version: "3"
services:
  guacd:
    image: guacamole/guacd
    container_name: gw-guacd
    hostname: guacd
    restart: always
    volumes:
      - ./data:/data
      - ./conf:/conf:ro
    expose:
      - 4822

  guacamole:
    image: guacamole/guacamole
    container_name: gw-guacamole
    hostname: guacamole
    restart: always
    depends_on:
      - guacamole-db
    volumes:
      - ./guac-home:/data
      - ./conf:/conf:ro
    expose:
      - "8080"
    environment:
      - GUACD_HOSTNAME=guacd
      - GUACD_PORT=4822
      - GUACAMOLE_HOME=/data
      - LDAP_HOSTNAME=directory.ad.domain.local
      - LDAP_PORT=389
      - LDAP_ENCRYPTION_METHOD=none
      - LDAP_USER_BASE_DN=OU=Users,DC=ad,DC=domain,DC=local
      - LDAP_SEARCH_BIND_DN=CN=LDAP Bind SERVICE ACCOUNT,OU=Service Accounts,OU=Users,DC=ad,DC=domain,DC=local
      - LDAP_SEARCH_BIND_PASSWORD=bind_password
      - LDAP_USERNAME_ATTRIBUTE=sAMAccountName
      - LDAP_USER_SEARCH_FILTER=(&(objectClass=user)(memberOf=CN=Remote-Desktop-Users,OU=Groups,DC=ad,DC=domain,DC=local))
      - MYSQL_HOSTNAME=guacamole-db
      - MYSQL_DATABASE=guacamole_db 
      - MYSQL_USER=guacamole 
      - MYSQL_PASSWORD=mysql_password
      - VIRTUAL_PORT=8080
      - VIRTUAL_HOST=remote.domain.com
      - LETSENCRYPT_HOST=remote.domain.com
      - LETSENCRYPT_EMAIL=email@domain.com
  
  guacamole-db:
    image: mysql
    container_name: gw-db
    hostname: guacdb
    command: mysqld --user=root
    volumes:
      - ./mysql-conf:/docker-entrypoint-initdb.d
      - ./db:/var/lib/mysql:rw
    environment:
      - MYSQL_DATABASE=guacamole_db
      - MYSQL_USER=guacamole
      - MYSQL_PASSWORD=mysql_password
      - MYSQL_ROOT_PASSWORD=mysql_root_password



networks:
  default:
    external:
      name: reverse-proxy