Difference between revisions of "Guacamole"

From Amahi Wiki
Jump to: navigation, search
 
(178 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{MessageBox|backgroundcolor = #FBB|
+
{{MessageBox|
 +
backgroundcolor = #faa|
 
image =Warning.png|
 
image =Warning.png|
 
heading =WARNING|
 
heading =WARNING|
message = Fedora 14 is in maintenance mode.<br>[[Amahi 7]] is the latest stable release.}}
+
message = This is recommended only for advanced users, proceed with caution.}}
----
+
= What is Guacamole? =
 +
[https://guacamole.incubator.apache.org/ Guacamole] is an HTML5 remote desktop gateway that can be installed on Amahi 9 (Fedora 23).  This guidance may work with other Amahi versions with some modification.
  
 +
Guacamole provides access to desktop environments using remote desktop protocols like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing access to multiple desktops through a web browser.
  
{{NeedsUpdate}}
+
No browser plugins are needed, and no client software needs to be installed.  The client requires nothing more than a web browser supporting HTML5 and AJAX.
 
 
  
== What is Guacamole? ==
+
REF:  [http://www.tecmint.com/guacamole-access-remote-linux-windows-machines-via-web-browser/ Setting Up Web-Based Guacamole Tool to Access Remote Linux/Windows Machines]
Guacamole is an HTML5 remote desktop gateway. 
 
  
Guacamole provides access to desktop environments using remote desktop protocols like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing access to multiple desktops through a web browser.
+
= Install Guacamole =
 +
<div style="border: 1px solid #A3B1BF; padding: .8em 1em; background-color: #E6F2FF; margin: 0px 1em;">
 +
'''WARNING:''' All commands in this tutorial are executed as <code>root</code> (or precede with <code>sudo</code>).</div>
  
No browser plugins are needed, and no client software needs to be installed.  The client requires nothing more than a web browser supporting HTML5 and AJAX.
 
  
== Installing Guacamole on Amahi ==
+
We have created a bash script to make installation simple or you can manually install using the guidance below.  You '''MUST''' complete the [[Guacamole#Create Amahi Web App|Create Amahi Web App]] step prior to executing the following:
=== Dependencies ===
+
wget <nowiki>https://www.dropbox.com/s/4hadafih8ahuj2n/install-guacamole.sh</nowiki>
*tomcat6
+
  chmod 755 install-guacamole.sh
*libvncserver
+
./install-guacamole.sh
*freerdp (This is official on the Guacamole site. Fedora 14 will not support Freerdp 1.0 or higher, thus RDP protocol in Guacamole is not availableLeave freerdp out of the code below if you are running Fedora 14.)
 
*libvorbis
 
  
In terminal, as root, install dependencies with the following:
+
Do NOT use this script on anything less than Amahi 9 / Fedora 23 unless you edit it first to match your systems' requirements.  (See [[Guacamole#Install Dependencies|Install Dependencies]] to learn what changes are necessary.)
  
{{Code|
+
== Create Amahi Web App ==
Code = $ su
+
Login to your Amahi Dashboard and install the Amahi [https://www.amahi.org/apps/web-apps Web Apps] plug-in. Ensure you '''enable''' [[Advanced Settings]].
Password:  
 
# yum install tomcat6 libvncserver freerdp libvorbis
 
}}
 
  
=== Preparing Amahi ===
 
Login to your Amahi Dashboard and choose "Set Up" in the upper right.
 
 
Now select the "Apps" tab.
 
Now select the "Apps" tab.
 
Click on "Webapps" and on the page that comes up choose the "New Web App" button at the bottom.
 
Click on "Webapps" and on the page that comes up choose the "New Web App" button at the bottom.
 
Fill in the name (guacamole) and leave everything else as it is.
 
Fill in the name (guacamole) and leave everything else as it is.
  
