From dd425fcc21cdac338262548885949898b58220a2 Mon Sep 17 00:00:00 2001 From: Matthias Date: Sun, 30 Jan 2022 11:48:44 +0100 Subject: [PATCH] allow guacamole user access to java key store and add import method --- Dockerfile | 3 +++ guacamole-docker/bin/start.sh | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/Dockerfile b/Dockerfile index 1b6e9be170..eb7006ced8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -62,6 +62,9 @@ ARG GID=1001 RUN groupadd --gid $GID guacamole RUN useradd --system --create-home --shell /usr/sbin/nologin --uid $UID --gid $GID guacamole +# allow guacamole user to import certificates into default java keystore file cacerts +run chown guacamole /usr/local/openjdk-8/jre/lib/security/cacerts && chmod +w /usr/local/openjdk-8/jre/lib/security/cacerts + # Run with user guacamole USER guacamole diff --git a/guacamole-docker/bin/start.sh b/guacamole-docker/bin/start.sh index 36fdcaad67..1e8a1edfc4 100755 --- a/guacamole-docker/bin/start.sh +++ b/guacamole-docker/bin/start.sh @@ -599,6 +599,10 @@ END set_optional_property "ldap-max-referral-hops" "$LDAP_MAX_REFERRAL_HOPS" set_optional_property "ldap-operation-timeout" "$LDAP_OPERATION_TIMEOUT" + if [ -n "$LDAP_SSL_CERT_FILE" ]; then + keytool -importcert -file $LDAP_SSL_CERT_FILE -alias $LDAP_SSL_CERT_FILE -storepass changeit -noprompt -keystore $JAVA_HOME/jre/lib/security/cacerts || true + fi + # Add required .jar files to GUACAMOLE_EXT ln -s /opt/guacamole/ldap/guacamole-auth-*.jar "$GUACAMOLE_EXT"