Environment
I'm trying to setup
- User-Machine: dockerized VNC-connected containers (in Docker network vm_network) for different purposes
These should be connected by the user using
- Guac: Apache Guacamole Web-Frontend (in Docker network web_network and vm_network)
- Guacd: Apache Guacamole Backend (in Docker network vm_network)
- Nginx RP: behind Nginx Reverse-Proxy (in Docker network web_network).
Is Working
Everything is working fine apart from the problem, that Guac/Guacd will see User-Machine from the Web Frontend if started with docker using the container build webhacking_webhacking:latest that results from the docker-compose build
with hostname webhacking_2 and IP 172.29.0.6:
$ docker run --rm --name "webhacking_2" --hostname "webhacking_2" --expose 5900 --network vm_network -e VNC_PASSWORD="start123" -it webhacking_webhacking:latest /bin/bash
2020-05-28 08:57:04,664 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message.
2020-05-28 08:57:04,664 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2020-05-28 08:57:04,671 INFO RPC interface 'supervisor' initialized
2020-05-28 08:57:04,671 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2020-05-28 08:57:04,672 INFO supervisord started with pid 11
2020-05-28 08:57:05,675 INFO spawned: 'xvfb' with pid 13
2020-05-28 08:57:05,679 INFO spawned: 'wm' with pid 14
2020-05-28 08:57:05,682 INFO spawned: 'lxpanel' with pid 15
2020-05-28 08:57:05,685 INFO spawned: 'pcmanfm' with pid 16
2020-05-28 08:57:05,688 INFO spawned: 'x11vnc' with pid 17
2020-05-28 08:57:06,714 INFO success: xvfb entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-05-28 08:57:06,714 INFO success: wm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-05-28 08:57:06,714 INFO success: lxpanel entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-05-28 08:57:06,714 INFO success: pcmanfm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-05-28 08:57:06,714 INFO success: x11vnc entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Guacamole-Logs
guacd_1 | guacd[7]: INFO: Creating new client for protocol "vnc"
guacd_1 | guacd[7]: INFO: Connection ID is "$67034bb0-91a7-48d6-b336-beb46fabfb22"
guacd_1 | guacd[9]: INFO: Cursor rendering: local
guacd_1 | guacd[9]: INFO: User "@3194c5cb-4a14-4e65-a874-e865ea75d558" joined connection "$67034bb0-91a7-48d6-b336-beb46fabfb22" (1 users now present)
guac_1 | 10:42:55.802 [http-nio-8080-exec-8] INFO o.a.g.tunnel.TunnelRequestService - User "guacadmin" connected to connection "3".
Doesn't working
The Guacamole Web Frontend doesn't see the machine, when run by docker-compose
with hostname webhacking_webhacking_1 and IP 172.29.0.5:
$ docker-compose up
Recreating webhacking_webhacking_1 ... done
Attaching to webhacking_webhacking_1
webhacking_1 | stored passwd in file: /.password2
webhacking_1 | 2020-05-28 08:54:58,448 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message.
webhacking_1 | 2020-05-28 08:54:58,448 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
webhacking_1 | 2020-05-28 08:54:58,455 INFO RPC interface 'supervisor' initialized
webhacking_1 | 2020-05-28 08:54:58,455 CRIT Server 'unix_http_server' running without any HTTP authentication checking
webhacking_1 | 2020-05-28 08:54:58,456 INFO supervisord started with pid 15
webhacking_1 | 2020-05-28 08:54:59,460 INFO spawned: 'xvfb' with pid 17
webhacking_1 | 2020-05-28 08:54:59,464 INFO spawned: 'wm' with pid 18
webhacking_1 | 2020-05-28 08:54:59,468 INFO spawned: 'lxpanel' with pid 19
webhacking_1 | 2020-05-28 08:54:59,475 INFO spawned: 'pcmanfm' with pid 20
webhacking_1 | 2020-05-28 08:54:59,479 INFO spawned: 'x11vnc' with pid 21
webhacking_1 | 2020-05-28 08:55:00,550 INFO success: xvfb entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
webhacking_1 | 2020-05-28 08:55:00,550 INFO success: wm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
webhacking_1 | 2020-05-28 08:55:00,550 INFO success: lxpanel entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
webhacking_1 | 2020-05-28 08:55:00,550 INFO success: pcmanfm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
webhacking_1 | 2020-05-28 08:55:00,550 INFO success: x11vnc entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
Guacamole-Logs
guacd_1 | guacd[7]: INFO: Creating new client for protocol "vnc"
guacd_1 | guacd[7]: INFO: Connection ID is "$afa16be3-4cd6-43f6-80b9-40a0c34d9d6d"
guacd_1 | guacd[9]: INFO: Cursor rendering: local
guacd_1 | guacd[9]: INFO: User "@9647b720-2c45-4922-9674-54d2e52a9c62" joined connection "$afa16be3-4cd6-43f6-80b9-40a0c34d9d6d" (1 users now present)
guac_1 | 10:39:22.733 [http-nio-8080-exec-4] INFO o.a.g.tunnel.TunnelRequestService - User "guacadmin" connected to connection "2".
guacd_1 | guacd[9]: ERROR: Unable to connect to VNC server.
guacd_1 | guacd[9]: INFO: User "@9647b720-2c45-4922-9674-54d2e52a9c62" disconnected (0 users remain)
guacd_1 | guacd[9]: INFO: Last user of connection "$afa16be3-4cd6-43f6-80b9-40a0c34d9d6d" disconnected
guac_1 | Exception in thread "Thread-6" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed
guac_1 | at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:424)
guac_1 | at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:309)
guac_1 | at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:250)
guac_1 | at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:191)
guac_1 | at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
guac_1 | at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152)
guac_1 | at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53)
guac_1 | at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253)
guac_1 | 10:39:22.961 [http-nio-8080-exec-2] INFO o.a.g.tunnel.TunnelRequestService - User "guacadmin" disconnected from connection "2". Duration: 222 milliseconds
guacd_1 | guacd[7]: INFO: Connection "$afa16be3-4cd6-43f6-80b9-40a0c34d9d6d" removed.
