| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| |
| # |
| # Dockerfile for guacamole-server |
| # |
| |
| # The Alpine Linux image that should be used as the basis for the guacd image |
| # NOTE: Using 3.18 because the required openssl1.1-compat-dev package was |
| # removed in more recent versions. |
| ARG ALPINE_BASE_IMAGE=3.18 |
| |
| # The target architecture of the build. Valid values are "ARM" and "X86". By |
| # default, this is detected automatically. |
| ARG BUILD_ARCHITECTURE |
| |
| # The number of processes that may run simultaneously during the build. By |
| # default, this is detected automatically. |
| ARG BUILD_JOBS |
| |
| # The directory that will house the guacamole-server source during the build |
| ARG BUILD_DIR=/tmp/guacamole-server |
| |
| # FreeRDP version (default to version 2) |
| ARG FREERDP_VERSION=2 |
| |
| # The final install location for guacamole-server and all dependencies. NOTE: |
| # This value is hard-coded in the entrypoint. Any change to this value must be |
| # propagated there. |
| ARG PREFIX_DIR=/opt/guacamole |
| |
| # |
| # Automatically select the latest versions of each core protocol support |
| # library (these can be overridden at build time if a specific version is |
| # needed) |
| # |
| ARG WITH_FREERDP="${FREERDP_VERSION}(\.\d+)+" |
| ARG WITH_LIBSSH2='libssh2-\d+(\.\d+)+' |
| ARG WITH_LIBTELNET='\d+(\.\d+)+' |
| ARG WITH_LIBVNCCLIENT='LibVNCServer-\d+(\.\d+)+' |
| ARG WITH_LIBWEBSOCKETS='v\d+(\.\d+)+' |
| |
| # |
| # Default build options for each core protocol support library, as well as |
| # guacamole-server itself (these can be overridden at build time if different |
| # options are needed) |
| # |
| |
| ARG FREERDP_ARM_OPTS="" |
| |
| ARG FREERDP_OPTS="\ |
| -DBUILTIN_CHANNELS=OFF \ |
| -DCHANNEL_URBDRC=OFF \ |
| -DWITH_ALSA=OFF \ |
| -DWITH_CAIRO=ON \ |
| -DWITH_CHANNELS=ON \ |
| -DWITH_CLIENT=ON \ |
| -DWITH_CUPS=OFF \ |
| -DWITH_DIRECTFB=OFF \ |
| -DWITH_FFMPEG=OFF \ |
| -DWITH_FUSE=OFF \ |
| -DWITH_GSM=OFF \ |
| -DWITH_GSSAPI=OFF \ |
| -DWITH_IPP=OFF \ |
| -DWITH_JPEG=ON \ |
| -DWITH_KRB5=ON \ |
| -DWITH_LIBSYSTEMD=OFF \ |
| -DWITH_MANPAGES=OFF \ |
| -DWITH_OPENH264=OFF \ |
| -DWITH_OPENSSL=ON \ |
| -DWITH_OSS=OFF \ |
| -DWITH_PCSC=OFF \ |
| -DWITH_PKCS11=OFF \ |
| -DWITH_PULSE=OFF \ |
| -DWITH_SERVER=OFF \ |
| -DWITH_SERVER_INTERFACE=OFF \ |
| -DWITH_SHADOW_MAC=OFF \ |
| -DWITH_SHADOW_X11=OFF \ |
| -DWITH_SWSCALE=OFF \ |
| -DWITH_WAYLAND=OFF \ |
| -DWITH_X11=OFF \ |
| -DWITH_X264=OFF \ |
| -DWITH_XCURSOR=ON \ |
| -DWITH_XEXT=ON \ |
| -DWITH_XI=OFF \ |
| -DWITH_XINERAMA=OFF \ |
| -DWITH_XKBFILE=ON \ |
| -DWITH_XRENDER=OFF \ |
| -DWITH_XTEST=OFF \ |
| -DWITH_XV=OFF \ |
| -DWITH_ZLIB=ON" |
| |
| ARG FREERDP_X86_OPTS="" |
| |
| ARG GUACAMOLE_SERVER_ARM_OPTS="" |
| |
| ARG GUACAMOLE_SERVER_OPTS="\ |
| --disable-guaclog \ |
| CPPFLAGS=-Wno-error=deprecated-declarations" |
| |
