Guacamole

From Amahi Wiki
Jump to: navigation, search

What is Guacamole?

Guacamole is an HTML5 remote desktop gateway.

Guacamole provides access to desktop environments using remote desktop protocols like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing access to multiple desktops through a web browser.

No browser plugins are needed, and no client software needs to be installed. The client requires nothing more than a web browser supporting HTML5 and AJAX.

Installing Guacamole on Amahi

Dependencies

The following dependencies are included so as to make as many features in Guacamole available to the installer.

In terminal, as root, install dependencies with the following:

For Fedora 21 or lower

bash code
​$ su Password: # sudo yum install tomcat gcc cairo-devel libjpeg-devel libpng-devel uuid-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel​

For Fedora 23 or higher

bash code
​$ su Password: # sudo dnf install tomcat gcc cairo-devel libjpeg-devel libpng-devel uuid-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel​


Some packages may be already included in your Amahi install so Fedora / Amahi will skip it.

Preparing Amahi

Login to your Amahi Dashboard and choose "Set Up" in the upper right. Now select the "Apps" tab. Click on "Webapps" and on the page that comes up choose the "New Web App" button at the bottom. Fill in the name (guacamole) and leave everything else as it is.

  • Note: If you do not see the "Webapps" option under "Apps" then you need to activate "Advanced Settings" under the "Settings" tab of your Amahi dashboard.

Setting up MySQL Authentication

Creating the Database

In terminal, run the following command

bash code
​sudo mysql -u root -p​

The password requested is the root user password for MySQL on Amahi; In MariaDB enter the following:

bash code
​create database guacdb;
bash code
​create user 'guacuser'@'localhost' identified by 'guac123';
bash code
​grant select,insert,update,delete on guacdb.* to 'guacuser'@'localhost';
bash code
​flush privileges;
bash code
​quit​


Installing MySQL Authentication Module

Create a working directory and move there

bash code
​sudo mkdir -p /var/hda/web-apps/guacamole/sqlauth && cd /var/hda/web-apps/guacamole/sqlauth​


Download Guacamole's authorization module

bash code
​sudo wget http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-0.9.9.tar.gz​


Unpack it

bash code
​sudo tar -zxf guacamole-auth-jdbc-0.9.9.tar.gz​


Download MySQL and Java Connector

bash code
​sudo wget http://dev.mysql.com/get/Downloads/Connector/j/mysql-connector-java-5.1.38.tar.gz​


Unpack it

bash code
​sudo tar -zxf mysql-connector-java-5.1.38.tar.gz​


Create directories for the extensions in Tomcat's folders

bash code
​sudo mkdir -p /usr/share/tomcat/.guacamole/{extensions,lib}


Move the modules to their respective directories.

bash code
​sudo mv guacamole-auth-jdbc-0.9.9/mysql/guacamole-auth-jdbc-mysql-0.9.9.jar /usr/share/tomcat/.guacamole/extensions/​
bash code
​sudo mv mysql-connector-java-5.1.38/mysql-connector-java-5.1.38-bin.jar /usr/share/tomcat/.guacamole/lib/​

Restart MariaDB

bash code
​sudo systemctl restart mariadb.service​


Loading Guacamole's schema into the MySQL Tables

The schema for MySQL was downloaded in the previous process. Just change directories to the files location

bash code
​cd /var/hda/web-apps/guacamole/sqlauth/guacamole-auth-jdbc-0.9.9/mysql/schema/​

and run the following command:

sudo cat ./*.sql | mysql -u root -p guacdb

The above is bash code. I have to format it differently to get all of the code to show on this wiki page.

The password requested is the root user password for MySQL.

Installing Guacamole Server

Guacamole uses "guacd", a Guacamole server and a Guacamole Client for users to connect to the "guacd" server. We first install Guacamole Server.

