services: guacd: image: guacamole/guacd:latest container_name: guacd restart: always cpus: 1.0 mem_limit: "1024m" mem_reservation: "256m" restart: unless-stopped networks: - guac_internal - guac_ssh guacamole: image: guacamole/guacamole:latest container_name: guacamole restart: always user: root ports: - 8080:8080 cpus: 2.0 mem_limit: "3072m" # 3 GB mem_reservation: "1024m" environment: - GUACD_HOSTNAME=guacd - MYSQL_HOSTNAME=172.16.201.208 - MYSQL_PORT=3306 - MYSQL_DATABASE=guacamole - MYSQL_USER=guac_user - MYSQL_PASSWORD=your_password - MYSQL_SSL_MODE=disabled - CATALINA_OPTS="-Djava.security.egd=file:/dev/./urandom -Xms1g -Xmx2g" ports: - "8080:8080" depends_on: - guacd #networks: #- guac_internal #- guac_external # Connects to Traefik labels: - "traefik.enable=false" - "traefik.http.routers.guac.rule=Host(`ssh.mapletree.email`)" - "traefik.http.routers.guac.entrypoints=websecure" - "traefik.http.routers.guac.tls=true" - "traefik.http.services.guac.loadbalancer.server.port=8080" - "traefik.http.routers.guac.tls.certresolver=myresolver" - "traefik.docker.network=guac_external" # Middleware 1: Redirect - "traefik.http.middlewares.guac-redirect.redirectregex.regex=^https://([^/]+)/?$$" - "traefik.http.middlewares.guac-redirect.redirectregex.replacement=https://$${1}/guacamole/" # Middleware 2: Disable Buffering (Stability Fix) - "traefik.http.middlewares.guac-buffer.buffering.maxResponseBodyBytes=0" - "traefik.http.middlewares.guac-buffer.buffering.maxRequestBodyBytes=0" - "traefik.http.middlewares.guac-buffer.buffering.memRequestBodyBytes=0" - "traefik.http.middlewares.guac-buffer.buffering.memResponseBodyBytes=0" - "traefik.http.middlewares.guac-buffer.buffering.retryExpression=IsNetworkError() && Attempts() <= 2" # Apply Both - "traefik.http.routers.guac.middlewares=guac-redirect,guac-buffer" networks: guac_internal: internal: true guac_external: external: true guac_ssh: external: true