From 6e9719d331a51af3721c1aed7cb06d4a32972223 Mon Sep 17 00:00:00 2001 From: felixg Date: Sun, 22 Feb 2026 14:46:39 +0100 Subject: [PATCH] Add custom guacd Dockerfile with FreeRDP 3.x to fix Windows 11 NLA crash The official guacamole/guacd image ships FreeRDP 2.x, which crashes silently when connecting to Windows 11 22H2+ hosts due to NLA/CredSSP cipher-suite changes. FreeRDP 3.x resolves this. - docker/guacd.Dockerfile: builds guacamole-server 1.6.0 from source on Ubuntu 24.04 against freerdp3-dev (FreeRDP 3.5.1+); uses CPPFLAGS=-Wno-error=deprecated-declarations to suppress upstream deprecation warnings in freerdp3 headers - docker-compose.yml: switch guacd service from official image to local build Co-Authored-By: Claude Sonnet 4.6 --- docker-compose.yml | 4 ++- docker/guacd.Dockerfile | 66 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 docker/guacd.Dockerfile diff --git a/docker-compose.yml b/docker-compose.yml index 13a99ab..266d30d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,7 +17,9 @@ services: retries: 10 guacd: - image: guacamole/guacd:latest + build: + context: . + dockerfile: docker/guacd.Dockerfile restart: unless-stopped environment: GUACD_LOG_LEVEL: debug diff --git a/docker/guacd.Dockerfile b/docker/guacd.Dockerfile new file mode 100644 index 0000000..996785e --- /dev/null +++ b/docker/guacd.Dockerfile @@ -0,0 +1,66 @@ +# syntax=docker/dockerfile:1 +# +# Custom guacd image built against FreeRDP 3.x on Ubuntu 24.04. +# +# Why: The official guacamole/guacd image uses FreeRDP 2.x, which crashes +# silently when connecting to Windows 11 22H2+ hosts due to NLA/CredSSP +# cipher-suite changes introduced by Microsoft. FreeRDP 3.x fixes this. +# guacamole-server 1.6.0 (June 2025) has explicit FreeRDP 3.x support. +# Ubuntu 24.04 ships freerdp3-dev (FreeRDP 3.5.1+) in its universe repo. +# +# Note: FreeRDP 3.x support in guacamole is currently marked experimental +# for some features (RemoteApp), but basic RDP/NLA works correctly. + +FROM ubuntu:24.04 + +ENV DEBIAN_FRONTEND=noninteractive + +# Build dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + autoconf \ + automake \ + build-essential \ + ca-certificates \ + curl \ + freerdp3-dev \ + libcairo2-dev \ + libjpeg-turbo8-dev \ + libossp-uuid-dev \ + libpango1.0-dev \ + libpng-dev \ + libpulse-dev \ + libssl-dev \ + libssh2-1-dev \ + libtelnet-dev \ + libtool \ + libvncserver-dev \ + libwebp-dev \ + libwebsockets-dev \ + pkgconf \ + && rm -rf /var/lib/apt/lists/* + +ARG GUACAMOLE_VERSION=1.6.0 + +RUN FREERDP_PLUGIN_DIR=$(pkg-config --variable=libdir freerdp3 2>/dev/null)/freerdp3 \ + && echo "Building guacamole-server ${GUACAMOLE_VERSION} with FreeRDP plugin dir: ${FREERDP_PLUGIN_DIR}" \ + && curl -fsSL \ + "https://downloads.apache.org/guacamole/${GUACAMOLE_VERSION}/source/guacamole-server-${GUACAMOLE_VERSION}.tar.gz" \ + | tar -xzf - \ + && cd "guacamole-server-${GUACAMOLE_VERSION}" \ + && autoreconf -fi \ + && CPPFLAGS="-Wno-error=deprecated-declarations" \ + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --with-freerdp-plugin-dir="${FREERDP_PLUGIN_DIR}" \ + && make -j"$(nproc)" \ + && make install \ + && ldconfig \ + && cd / && rm -rf "guacamole-server-${GUACAMOLE_VERSION}" + +# guacd log level is passed via -L flag; exposed as env var for docker-compose +ENV GUACD_LOG_LEVEL=info + +EXPOSE 4822 + +CMD sh -c "exec /usr/sbin/guacd -b 0.0.0.0 -f -L \"${GUACD_LOG_LEVEL}\""