Difference between revisions of "Apache Guacamole"

From Khem Geek Wiki
Jump to navigation Jump to search
 
(23 intermediate revisions by 7 users not shown)
Line 1: Line 1:
Apache Guacamole is a self hosted web application for Remote Desktop services. Guacamole allows remote desktop services to be accessed over HTTP.{{Template}}
Apache Guacamole is a [[Self hosted applications|Self hosted application]] for Remote Desktop services. Guacamole allows remote desktop services to be accessed over HTTP.
 
The main page for Apache Guacamole can be accessed here:
 
https://guacamole.apache.org/
==Guacamole Installation ==
This guide is best suited for a Guacamole installation on [[Ubuntu | Ubuntu Server 20.04 LTS]]
 
'''Run as Root'''
 
<code>sudo su</code>
 
'''Update System'''
 
<code>apt update && apt upgrade</code>
 
'''Install MariaDB'''
 
<code>apt install mariadb-server</code>
 
'''Install Dependencies'''
 
<code>apt install -y build-essential libcairo2-dev libjpeg62-turbo-dev libpng-dev libtool-bin libossp-uuid-dev libavutil-dev libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libvncserver-dev libtelnet-dev libwebsockets-dev libssl-dev libvorbis-dev libwebp-dev libpulse-dev sudo vim</code>
 
'''Install tomcat9'''
 
<code>sudo apt install tomcat9 -y</code>
 
'''Enable tomcat'''
 
<code>sudo systemctl enable --now tomcat9</code>
 
<code>sudo systemctl status tomcat9</code>
 
'''Get Guacamole server code'''
 
<code>wget https://dlcdn.apache.org/guacamole/1.4.0/source/guacamole-server-1.4.0.tar.gz</code>
 
'''untar'''
 
<code>tar -xzf guacamole-server-1.4.0.tar.gz</code>
 
'''Install'''
 
<code>cd guacamole-server-1.4.0/</code>
 
<code>./configure --with-systemd-dir=/etc/systemd/system/ --disable-dependency-tracking</code>
 
<code>make</code>
 
<code>make install</code>
 
<code>sudo ldconfig</code>
 
<code>sudo systemctl daemon-reload</code>
 
<code>sudo systemctl enable --now guacd</code>
 
<code>sudo systemctl status guacd</code>
 
'''Edit Guac Config'''
 
<code>echo GUACAMOLE_HOME=/etc/guacamole >> /etc/default/tomcat9</code>
 
<code>mkdir -p /etc/guacamole/{extensions,lib}</code>
 
<code>touch /etc/guacamole/{guacamole.properties,guacd.conf}</code>
 
'''Set Up MariaDB'''
 
<code>mysql -u root -p</code>
 
<code>CREATE DATABASE guacamole_db;</code>
 
<code>exit</code>
 
'''Set Up MySQL Connector'''
 
<code>wget &lt;/nowiki&gt;https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-auth-jdbc-1.4.0.tar.gz</code>
 
<code>tar -xf guacamole-auth-jdbc-1.4.0.tar.gz</code>
 
<code>cd guacamole-auth-jdbc-1.4.0/mysql/</code>
 
<code>cat schema/*.sql | mysql -u root -p guacamole_db</code>
 
'''Connect Guac to MySQL'''
 
<code>mysql -u root -p</code>
 
<code>CREATE USER 'guacamole_user'@'localhost' IDENTIFIED BY 'StrongPassword';</code>
 
<code>GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';</code>
 
<code>FLUSH PRIVILEGES;</code>
 
<code>exit</code>
 
<code>cd guacamole-auth-jdbc-1.4.0/mysql/</code>
 
<code>cp guacamole-auth-jdbc-mysql-1.4.0.jar /etc/guacamole/extensions/guacamole-auth-jdbc-mysql.jar</code>
 
<code>wget https://cdn.mysql.com//Downloads/Connector-J/mysql-connector-java_8.0.28-1ubuntu20.04_all.deb</code>
 
<code>dpkg -i mysql-connector-java_8.0.28-1ubuntu20.04_all.deb</code>
 
<code>cp /usr/share/java/mysql-connector-java-8.0.28.jar /etc/guacamole/lib/mysql-connector.jar</code>
 
