add guacamole

README.md

@@ -119,7 +119,7 @@ A [proxy](https://en.wikipedia.org/wiki/Proxy_server) is a server application th
 - [Keycloak](https://github.com/keycloak/keycloak-containers/tree/main/docker-compose-examples) - Keycloak is an open-source Identity and Access Management (IAM) solution for modern applications and services.
 - [lldap](examples/lldap) - lldap is a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication. It integrates with many backends, from KeyCloak to Authelia to Nextcloud and more.
 
-### Virtual Private Network (VPN)
+### Virtual Private Network (VPN) & Remote Access
 
 **[`^        back to top        ^`](#-project-list)**
 
@@ -131,6 +131,7 @@ A [VPN](https://en.wikipedia.org/wiki/Virtual_private_network) is a mechanism fo
 - [Firezone](examples/firezone) - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO.
 - ~~[Netbird](https://github.com/netbirdio/netbird)~~ - Quickly connect your computers, servers, cloud instances, and IoT devices into a secure private network. No configuration required.
 - [Headscale](examples/headscale) - An open source, self-hosted implementation of the Tailscale control server.
+- [Guacamole](examples/guacamole) - Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, SSH and RDP.
 
 ### Domain Name Service (DNS)
 

examples/guacamole/README.md

@@ -0,0 +1,35 @@
+# References
+
+- https://hub.docker.com/r/guacamole/guacamole/
+
+# Notes
+
+Before spawning up the Docker Compose stack you have to pre-supply an `initdb.sql` initialization file for the Postgresql database.
+
+The file is provided in this repository but can also be created dynamically via:
+
+````
+docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > initdb.sql
+````
+
+Please go ahead and place this init file in the corresponding Docker Volume Bind Mount.
+
+````
+mkdir -p /mnt/docker-volumes}/guacamole/psql/init
+
+# move init file from this repo to the new location
+mv initdb.sql /mnt/docker-volumes}/guacamole/psql/init/.
+
+# alternatively, create it dynamically and place it to the new location
+docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > /mnt/docker-volumes}/guacamole/psql/init/initdb.sql
+````
+
+Afterwards, you can spawn up the Docker stack as follows:
+
+````
+docker compose up -d
+````
+
+The Guacamole login is available at http://<YOUR-IP>:8080/guacamole.
+
+The default username is `guacadmin`. The default password is `guacadmin`.

examples/guacamole/docker-compose.yml

@@ -0,0 +1,64 @@
+version: '2.0'
+
+services:
+
+  guacd:
+    image: guacamole/guacd
+    container_name: guacamole-guacd
+    restart: always
+    volumes:
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/guacd/drive:/drive:rw
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/guacd/record:/record:rw
+    #networks:
+    #  - proxy
+
+  postgres:
+    image: postgres:15.2-alpine
+    container_name: guacamole-db
+    restart: always
+    environment:
+      - PGDATA=/var/lib/postgresql/data/guacamole
+      - POSTGRES_DB=guacamole_db
+      - POSTGRES_PASSWORD=ChooseYourOwnPasswordHere1234
+      - POSTGRES_USER=guacamole_user
+    volumes:
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/psql/init:/docker-entrypoint-initdb.d:z
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/psql/data:/var/lib/postgresql/data:Z
+    #networks:
+    #  - proxy
+
+  # guacamole
+  guacamole:
+    image: guacamole/guacamole
+    container_name: guacamole-ui
+    restart: always
+    depends_on:
+    - guacd
+    - postgres
+    environment:
+      - GUACD_HOSTNAME=guacd
+      - POSTGRES_DATABASE=guacamole_db
+      - POSTGRES_HOSTNAME=postgres
+      - POSTGRES_PASSWORD=ChooseYourOwnPasswordHere1234
+      - POSTGRES_USER=guacamole_user
+    links:
+      - guacd
+    ports:
+      # Guacamole is on :8080/guacamole, not /.
+      # Default login is guacadmin:guacadmin
+      - 8080:8080/tcp 
+    expose:
+      - 8080
+    #networks:
+    #  - proxy
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.docker.network=proxy
+    #  - traefik.http.routers.guacamole.rule=Host(`guacamole.example.com`)
+    #  - traefik.http.services.guacamole.loadbalancer.server.port=8080
+    #  # Optional part for traefik middlewares
+    #  - traefik.http.routers.guacamole.middlewares=local-ipwhitelist@file,authelia@docker
+
+#networks:
+#  proxy:
+#    external: true