A module is ready to be tested!
Guacamole is a remote desktop gateway. rpmfusion repo is used as epel seems to have no web client
I decided to make a howto out of this thread. Thanks to all contributors.
Features:
- service integration
- installation script used - thanks to @jackyes
- reverse proxy to have it on standard https port and using NS certificate - thanks to @greavette
- script for importing NS cert to java keystore if one doesnāt want to use reverse proxy - thanks to @ftimmers
- openjdk 1.7 instead of 1.8 for having same java version as webtop
- LDAP/AD - thanks to @sharpec
- Fix Uploads/Downloads - thanks to @dz00te
Todos:
- import cert to java keystore or use letsencrypt cert in samba container to make AD work
Please try Guacamole, I think itās a nice tool. Corrections, suggestions for default settings and improvements are always welcome.
Installation
# service
mkdir -p /etc/e-smith/db/configuration/defaults/guacd
echo "service" > /etc/e-smith/db/configuration/defaults/guacd/type
echo "enabled" > /etc/e-smith/db/configuration/defaults/guacd/status
config set guacd service status enabled
signal-event runlevel-adjust
# reverse proxy
cat << EOF > /etc/httpd/conf.d/guacamole.conf
SSLProxyEngine on
ProxyPass /guacamole http://localhost:8080/guacamole
ProxyPassReverse /guacamole http://localhost:8080/guacamole
<Location /guacamole>
SSLRequireSSL
</Location>
EOF
systemctl restart httpd
# installation
yum -y install nethserver-mysql java-1.7.0-devel
wget http://sourceforge.net/projects/guacamoleinstallscript/files/CentOS/guacamole-install-script.sh
chmod +x guacamole-install-script.sh
cat ~/.my.cnf
./guacamole-install-script.sh
Database config
Scroll up to copy your mariadb root password from the output of ācat ~/.mycnfā and just copy/paste it:
Enter the root password for MariaDB: YOURMARIADBPW
Enter the Guacamole DB name: guacamole
Enter the Guacamole DB username: guacamole
Enter the Guacamole DB password: guacamole
Enter the Java KeyStore password (least 6 characters): guacamole
Do you wish to Install the Proxy feature (Nginx)?: no
Certificate
Then you are asked to complete the Java keystore wizard (when you are using reverse proxy, this certificate is not used):
What is your first and last name?
[Unknown]: Markus
What is the name of your organizational unit?
[Unknown]: Users
What is the name of your organization?
[Unknown]: NethServer
What is the name of your City or Locality?
[Unknown]: Vienna
What is the name of your State or Province?
[Unknown]: Vienna
What is the two-letter country code for this unit?
[Unknown]: AT
Is CN=Markus, OU=Users, O=NethServer, L=Vienna, ST=Vienna, C=AT correct?
[no]: yes
LDAP (optional)
wget https://netix.dl.sourceforge.net/project/guacamole/current/extensions/guacamole-auth-ldap-0.9.13-incubating.tar.gz
tar -zxvf guacamole-auth-ldap-0.9.13-incubating.tar.gz
cp guacamole-auth-ldap-0.9.13-incubating/guacamole-auth-ldap-0.9.13-incubating.jar /var/lib/guacamole/extensions/
systemctl restart tomcat
systemctl restart guacd
Add the following to /etc/guacamole/guacamole.properties
for LDAP:
# LDAP properties
ldap-hostname: localhost
ldap-port: 389
ldap-encryption-method:none
ldap-user-base-dn: dc=directory,dc=nh
ldap-search-bind-dn: cn=ldapservice,dc=directory,dc=nh
ldap-search-bind-password: ****
Login
Browse to https://YOURNETHSERVER/guacamole/ and login with username guacadmin and password guacadmin.