Guacamole Package?

#Install guacamole on NS7

Install prerequisites

  • Install from GUI:
    OpenLDAP
    Firewall Base
    MariaDB (MySQL)
    Reverse Proxy
    Web Server

Now from console

yum update

Install needed packages, you can remove some of them based on the features you want enabled on guacamole, http://guacamole.incubator.apache.org/doc/0.9.10-incubating/gug/installing-guacamole.html

yum install cairo-devel libjpeg-devel uuid-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel libvorbis-devel libwebp-devel nethserver-tomcat gcc

  • ffmpeg is not found in EPEL, I got it from nux dextop repo…

rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm

  • Disable the repo to avoid unintentional updates from it

vi /etc/yum.repos.d/nux-dextop.repo
Set enabled=0 and save

  • Install ffmpeg

yum install --enablerepo=nux-dextop ffmpeg ffmpeg-devel

#Get guacamole and related parts

cd /opt/

Place here:
- guacamole-server-0.9.10-incubating.tar.gz
- guacamole-0.9.10-incubating.war
- guacamole-auth-jdbc-0.9.10-incubating.tar.gz
- mysql-connector-java-5.1.38.tar.gz

You can get the server parts from https://guacamole.incubator.apache.org/releases/0.9.10-incubating/ and the java connector from https://dev.mysql.com/downloads/connector/j/

tar -xzf guacamole-server-0.9.10-incubating.tar.gz

mv guacamole-server-0.9.10-incubating guacamole

rm guacamole-server-0.9.10-incubating.tar.gz

cd guacamole

./configure --with-init-dir=/etc/init.d

make

make install

ldconfig

mkdir -p /var/lib/guacamole && mv /opt/guacamole-0.9.10-incubating.war /var/lib/guacamole/guacamole.war

ln -s /var/lib/guacamole/guacamole.war /var/lib/tomcat/webapps/

rm -rf /usr/lib64/freerdp/guacdr.so

ln -s /usr/local/lib/freerdp/guacdr.so /usr/lib64/freerdp/

mkdir ~/guacamole && cd ~/guacamole 

mv /opt/guacamole-auth-jdbc-0.9.10-incubating.tar.gz ~/guacamole/guacamole-auth-jdbc-0.9.10-incubating.tar.gz

mv /opt/mysql-connector-java-5.1.38.tar.gz ~/guacamole/mysql-connector-java-5.1.38.tar.gz

mkdir -p /usr/share/tomcat/.guacamole/{extensions,lib}

tar -zxf guacamole-auth-jdbc-0.9.10-incubating.tar.gz

tar -zxf mysql-connector-java-5.1.38.tar.gz

tar -zxvf guacamole-auth-ldap-0.9.10-incubating.tar.gz

mv guacamole-auth-jdbc-0.9.10-incubating/mysql/guacamole-auth-jdbc-mysql-0.9.10-incubating.jar /usr/share/tomcat/.guacamole/extensions/guacamole-auth-jdbc-mysql.jar

mv mysql-connector-java-5.1.38/mysql-connector-java-5.1.38-bin.jar /usr/share/tomcat/.guacamole/lib/

mv guacamole-auth-ldap-0.9.10-incubating/guacamole-auth-ldap-0.9.10-incubating.jar /usr/share/tomcat/.guacamole/extensions/guacamole-auth-ldap.jar
  • Enter mysql CLI and setup DB and user

mysql

create database guacdb;

create user 'guacuser'@'localhost' identified by 'guacDBpass';
MODIFY THESE CREDENTIALS TO SOMETHING SECURE

grant all privileges on guacdb.* to 'guacuser'@'localhost';

flush privileges;

quit

If you need the mysql password:
cat /var/lib/nethserver/secrets/mysql

    cd ~/guacamole/guacamole-auth-jdbc-0.9.10-incubating/mysql/schema/

    cat ./*.sql | mysql -u root -p guacdb
  • Edit guacamole main configuration file

mkdir -p /etc/guacamole/ && vi /etc/guacamole/guacamole.properties

# MySQL properties
    mysql-hostname: localhost
    mysql-port: 3306
    mysql-database: guacdb
    mysql-username: guacuser #Taken from mysql user set earlier
    mysql-password: guacDBpass #Taken from mysql pwd set earlier
	 
# LDAP properties
	ldap-hostname: localhost
	ldap-encryption-method: starttls
	ldap-search-bind-dn: cn=ldapservice,dc=directory,dc=nh
	ldap-search-bind-password: xxxxxxxxxxxxxxxx #Taken from /var/lib/nethserver/secrets/ldapservice
	ldap-user-base-dn: dc=directory,dc=nh

ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat/.guacamole/

cd ~ && rm -rf guacamole*

Setup the reverse proxy

vi /etc/httpd/conf.d/guacamole_reverse.conf

    SSLProxyEngine on
	# ProxyPass: guacamole
	# Description:
	ProxyPass       /path/to/guacamole/      http://FQDN:8080/guacamole/ flushpackets=on
	ProxyPassReverse        /path/to/guacamole/      http://FQDN:8080/guacamole/

        <Location />
		SSLRequireSSL
	</Location>

	ProxyPass /path/to/guacamole/ ws://FQDN:8080/guacamole/websocket-tunnel
	ProxyPassReverse /path/to/guacamole/ ws://FQDN:8080/guacamole/websocket-tunnel
	<Location /websocket-tunnel>

	</Location>

#Start services

systemctl enable tomcat.service
chkconfig guacd on
systemctl restart tomcat.service
systemctl start guacd.service
systemctl restart httpd.service

#Use it
Guacamole should be now accessible from the path you chose in the reverse proxy conf file on https (httpd) or FQDN:8080 over http (tomcat)

To use its new copy-paste feature, this extension is needed on chrome, it works like a charm !

9 Likes