Changes

From Amahi Wiki
Jump to: navigation, search

Guacamole (view source)

Revision as of 03:38, 18 June 2017

4,911 bytes added ,  03:38, 18 June 2017
→‎Load Guacamole Data
{{MessageBox|backgroundcolor = #faa|image =Warning.png|heading =WARNING|message =This is recommended only for advanced users, proceed with caution.}}= What is Guacamole? == [https://guacamole.incubator.apache.org/ Guacamole ] is an HTML5 remote desktop gatewaythat can be installed on Amahi 9 (Fedora 23). This guidance may work with other Amahi versions with some modification.
Guacamole provides access to desktop environments using remote desktop protocols like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing access to multiple desktops through a web browser.
No browser plugins are needed, and no client software needs to be installed. The client requires nothing more than a web browser supporting HTML5 and AJAX.
== Installing Guacamole on Amahi ===== Dependencies ===*tomcat6 *libvncserver *freerdp (This is official on the Guacamole siteREF: [http://www. Fedora 14 will not support Freerdp 1tecmint.0 or higher, thus RDP protocol in com/guacamole-access-remote-linux-windows-machines-via-web-browser/ Setting Up Web-Based Guacamole is not available. Leave freerdp out of the code below if you are running Fedora 14.)*libvorbisTool to Access Remote Linux/Windows Machines]
In terminal, = Install Guacamole =<div style="border: 1px solid #A3B1BF; padding: .8em 1em; background-color: #E6F2FF; margin: 0px 1em;">'''WARNING:''' All commands in this tutorial are executed as <code>root, install dependencies </code> (or precede with the following:<code>sudo</code>).</div>
{{Code|
Code = $ su
Password:
# yum install tomcat6 libvncserver freerdp libvorbis
}}
We have created a bash script to make installation simple or you can manually install using the guidance below. You '''MUST''' complete the [[Guacamole#Create Amahi Web App|Create Amahi Web App]] step prior to executing the following: wget <nowiki>https://www.dropbox.com/s/4hadafih8ahuj2n/install-guacamole.sh</nowiki> chmod 755 install-guacamole.sh ./install-guacamole.sh Do NOT use this script on anything less than Amahi 9 / Fedora 23 unless you edit it first to match your systems' requirements. (See [[Guacamole#Install Dependencies|Install Dependencies]] to learn what changes are necessary.) === Preparing Create Amahi =Web App ==Login to your Amahi Dashboard and choose "Set Up" install the Amahi [https://www.amahi.org/apps/web-apps Web Apps] plug-in the upper right.Ensure you '''enable''' [[Advanced Settings]]. 
Now select the "Apps" tab.
Click on "Webapps" and on the page that comes up choose the "New Web App" button at the bottom.
Fill in the name (guacamole) and leave everything else as it is.
* NoteEdit ''####-guacamole.conf'' in '''/etc/httpd/conf.d''' (replacing #### with the appropriate number): vi /etc/httpd/conf.d/####-guacamole.conf Right below the ''ServerAlias'' line, add the following: ProxyPass / <nowiki>http://localhost: If 8080/guacamole/</nowiki> ProxyPassReverse / <nowiki>http://localhost:8080/guacamole/</nowiki> Again, if you use vi for creating this file, press the <i>Esc</i> key to get back in command mode and <i>:wq</i> to write the changes and quit vi. Restart Apache systemctl restart httpd == Install Dependencies ==Due to the Fedora 23 ''freerdp'' packages being unstable, we must use the CentOS stable version. (Do not do not see this if you are installing on Fedora 21 or below) To install, execute the following:<pre>wget https://www.dropbox.com/s/p2uc1rcpckky75v/libxkbfile-1.0.8-5.el7.x86_64.rpmwget https://www.dropbox.com/s/0tjm7q93z9pw0hj/freerdp-libs-1.0.2-6.el7_2.1.x86_64.rpmwget https://www.dropbox.com/s/aysml7coehz0hqi/freerdp-devel-1.0.2-6.el7_2.1.x86_64.rpmrpm -Uvh libxkbfile-1.0.8-5.el7.x86_64.rpmrpm -Uvh freerdp-libs-1.0.2-6.el7_2.1.x86_64.rpmrpm -Uvh freerdp-devel-1.0.2-6.el7_2.1.x86_64.rpm</pre>  Now install the "Webapps" option under "Apps" then you need Fedora dependencies:For Fedora 23 or newer (Fedora 21, substitute <code>yum</code> for <code>dnf</code> and add <code>freerdp-devel</code> to activate "Advanced Settings" under