Machine Up Proof
- Both machines have working VNC service and exposed port 5900.
- Both machines are getting resolved and pinged from guac/guacd
$ docker exec -it guacamole_guac_1 /bin/bash
$ nmap -sV webhacking_webhacking_1 -p 5900
Starting Nmap 7.40 ( https://nmap.org ) at 2020-05-28 10:12 UTC
Nmap scan report for webhacking_webhacking_1 (172.29.0.5)
Host is up (0.00018s latency).
rDNS record for 172.29.0.5: webhacking_webhacking_1.vm_network
PORT STATE SERVICE VERSION
5900/tcp open vnc VNC (protocol 3.8)
MAC Address: 02:42:AC:1D:00:05 (Unknown)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds
root@guac:/opt/guacamole# nmap -sV webhacking_2 -p 5900
Starting Nmap 7.40 ( https://nmap.org ) at 2020-05-28 10:13 UTC
Nmap scan report for webhacking_2 (172.29.0.6)
Host is up (0.00015s latency).
rDNS record for 172.29.0.6: webhacking_2.vm_network
PORT STATE SERVICE VERSION
5900/tcp open vnc VNC (protocol 3.8)
MAC Address: 02:42:AC:1D:00:06 (Unknown)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.47 seconds
Question
It seems the websocket connection is somehow not working using docker-compose. Does anybody have an idea or experienced something similiar? Thank you.
Configs
docker-compose File
$ cat docker-compose.yml
version: '3.5'
networks:
vm_network:
external:
name: vm_network
services:
webhacking:
build:
context: webhacking-build
hostname: webhacking_1
restart: always
volumes:
- ./data/root:/root
- ./data/home:/home
- /dev/shm:/dev/shm
env_file:
- secrets/webhacking.env
expose:
- "5900"
networks:
- vm_network
#secrets/webhacking.env
VNC_PASSWORD="start123"
vm_network
# docker network inspect vm_network
[
{
"Name": "vm_network",
"Id": "e418112d4d58da6d376ef25cbf5677279ab499b2db1c2a5096c3d6e456f63087",
"Created": "2020-05-26T21:13:54.474337358+02:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.29.0.0/16",
"Gateway": "172.29.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"44e7ac918655bd441dd789c4fcc6b7c6c3d33603975e0034ae2fa75840bb488e": {
"Name": "webhacking_webhacking_1",
"EndpointID": "052d6f94785a52f2dc5f5ff59e1998cbcb21cfda4b9397de6333703ae71fd30d",
"MacAddress": "02:42:ac:1d:00:05",
"IPv4Address": "172.29.0.5/16",
"IPv6Address": ""
},
"5e392ff855e7504cb50f6315c93e045f7216654bad5f9230c5b6913763664202": {
"Name": "guacamole_postgres_1",
"EndpointID": "bcbef56dcade3bdd9663d68e73fbd5174287266b53eb8361cf053dfcb5889d29",
"MacAddress": "02:42:ac:1d:00:02",
"IPv4Address": "172.29.0.2/16",
"IPv6Address": ""
},
"92d1c06384a5cad66357b7c4de66115ed67f99b8bd4fa88b8ef8c73d31ec816e": {
"Name": "webhacking_2",
"EndpointID": "6940e7255536a8344fc503f06d6c3785a7a1d0f676ee2134bfb82a53231c9697",
"MacAddress": "02:42:ac:1d:00:06",
"IPv4Address": "172.29.0.6/16",
"IPv6Address": ""
},
"ce0b21324edb7cf2535724816d787836b8e66a8465027a7e2b055333ce4a3aa8": {
"Name": "guacamole_guac_1",
"EndpointID": "dad7c45b8482045e0066bddaaa364aed24fcf58751aa0ed59ba2e6a551c7c389",
"MacAddress": "02:42:ac:1d:00:04",
"IPv4Address": "172.29.0.4/16",
"IPv6Address": ""
},
"f4c0af6e0028113fc4dff56ee977a4ad7700d139cba5fe21f88257f2a5c4c391": {
"Name": "guacamole_guacd_1",
"EndpointID": "221bbf2229fd241026a07f8583000a64e8b5b10fd431ae7b8ba363c89a1f0921",
"MacAddress": "02:42:ac:1d:00:03",
"IPv4Address": "172.29.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
Versions
$ docker-compose -v
docker-compose version 1.21.0, build unknown
$ docker -v
Docker version 18.09.1, build 4c52b90
$ uname -a
Linux <hostname> 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1+deb10u1 (2020-04-27) x86_64 GNU/Linux