'''Edit Guac config to work with MySQL'''
 
Edit guacamole.properties
 
<code>nano /etc/guacamole/guacamole.properties</code>
 
Add the following:
 
<code>mysql-hostname: localhost<br />mysql-port: 3306<br />mysql-database: guacamole_db<br />mysql-username: guacamole_user<br />mysql-password: StrongPassword</code>
 
Edit guacd.conf:
 
<code>nano /etc/guacamole/guacd.conf</code>
 
Add the following:
 
<code>[server]<br />bind_host = 0.0.0.0<br />bind_port = 4822</code>
 
'''Restart Services'''
 
<code>sudo systemctl restart tomcat9 guacd</code>
 
'''Get Guacamole client'''
 
<code>wget https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-1.4.0.war<br />mv guacamole-1.4.0.war guacamole.war<br />cp guacamole.war /var/lib/tomcat9/webapps<br />ls /var/lib/tomcat9/webapps</code>
 
 
'''Edit tomcat server Config'''
 
<code>nano /etc/tomcat9/server.xml</code>
 
Add the following:
 
<pre>
<Valve className="org.apache.catalina.valves.RemoteIpValve"
            internalProxies="127.0.0.1"
            remoteIpHeader="x-forwarded-for"
            remoteIpProxiesHeader="x-forwarded-by"
            protocolHeader="x-forwarded-proto" />
</pre>
 
'''Restart tomcat9'''
 
<code>sudo systemctl restart tomcat9</code>
 
 
Apache Guacamole should now be installed and reachable at <code>http://localhost:8080/guacamole</code>
 
The default sign in credentials are username:<code>guacadmin</code> password:<code>guacadmin</code>
 
==Add TOTP Authentication ==
Download the TOTP extension for Apache Guacamole and install it to the extensions folder:
 
<code>wget <nowiki>https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-auth-totp-1.4.0.tar.gz</nowiki></code>
 
<code>tar -zxf guacamole-auth-totp-1.4.0.tar.gz guacamole-auth-totp-1.4.0/guacamole-auth-totp-1.4.0.jar</code>
 
<code>mv guacamole-auth-totp-1.4.0/guacamole-auth-totp-1.4.0.jar /etc/guacamole/extensions/</code>
 
<code>systemctl restart tomcat9</code>
==Fix RDP Connection Issues ==
If you have connection issues, fix by adding a guacd user:
 
<code>useradd -M -d /var/lib/guacd/ -r -s /sbin/nologin -c "Guacd User" guacd</code>
 
<code>mkdir /var/lib/guacd</code>
 
<code>chown -R guacd: /var/lib/guacd</code>
 
<code>sed -i 's/daemon/guacd/' /etc/systemd/system/guacd.service</code>
 
<code>systemctl daemon-reload</code>
 
<code>systemctl restart guacd</code>
 
==See also ==
* [[Reverse Proxy]]
* [[Apache Web Server]]
==References ==
*https://adamtheautomator.com/apache-guacamole/
*https://kifarunix.com/install-guacamole-on-debian-11/#fix-rdp-security-negotiation-failed
*https://kifarunix.com/configure-totp-two-factor-authentication-on-apache-guacamole/
==Bibliography ==
==External links ==
{{DEFAULTSORT:}}

Latest revision as of 02:36, 21 August 2022

Apache Guacamole is a Self hosted application for Remote Desktop services. Guacamole allows remote desktop services to be accessed over HTTP.

The main page for Apache Guacamole can be accessed here:

https://guacamole.apache.org/

Guacamole Installation

This guide is best suited for a Guacamole installation on Ubuntu Server 20.04 LTS

Run as Root

sudo su

Update System

apt update && apt upgrade

Install MariaDB

apt install mariadb-server

Install Dependencies

apt install -y build-essential libcairo2-dev libjpeg62-turbo-dev libpng-dev libtool-bin libossp-uuid-dev libavutil-dev libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libvncserver-dev libtelnet-dev libwebsockets-dev libssl-dev libvorbis-dev libwebp-dev libpulse-dev sudo vim