the "Settings" tab list of your Amahi dashboarddependencies): dnf install tomcat gcc cairo-devel libjpeg-devel libpng-devel uuid-devel pango-devel \ libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel \ libvorbis-devel libwebp-devel dejavu-sans-mono-fonts terminus-fonts terminus-fonts-console == Configure MySQL Authentication ===== Install MySQL Authentication Module ===Create a working directory and move there mkdir -p /var/hda/web-apps/guacamole/sqlauth && cd /var/hda/web-apps/guacamole/sqlauth Download Guacamole's authorization module wget <nowiki>http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-0.9.9.tar.gz</nowiki> Unpack it tar -zxf guacamole-auth-jdbc-0.9.9.tar.gz Download MySQL and Java Connector wget <nowiki>http://dev.mysql.com/get/Downloads/Connector/j/mysql-connector-java-5.1.38.tar.gz</nowiki>
=== Downloading the Binary Packages ===Unpack itGo to http://guac tar -zxf mysql-connector-java-dev5.org/ and choose from the table the binary packages for your system1. For '''Fedora 14''', I chose the '''Fedora 15''' packages and they worked flawlessly38.tar.gz
=== Installing Guacamole ===In terminal, change Create directories to where for the packages downloaded and execute the following as root:extensions in Tomcat's folders{{Code|Code = # tar mkdir -xzf guacamole-0.8.0-fedora-15-i386.tarp /usr/share/tomcat/.gz# cd guacamole-0.8.0-fedora-15-i386/# rpm -i *.rpm{extensions,lib}}*Be aware that you may have to adjust the above code to match the file name you downloaded.
=== Setting up MySQL Authentication ======= Making Move the Directory ====modules to their respective directories.As root, create the "classpath" directory mv guacamole-auth-jdbc-0.9.9/mysql/guacamole-auth-jdbc-mysql-0.9.9.jar /usr/share/tomcat/.guacamole/extensions/{{Code|Code = mkdir mv mysql-connector-java-5.1.38/mysql-connector-java-5.1.38-bin.jar /usr/varshare/libtomcat/.guacamole/classpath}}lib/
==== Installing MySQL Authentication Module ====
Download the MySQL Authentication Module
http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-mysql-0.8.0.tar.gz/download
Move to the directory containing the download and unpack the downloadRestart MariaDB systemctl restart mariadb
{{Code|Code = # tar == Create the Database === hda-xzf guacamolecreate-authdb-mysqland-0.8.0.tar.gz}}*Be aware that you may have to adjust the above code to match the file name you downloaded.user guacdb
=== Configure Database Settings ===
Create a directory for the configuration file.
mkdir -p /etc/guacamole/
Copy all of the Create a file called "guacamole.jarproperties" files in that directory vi /etc/guacamole/guacamole.properties Press the <i>i</lib of i> key to begin inserting text into the downloaded guacamole.properties file to and include the classpath directory you created.following contents: # MySQL properties{{Code| mysql-hostname: localhostCode = cp mysql-r /whereever/you/downloaded/it/guacamoleport: 3306 mysql-database: guacdb mysql-authusername: guacdb mysql-password: guacdb # Additional settings mysql-default-max-connections-per-user: 0.8. mysql-default-max-group-connections-per-user: 0/lib/*.jar /var/lib/guacamole/classpath}}
You need one more ".jar" If you use vi for creating this file (MySQL Connector-J)that is not included in , press the guacamole-auth-mysql module. You can <i>Esc</i> key to get it here: httpback in command mode and <i>:wq<//devi> to write the changes and quit vi.mysql.com/downloads/connector/j/
Move to the directory containing the download and unpack the downloadNow create a symbolic link of this file for Tomcat ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat/.guacamole/
{{Code|Code = # tar == Load Guacamole Data ===The schema for MySQL was downloaded in the previous process.Just change directories to the files location cd /var/hda/web-xzf mysqlapps/guacamole/sqlauth/guacamole-connectorauth-javajdbc-50.19.25.tar9/mysql/schema/ and run the following command: cat .gz}}/*Be aware that you may have to adjust the above code to match the file name you downloaded.sql | mysql -uroot -p guacdb
::'''WARNING:''' Please see [[Database Root Password]] for the appropriate login password.
