Deployment Overview of Apache Guacamole + Xfce on Server¶

Prerequisites and Basic Requirements¶

• Operating System: Linux distribution compatible with Docker Engine.

• Privileges: Root access or sudo privileges are required to manage Docker services and configure the system.

• Domain Zone: hostkey.in.

• Required Ports:

  • Port 8080 (Internal application port).

  • Port 443 (External HTTPS access).

  • Port 80 (Required for Let's Encrypt certificate validation).

FQDN of the Final Panel¶

The application is accessible via the fully qualified domain name (FQDN) generated based on the server identifier. The format follows the pattern: guacamole<Server ID>.hostkey.in:443

• Base Domain: hostkey.in

• Subdomain Prefix: guacamole

• Path: /guacamole/

• Access URL Example: https://guacamole1.hostkey.in/guacamole/

File and Directory Structure¶

The deployment utilizes the following directory structure for configuration files, data storage, and certificates:

• Nginx Configuration Directory: /root/nginx/

  • Contains the Docker Compose definition file: /root/nginx/compose.yml.

• Nginx User Configuration: /data/nginx/user_conf.d/

  • Mounted inside the container at /etc/nginx/user_conf.d.

• Nginx Environment Variables: /data/nginx/nginx-certbot.env

  • Stores environment variables required by the Nginx and Certbot service.

• SSL Certificates Storage: /etc/letsencrypt

  • Stored on the nginx_secrets Docker volume to persist Let's Encrypt certificates.

Docker Containers and Their Deployment¶

The application proxy and SSL termination are managed via a Docker Compose stack located at /root/nginx/compose.yml.

Container Configuration¶

The deployment uses the following service definition:

• Service Name: nginx

• Image: jonasal/nginx-certbot:latest

• Restart Policy: unless-stopped

• Network Mode: host

• Environment Variables:

  • CERTBOT_EMAIL: Set to [email protected].

• Volumes:

  • nginx_secrets mounted to /etc/letsencrypt (External volume).

  • Host directory /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d.

Deployment Command¶

To start the service, navigate to the configuration directory and execute the following command:

cd /root/nginx
docker compose up -d

Proxy Servers¶

The deployment includes an Nginx reverse proxy container that handles SSL termination using Let's Encrypt via Certbot.

• Proxy Image: jonasal/nginx-certbot:latest

• SSL Provider: Let's Encrypt (managed automatically by the container).

• Custom Domain: The service resolves to the guacamole<Server ID>.hostkey.in domain.

• Routing:

  • External traffic on port 443 is routed to the internal path /guacamole/.

  • The proxy forwards requests to the internal application port 8080.

Permission Settings¶

File and directory permissions are configured as follows to ensure proper operation of the Docker Compose stack:

• Directory: /root/nginx/

  • Owner: root

  • Group: root

  • Mode: 0644

• File: /root/nginx/compose.yml

  • Owner: root

  • Group: root

  • Mode: 0644

Location of Configuration Files and Data¶

• Docker Compose File: /root/nginx/compose.yml

• Nginx Configuration Environment: /data/nginx/nginx-certbot.env

• Nginx User Configs: /data/nginx/user_conf.d/

• SSL Certificates: Stored within the nginx_secrets volume (mapped from /etc/letsencrypt inside the container).

Available Ports for Connection¶

• Port 8080: Internal communication port for the Apache Guacamole application.

• Port 443: External secure HTTPS port for client access.

• Port 80: Required for HTTP-01 challenges during SSL certificate issuance by Let's Encrypt.

Starting, Stopping, and Updating¶

Service management is handled via Docker Compose commands executed within the /root/nginx/ directory.

• Start the Service:

  cd /root/nginx
  docker compose up -d
  

• Stop the Service:

  cd /root/nginx
  docker compose down
  

• Update the Service: To update the Nginx/Certbot container to the latest image version:

  cd /root/nginx
  docker compose pull
  docker compose up -d