Install tomcat9

sudo apt install tomcat9 -y

Enable tomcat

sudo systemctl enable --now tomcat9

sudo systemctl status tomcat9

Get Guacamole server code

wget https://dlcdn.apache.org/guacamole/1.4.0/source/guacamole-server-1.4.0.tar.gz

untar

tar -xzf guacamole-server-1.4.0.tar.gz

Install

cd guacamole-server-1.4.0/

./configure --with-systemd-dir=/etc/systemd/system/ --disable-dependency-tracking

make

make install

sudo ldconfig

sudo systemctl daemon-reload

sudo systemctl enable --now guacd

sudo systemctl status guacd

Edit Guac Config

echo GUACAMOLE_HOME=/etc/guacamole >> /etc/default/tomcat9

mkdir -p /etc/guacamole/{extensions,lib}

touch /etc/guacamole/{guacamole.properties,guacd.conf}

Set Up MariaDB

mysql -u root -p

CREATE DATABASE guacamole_db;

exit

Set Up MySQL Connector

wget </nowiki>https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-auth-jdbc-1.4.0.tar.gz

tar -xf guacamole-auth-jdbc-1.4.0.tar.gz

cd guacamole-auth-jdbc-1.4.0/mysql/

cat schema/*.sql | mysql -u root -p guacamole_db

Connect Guac to MySQL

mysql -u root -p

CREATE USER 'guacamole_user'@'localhost' IDENTIFIED BY 'StrongPassword';

GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';

FLUSH PRIVILEGES;

exit

cd guacamole-auth-jdbc-1.4.0/mysql/

cp guacamole-auth-jdbc-mysql-1.4.0.jar /etc/guacamole/extensions/guacamole-auth-jdbc-mysql.jar

wget https://cdn.mysql.com//Downloads/Connector-J/mysql-connector-java_8.0.28-1ubuntu20.04_all.deb

dpkg -i mysql-connector-java_8.0.28-1ubuntu20.04_all.deb

cp /usr/share/java/mysql-connector-java-8.0.28.jar /etc/guacamole/lib/mysql-connector.jar

Edit Guac config to work with MySQL

Edit guacamole.properties

nano /etc/guacamole/guacamole.properties

Add the following:

mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: StrongPassword

Edit guacd.conf:

nano /etc/guacamole/guacd.conf

Add the following:

[server]
bind_host = 0.0.0.0
bind_port = 4822

Restart Services

sudo systemctl restart tomcat9 guacd

Get Guacamole client

wget https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-1.4.0.war
mv guacamole-1.4.0.war guacamole.war
cp guacamole.war /var/lib/tomcat9/webapps
ls /var/lib/tomcat9/webapps


Edit tomcat server Config

nano /etc/tomcat9/server.xml

Add the following:

<Valve className="org.apache.catalina.valves.RemoteIpValve"
            internalProxies="127.0.0.1"
            remoteIpHeader="x-forwarded-for"
            remoteIpProxiesHeader="x-forwarded-by"
            protocolHeader="x-forwarded-proto" />

Restart tomcat9

sudo systemctl restart tomcat9


Apache Guacamole should now be installed and reachable at http://localhost:8080/guacamole

The default sign in credentials are username:guacadmin password:guacadmin

Add TOTP Authentication

Download the TOTP extension for Apache Guacamole and install it to the extensions folder:

wget https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-auth-totp-1.4.0.tar.gz

tar -zxf guacamole-auth-totp-1.4.0.tar.gz guacamole-auth-totp-1.4.0/guacamole-auth-totp-1.4.0.jar

mv guacamole-auth-totp-1.4.0/guacamole-auth-totp-1.4.0.jar /etc/guacamole/extensions/

systemctl restart tomcat9

Fix RDP Connection Issues

If you have connection issues, fix by adding a guacd user:

useradd -M -d /var/lib/guacd/ -r -s /sbin/nologin -c "Guacd User" guacd

mkdir /var/lib/guacd

chown -R guacd: /var/lib/guacd

sed -i 's/daemon/guacd/' /etc/systemd/system/guacd.service

systemctl daemon-reload

systemctl restart guacd

See also

References

Bibliography

External links

  •  
  •