Copy mysql-connector-java-5.1.23-bin.jar == Install Guacamole Server ==Guacamole uses "guacd", a Guacamole server and a Guacamole Client for users to connect to the classpath directory you created"guacd" server.{{Code|Code = cp -r /whereever/you/downloaded/it/mysql-connector-java-5.1.25/mysql-connector-java-5.1.23-bin We first install Guacamole Server.jar /var/lib/guacamole/classpath}}
==== Making the MySQL Tables ====Change DirectoriesNow we need to create a MySQL Table that Guacamole can use{{Code|Code = $ mysql -u root cd /var/hda/web-pEnter password: default for Amahi is hdamysql> CREATE DATABASE apps/guacamole;Query OK, 1 row affected (0.00 sec)
mysqlDownload Guacamole Server wget <nowiki> CREATE USER 'https://sourceforge.net/projects/guacamole'@'localhost' IDENTIFIED BY 'some_password';Query OK, 0 rows affected (/files/current/source/guacamole-server-0.00 sec)9.9.tar.gz</nowiki>
mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON Unpackage it tar -xzf guacamole-server-0.9.9.* TO 'guacamole'@'localhost';Query OK, 0 rows affected (0tar.00 sec)gz
mysql> FLUSH PRIVILEGES;Move to the Guacamole source code directoryQuery OK, 0 rows affected ( cd guacamole-server-0.02 sec)9.9/
mysql> quitConfigure, make and install it.Bye ./configure --with-init-dir=/etc/init.d}} makeThe database and user can be named whatever you like, but the above coding steps refer to both as "guacamole". Naturally, you should choose a real password for your user rather than the string "some_password" shown above. make install ldconfig
==Install Guacamole Client == Running the SQL scripts ====Create a new directory and move to it. mkdir -p /var/lib/guacamole && cd /var/lib/guacamole/
The SQL scripts that create the database schema and default administrator user are included in the guacamole-auth-mysql-0Download Guacamole Client.8 wget <nowiki>http://sourceforge.0 archive you downloaded within the schemanet/projects/ directory. Change directories to the guacamole-auth-mysql-0.8.0 archive.{{Code|Code = cd /whereeverfiles/youcurrent/downloaded/itbinary/guacamole-auth-mysql-0.89.9.0}}war -O guacamole.war</nowiki>
The scripts are named such that they can be run in order with one command:Create a symbolic link of the file for Tomcat. $ cat schemaln -s /var/lib/guacamole/*.sql | mysql -u root -p guacamole Ender password: Amahi default is hdaTo get all of the MySQL code to appear on this page I had to format it as a block quote. You do run the above in terminal.war /var/lib/tomcat/webapps/
==Update Amahi Web App Files == Configuring Guacamole to Use MySQL Authentication ====You will need to edit Create Symbolic links between guacamole in Tomcat and Amahi's web app directory ln -s /var/lib/tomcat/etcwebapps/guacamole/* /var/hda/web-apps/guacamole.properties/html
Start at Make sure the line "# Hostname and port owner of guacamole proxy" all the file is ''apache'' and replace everything below it with thisthe group is ''users''. chown -R apache:users /var/hda/web-apps/guacamole
== Start Guacamole Server ==Restart Tomcat. guacd-hostname: localhost​systemctl restart tomcat Start Guacamole Server. /etc/init.d/guacd-port: 4822start Configure Guacamole Server to start at boot. systemctl enable tomcat # Auth provider class chkconfig guacd on = Log In to Guacamole =You can access the web login screen for Guacamole from computers in the network via '''<nowiki>http://****:8080/guacamole</nowiki>''' (authenticates Where the ''****'' is the IP address of your Amahi server). The default username/pass combination, needed if using password is ''guacadmin''/''guacadmin''. You can change your password by editing your own user in the provided login administration screen. = Access Outside the Network =If you want Guacamole's web interface to be accessible outside of your LAN you will have to forward a random, unused port (1111, for example)to port 8080 in your router.   