79 lines
2.9 KiB
Docker
79 lines
2.9 KiB
Docker
# syntax=docker/dockerfile:1
|
|
#
|
|
# Custom guacd image built against FreeRDP 3.x on Ubuntu 24.04.
|
|
#
|
|
# Why: The official guacamole/guacd image uses FreeRDP 2.x, which crashes
|
|
# silently when connecting to Windows 11 22H2+ hosts due to NLA/CredSSP
|
|
# cipher-suite changes introduced by Microsoft. FreeRDP 3.x fixes this.
|
|
# Ubuntu 24.04 ships freerdp3-dev (FreeRDP 3.5.1+) in its universe repo.
|
|
#
|
|
# Source: built from git main branch (post-1.6.0) to pick up FreeRDP 3.x
|
|
# crash fixes that landed after the June 2025 release tarball.
|
|
#
|
|
# Build notes:
|
|
# - CPPFLAGS=-Wno-error=deprecated-declarations suppresses build-time warnings from
|
|
# FreeRDP 3.x headers marking some fields/functions as deprecated; these are
|
|
# warnings only and do NOT affect runtime behavior.
|
|
# - CPPFLAGS=-DHAVE_FREERDP_VERIFYCERTIFICATEEX=1 fixes a macro name mismatch bug
|
|
# in guacamole-server 1.6.0: configure.ac's AC_CHECK_MEMBERS generates the macro
|
|
# HAVE_STRUCT_FREERDP_VERIFYCERTIFICATEEX (with STRUCT_ infix), but rdp.c checks
|
|
# HAVE_FREERDP_VERIFYCERTIFICATEEX (without STRUCT_ infix), so the check is always
|
|
# false. This means guacamole never registers the VerifyCertificateEx callback, which
|
|
# FreeRDP 3.x calls during TLS certificate verification. The NULL callback causes a
|
|
# silent connection drop ~430ms after keymap loading. Defining the macro manually
|
|
# forces rdp.c to register rdp_inst->VerifyCertificateEx (correct FreeRDP 3.x path)
|
|
# instead of the legacy rdp_inst->VerifyCertificate (padding in FreeRDP 3.x).
|
|
|
|
FROM ubuntu:24.04
|
|
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
|
|
# Build dependencies
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
autoconf \
|
|
automake \
|
|
build-essential \
|
|
ca-certificates \
|
|
curl \
|
|
gdb \
|
|
git \
|
|
freerdp3-dev \
|
|
libcairo2-dev \
|
|
libjpeg-turbo8-dev \
|
|
libossp-uuid-dev \
|
|
libpango1.0-dev \
|
|
libpng-dev \
|
|
libpulse-dev \
|
|
libssl-dev \
|
|
libssh2-1-dev \
|
|
libtelnet-dev \
|
|
libtool \
|
|
libvncserver-dev \
|
|
libwebp-dev \
|
|
libwebsockets-dev \
|
|
pkgconf \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
RUN FREERDP_PLUGIN_DIR=$(pkg-config --variable=libdir freerdp3 2>/dev/null)/freerdp3 \
|
|
&& echo "Building guacamole-server (git main) with FreeRDP plugin dir: ${FREERDP_PLUGIN_DIR}" \
|
|
&& git clone --depth=1 https://github.com/apache/guacamole-server.git \
|
|
&& cd guacamole-server \
|
|
&& autoreconf -fi \
|
|
&& CPPFLAGS="-Wno-error=deprecated-declarations -DHAVE_FREERDP_VERIFYCERTIFICATEEX=1" \
|
|
CFLAGS="-g -O0" \
|
|
./configure \
|
|
--prefix=/usr \
|
|
--sysconfdir=/etc \
|
|
--with-freerdp-plugin-dir="${FREERDP_PLUGIN_DIR}" \
|
|
&& make -j"$(nproc)" \
|
|
&& make install \
|
|
&& ldconfig \
|
|
&& cd / && rm -rf guacamole-server
|
|
|
|
# guacd log level is passed via -L flag; exposed as env var for docker-compose
|
|
ENV GUACD_LOG_LEVEL=info
|
|
|
|
EXPOSE 4822
|
|
|
|
CMD sh -c "ulimit -c unlimited && exec /usr/sbin/guacd -b 0.0.0.0 -f -L \"${GUACD_LOG_LEVEL}\""
|