346 lines
9.1 KiB
Docker
346 lines
9.1 KiB
Docker
#
|
|
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
|
|
#
|
|
# Dockerfile for guacamole-server
|
|
#
|
|
|
|
# The Alpine Linux image that should be used as the basis for the guacd image
|
|
# NOTE: Using 3.18 because the required openssl1.1-compat-dev package was
|
|
# removed in more recent versions.
|
|
ARG ALPINE_BASE_IMAGE=3.18
|
|
|
|
# The target architecture of the build. Valid values are "ARM" and "X86". By
|
|
# default, this is detected automatically.
|
|
ARG BUILD_ARCHITECTURE
|
|
|
|
# The number of processes that may run simultaneously during the build. By
|
|
# default, this is detected automatically.
|
|
ARG BUILD_JOBS
|
|
|
|
# The directory that will house the guacamole-server source during the build
|
|
ARG BUILD_DIR=/tmp/guacamole-server
|
|
|
|
# FreeRDP version (default to version 2)
|
|
ARG FREERDP_VERSION=2
|
|
|
|
# The final install location for guacamole-server and all dependencies. NOTE:
|
|
# This value is hard-coded in the entrypoint. Any change to this value must be
|
|
# propagated there.
|
|
ARG PREFIX_DIR=/opt/guacamole
|
|
|
|
#
|
|
# Automatically select the latest versions of each core protocol support
|
|
# library (these can be overridden at build time if a specific version is
|
|
# needed)
|
|
#
|
|
ARG WITH_FREERDP="${FREERDP_VERSION}(\.\d+)+"
|
|
ARG WITH_LIBSSH2='libssh2-\d+(\.\d+)+'
|
|
ARG WITH_LIBTELNET='\d+(\.\d+)+'
|
|
ARG WITH_LIBVNCCLIENT='LibVNCServer-\d+(\.\d+)+'
|
|
ARG WITH_LIBWEBSOCKETS='v\d+(\.\d+)+'
|
|
|
|
#
|
|
# Default build options for each core protocol support library, as well as
|
|
# guacamole-server itself (these can be overridden at build time if different
|
|
# options are needed)
|
|
#
|
|
|
|
ARG FREERDP_ARM_OPTS=""
|
|
|
|
ARG FREERDP_OPTS="\
|
|
-DBUILTIN_CHANNELS=OFF \
|
|
-DCHANNEL_URBDRC=OFF \
|
|
-DWITH_ALSA=OFF \
|
|
-DWITH_CAIRO=ON \
|
|
-DWITH_CHANNELS=ON \
|
|
-DWITH_CLIENT=ON \
|
|
-DWITH_CUPS=OFF \
|
|
-DWITH_DIRECTFB=OFF \
|
|
-DWITH_FFMPEG=OFF \
|
|
-DWITH_FUSE=OFF \
|
|
-DWITH_GSM=OFF \
|
|
-DWITH_GSSAPI=OFF \
|
|
-DWITH_IPP=OFF \
|
|
-DWITH_JPEG=ON \
|
|
-DWITH_KRB5=ON \
|
|
-DWITH_LIBSYSTEMD=OFF \
|
|
-DWITH_MANPAGES=OFF \
|
|
-DWITH_OPENH264=OFF \
|
|
-DWITH_OPENSSL=ON \
|
|
-DWITH_OSS=OFF \
|
|
-DWITH_PCSC=OFF \
|
|
-DWITH_PKCS11=OFF \
|
|
-DWITH_PULSE=OFF \
|
|
-DWITH_SERVER=OFF \
|
|
-DWITH_SERVER_INTERFACE=OFF \
|
|
-DWITH_SHADOW_MAC=OFF \
|
|
-DWITH_SHADOW_X11=OFF \
|
|
-DWITH_SWSCALE=OFF \
|
|
-DWITH_WAYLAND=OFF \
|
|
-DWITH_X11=OFF \
|
|
-DWITH_X264=OFF \
|
|
-DWITH_XCURSOR=ON \
|
|
-DWITH_XEXT=ON \
|
|
-DWITH_XI=OFF \
|
|
-DWITH_XINERAMA=OFF \
|
|
-DWITH_XKBFILE=ON \
|
|
-DWITH_XRENDER=OFF \
|
|
-DWITH_XTEST=OFF \
|
|
-DWITH_XV=OFF \
|
|
-DWITH_ZLIB=ON"
|
|
|
|
ARG FREERDP_X86_OPTS=""
|
|
|
|
ARG GUACAMOLE_SERVER_ARM_OPTS=""
|
|
|
|
ARG GUACAMOLE_SERVER_OPTS="\
|
|
--disable-guaclog \
|
|
CPPFLAGS=-Wno-error=deprecated-declarations"
|
|
|
|
ARG GUACAMOLE_SERVER_X86_OPTS=""
|
|
|
|
ARG LIBSSH2_ARM_OPTS=""
|
|
|
|
ARG LIBSSH2_OPTS="\
|
|
-DBUILD_EXAMPLES=OFF \
|
|
-DBUILD_SHARED_LIBS=ON"
|
|
|
|
ARG LIBSSH2_X86_OPTS=""
|
|
|
|
ARG LIBTELNET_ARM_OPTS=""
|
|
|
|
ARG LIBTELNET_OPTS="\
|
|
--disable-static \
|
|
--disable-util"
|
|
|
|
ARG LIBTELNET_X86_OPTS=""
|
|
|
|
ARG LIBVNCCLIENT_ARM_OPTS=""
|
|
|
|
ARG LIBVNCCLIENT_OPTS=""
|
|
|
|
ARG LIBVNCCLIENT_X86_OPTS=""
|
|
|
|
ARG LIBWEBSOCKETS_ARM_OPTS=""
|
|
|
|
ARG LIBWEBSOCKETS_OPTS="\
|
|
-DDISABLE_WERROR=ON \
|
|
-DLWS_WITHOUT_SERVER=ON \
|
|
-DLWS_WITHOUT_TESTAPPS=ON \
|
|
-DLWS_WITHOUT_TEST_CLIENT=ON \
|
|
-DLWS_WITHOUT_TEST_PING=ON \
|
|
-DLWS_WITHOUT_TEST_SERVER=ON \
|
|
-DLWS_WITHOUT_TEST_SERVER_EXTPOLL=ON \
|
|
-DLWS_WITH_STATIC=OFF"
|
|
|
|
ARG LIBWEBSOCKETS_X86_OPTS=""
|
|
|
|
#
|
|
# Base builder image that will be used by subsequent build stages, including
|
|
# for building dependencies of guacamole-server.
|
|
#
|
|
|
|
FROM alpine:${ALPINE_BASE_IMAGE} AS builder
|
|
ARG BUILD_DIR
|
|
|
|
# Install build dependencies
|
|
RUN apk add --no-cache \
|
|
autoconf \
|
|
automake \
|
|
build-base \
|
|
cairo-dev \
|
|
cjson-dev \
|
|
cmake \
|
|
cunit-dev \
|
|
git \
|
|
grep \
|
|
krb5-dev \
|
|
libjpeg-turbo-dev \
|
|
libpng-dev \
|
|
libtool \
|
|
libwebp-dev \
|
|
make \
|
|
openssl1.1-compat-dev \
|
|
pango-dev \
|
|
pulseaudio-dev \
|
|
sdl2-dev \
|
|
sdl2_ttf-dev \
|
|
util-linux-dev \
|
|
webkit2gtk-dev
|
|
|
|
# Copy generic, automatic build script
|
|
COPY ./src/guacd-docker/bin/autobuild.sh ${BUILD_DIR}/src/guacd-docker/bin/
|
|
|
|
#
|
|
# Build dependency: libssh2
|
|
#
|
|
|
|
FROM builder AS libssh2
|
|
ARG BUILD_DIR
|
|
ARG LIBSSH2_ARM_OPTS
|
|
ARG LIBSSH2_OPTS
|
|
ARG LIBSSH2_X86_OPTS
|
|
ARG PREFIX_DIR
|
|
ARG WITH_LIBSSH2
|
|
|
|
RUN ${BUILD_DIR}/src/guacd-docker/bin/autobuild.sh "LIBSSH2" \
|
|
"https://github.com/libssh2/libssh2"
|
|
|
|
#
|
|
# Build dependency: libtelnet
|
|
#
|
|
|
|
FROM builder AS libtelnet
|
|
ARG BUILD_DIR
|
|
ARG LIBTELNET_ARM_OPTS
|
|
ARG LIBTELNET_OPTS
|
|
ARG LIBTELNET_X86_OPTS
|
|
ARG PREFIX_DIR
|
|
ARG WITH_LIBTELNET
|
|
|
|
RUN ${BUILD_DIR}/src/guacd-docker/bin/autobuild.sh "LIBTELNET" \
|
|
"https://github.com/seanmiddleditch/libtelnet"
|
|
|
|
#
|
|
# Build dependency: libvncclient
|
|
#
|
|
|
|
FROM builder AS libvncclient
|
|
ARG BUILD_DIR
|
|
ARG LIBVNCCLIENT_ARM_OPTS
|
|
ARG LIBVNCCLIENT_OPTS
|
|
ARG LIBVNCCLIENT_X86_OPTS
|
|
ARG PREFIX_DIR
|
|
ARG WITH_LIBVNCCLIENT
|
|
|
|
RUN ${BUILD_DIR}/src/guacd-docker/bin/autobuild.sh "LIBVNCCLIENT" \
|
|
"https://github.com/LibVNC/libvncserver"
|
|
|
|
#
|
|
# Build dependency: libwebsockets
|
|
#
|
|
|
|
FROM builder AS libwebsockets
|
|
ARG BUILD_DIR
|
|
ARG LIBWEBSOCKETS_ARM_OPTS
|
|
ARG LIBWEBSOCKETS_OPTS
|
|
ARG LIBWEBSOCKETS_X86_OPTS
|
|
ARG PREFIX_DIR
|
|
ARG WITH_LIBWEBSOCKETS
|
|
|
|
RUN ${BUILD_DIR}/src/guacd-docker/bin/autobuild.sh "LIBWEBSOCKETS" \
|
|
"https://github.com/warmcat/libwebsockets"
|
|
|
|
#
|
|
# Build dependency: FreeRDP
|
|
#
|
|
|
|
FROM builder AS freerdp
|
|
ARG BUILD_DIR
|
|
ARG FREERDP_ARM_OPTS
|
|
ARG FREERDP_OPTS
|
|
ARG FREERDP_X86_OPTS
|
|
ARG PREFIX_DIR
|
|
ARG WITH_FREERDP
|
|
|
|
RUN ${BUILD_DIR}/src/guacd-docker/bin/autobuild.sh "FREERDP" \
|
|
"https://github.com/FreeRDP/FreeRDP"
|
|
|
|
#
|
|
# STAGE 7: Collect dependencies built by previous stages and build
|
|
# guacamole-server.
|
|
#
|
|
|
|
FROM builder AS guacamole-server
|
|
ARG BUILD_DIR
|
|
ARG FREERDP_VERSION
|
|
ARG GUACAMOLE_SERVER_ARM_OPTS
|
|
ARG GUACAMOLE_SERVER_OPTS
|
|
ARG GUACAMOLE_SERVER_X86_OPTS
|
|
ARG PREFIX_DIR
|
|
|
|
# Copy dependencies built in previous stages
|
|
COPY --from=freerdp ${PREFIX_DIR} ${PREFIX_DIR}
|
|
COPY --from=libssh2 ${PREFIX_DIR} ${PREFIX_DIR}
|
|
COPY --from=libtelnet ${PREFIX_DIR} ${PREFIX_DIR}
|
|
COPY --from=libvncclient ${PREFIX_DIR} ${PREFIX_DIR}
|
|
COPY --from=libwebsockets ${PREFIX_DIR} ${PREFIX_DIR}
|
|
|
|
# Use guacamole-server source from build context
|
|
COPY . ${BUILD_DIR}
|
|
|
|
RUN ${BUILD_DIR}/src/guacd-docker/bin/autobuild.sh "GUACAMOLE_SERVER" "${BUILD_DIR}"
|
|
|
|
# Determine location of the FREERDP library based on the version.
|
|
ARG FREERDP_LIB_PATH=${PREFIX_DIR}/lib/freerdp${FREERDP_VERSION}
|
|
|
|
# Record the packages of all runtime library dependencies
|
|
RUN ${BUILD_DIR}/src/guacd-docker/bin/list-dependencies.sh \
|
|
${PREFIX_DIR}/sbin/guacd \
|
|
${PREFIX_DIR}/lib/libguac-client-*.so \
|
|
${FREERDP_LIB_PATH}/*guac*.so \
|
|
> ${PREFIX_DIR}/DEPENDENCIES
|
|
|
|
#
|
|
# STAGE 8: Final, runtime image.
|
|
#
|
|
|
|
# Use same Alpine version as the base for the runtime image
|
|
FROM alpine:${ALPINE_BASE_IMAGE} AS runtime
|
|
ARG PREFIX_DIR
|
|
|
|
# Copy build artifacts into this stage
|
|
COPY --from=guacamole-server ${PREFIX_DIR} ${PREFIX_DIR}
|
|
|
|
# Bring runtime environment up to date and install runtime dependencies
|
|
RUN apk add --no-cache \
|
|
ca-certificates \
|
|
font-noto-cjk \
|
|
ghostscript \
|
|
netcat-openbsd \
|
|
shadow \
|
|
terminus-font \
|
|
ttf-dejavu \
|
|
ttf-liberation \
|
|
util-linux-login && \
|
|
xargs apk add --no-cache < ${PREFIX_DIR}/DEPENDENCIES
|
|
|
|
# Runtime environment
|
|
ENV LC_ALL=C.UTF-8
|
|
ENV LD_LIBRARY_PATH=${PREFIX_DIR}/lib
|
|
|
|
# Checks the operating status every 5 minutes with a timeout of 5 seconds
|
|
HEALTHCHECK --interval=5m --timeout=5s CMD nc -z 127.0.0.1 4822 || exit 1
|
|
|
|
# Create a new user guacd
|
|
ARG UID=1000
|
|
ARG GID=1000
|
|
RUN groupadd --gid $GID guacd
|
|
RUN useradd --system --create-home --shell /sbin/nologin --uid $UID --gid $GID guacd
|
|
|
|
# Run with user guacd
|
|
USER guacd
|
|
|
|
# Expose the default listener port
|
|
EXPOSE 4822
|
|
|
|
COPY ./src/guacd-docker/bin/entrypoint.sh /opt/guacamole/
|
|
ENTRYPOINT [ "/opt/guacamole/entrypoint.sh" ]
|