auth-providerThen when you access Guacamole from outside your LAN you will need to add ''/guacamole'' to the end of your url. (<nowiki>http: net//servername.sourceforgeyourhda.com:1111/guacamole</nowiki>).net If you do not add ''/guacamole'' to your url, you will see a blank page since you did not specify which application in Tomcat you wanted to access.auth.mysql.MySQLAuthenticationProvider basic-user-mappingThe safest and most secure method to access Guacamole is using [https: /etc/guacamolewww.amahi.org/apps/openvpn OpenVPN] and an [[OpenVPN_clients|OpenVPN client]] from a smart phone, tablet, or computer. = Making Preset Connections in Guacamole = In Guacamole, an administrative User can create Connections that will be available to Guacamole users. == Enabling RDP in Windows Home and Basic Editions =="Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user-mappingwith a graphical interface to connect to another computer over a network connection." ''1'' If you do not have Windows pro or ultimate versions you have to run a patch that activates RDP.xml RDP Wrapper Library is an option for enabling RDP features. (Use this at your own risk. Please read RDP Wrapper Library literature and follow directions to install. # Location Any problems are to read extra be addressed with RDP Wrapper Library support.jar's from) lib-directoryhttps: /var/libgithub.com/stascorp/guacamolerdpwrap/classpathreleases If you have Windows Professional or Ultimate, you will need to "Allow Remote Access to Your Computer." (A simple Internet search of this phrase with your Windows version offers many tutorials on this.) == Guacamole RDP Connections to Windows Computers ==After you have login to Guacamole click on your login name in the upper right . In the drop-down menu choose "Settings." Click on the Connections tab on the settings page. Click the "New Connection" button.  Below are some VERY basic settings for an RDP connection in Guacamole:  # MySQL propertiesName: whatever you want to call it (One can put "RDP" within the name so as to differentiate between connections types in the list) mysql-hostnameLocation: localhostROOT mysql-portProtocol: 3306RDP  mysql-databaseMaximum number of connections: guacamole2 mysql-usernameMaximum number of connections per user: guacamole2  mysql-passwordHost Name: some_passwordThe fixed IP address of the computer to which you wished to connect. (For example ''192.168.1.10'') All the other settings are left either blank or as they were.
Use the real password Note: Using RDP, only one device at a time can be logged in under a specific user. If you chose when creating the MySQL database for are logging into a Windows computer by the user "Fred" by RDP using Guacamole database , any other device signed in place of the string as "some_passwordFred" as shown abovewill be logged out. The side effect is that, when using RDP, a technician (using Guacamole) and client (on their Window computer) cannot see the same active desktop simultaneously. As a workaround, one can set up a VNC and an RDP connection for each Windows computer. RDP can be quicker and more fluid so use RDP when working alone and VNC when one needs to see what is currently happening on a Users computer under their account.
=== Deploying Guacamole ===To deploy GuacamoleSpecial Note: Once settings are in place, you must make two symbolic links: one effectively copying users can click on their User Name in the web application (now located at /var/lib/guacamole/guacamole.war) into the directory Tomcat monitors for web application deployment, upper right corner and choose "Home" from the other effectively copying drop-down menu to return to the configuration file, guacamole.properties, into the Tomcat's classpath, such that Guacamole can find it once it runs. This must be done as root:{{Code|Code = # ln -s /var/lib/guacamole/guacamole.war /var/lib/tomcat6/webapps# ln home screen and use pre-s /etc/guacamole/guacamoleconfigured connections.properties /usr/share/tomcat6/lib}}
Restart Tomcat== Guacamole VNC Connections to Computers =={{Code|Code = service tomcat6 restart}}"In computing, Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network."''2''
Start In order to connect through Guacamoleto a client device by VNC, one needs to install VNC client software on the device and configure it to the user's service{{Code|Code = service guacd start}}desired specifications. In this publication, we will use a Windows based client and UltraVNC software, though this is by no means prescriptive for everyone.
