From 5c738bede6d79ba645bd06acc244aea26e45e338 Mon Sep 17 00:00:00 2001
From: admin <jkilloran@mapletree.email>
Date: Mon, 2 Feb 2026 11:59:20 -0700
Subject: [PATCH] fix guac traefik labels

---
 lxc1/p2-apps/guacamole.yml | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/lxc1/p2-apps/guacamole.yml b/lxc1/p2-apps/guacamole.yml
index 8f88c3a..e20d3dc 100644
--- a/lxc1/p2-apps/guacamole.yml
+++ b/lxc1/p2-apps/guacamole.yml
@@ -39,26 +39,40 @@ services:
       - guac_external
     labels:
       - "traefik.enable=${GUAC_TRAEFIK_ENABLED}"
-      - "traefik.http.routers.guac.rule=Host(`${GUAC_TRAEFIK_HOSTNAME}.${TRAEFIK_DNS_SUFFIX}`)"
-      - "traefik.http.routers.guac.entrypoints=${GUAC_TRAEFIK_ENTRYPOINT}"
       - "traefik.http.routers.guac.tls=true"
-      - "traefik.http.services.guac.loadbalancer.server.port=${GUAC_TRAEFIK_PORT}"
-      - "traefik.http.routers.guac.tls.certresolver=${GUAC_TRAEFIK_RESOLVER}"
       - "traefik.docker.network=guac_external"
-
+      # --- NODE-SPECIFIC ADMIN ROUTER (The Backdoor) ---
+      - "traefik.http.routers.guac-admin-${GUAC_NODE_ID}.rule=Host(`guac${GUAC_NODE_ID}.${TRAEFIK_DNS_SUFFIX}`)"
+      - "traefik.http.routers.guac-admin-${GUAC_NODE_ID}.entrypoints=${TRAEFIK_ENTRY_POINTS}"
+      - "traefik.http.routers.guac-admin-${GUAC_NODE_ID}.service=guac-common-service"
+    # --- SHARED HA ROUTER (The Main URL) ---
+      - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.rule=Host(`guac.${TRAEFIK_DNS_SUFFIX}`)"
+      - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.entrypoints=${TRAEFIK_ENTRY_POINTS}"
+      - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.tls.certresolver=${TRAEFIK_RESOLVER}"
+      - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.service=guac-common-service"
+      # --- THE SHARED SERVICE ---
+      # Identical name on both containers creates the Load Balanced pool
+      - "traefik.http.services.guac-common-service.loadbalancer.server.port=8080"
       # Middleware 1: Redirect
       - "traefik.http.middlewares.guac-redirect.redirectregex.regex=^https://([^/]+)/?$$"
       - "traefik.http.middlewares.guac-redirect.redirectregex.replacement=https://$${1}/guacamole/"
-
       # Middleware 2: Disable Buffering (Stability Fix)
       - "traefik.http.middlewares.guac-buffer.buffering.maxResponseBodyBytes=0"
       - "traefik.http.middlewares.guac-buffer.buffering.maxRequestBodyBytes=0"
       - "traefik.http.middlewares.guac-buffer.buffering.memRequestBodyBytes=0"
       - "traefik.http.middlewares.guac-buffer.buffering.memResponseBodyBytes=0"
       - "traefik.http.middlewares.guac-buffer.buffering.retryExpression=IsNetworkError() && Attempts() <= 2"
+      # --- Apply to the SHARED Router ---
+      - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.middlewares=guac-redirect,guac-buffer"
+      # --- Apply to the NODE-SPECIFIC Admin Router ---
+      - "traefik.http.routers.guac-admin-${GUAC_NODE_ID}.middlewares=guac-redirect,guac-buffer"
+      # Add this to the service labels to prevent "session jumping"
+      - "traefik.http.services.guac-common-service.loadbalancer.sticky.cookie=true"
+      - "traefik.http.services.guac-common-service.loadbalancer.sticky.cookie.name=guac_session"
+
+
+
 
-      # Apply Both
-      - "traefik.http.routers.guac.middlewares=guac-redirect,guac-buffer"
 networks:
   guac_internal:
     internal: true