Introduction
You will want to run guacozy over SSL because of several reasons:
- Protect login credentials
- Guacamole protocol is text base and unencrypted by itself
- Clipboard sync doesn't work over HTTP on hosts other than localhost
If certificate is not provided, it is generated on every start (in entrypoint.sh)
You can provide your certificates by mounting to /ssl/ and providing
/ssl/cert.crt
/ssl/cert.key
Generate self-signed certificate
Create a directory certs
in the same directory where you docker-compose or where you will run docker run command:
mkdir certs
cd certs
Generate SSL certificates using openssl
openssl req -x509 -nodes -days 3650 -subj "/CN=guacozy.example.com" -addext "subjectAltName=DNS:guacozy.example.com" -newkey rsa:4096 -keyout cert.key -out cert.crt;
Prepare commercial certificate
If you use your own certificate, concatenate you certificate and intermediate certificates in PEM format to single file
cat my-cert.pem intermediate-certs.pem > cert.crt
and put private key in PEM format to cert.key
Mount certificate folder to container
Now you can mount your cert
directory using bind mount:
docker run
```shell script docker run -it --rm -p 10080:80 -p 10443:443 -v ./certs:/ssl guacozy/guacozy-server
###### docker-compose
```yaml
services:
server:
image: guacozy/guacozy-server
volumes:
- ./certs:/ssl
...
Option: make generated certs persistent
You can make the certificates generated during startup static by providing a persistent volume to /ssl path
services:
server:
image: guacozy/guacozy-server
volumes:
- ssl:/ssl
...
volumes:
ssl:
staticfiles: