allow guacamole user access to java key store and add import method

apache · Feb 2, 2022 · dd425fc · dd425fc
1 parent a0d8a7a
commit dd425fc
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -62,6 +62,9 @@ ARG GID=1001
 RUN groupadd --gid $GID guacamole
 RUN useradd --system --create-home --shell /usr/sbin/nologin --uid $UID --gid $GID guacamole
 
+# allow guacamole user to import certificates into default java keystore file cacerts
+run chown guacamole /usr/local/openjdk-8/jre/lib/security/cacerts && chmod +w /usr/local/openjdk-8/jre/lib/security/cacerts 
+
 # Run with user guacamole
 USER guacamole
 

diff --git a/guacamole-docker/bin/start.sh b/guacamole-docker/bin/start.sh
@@ -599,6 +599,10 @@ END
     set_optional_property "ldap-max-referral-hops"          "$LDAP_MAX_REFERRAL_HOPS"
     set_optional_property "ldap-operation-timeout"          "$LDAP_OPERATION_TIMEOUT"
 
+    if [ -n "$LDAP_SSL_CERT_FILE" ]; then
+        keytool -importcert -file $LDAP_SSL_CERT_FILE -alias $LDAP_SSL_CERT_FILE -storepass changeit -noprompt -keystore $JAVA_HOME/jre/lib/security/cacerts || true
+    fi
+
     # Add required .jar files to GUACAMOLE_EXT
     ln -s /opt/guacamole/ldap/guacamole-auth-*.jar "$GUACAMOLE_EXT"