configuration for the container
# Type: string
guacamole_role_web_host_override:
Example Override
guacamole_role_web_host_override: "Host(`{{ traefik_host }}`) || Host(`{{ 'guacamole2.' + user.domain }}`)"
Note: Use {{ traefik_host }} to include the default host configuration in your custom rule
guacamole_role_web_http_port
# Type: string (quoted number)
guacamole_role_web_http_port:
guacamole_role_web_http_scheme
# Type: string ("http"/"https")
guacamole_role_web_http_scheme:
guacamole_role_web_http_serverstransport
# Type: dict/omit
guacamole_role_web_http_serverstransport:
guacamole_role_web_scheme
# URL scheme to use for web access to the container
# Type: string ("http"/"https")
guacamole_role_web_scheme:
guacamole_role_web_serverstransport
# Type: dict/omit
guacamole_role_web_serverstransport:
guacamole_role_web_subdomain
# Type: string
guacamole_role_web_subdomain: