I have a project going trying to implement VNC to control HMI panels trough Ignition.
Got the idea from the forums here to use Guacamole from Apache.
After a lot of trial and error installing Guacamole on docker desktop (never used docker before), i finally got it up and running as a trial on my own computer. Worked great, I just integrated guacamole with an inline frame in perspective. Log into guacamole and VNC connection is displayed in the view.
Then I installed it on the Ignition server that is running SSL, I realized that the browser will not let you view http content on a https website…
Does anyone have an idea on how to best solve this?
From a searching around I found that the best way of solving this problem was using Nginx Proxy Manager in docker as an reverse proxy to redirect and add encryption.
After following the tutorial below, step by step, using my guacamole ip, I cant get it to work.
Nginx short tutorial
Iv also been thinking that the best way would be to implement it into the ignition webserver, and have it locked away behind the ignition IDP, but I’m not even sure if this is possible.
I’m not an IT guy so I guess the main problem is between the chair and keyboard as usual…
I could just link to the site with a button, but that’s not ideal.
Here is my notes for installing guac in docker on a windows server, if anyone is struggling like I did.
Most guides online, install guacamole on docker from linux, so I couldn’t find any clear instructions on how to do it. Using PowerShell is slightly different.
Guacamole install notes
Docker / guacamole notes:
Activate nested virtualization on host machine:
Note: VM must be turned off.
Set-VMProcessor -ExposeVirtualizationExtensions $true
docker pull guacamole/guacamole
docker pull guacamole/guacd
docker pull mysql/mysql-server
Change powershell folder:
Generate a one-time password for MySQL root. View the generated password in the logs:
docker run --name guac-mysql -e MYSQL_RANDOM_ROOT_PASSWORD=yes -e MYSQL_ONETIME_PASSWORD=yes -d mysql/mysql-server
docker logs guac-mysql
[Entrypoint] GENERATED ROOT PASSWORD: MyLongOneTimePassword
Rename and move initdb.sql into the MySQL container.
docker cp initdb.sql guac-mysql:/guac_db.sql
Open a bash shell within the MySQL Docker container.
docker exec -it guac-mysql bash
Within the bash shell prompt for the container, log in to mysql as the root user:
mysql -u root -p
TYPE! the password generated: MyLongOneTimePassword
While in the mysql prompt, change the root password, create a database, and create a new user for that database. When running the below commands, replace any instance of password with a secure password string for the mysql root user and the new user for your database, respectively.
ALTER USER ‘root’@‘localhost’ IDENTIFIED BY ‘MyRootPassword’;
CREATE DATABASE guacamole_db;
CREATE USER ‘MyUserName’@‘%’ IDENTIFIED BY ‘MyUserPassword’;
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO ‘MyUserName’@‘%’;
Exit mysql bash shell:
///DOES NOT WORK
While in the bash shell, create tables from the initialization script for the new database.
cat guac_db.sql | mysql -u root -p guacamole_db
///DOES NOT WORK — Possibly due to UTF16/UTF8 problems in powershell.
Open a new powershell thats not in the container:
cat ‘.\DockerFiles\initdb.sql’ | docker exec -i guac-mysql mysql -u root -pMyRootPassword guacamole_db
/// if & is used in your password, type “&” instead
If you’d like, you can verify that the tables were successfully created by logging back into the mysql prompt and viewing the tables in the database:
mysql -u MyUserName -p
Back to powershell:
Start guacd in Docker:
docker run --name name_guacd -d guacamole/guacd
Start guacamole in Docker, making sure to link the containers so Guacamole can verify credentials stored in the MySQL database. Replace the value for MyUserPassword with the password you configured for the MySQL database user MyUserName.
docker run --name name_guacamole --link name_guacd:guacd --link guac-mysql:mysql -e MYSQL_DATABASE=guacamole_db -e MYSQL_USER=MyUserName -e MYSQL_PASSWORD=MyUserPassword -d -p 8089:8080 guacamole/guacamole
To verify that all the docker containers are running properly, run the following command.
docker ps -a
Your guacamole is now available on localhost:8089/guacamole
Open port on all firewalls to make it accessible from the internet.