# syntax=docker/dockerfile:1
#
# Custom guacd image built against FreeRDP 3.x on Ubuntu 24.04.
#
# Why: The official guacamole/guacd image uses FreeRDP 2.x, which crashes
# silently when connecting to Windows 11 22H2+ hosts due to NLA/CredSSP
# cipher-suite changes introduced by Microsoft. FreeRDP 3.x fixes this.
# Ubuntu 24.04 ships freerdp3-dev (FreeRDP 3.5.1+) in its universe repo.
#
# Source: built from git main branch (post-1.6.0) to pick up FreeRDP 3.x
# crash fixes that landed after the June 2025 release tarball.
#
# Build notes:
# - CPPFLAGS=-Wno-error=deprecated-declarations suppresses build-time warnings from
#   FreeRDP 3.x headers marking some fields/functions as deprecated; these are
#   warnings only and do NOT affect runtime behavior.
# - CPPFLAGS=-DHAVE_FREERDP_VERIFYCERTIFICATEEX=1 fixes a macro name mismatch bug
#   in guacamole-server 1.6.0: configure.ac's AC_CHECK_MEMBERS generates the macro
#   HAVE_STRUCT_FREERDP_VERIFYCERTIFICATEEX (with STRUCT_ infix), but rdp.c checks
#   HAVE_FREERDP_VERIFYCERTIFICATEEX (without STRUCT_ infix), so the check is always
#   false. This means guacamole never registers the VerifyCertificateEx callback, which
#   FreeRDP 3.x calls during TLS certificate verification. The NULL callback causes a
#   silent connection drop ~430ms after keymap loading. Defining the macro manually
#   forces rdp.c to register rdp_inst->VerifyCertificateEx (correct FreeRDP 3.x path)
#   instead of the legacy rdp_inst->VerifyCertificate (padding in FreeRDP 3.x).

FROM ubuntu:24.04

ENV DEBIAN_FRONTEND=noninteractive

# Build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    autoconf \
    automake \
    build-essential \
    ca-certificates \
    curl \
    gdb \
    git \
    freerdp3-dev \
    libcairo2-dev \
    libjpeg-turbo8-dev \
    libossp-uuid-dev \
    libpango1.0-dev \
    libpng-dev \
    libpulse-dev \
    libssl-dev \
    libssh2-1-dev \
    libtelnet-dev \
    libtool \
    libvncserver-dev \
    libwebp-dev \
    libwebsockets-dev \
    pkgconf \
    && rm -rf /var/lib/apt/lists/*

RUN FREERDP_PLUGIN_DIR=$(pkg-config --variable=libdir freerdp3 2>/dev/null)/freerdp3 \
    && echo "Building guacamole-server (git main) with FreeRDP plugin dir: ${FREERDP_PLUGIN_DIR}" \
    && git clone --depth=1 https://github.com/apache/guacamole-server.git \
    && cd guacamole-server \
    && autoreconf -fi \
    && CPPFLAGS="-Wno-error=deprecated-declarations -DHAVE_FREERDP_VERIFYCERTIFICATEEX=1" \
       CFLAGS="-g -O0" \
       ./configure \
           --prefix=/usr \
           --sysconfdir=/etc \
           --with-freerdp-plugin-dir="${FREERDP_PLUGIN_DIR}" \
    && make -j"$(nproc)" \
    && make install \
    && ldconfig \
    && cd / && rm -rf guacamole-server

# guacd log level is passed via -L flag; exposed as env var for docker-compose
ENV GUACD_LOG_LEVEL=info

EXPOSE 4822

CMD sh -c "ulimit -c unlimited && exec /usr/sbin/guacd -b 0.0.0.0 -f -L \"${GUACD_LOG_LEVEL}\""