| ARG GUACAMOLE_SERVER_X86_OPTS="" |
| |
| ARG LIBSSH2_ARM_OPTS="" |
| |
| ARG LIBSSH2_OPTS="\ |
| -DBUILD_EXAMPLES=OFF \ |
| -DBUILD_SHARED_LIBS=ON" |
| |
| ARG LIBSSH2_X86_OPTS="" |
| |
| ARG LIBTELNET_ARM_OPTS="" |
| |
| ARG LIBTELNET_OPTS="\ |
| --disable-static \ |
| --disable-util" |
| |
| ARG LIBTELNET_X86_OPTS="" |
| |
| ARG LIBVNCCLIENT_ARM_OPTS="" |
| |
| ARG LIBVNCCLIENT_OPTS="" |
| |
| ARG LIBVNCCLIENT_X86_OPTS="" |
| |
| ARG LIBWEBSOCKETS_ARM_OPTS="" |
| |
| ARG LIBWEBSOCKETS_OPTS="\ |
| -DDISABLE_WERROR=ON \ |
| -DLWS_WITHOUT_SERVER=ON \ |
| -DLWS_WITHOUT_TESTAPPS=ON \ |
| -DLWS_WITHOUT_TEST_CLIENT=ON \ |
| -DLWS_WITHOUT_TEST_PING=ON \ |
| -DLWS_WITHOUT_TEST_SERVER=ON \ |
| -DLWS_WITHOUT_TEST_SERVER_EXTPOLL=ON \ |
| -DLWS_WITH_STATIC=OFF" |
| |
| ARG LIBWEBSOCKETS_X86_OPTS="" |
| |
| # |
| # Base builder image that will be used by subsequent build stages, including |
| # for building dependencies of guacamole-server. |
| # |
| |
| FROM alpine:${ALPINE_BASE_IMAGE} AS builder |
| ARG BUILD_DIR |
| |
| # Install build dependencies |
| RUN apk add --no-cache \ |
| autoconf \ |
| automake \ |
| build-base \ |
| cairo-dev \ |
| cjson-dev \ |
| cmake \ |
| cunit-dev \ |
| git \ |
| grep \ |
| krb5-dev \ |
| libjpeg-turbo-dev \ |
| libpng-dev \ |
| libtool \ |
| libwebp-dev \ |
| make \ |
| openssl1.1-compat-dev \ |
| pango-dev \ |
| pulseaudio-dev \ |
| sdl2-dev \ |
| sdl2_ttf-dev \ |
| util-linux-dev \ |
| webkit2gtk-dev |
| |
| # Copy generic, automatic build script |
| COPY ./src/guacd-docker/bin/autobuild.sh ${BUILD_DIR}/src/guacd-docker/bin/ |
| |
| # |
| # Build dependency: libssh2 |
| # |
| |
| FROM builder AS libssh2 |
| ARG BUILD_DIR |
| ARG LIBSSH2_ARM_OPTS |
| ARG LIBSSH2_OPTS |
| ARG LIBSSH2_X86_OPTS |
| ARG PREFIX_DIR |
| ARG WITH_LIBSSH2 |
| |
| RUN ${BUILD_DIR}/src/guacd-docker/bin/autobuild.sh "LIBSSH2" \ |
| "https://github.com/libssh2/libssh2" |
| |
| # |
| # Build dependency: libtelnet |
| # |
| |
| FROM builder AS libtelnet |
| ARG BUILD_DIR |
| ARG LIBTELNET_ARM_OPTS |
| ARG LIBTELNET_OPTS |
| ARG LIBTELNET_X86_OPTS |
| ARG PREFIX_DIR |
| ARG WITH_LIBTELNET |
| |
| RUN ${BUILD_DIR}/src/guacd-docker/bin/autobuild.sh "LIBTELNET" \ |
| "https://github.com/seanmiddleditch/libtelnet" |
| |
| # |
| # Build dependency: libvncclient |
| # |
| |
| FROM builder AS libvncclient |
| ARG BUILD_DIR |
| ARG LIBVNCCLIENT_ARM_OPTS |
| ARG LIBVNCCLIENT_OPTS |
| ARG LIBVNCCLIENT_X86_OPTS |
| ARG PREFIX_DIR |
| ARG WITH_LIBVNCCLIENT |
| |
| RUN ${BUILD_DIR}/src/guacd-docker/bin/autobuild.sh "LIBVNCCLIENT" \ |
| "https://github.com/LibVNC/libvncserver" |
| |
| # |
| # Build dependency: libwebsockets |
| # |
| |
| FROM builder AS libwebsockets |
| ARG BUILD_DIR |
| ARG LIBWEBSOCKETS_ARM_OPTS |
| ARG LIBWEBSOCKETS_OPTS |
| ARG LIBWEBSOCKETS_X86_OPTS |
| ARG PREFIX_DIR |
| ARG WITH_LIBWEBSOCKETS |
| |
| RUN ${BUILD_DIR}/src/guacd-docker/bin/autobuild.sh "LIBWEBSOCKETS" \ |
