-
Notifications
You must be signed in to change notification settings - Fork 11
/
.env
145 lines (102 loc) · 7.25 KB
/
.env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# FQDN_HOST_NAME (mandatory, in any case)
# This is you externel full qualified hostname.
# This is the name, which you finally use in your webbrowser.
# Usually you see the 'vm_fqdn' in the output when terraform has sucessfully
# spun up the Guacamole inlets Exit-Node on Azure
# Example: FQDN_HOST_NAME=f888.westeurope.cloudapp.azure.com
FQDN_HOST_NAME=yourcompany.westeurope.cloudapp.azure.com
############################################################
### Mandatory when using inlets Client Settings ############
############################################################
# INLETS_AUTHTOKEN (mandatory, when using inlets client for reverse tunneling)
# The inlets authentication token is used when you run a Guacamole inlets exit-node in the cloud.
# Server- and client-side authentication token must match each other.
# Usually you see the 'inlets_authtoken' in the output when terraform has sucessfully
# spun up the Guacamole inlets Exit-Node on Azure
# Example: INLETS_AUTHTOKEN=387526df039ef1ca6f9d4ae1d608531894da0869
############################################################
### Mandatory LDAP authentication Settings for Guacamole ###
############################################################
# LDAP_HOSTNAME (mandatory, if using LDAP authentication)
# The hostname of your LDAP server. If omitted, "localhost" will be used by default.
# You will need to use a different value if your LDAP server is located elsewhere.
# Usually you enter the name of your Active Directory Domain Controller
# Example: LDAP_HOSTNAME=dc.f888.de
# LDAP_USER_BASE_DN (mandatory, if using LDAP authentication)
# The base of the DN for all Guacamole users. This property is absolutely required in all cases.
# All Guacamole users must be descendents of this base DN.
# If a search DN is provided (via ldap-search-bind-dn), then Guacamole users need only be somewhere
# within the subtree of the specified user base DN.
# Tip: DN is the 'distinguishedName'-attribute of the OU (Organizational Unit).
# Example: LDAP_USER_BASE_DN=CN=Users,DC=f888,DC=de
# LDAP_GROUP_BASE_DN (mandatory, if using LDAP authentication)
# The base of the DN for all user groups that may be used by other extensions to define permissions
# or that may referenced within Guacamole configurations using the standard seeAlso attribute.
# All groups which will be used to control access to Guacamole configurations must be descendents
# of this base DN. If this property is omitted, the seeAlso attribute will have no effect on Guacamole configurations.
# Tip: DN is the 'distinguishedName'-attribute of the OU (Organizational Unit).
# Example: LDAP_GROUP_BASE_DN=OU=Groups,DC=f888,DC=de
# LDAP_SEARCH_BIND_DN (mandatory, if using LDAP authentication)
# The DN (Distinguished Name) of the user to bind as when authenticating users that are attempting to log in.
# If specified, Guacamole will query the LDAP directory to determine the DN of each user that logs in.
# If omitted, each user's DN will be derived directly using the base DN specified with ldap-user-base-dn.
# TIP: Use the 'distinguishedName'-attribute of an AD user, which has read access in Active Directory.
# Example: LDAP_SEARCH_BIND_DN=CN=ldap_read,CN=Users,DC=f888,DC=de
# LDAP_SEARCH_BIND_PASSWORD (mandatory, if using LDAP authentication)
# The password to provide to the LDAP server when binding as ldap-search-bind-dn to authenticate other users.
# This property is only used if ldap-search-bind-dn is specified. If omitted, but ldap-search-bind-dn is specified,
# Guacamole will attempt to bind with the LDAP server without a password.
# TIP: User password of the AD user, which you have specified in LDAP_SEARCH_BIND_DN.
# Example: LDAP_SEARCH_BIND_PASSWORD=SomeSecretInAD7777
###########################################################
### Optional LDAP authentication Settings for Guacamole ###
###########################################################
# LDAP_PORT (optional, if using LDAP authentication)
# The port your LDAP server listens on. If omitted, the standard LDAP or LDAPS port will be used,
# depending on the encryption method specified with ldap-encryption-method (if any).
# Unencrypted LDAP uses the standard port of 389, while LDAPS uses port 636.
# Unless you manually configured your LDAP server to do otherwise, your LDAP server probably listens on port 389.
# Default: LDAP_PORT=389
# LDAP_ENCRYPTION_METHOD (optional, if using LDAP authentication)
# The encryption mechanism that Guacamole should use when communicating with your LDAP server.
# Legal values are "none" for unencrypted LDAP, "ssl" for LDAP over SSL/TLS (commonly known as LDAPS),
# or "starttls" for STARTTLS. If omitted, encryption will not be used.
# Default: LDAP_ENCRYPTION_METHOD=none
# LDAP_USERNAME_ATTRIBUTE (optional, if using LDAP authentication)
# The attribute or attributes which contain the username within all Guacamole user objects in the LDAP directory.
# Usually, and by default, this will simply be "userPrincipalName" in case of Active Direction.
# Other possible values in case of Active Directory are "sAMAccountName" and "mail".
# If your LDAP directory contains users whose usernames are
# dictated by different attributes, multiple attributes can be specified here, separated by commas,
# but beware: doing so requires that a search DN be provided with ldap-search-bind-dn.
# Default: LDAP_USERNAME_ATTRIBUTE=userPrincipalName
# LDAP_GROUP_NAME_ATTRIBUTE (optional, if using LDAP authentication)
# The attribute or attributes which define the unique name of user groups in the LDAP directory.
# Usually, and by default, this will simply be "cn". If your LDAP directory contains groups whose
# names are dictated by different attributes, multiple attributes can be specified here, separated by commas.
# Default: LDAP_GROUP_NAME_ATTRIBUTE=cn
# LDAP_MEMBER_ATTRIBUTE (optional, if using LDAP authentication)
# The attribute which contains the members within all group objects in the LDAP directory.
# Usually, and by default, this will simply be "member". If your LDAP directory contains
# groups whose members are dictated by a different attribute, it can be specified here
# Default: LDAP_MEMBER_ATTRIBUTE=member
# LDAP_USER_SEARCH_FILTER (optional, if using LDAP authentication)
# The search filter used to query the LDAP tree for users that can log into and be granted
# privileges in Guacamole. If this property is omitted the default of "(objectClass=*)" will be used.
# Example here: Only find users which are not disabled in Active Directory
# Default: LDAP_USER_SEARCH_FILTER=(&(objectCategory=person)(objectclass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
#####################################################
### Optional MySQL Database Settings for Guacamole
#####################################################
# MYSQL_ROOT_PASSWORD (optional)
# Root password to be used when MySQL-Database is created
# Default: MYSQL_ROOT_PASSWORD=guacsomethingsecret4444
# MYSQL_USER (optional)
# The user that Guacamole will use to connect to MySQL.
# Default: MYSQL_USER=guacamole
# MYSQL_PASSWORD (optional)
# The password that Guacamole will provide when connecting to MySQL as MYSQL_USER.
# Default: MYSQL_PASSWORD=guacsomethingsecret8888
# MYSQL_DATABASE (optional)
# The name of the database to use for Guacamole authentication.
# Default: MYSQL_DATABASE=guacamole