Difference between revisions of "Apache Guacamole"
| (10 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
Apache Guacamole is a | Apache Guacamole is a [[Self hosted applications|Self hosted application]] for Remote Desktop services. Guacamole allows remote desktop services to be accessed over HTTP. | ||
The main page for Apache Guacamole can be accessed here: | The main page for Apache Guacamole can be accessed here: | ||
https://guacamole.apache.org/ | https://guacamole.apache.org/ | ||
== Guacamole Installation == | ==Guacamole Installation == | ||
This guide is best suited for a Guacamole installation on Ubuntu Server 20.04 LTS | This guide is best suited for a Guacamole installation on [[Ubuntu | Ubuntu Server 20.04 LTS]] | ||
'''Run as Root''' | '''Run as Root''' | ||
| Line 25: | Line 25: | ||
'''Install tomcat9''' | '''Install tomcat9''' | ||
<code | <code>sudo apt install tomcat9 -y</code> | ||
'''Enable tomcat''' | '''Enable tomcat''' | ||
| Line 77: | Line 77: | ||
'''Set Up MySQL Connector''' | '''Set Up MySQL Connector''' | ||
<code>wget | <code>wget </nowiki>https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-auth-jdbc-1.4.0.tar.gz</code> | ||
<code>tar -xf guacamole-auth-jdbc-1.4.0.tar.gz</code> | <code>tar -xf guacamole-auth-jdbc-1.4.0.tar.gz</code> | ||
| Line 115: | Line 115: | ||
Add the following: | Add the following: | ||
<code>mysql-hostname: localhost<br /> | <code>mysql-hostname: localhost<br />mysql-port: 3306<br />mysql-database: guacamole_db<br />mysql-username: guacamole_user<br />mysql-password: StrongPassword</code> | ||
mysql-port: 3306<br /> | |||
mysql-database: guacamole_db<br /> | |||
mysql-username: guacamole_user<br /> | |||
mysql-password: StrongPassword</code> | |||
Edit guacd.conf: | Edit guacd.conf: | ||
| Line 127: | Line 123: | ||
Add the following: | Add the following: | ||
<code>[server]<br /> | <code>[server]<br />bind_host = 0.0.0.0<br />bind_port = 4822</code> | ||
bind_host = 0.0.0.0<br /> | |||
bind_port = 4822</code> | |||
'''Restart Services''' | '''Restart Services''' | ||
| Line 137: | Line 131: | ||
'''Get Guacamole client''' | '''Get Guacamole client''' | ||
<code>wget https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-1.4.0.war<br /> | <code>wget https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-1.4.0.war<br />mv guacamole-1.4.0.war guacamole.war<br />cp guacamole.war /var/lib/tomcat9/webapps<br />ls /var/lib/tomcat9/webapps</code> | ||
mv guacamole-1.4.0.war guacamole.war<br /> | |||
cp guacamole.war /var/lib/tomcat9/webapps<br /> | |||
ls /var/lib/tomcat9/webapps</code> | |||
| Line 149: | Line 140: | ||
Add the following: | Add the following: | ||
<pre> | |||
<Valve className="org.apache.catalina.valves.RemoteIpValve" | <Valve className="org.apache.catalina.valves.RemoteIpValve" | ||
internalProxies="127.0.0.1" | internalProxies="127.0.0.1" | ||
| Line 154: | Line 146: | ||
remoteIpProxiesHeader="x-forwarded-by" | remoteIpProxiesHeader="x-forwarded-by" | ||
protocolHeader="x-forwarded-proto" /> | protocolHeader="x-forwarded-proto" /> | ||
</pre> | |||
'''Restart tomcat9''' | |||
<code>sudo systemctl restart tomcat9</code> | <code>sudo systemctl restart tomcat9</code> | ||
Apache Guacamole should now be installed and reachable at <code>http://localhost:8080/guacamole</code> | Apache Guacamole should now be installed and reachable at <code>http://localhost:8080/guacamole</code> | ||
The default sign in credentials are username:<code>guacadmin</code> password:<code>guacadmin</code> | The default sign in credentials are username:<code>guacadmin</code> password:<code>guacadmin</code> | ||
== | |||
==Add TOTP Authentication == | |||
== See also == | Download the TOTP extension for Apache Guacamole and install it to the extensions folder: | ||
<code>wget <nowiki>https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-auth-totp-1.4.0.tar.gz</nowiki></code> | |||
<code>tar -zxf guacamole-auth-totp-1.4.0.tar.gz guacamole-auth-totp-1.4.0/guacamole-auth-totp-1.4.0.jar</code> | |||
<code>mv guacamole-auth-totp-1.4.0/guacamole-auth-totp-1.4.0.jar /etc/guacamole/extensions/</code> | |||
<code>systemctl restart tomcat9</code> | |||
==Fix RDP Connection Issues == | |||
If you have connection issues, fix by adding a guacd user: | |||
<code>useradd -M -d /var/lib/guacd/ -r -s /sbin/nologin -c "Guacd User" guacd</code> | |||
<code>mkdir /var/lib/guacd</code> | |||
<code>chown -R guacd: /var/lib/guacd</code> | |||
<code>sed -i 's/daemon/guacd/' /etc/systemd/system/guacd.service</code> | |||
<code>systemctl daemon-reload</code> | |||
<code>systemctl restart guacd</code> | |||
==See also == | |||
* [[Reverse Proxy]] | * [[Reverse Proxy]] | ||
* [[Apache Web Server]] | * [[Apache Web Server]] | ||
== References == | ==References == | ||
* https://adamtheautomator.com/apache-guacamole/ | *https://adamtheautomator.com/apache-guacamole/ | ||
* https://kifarunix.com/install-guacamole-on-debian-11/#fix-rdp-security-negotiation-failed | *https://kifarunix.com/install-guacamole-on-debian-11/#fix-rdp-security-negotiation-failed | ||
== Bibliography == | *https://kifarunix.com/configure-totp-two-factor-authentication-on-apache-guacamole/ | ||
==Bibliography == | |||
== External links == | ==External links == | ||
* | * | ||
* | * | ||
{{DEFAULTSORT:}} | {{DEFAULTSORT:}} | ||
Latest revision as of 02:36, 21 August 2022
Apache Guacamole is a Self hosted application for Remote Desktop services. Guacamole allows remote desktop services to be accessed over HTTP.