| "https://github.com/warmcat/libwebsockets" |
| |
| # |
| # Build dependency: FreeRDP |
| # |
| |
| FROM builder AS freerdp |
| ARG BUILD_DIR |
| ARG FREERDP_ARM_OPTS |
| ARG FREERDP_OPTS |
| ARG FREERDP_X86_OPTS |
| ARG PREFIX_DIR |
| ARG WITH_FREERDP |
| |
| RUN ${BUILD_DIR}/src/guacd-docker/bin/autobuild.sh "FREERDP" \ |
| "https://github.com/FreeRDP/FreeRDP" |
| |
| # |
| # STAGE 7: Collect dependencies built by previous stages and build |
| # guacamole-server. |
| # |
| |
| FROM builder AS guacamole-server |
| ARG BUILD_DIR |
| ARG FREERDP_VERSION |
| ARG GUACAMOLE_SERVER_ARM_OPTS |
| ARG GUACAMOLE_SERVER_OPTS |
| ARG GUACAMOLE_SERVER_X86_OPTS |
| ARG PREFIX_DIR |
| |
| # Copy dependencies built in previous stages |
| COPY --from=freerdp ${PREFIX_DIR} ${PREFIX_DIR} |
| COPY --from=libssh2 ${PREFIX_DIR} ${PREFIX_DIR} |
| COPY --from=libtelnet ${PREFIX_DIR} ${PREFIX_DIR} |
| COPY --from=libvncclient ${PREFIX_DIR} ${PREFIX_DIR} |
| COPY --from=libwebsockets ${PREFIX_DIR} ${PREFIX_DIR} |
| |
| # Use guacamole-server source from build context |
| COPY . ${BUILD_DIR} |
| |
| RUN ${BUILD_DIR}/src/guacd-docker/bin/autobuild.sh "GUACAMOLE_SERVER" "${BUILD_DIR}" |
| |
| # Determine location of the FREERDP library based on the version. |
| ARG FREERDP_LIB_PATH=${PREFIX_DIR}/lib/freerdp${FREERDP_VERSION} |
| |
| # Record the packages of all runtime library dependencies |
| RUN ${BUILD_DIR}/src/guacd-docker/bin/list-dependencies.sh \ |
| ${PREFIX_DIR}/sbin/guacd \ |
| ${PREFIX_DIR}/lib/libguac-client-*.so \ |
| ${FREERDP_LIB_PATH}/*guac*.so \ |
| > ${PREFIX_DIR}/DEPENDENCIES |
| |
| # |
| # STAGE 8: Final, runtime image. |
| # |
| |
| # Use same Alpine version as the base for the runtime image |
| FROM alpine:${ALPINE_BASE_IMAGE} AS runtime |
| ARG PREFIX_DIR |
| |
| # Copy build artifacts into this stage |
| COPY --from=guacamole-server ${PREFIX_DIR} ${PREFIX_DIR} |
| |
| # Bring runtime environment up to date and install runtime dependencies |
| RUN apk add --no-cache \ |
| ca-certificates \ |
| font-noto-cjk \ |
| ghostscript \ |
| netcat-openbsd \ |
| shadow \ |
| terminus-font \ |
| ttf-dejavu \ |
| ttf-liberation \ |
| util-linux-login && \ |
| xargs apk add --no-cache < ${PREFIX_DIR}/DEPENDENCIES |
| |
| # Runtime environment |
| ENV LC_ALL=C.UTF-8 |
| ENV LD_LIBRARY_PATH=${PREFIX_DIR}/lib |
| |
| # Checks the operating status every 5 minutes with a timeout of 5 seconds |
| HEALTHCHECK --interval=5m --timeout=5s CMD nc -z 127.0.0.1 4822 || exit 1 |
| |
| # Create a new user guacd |
| ARG UID=1000 |
| ARG GID=1000 |
| RUN groupadd --gid $GID guacd |
| RUN useradd --system --create-home --shell /sbin/nologin --uid $UID --gid $GID guacd |
| |
| # Run with user guacd |
| USER guacd |
| |
| # Expose the default listener port |
| EXPOSE 4822 |
| |
| COPY ./src/guacd-docker/bin/entrypoint.sh /opt/guacamole/ |
| ENTRYPOINT [ "/opt/guacamole/entrypoint.sh" ] |
