Guacamole

Guacamole

Docker app from Cabé's Repository

Overview

Clientless remote desktop gateway. Supports standard protocols like VNC and RDP. Uses internal MariaDB or external database source authentication and data storage. Initial username and password are guacadmin.

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, SSH, and Telnet. This docker primarily has a MariaDB database built-in for authentication and configuration. It also has support for external database server (mysql/mariadb, sqlserver or postgresql) and authentication providers: ldap, duo, totp, cas, openid, saml, ssl, json, header, quickconnect. Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.

For general usage of Apache Guacamole the full manual is located here: https://guacamole.apache.org/doc/gug/

The project is based on the work of Zuhkov zuhkov@gmail.com⁠, aptalca and Jason Bean, updated by cleao to latest version of guacamole.

All the required configuration for the authentication methods is provided by the template/environment variables. Internal MariaDB is the default authentication and configuration method if no external database server is specifyed in the EXTENSION_PRIORITY environment variable. You can add additional configuration editing guacamole config file (/config/guacamole/guacamole.properties) but don't change the required parameters (see in manual) for authentication, they are automaticly filled by the docker template options/environment variables If using an external database server (Mysql/MariaDB, Postgresql or MSSQLserver) you must provide it with guacamole schema and an user, more info: https://guacamole.apache.org/doc/gug/jdbc-auth.html In the option EXTENSION_PRIORITY you can add comma-separated list of external database server (mysql, sqlserver or postgresql) and authentication providers (ldap, duo, totp, cas, openid, saml, ssl, json, header, quickconnect) that should be acessed in specific order (don't specify "*" here) - INTERNAL (MariaDB) IS USED IF ANY DATABASE SERVER IS SPECIFYED! All other options are self explained or you can use the manual located here: https://guacamole.apache.org/doc/gug

Docker run example: docker run -d --name='Guacamole' --net='bridge' -e 'EXTENSION_PRIORITY'='' -e 'PUID'='99' -e 'PGID'='100' -p '8080:8080/tcp' -v 'watheverpathyouwant':'/config':'rw' 'cleao/guacamole'

Session recordings when properly configured in GUI will be stored in the configurable Environment Path to be accessible outside docker. Once the Guacamole image is running, will be accessible at: http://your-host-ip:8080 and login with user and password: guacadmin

Apache Guacamole copyright The Apache Software Foundation, Licenced under the Apache License, Version 9

..................

Environment variables:

EXTENSION_PRIORITY: Comma-separated list of external database server (mysql, sqlserver or postgresql) (mysql if use Mariadb) and authentication providers (ldap, duo, totp, cas, openid, saml, ssl, json, header, quickconnect) that should be acessed in the specific order. Use internal (MariaDB) if no external database chosen or the next four database parameters/variables are not specifyed (database validation), Don't use * (asterisk), every needed extensions must be explicity described by the execution order (to use any authentication provider with internal Mariadb, specify 'mysql' with no database validation parameters/variables) DATABASE_HOSTNAME: External database server name or IP adress:port, DATABASE_NAME: External database name, DATABASE_USERNAME: External database user name, DATABASE_PASSWORD: External database password, LDAP_HOSTNAME: External LDAP server name or IP adress, and port, LDAP_USER_BASE_DN: External LDAP user base dn, DUO_API_HOSTNAME: External duo api hostname, DUO_CLIENT_ID: External duo client id, DUO_CLIENT_SECRET: External duo client secret, DUO_REDIRECT_URI: External duo client uri, CAS_AUTHORIZATION_ENDPOINT: CAS authorization endpoint, CAS_REDIRECT_URI: CAS redirect uri, OPENID_AUTHORIZATION_ENDPOINT: OPENID authorization endpoint, OPENID_JWKS_ENDPOINT: OPENID jwks endpoint, OPENID_ISSUER: OPENID issuer, OPENID_CLIENT_ID: OPENID client id, OPENID_REDIRECT_URI; OPENID redirect uri, SSL_AUTH_URI: SSL auth uri, SSL_AUTH_PRIMARY_URI: SSL auth primary uri, JSON_SECRET_KEY: JSON secret key,

Additional optional properties can be added inside docker /config/guacamole/guacamole.properties
Container Path: /config: AppData Config Path Container Path: /var/lib/guacamole/recordings

Internal port: 8080

..................

