#Install guacamole on NS7
Install prerequisites
- Install from GUI:
OpenLDAP
Firewall Base
MariaDB (MySQL)
Reverse Proxy
Web Server
Now from console
yum update
Install needed packages, you can remove some of them based on the features you want enabled on guacamole, http://guacamole.incubator.apache.org/doc/0.9.10-incubating/gug/installing-guacamole.html
yum install cairo-devel libjpeg-devel uuid-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel libvorbis-devel libwebp-devel nethserver-tomcat gcc
- ffmpeg is not found in EPEL, I got it from nux dextop repo…
rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm
- Disable the repo to avoid unintentional updates from it
vi /etc/yum.repos.d/nux-dextop.repo
Set enabled=0 and save
- Install ffmpeg
yum install --enablerepo=nux-dextop ffmpeg ffmpeg-devel
#Get guacamole and related parts
cd /opt/
Place here:
- guacamole-server-0.9.10-incubating.tar.gz
- guacamole-0.9.10-incubating.war
- guacamole-auth-jdbc-0.9.10-incubating.tar.gz
- mysql-connector-java-5.1.38.tar.gz
You can get the server parts from https://guacamole.incubator.apache.org/releases/0.9.10-incubating/ and the java connector from https://dev.mysql.com/downloads/connector/j/
tar -xzf guacamole-server-0.9.10-incubating.tar.gz
mv guacamole-server-0.9.10-incubating guacamole
rm guacamole-server-0.9.10-incubating.tar.gz
cd guacamole
./configure --with-init-dir=/etc/init.d
make
make install
ldconfig
mkdir -p /var/lib/guacamole && mv /opt/guacamole-0.9.10-incubating.war /var/lib/guacamole/guacamole.war
ln -s /var/lib/guacamole/guacamole.war /var/lib/tomcat/webapps/
rm -rf /usr/lib64/freerdp/guacdr.so
ln -s /usr/local/lib/freerdp/guacdr.so /usr/lib64/freerdp/
mkdir ~/guacamole && cd ~/guacamole
mv /opt/guacamole-auth-jdbc-0.9.10-incubating.tar.gz ~/guacamole/guacamole-auth-jdbc-0.9.10-incubating.tar.gz
mv /opt/mysql-connector-java-5.1.38.tar.gz ~/guacamole/mysql-connector-java-5.1.38.tar.gz
mkdir -p /usr/share/tomcat/.guacamole/{extensions,lib}
tar -zxf guacamole-auth-jdbc-0.9.10-incubating.tar.gz
tar -zxf mysql-connector-java-5.1.38.tar.gz
tar -zxvf guacamole-auth-ldap-0.9.10-incubating.tar.gz
mv guacamole-auth-jdbc-0.9.10-incubating/mysql/guacamole-auth-jdbc-mysql-0.9.10-incubating.jar /usr/share/tomcat/.guacamole/extensions/guacamole-auth-jdbc-mysql.jar
mv mysql-connector-java-5.1.38/mysql-connector-java-5.1.38-bin.jar /usr/share/tomcat/.guacamole/lib/
mv guacamole-auth-ldap-0.9.10-incubating/guacamole-auth-ldap-0.9.10-incubating.jar /usr/share/tomcat/.guacamole/extensions/guacamole-auth-ldap.jar
- Enter mysql CLI and setup DB and user
mysql
create database guacdb;
create user 'guacuser'@'localhost' identified by 'guacDBpass';
MODIFY THESE CREDENTIALS TO SOMETHING SECURE
grant all privileges on guacdb.* to 'guacuser'@'localhost';
flush privileges;
quit
If you need the mysql password:
cat /var/lib/nethserver/secrets/mysql
cd ~/guacamole/guacamole-auth-jdbc-0.9.10-incubating/mysql/schema/
cat ./*.sql | mysql -u root -p guacdb
- Edit guacamole main configuration file
mkdir -p /etc/guacamole/ && vi /etc/guacamole/guacamole.properties
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacdb
mysql-username: guacuser #Taken from mysql user set earlier
mysql-password: guacDBpass #Taken from mysql pwd set earlier
# LDAP properties
ldap-hostname: localhost
ldap-encryption-method: starttls
ldap-search-bind-dn: cn=ldapservice,dc=directory,dc=nh
ldap-search-bind-password: xxxxxxxxxxxxxxxx #Taken from /var/lib/nethserver/secrets/ldapservice
ldap-user-base-dn: dc=directory,dc=nh
ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat/.guacamole/
cd ~ && rm -rf guacamole*
Setup the reverse proxy
vi /etc/httpd/conf.d/guacamole_reverse.conf
SSLProxyEngine on
# ProxyPass: guacamole
# Description:
ProxyPass /path/to/guacamole/ http://FQDN:8080/guacamole/ flushpackets=on
ProxyPassReverse /path/to/guacamole/ http://FQDN:8080/guacamole/
<Location />
SSLRequireSSL
</Location>
ProxyPass /path/to/guacamole/ ws://FQDN:8080/guacamole/websocket-tunnel
ProxyPassReverse /path/to/guacamole/ ws://FQDN:8080/guacamole/websocket-tunnel
<Location /websocket-tunnel>
</Location>
#Start services
systemctl enable tomcat.service
chkconfig guacd on
systemctl restart tomcat.service
systemctl start guacd.service
systemctl restart httpd.service
#Use it
Guacamole should be now accessible from the path you chose in the reverse proxy conf file on https (httpd) or FQDN:8080 over http (tomcat)
To use its new copy-paste feature, this extension is needed on chrome, it works like a charm !