A module is ready to be tested!
Guacamole is a remote desktop gateway. rpmfusion repo is used as epel seems to have no web client
I decided to make a howto out of this thread. Thanks to all contributors.
- service integration
- installation script used - thanks to @jackyes
- reverse proxy to have it on standard https port and using NS certificate - thanks to @greavette
- script for importing NS cert to java keystore if one doesn’t want to use reverse proxy - thanks to @ftimmers
- openjdk 1.7 instead of 1.8 for having same java version as webtop
- LDAP/AD - thanks to @sharpec
- Fix Uploads/Downloads - thanks to @dz00te
- import cert to java keystore or use letsencrypt cert in samba container to make AD work
Please try Guacamole, I think it’s a nice tool. Corrections, suggestions for default settings and improvements are always welcome.
# service mkdir -p /etc/e-smith/db/configuration/defaults/guacd echo "service" > /etc/e-smith/db/configuration/defaults/guacd/type echo "enabled" > /etc/e-smith/db/configuration/defaults/guacd/status config set guacd service status enabled signal-event runlevel-adjust # reverse proxy cat << EOF > /etc/httpd/conf.d/guacamole.conf SSLProxyEngine on ProxyPass /guacamole http://localhost:8080/guacamole ProxyPassReverse /guacamole http://localhost:8080/guacamole <Location /guacamole> SSLRequireSSL </Location> EOF systemctl restart httpd # installation yum -y install nethserver-mysql java-1.7.0-devel wget http://sourceforge.net/projects/guacamoleinstallscript/files/CentOS/guacamole-install-script.sh chmod +x guacamole-install-script.sh cat ~/.my.cnf ./guacamole-install-script.sh
Scroll up to copy your mariadb root password from the output of “cat ~/.mycnf” and just copy/paste it:
Enter the root password for MariaDB: YOURMARIADBPW Enter the Guacamole DB name: guacamole Enter the Guacamole DB username: guacamole Enter the Guacamole DB password: guacamole Enter the Java KeyStore password (least 6 characters): guacamole Do you wish to Install the Proxy feature (Nginx)?: no
Then you are asked to complete the Java keystore wizard (when you are using reverse proxy, this certificate is not used):
What is your first and last name? [Unknown]: Markus What is the name of your organizational unit? [Unknown]: Users What is the name of your organization? [Unknown]: NethServer What is the name of your City or Locality? [Unknown]: Vienna What is the name of your State or Province? [Unknown]: Vienna What is the two-letter country code for this unit? [Unknown]: AT Is CN=Markus, OU=Users, O=NethServer, L=Vienna, ST=Vienna, C=AT correct? [no]: yes
wget https://netix.dl.sourceforge.net/project/guacamole/current/extensions/guacamole-auth-ldap-0.9.13-incubating.tar.gz tar -zxvf guacamole-auth-ldap-0.9.13-incubating.tar.gz cp guacamole-auth-ldap-0.9.13-incubating/guacamole-auth-ldap-0.9.13-incubating.jar /var/lib/guacamole/extensions/ systemctl restart tomcat systemctl restart guacd
Add the following to
/etc/guacamole/guacamole.properties for LDAP:
# LDAP properties ldap-hostname: localhost ldap-port: 389 ldap-encryption-method:none ldap-user-base-dn: dc=directory,dc=nh ldap-search-bind-dn: cn=ldapservice,dc=directory,dc=nh ldap-search-bind-password: ****
Browse to https://YOURNETHSERVER/guacamole/ and login with username guacadmin and password guacadmin.