Now configure ===Guacamole VNC Connections to Windows Computers =======UltraVNC Settings for Windows====Be sure to install UltraVNC to run as a service on the client system. Once UltraVNC is installed on the Windows computer, right-click on the tomcat6 system tray icon and guacd services to run automaticallychoose "Admin Properties" from the menu that comes up. Set the following values:
{{Code| Display Number or Ports to use: Select Ports and set Main and Http so something specific (e.g. 5904, 5804)Code = # chkconfig tomcat6 on# chkconfig guacd on}} Authentication: Set both the VNC Password and the View-Only Password. (Write them down. You will need it later.)
== Configuring Guacamole Click "OK" and Amahi ==Create Symbolic links between guacamole in Tomcat and Amahi's webapp directorythen give permission for the program to make changes to your system.
{{Code|====Guacamole Settings to Connect to the Windows client====Code = # ln -s /var/lib/tomcat6/webapps/guacamole/adminAfter logging in to Guacamole click on your login name in the upper right .xhtml /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/agpl-3.0In the drop-standalonedown menu choose "Settings.html /var/hda/web-apps/guacamole/html" # ln -s /var/lib/tomcat6/webapps/guacamole/clientClick on the Connections tab on the settings page.xhtml /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/guacamole-common-js /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/images /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/indexClick the "New Connection" button.xhtml /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/layouts /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/META-INF /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/scripts /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/styles /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/WEB-INF /var/hda/web-apps/guacamole/html}}
As root, create .htaccess file Below are some VERY basic settings for a VNC connection in /var/hda/web-apps/guacamole/html{{Code|Code = # cd /var/hda/web-apps/guacamole/html# gedit .htaccess}}Guacamole:
This is Name: whatever you want to call it (One can put "VNC" within the text for name so as to differentiate between connections types in the .htaccess file:list) RewriteEngine OnLocation: ROOT RewriteCond %{SERVER_PORT} 80 RewriteRule (.*) http://%{HTTP_HOST}Protocol:8080/guacamole [R,L]VNC
Make sure the owner Maximum number of all the file is apache and the group is users.connections: 2{{Code|Code = # chown -R apache /var/hda/web-apps/guacamole# chgrp -R users /var/hda/web-apps/guacamole}} Maximum number of connections per user:2
In /etc/httpd/conf Host Name: The fixed IP address of the computer to which you wished to connect.d/####-guacamole(For example ''192.168.1.10'') Port: The Main port number which was set in the Windows UltraVNC client software (e.g. 5904). Password: The VNC Password set earlier in the Windows UltraVNC client software.conf, change "AllowOverride AuthConfig" to "AllowOverride FileInfo Limit Options Indexes"
== Logging In to Guacamole ==You can access All the web login screen for Guacamole from the server at http://127.0.0other settings are left either blank or as they were.1:8080/guacamole
The default user is "guacadmin"Special Note: Once settings are in place, with users can click on their User Name in the default password of upper right corner and choose "guacadminHome". You can change your password by editing your own user in from the drop-down menu to return to the administration home screenand use pre-configured connections.
With everything configured correctly you should be able to access the web login screen through Amahi at http== References ==''1'' https://guacamoleen.yourhdanamewikipedia.com:8080org/guacamolewiki/Remote_Desktop_Protocol
== Port Forwarding ==If you want Guacamole's web interface to be accessible outside of your LAN you will have to forward a random'2'' Richardson, T.; Stafford-Fraser, Q.; Wood, K. R.; Hopper, unused port A. (1111, for example1998) to port 8080 in your router. Then when you access Guacamole from outside your LAN you will need to add "/guacamoleVirtual network computing" to the end of your url(PDF). (serverblahblahIEEE Internet Computing.yourhda2: 33.comdoi:111110.1109/guacamole) If you do not add "/guacamole" to your url, you will see a blank page since you did not specify which application in Tomcat you wanted to access4236.656066.
Bigfoot65
Trusted, Bureaucrats, Administrators
12,424

edits

Retrieved from "https://wiki.amahi.org/index.php/Special:MobileDiff/71576...108736"