You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@guacamole.apache.org by "ronansalmon (via GitHub)" <gi...@apache.org> on 2023/03/06 09:20:10 UTC

[GitHub] [guacamole-client] ronansalmon commented on a diff in pull request #805: GUACAMOLE-1746: Docker Allow usage of custom keystore and custom certificat

ronansalmon commented on code in PR #805:
URL: https://github.com/apache/guacamole-client/pull/805#discussion_r1126133938


##########
guacamole-docker/README.md:
##########
@@ -228,6 +228,49 @@ The process for doing this via the `sqlcmd` utilities included
 with SQLServer is documented in
 [the Guacamole manual](http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-sqlserver).
 
+Enabling guacd ssl
+================
+This explains how to enable ssl between guacamole and guacd using a self signed certificat.
+
+1. Generate a new certificat
+You need to create the new certificat on the guacd host.
+
+```shell
+openssl genrsa -out /etc/guacd/server.key 2048
+openssl req -new -key /etc/guacd/server.key -out /etc/guacd/cert.csr
+openssl x509 -in /etc/guacd/cert.csr -out /etc/guacd/server.crt -req -signkey /etc/guacd/server.key -days 3650
+openssl pkcs12 -export -in /etc/guacd/server.crt -inkey /etc/guacd/server.key  -out /etc/guacd/server.p12 -CAfile ca.crt -caname root
+```
+2. Configure guacd
+
+On debian, edit /etc/default/guacd and modify the following variables.
+```
+# listen on all interface
+LISTEN_ADDRESS=0.0.0.0
+
+# certificats
+DAEMON_ARGS=-C /etc/guacd/server.crt -K /etc/guacd/server.key
+```
+restart guacd! 

Review Comment:
   @necouchman ,
   Yes, I added documentation on how to setup the guacd standalone only with ssl mode.
   
   The guacd doc should probably go somewhere else indeed. I don't think it can go in the Docker chapter in the User Guide since one can use either the guacd standalone or guacd docker or both.
   
   I don't know where it should go ? What would you recommend ?
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org