The main page for Apache Guacamole can be accessed here:
Guacamole Installation
This guide is best suited for a Guacamole installation on Ubuntu Server 20.04 LTS
Run as Root
sudo su
Update System
apt update && apt upgrade
Install MariaDB
apt install mariadb-server
Install Dependencies
apt install -y build-essential libcairo2-dev libjpeg62-turbo-dev libpng-dev libtool-bin libossp-uuid-dev libavutil-dev libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libvncserver-dev libtelnet-dev libwebsockets-dev libssl-dev libvorbis-dev libwebp-dev libpulse-dev sudo vim
Install tomcat9
sudo apt install tomcat9 -y
Enable tomcat
sudo systemctl enable --now tomcat9
sudo systemctl status tomcat9
Get Guacamole server code
wget https://dlcdn.apache.org/guacamole/1.4.0/source/guacamole-server-1.4.0.tar.gz
untar
tar -xzf guacamole-server-1.4.0.tar.gz
Install
cd guacamole-server-1.4.0/
./configure --with-systemd-dir=/etc/systemd/system/ --disable-dependency-tracking
make
make install
sudo ldconfig
sudo systemctl daemon-reload
sudo systemctl enable --now guacd
sudo systemctl status guacd
Edit Guac Config
echo GUACAMOLE_HOME=/etc/guacamole >> /etc/default/tomcat9
mkdir -p /etc/guacamole/{extensions,lib}
touch /etc/guacamole/{guacamole.properties,guacd.conf}
Set Up MariaDB
mysql -u root -p
CREATE DATABASE guacamole_db;
exit
Set Up MySQL Connector
wget </nowiki>https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-auth-jdbc-1.4.0.tar.gz
tar -xf guacamole-auth-jdbc-1.4.0.tar.gz
cd guacamole-auth-jdbc-1.4.0/mysql/
cat schema/*.sql | mysql -u root -p guacamole_db
Connect Guac to MySQL
mysql -u root -p
CREATE USER 'guacamole_user'@'localhost' IDENTIFIED BY 'StrongPassword';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';
FLUSH PRIVILEGES;
exit
cd guacamole-auth-jdbc-1.4.0/mysql/
cp guacamole-auth-jdbc-mysql-1.4.0.jar /etc/guacamole/extensions/guacamole-auth-jdbc-mysql.jar
wget https://cdn.mysql.com//Downloads/Connector-J/mysql-connector-java_8.0.28-1ubuntu20.04_all.deb
dpkg -i mysql-connector-java_8.0.28-1ubuntu20.04_all.deb
cp /usr/share/java/mysql-connector-java-8.0.28.jar /etc/guacamole/lib/mysql-connector.jar
Edit Guac config to work with MySQL
Edit guacamole.properties
nano /etc/guacamole/guacamole.properties
Add the following:
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: StrongPassword
Edit guacd.conf:
nano /etc/guacamole/guacd.conf
Add the following:
[server]
bind_host = 0.0.0.0
bind_port = 4822
Restart Services
sudo systemctl restart tomcat9 guacd
Get Guacamole client
wget https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-1.4.0.war
mv guacamole-1.4.0.war guacamole.war
cp guacamole.war /var/lib/tomcat9/webapps
ls /var/lib/tomcat9/webapps
Edit tomcat server Config
nano /etc/tomcat9/server.xml
Add the following:
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto" />
Restart tomcat9
sudo systemctl restart tomcat9
Apache Guacamole should now be installed and reachable at http://localhost:8080/guacamole
The default sign in credentials are username:guacadmin password:guacadmin
Add TOTP Authentication
Download the TOTP extension for Apache Guacamole and install it to the extensions folder:
wget https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-auth-totp-1.4.0.tar.gz
tar -zxf guacamole-auth-totp-1.4.0.tar.gz guacamole-auth-totp-1.4.0/guacamole-auth-totp-1.4.0.jar
mv guacamole-auth-totp-1.4.0/guacamole-auth-totp-1.4.0.jar /etc/guacamole/extensions/
systemctl restart tomcat9
Fix RDP Connection Issues
If you have connection issues, fix by adding a guacd user:
useradd -M -d /var/lib/guacd/ -r -s /sbin/nologin -c "Guacd User" guacd
mkdir /var/lib/guacd
chown -R guacd: /var/lib/guacd
sed -i 's/daemon/guacd/' /etc/systemd/system/guacd.service
systemctl daemon-reload
systemctl restart guacd
See also
References
- https://adamtheautomator.com/apache-guacamole/
- https://kifarunix.com/install-guacamole-on-debian-11/#fix-rdp-security-negotiation-failed
- https://kifarunix.com/configure-totp-two-factor-authentication-on-apache-guacamole/