UPDATE HYSTORY:

Latest version (1.0.6):

  • Not specifying the four database validation variables/parameters, the internal Mariadb is used independently of being specified or not in the EXTENSION_PRIORITY parameter/variable
  • Minor code refinements

(1.0.5):

  • New variable in guacamole.properties: openid-username-claim-type: preferred_username The claim type within any valid JWT that contains the authenticated user’s username. By default, the “email” claim type is used
  • Minor code refinements
  • Apache Tomcat 9.0.118 (2026-05-10)
  • Mai/2026 client and server official docker images
  • Mysql connector 9.6.0 -> 9.7.0
  • Postgresql connector 42.7.10 -> 42.7.11
  • MSSQL connector 13.2.1 -> 13.4.0

(1.0.4):

  • Last client and server Docker from apache (9/3/2026)
  • openjdk11-jdk -> openjdk17-jdk
  • Mysql connector 9.5.0 -> 9.6.0
  • Postgresql connector 42.7.8 -> 42.7.10

Install Guacamole on Unraid in a few clicks.

Find Guacamole in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.

Open the Apps tab on your Unraid server Search Community Apps for Guacamole Review the template variables and paths Click Install

Categories

Download Statistics

11,497
Total Downloads

Related apps

Explore more like this

Explore all

Details

Repository
cleao/guacamole:latest
Last Updated2026-06-11
First Seen2025-09-28

Runtime arguments

Web UI
http://[IP]:[PORT:8080]
Network
bridge
Shell
bash
Privileged
false

Template configuration

Web PortPorttcp
Target
8080
Default
8080
Value
8088
External authentication provider(s)Variable

Comma-separated list of external database server (mysql, sqlserver or postgresql) and authentication providers (ldap, duo, totp, cas, openid, saml, ssl, json, header, quickconnect) that should be acessed in specific order. Use internal (MariaDB) if any external database chosen

Target
EXTENSION_PRIORITY
DATABASE_HOSTNAME:PORTVariable

External database server name or IP adress, and port

Target
DATABASE_HOSTNAME
DATABASE_NAMEVariable

External database name

DATABASE_USERNAMEVariable

External database user name

DATABASE_PASSWORDVariable

External database password

LDAP_HOSTNAME:PORTVariable

External LDAP server name or IP adress, and port

Target
LDAP_HOSTNAME
LDAP_USER_BASE_DNVariable

External LDAP user base dn

DUO_API_HOSTNAMEVariable

External duo api hostname

DUO_CLIENT_IDVariable

External duo client id

DUO_CLIENT_SECRETVariable

External duo client secret

DUO_REDIRECT_URIVariable

External duo client uri

CAS_AUTHORIZATION_ENDPOINTVariable

CAS authorization endpoint

CAS_REDIRECT_URIVariable

CAS redirect uri

OPENID_AUTHORIZATION_ENDPOINTVariable

OPENID authorization endpoint

OPENID_JWKS_ENDPOINTVariable

OPENID jwks endpoint

OPENID_ISSUERVariable

OPENID issuer

OPENID_CLIENT_IDVariable

OPENID client id

OPENID_REDIRECT_URIVariable

OPENID redirect uri

SSL_AUTH_URIVariable

SSL auth uri

SSL_AUTH_PRIMARY_URIVariable

SSL auth primary uri

JSON_SECRET_KEYVariable

JSON secret key

Session recordings pathPathrw
Target
/var/lib/guacamole/recordings
AppData Config PathPathrw
Target
/config
Default
/mnt/user/appdata/Guacamole