-
Notifications
You must be signed in to change notification settings - Fork 20
/
.env
137 lines (97 loc) · 6.68 KB
/
.env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
#############################################################
### Mandatory FQDN for Letsencrypt certificate in Traefik ###
#############################################################
# FQDN_HOST_NAME (mandatory)
# This is you externel full qualified hostname.
# This name is used to automatically request vaild Letsencryt certificates.
# It has to match your public DNS record.
# This is the name, which you finally use in your webbrowser.
# Example: FQDN_HOST_NAME=desktops.f888.de
FQDN_HOST_NAME=desktops.replacewithyourdomain.com
# LE_EMAIL (mandatory)
# this is an email address which specified for requesting Letsencrypt SSL Certificates.
# this email usually receives notofication when certificates expire.
# Example: [email protected]
############################################################
### Mandatory LDAP authentication Settings for Guacamole ###
############################################################
# LDAP_HOSTNAME (mandatory, if using LDAP authentication)
# The hostname of your LDAP server. If omitted, "localhost" will be used by default.
# You will need to use a different value if your LDAP server is located elsewhere.
# Usually you enter the name of your Active Directory Domain Controller
# Example: LDAP_HOSTNAME=dc.f888.de
# LDAP_USER_BASE_DN (mandatory, if using LDAP authentication)
# The base of the DN for all Guacamole users. This property is absolutely required in all cases.
# All Guacamole users must be descendents of this base DN.
# If a search DN is provided (via ldap-search-bind-dn), then Guacamole users need only be somewhere
# within the subtree of the specified user base DN.
# Example: LDAP_USER_BASE_DN=CN=Users,DC=f888,DC=de
# LDAP_GROUP_BASE_DN (mandatory, if using LDAP authentication)
# The base of the DN for all user groups that may be used by other extensions to define permissions
# or that may referenced within Guacamole configurations using the standard seeAlso attribute.
# All groups which will be used to control access to Guacamole configurations must be descendents
# of this base DN. If this property is omitted, the seeAlso attribute will have no effect on Guacamole configurations.
# Example: LDAP_GROUP_BASE_DN=OU=Groups,DC=f888,DC=de
# LDAP_SEARCH_BIND_DN (mandatory, if using LDAP authentication)
# The DN (Distinguished Name) of the user to bind as when authenticating users that are attempting to log in.
# If specified, Guacamole will query the LDAP directory to determine the DN of each user that logs in.
# If omitted, each user's DN will be derived directly using the base DN specified with ldap-user-base-dn.
# Example: LDAP_SEARCH_BIND_DN=CN=ldap_read,CN=Users,DC=f888,DC=de
# LDAP_SEARCH_BIND_PASSWORD (mandatory, if using LDAP authentication)
# The password to provide to the LDAP server when binding as ldap-search-bind-dn to authenticate other users.
# This property is only used if ldap-search-bind-dn is specified. If omitted, but ldap-search-bind-dn is specified,
# Guacamole will attempt to bind with the LDAP server without a password.
# Example: LDAP_SEARCH_BIND_PASSWORD=SomeSecretInAD7777
###########################################################
### Optional LDAP authentication Settings for Guacamole ###
###########################################################
# LDAP_PORT (optional, if using LDAP authentication)
# The port your LDAP server listens on. If omitted, the standard LDAP or LDAPS port will be used,
# depending on the encryption method specified with ldap-encryption-method (if any).
# Unencrypted LDAP uses the standard port of 389, while LDAPS uses port 636.
# Unless you manually configured your LDAP server to do otherwise, your LDAP server probably listens on port 389.
# Default: LDAP_PORT=389
# LDAP_ENCRYPTION_METHOD (optional, if using LDAP authentication)
# The encryption mechanism that Guacamole should use when communicating with your LDAP server.
# Legal values are "none" for unencrypted LDAP, "ssl" for LDAP over SSL/TLS (commonly known as LDAPS),
# or "starttls" for STARTTLS. If omitted, encryption will not be used.
# Default: LDAP_ENCRYPTION_METHOD=none
# LDAP_USERNAME_ATTRIBUTE (optional, if using LDAP authentication)
# The attribute or attributes which contain the username within all Guacamole user objects in the LDAP directory.
# Usually, and by default, this will simply be "userPrincipalName" in case of Active Direction.
# Other possible values in case of Active Directory are "sAMAccountName" and "mail".
# If your LDAP directory contains users whose usernames are
# dictated by different attributes, multiple attributes can be specified here, separated by commas,
# but beware: doing so requires that a search DN be provided with ldap-search-bind-dn.
# Default: LDAP_USERNAME_ATTRIBUTE=userPrincipalName
# LDAP_GROUP_NAME_ATTRIBUTE (optional, if using LDAP authentication)
# The attribute or attributes which define the unique name of user groups in the LDAP directory.
# Usually, and by default, this will simply be "cn". If your LDAP directory contains groups whose
# names are dictated by different attributes, multiple attributes can be specified here, separated by commas.
# Default: LDAP_GROUP_NAME_ATTRIBUTE=cn
# LDAP_MEMBER_ATTRIBUTE (optional, if using LDAP authentication)
# The attribute which contains the members within all group objects in the LDAP directory.
# Usually, and by default, this will simply be "member". If your LDAP directory contains
# groups whose members are dictated by a different attribute, it can be specified here
# Default: LDAP_MEMBER_ATTRIBUTE=member
# LDAP_USER_SEARCH_FILTER (optional, if using LDAP authentication)
# The search filter used to query the LDAP tree for users that can log into and be granted
# privileges in Guacamole. If this property is omitted the default of "(objectClass=*)" will be used.
# Example here: Only find users which are not disabled in Active Directory
# Default: LDAP_USER_SEARCH_FILTER=(&(objectCategory=person)(objectclass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
#####################################################
### Optional MySQL Database Settings for Guacamole
#####################################################
# MYSQL_ROOT_PASSWORD (optional)
# Root password to be used when MySQL-Database is created
# Default: MYSQL_ROOT_PASSWORD=guacsomethingsecret4444
# MYSQL_USER (optional)
# The user that Guacamole will use to connect to MySQL.
# Default: MYSQL_USER=guacamole
# MYSQL_PASSWORD (optional)
# The password that Guacamole will provide when connecting to MySQL as MYSQL_USER.
# Default: MYSQL_PASSWORD=guacsomethingsecret8888
# MYSQL_DATABASE (optional)
# The name of the database to use for Guacamole authentication.
# Default: MYSQL_DATABASE=guacamole