Change Directories

bash code
​cd /var/hda/web-apps/guacamole​


Download Guacamole Server

bash code
​sudo wget https://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-0.9.9.tar.gz​

Unpackage it

bash code
​tar -xzf guacamole-server-0.9.9.tar.gz​

Move to the Guacamole source code directory

bash code
​cd guacamole-server-0.9.9/​

Configure, make and install it.

bash code
​sudo ./configure --with-init-dir=/etc/init.d​
bash code
​sudo make​
bash code
​sudo make install​
bash code
​sudo ldconfig​


Configuring Guacamole to Use MySQL Authentication

You will need to edit /etc/guacamole/guacamole.properties

Start at the line "# Hostname and port of guacamole proxy" and replace everything below it with this:

guacd-hostname: localhost
guacd-port:     4822

# Auth provider class (authenticates user/pass combination, needed if using the provided login screen)
auth-provider: net.sourceforge.guacamole.net.auth.mysql.MySQLAuthenticationProvider
basic-user-mapping: /etc/guacamole/user-mapping.xml

# Location to read extra .jar's from
lib-directory:  /var/lib/guacamole/classpath

# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole
mysql-username: guacamole
mysql-password: some_password

Use the real password you chose when creating the MySQL database for the Guacamole database in place of the string "some_password" as shown above.

Deploying Guacamole

To deploy Guacamole, you must make two symbolic links: one effectively copying the web application (now located at /var/lib/guacamole/guacamole.war) into the directory Tomcat monitors for web application deployment, and the other effectively copying the configuration file, guacamole.properties, into the Tomcat's classpath, such that Guacamole can find it once it runs. This must be done as root:

bash code
​# ln -s /var/lib/guacamole/guacamole.war /var/lib/tomcat6/webapps # ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat6/lib​


Restart Tomcat

bash code
​service tomcat6 restart​


Start Guacamole's service

bash code
​service guacd start​


Now configure the tomcat6 and guacd services to run automatically

bash code
​# chkconfig tomcat6 on # chkconfig guacd on​


Configuring Guacamole and Amahi

Create Symbolic links between guacamole in Tomcat and Amahi's webapp directory

bash code
​# ln -s /var/lib/tomcat6/webapps/guacamole/admin.xhtml /var/hda/web-apps/guacamole/html # ln -s /var/lib/tomcat6/webapps/guacamole/agpl-3.0-standalone.html /var/hda/web-apps/guacamole/html # ln -s /var/lib/tomcat6/webapps/guacamole/client.xhtml /var/hda/web-apps/guacamole/html # ln -s /var/lib/tomcat6/webapps/guacamole/guacamole-common-js /var/hda/web-apps/guacamole/html # ln -s /var/lib/tomcat6/webapps/guacamole/images /var/hda/web-apps/guacamole/html # ln -s /var/lib/tomcat6/webapps/guacamole/index.xhtml /var/hda/web-apps/guacamole/html # ln -s /var/lib/tomcat6/webapps/guacamole/layouts /var/hda/web-apps/guacamole/html # ln -s /var/lib/tomcat6/webapps/guacamole/META-INF /var/hda/web-apps/guacamole/html # ln -s /var/lib/tomcat6/webapps/guacamole/scripts /var/hda/web-apps/guacamole/html # ln -s /var/lib/tomcat6/webapps/guacamole/styles /var/hda/web-apps/guacamole/html # ln -s /var/lib/tomcat6/webapps/guacamole/WEB-INF /var/hda/web-apps/guacamole/html​
  • Hint: Count your links and make sure you have all of them!


As root, create .htaccess file in /var/hda/web-apps/guacamole/html

bash code
​# cd /var/hda/web-apps/guacamole/html # gedit .htaccess​


This is the text for the .htaccess file:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule (.*) http://%{HTTP_HOST}:8080/guacamole [R,L]

Make sure the owner of all the file is apache and the group is users.

bash code
​# chown -R apache /var/hda/web-apps/guacamole # chgrp -R users /var/hda/web-apps/guacamole​


In /etc/httpd/conf.d/####-guacamole.conf, change "AllowOverride AuthConfig" to "AllowOverride FileInfo Limit Options Indexes"

Logging In to Guacamole

You can access the web login screen for Guacamole from the server at http://127.0.0.1:8080/guacamole

The default user is "guacadmin", with the default password of "guacadmin". You can change your password by editing your own user in the administration screen.

With everything configured correctly you should be able to access the web login screen through Amahi at http://guacamole.yourhdaname.com:8080/guacamole/

Port Forwarding

If you want Guacamole's web interface to be accessible outside of your LAN you will have to forward a random, unused port (1111, for example) to port 8080 in your router. Then when you access Guacamole from outside your LAN you will need to add "/guacamole" to the end of your url. (serverblahblah.yourhda.com:1111/guacamole) If you do not add "/guacamole" to your url, you will see a blank page since you did not specify which application in Tomcat you wanted to access.