fix guac traefik labels

2026-02-02 11:59:20 -07:00 · 2026-02-02 11:59:20 -07:00 · 5c738bede6
commit 5c738bede6
parent 33b7410b31
1 changed files with 22 additions and 8 deletions
--- a/lxc1/p2-apps/guacamole.yml
+++ b/lxc1/p2-apps/guacamole.yml
@ -39,26 +39,40 @@ services:
      - guac_external
    labels:
      - "traefik.enable=${GUAC_TRAEFIK_ENABLED}"
-      - "traefik.http.routers.guac.rule=Host(`${GUAC_TRAEFIK_HOSTNAME}.${TRAEFIK_DNS_SUFFIX}`)"
-      - "traefik.http.routers.guac.entrypoints=${GUAC_TRAEFIK_ENTRYPOINT}"
      - "traefik.http.routers.guac.tls=true"
-      - "traefik.http.services.guac.loadbalancer.server.port=${GUAC_TRAEFIK_PORT}"
-      - "traefik.http.routers.guac.tls.certresolver=${GUAC_TRAEFIK_RESOLVER}"
      - "traefik.docker.network=guac_external"
-
+      # --- NODE-SPECIFIC ADMIN ROUTER (The Backdoor) ---
+      - "traefik.http.routers.guac-admin-${GUAC_NODE_ID}.rule=Host(`guac${GUAC_NODE_ID}.${TRAEFIK_DNS_SUFFIX}`)"
+      - "traefik.http.routers.guac-admin-${GUAC_NODE_ID}.entrypoints=${TRAEFIK_ENTRY_POINTS}"
+      - "traefik.http.routers.guac-admin-${GUAC_NODE_ID}.service=guac-common-service"
+    # --- SHARED HA ROUTER (The Main URL) ---
+      - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.rule=Host(`guac.${TRAEFIK_DNS_SUFFIX}`)"
+      - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.entrypoints=${TRAEFIK_ENTRY_POINTS}"
+      - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.tls.certresolver=${TRAEFIK_RESOLVER}"
+      - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.service=guac-common-service"
+      # --- THE SHARED SERVICE ---
+      # Identical name on both containers creates the Load Balanced pool
+      - "traefik.http.services.guac-common-service.loadbalancer.server.port=8080"
      # Middleware 1: Redirect
      - "traefik.http.middlewares.guac-redirect.redirectregex.regex=^https://([^/]+)/?$$"
      - "traefik.http.middlewares.guac-redirect.redirectregex.replacement=https://$${1}/guacamole/"
-
      # Middleware 2: Disable Buffering (Stability Fix)
      - "traefik.http.middlewares.guac-buffer.buffering.maxResponseBodyBytes=0"
      - "traefik.http.middlewares.guac-buffer.buffering.maxRequestBodyBytes=0"
      - "traefik.http.middlewares.guac-buffer.buffering.memRequestBodyBytes=0"
      - "traefik.http.middlewares.guac-buffer.buffering.memResponseBodyBytes=0"
      - "traefik.http.middlewares.guac-buffer.buffering.retryExpression=IsNetworkError() && Attempts() <= 2"
+      # --- Apply to the SHARED Router ---
+      - "traefik.http.routers.guac-shared-${GUAC_NODE_ID}.middlewares=guac-redirect,guac-buffer"
+      # --- Apply to the NODE-SPECIFIC Admin Router ---
+      - "traefik.http.routers.guac-admin-${GUAC_NODE_ID}.middlewares=guac-redirect,guac-buffer"
+      # Add this to the service labels to prevent "session jumping"
+      - "traefik.http.services.guac-common-service.loadbalancer.sticky.cookie=true"
+      - "traefik.http.services.guac-common-service.loadbalancer.sticky.cookie.name=guac_session"
+
+
+

-      # Apply Both
-      - "traefik.http.routers.guac.middlewares=guac-redirect,guac-buffer"
 networks:
  guac_internal:
    internal: true