* Note: If you do not see the "Webapps" option under "Apps" then you need to activate "Advanced Settings" under the "Settings" tab of your Amahi dashboard.
+
Edit ''####-guacamole.conf'' in '''/etc/httpd/conf.d''' (replacing #### with the appropriate number):
 +
vi /etc/httpd/conf.d/####-guacamole.conf
 +
 
 +
Right below the ''ServerAlias'' line, add the following:
 +
ProxyPass / <nowiki>http://localhost:8080/guacamole/</nowiki>
 +
ProxyPassReverse / <nowiki>http://localhost:8080/guacamole/</nowiki>
 +
 
 +
Again, if you use vi for creating this file, press the <i>Esc</i> key to get back in command mode and <i>:wq</i> to write the changes and quit vi.
 +
 
 +
Restart Apache
 +
systemctl restart httpd
 +
 
 +
== Install Dependencies ==
 +
Due to the Fedora 23 ''freerdp'' packages being unstable, we must use the CentOS stable version.  (Do not do this if you are installing on Fedora 21 or below)  To install, execute the following:
 +
<pre>wget https://www.dropbox.com/s/p2uc1rcpckky75v/libxkbfile-1.0.8-5.el7.x86_64.rpm
 +
wget https://www.dropbox.com/s/0tjm7q93z9pw0hj/freerdp-libs-1.0.2-6.el7_2.1.x86_64.rpm
 +
wget https://www.dropbox.com/s/aysml7coehz0hqi/freerdp-devel-1.0.2-6.el7_2.1.x86_64.rpm
 +
rpm -Uvh libxkbfile-1.0.8-5.el7.x86_64.rpm
 +
rpm -Uvh freerdp-libs-1.0.2-6.el7_2.1.x86_64.rpm
 +
rpm -Uvh freerdp-devel-1.0.2-6.el7_2.1.x86_64.rpm</pre>
 +
 
 +
Now install the Fedora dependencies:
 +
For Fedora 23 or newer (Fedora 21, substitute <code>yum</code> for <code>dnf</code> and add <code>freerdp-devel</code> to the list of dependencies):
 +
dnf install tomcat gcc cairo-devel libjpeg-devel libpng-devel uuid-devel pango-devel \
 +
libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel \
 +
libvorbis-devel libwebp-devel dejavu-sans-mono-fonts terminus-fonts terminus-fonts-console
 +
 
 +
== Configure MySQL Authentication ==
 +
=== Install MySQL Authentication Module ===
 +
Create a working directory and move there
 +
mkdir -p /var/hda/web-apps/guacamole/sqlauth && cd /var/hda/web-apps/guacamole/sqlauth
 +
 
 +
Download Guacamole's authorization module
 +
wget <nowiki>http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-0.9.9.tar.gz</nowiki>
 +
 
 +
Unpack it
 +
tar -zxf guacamole-auth-jdbc-0.9.9.tar.gz
 +
 
 +
Download MySQL and Java Connector
 +
wget <nowiki>http://dev.mysql.com/get/Downloads/Connector/j/mysql-connector-java-5.1.38.tar.gz</nowiki>
 +
 
 +
Unpack it
 +
tar -zxf mysql-connector-java-5.1.38.tar.gz
 +
 
 +
Create directories for the extensions in Tomcat's folders
 +
mkdir -p /usr/share/tomcat/.guacamole/{extensions,lib}
 +
 
 +
Move the modules to their respective directories.
 +
mv guacamole-auth-jdbc-0.9.9/mysql/guacamole-auth-jdbc-mysql-0.9.9.jar /usr/share/tomcat/.guacamole/extensions/
 +
mv mysql-connector-java-5.1.38/mysql-connector-java-5.1.38-bin.jar /usr/share/tomcat/.guacamole/lib/
 +
 
 +
 
 +
Restart MariaDB
 +
systemctl restart mariadb
 +
 
 +
=== Create the Database ===
 +
hda-create-db-and-user guacdb
 +
 
 +
=== Configure Database Settings ===
 +
Create a directory for the configuration file.
 +
mkdir -p /etc/guacamole/
 +
 
 +
Create a file called "guacamole.properties" in that directory
 +
vi /etc/guacamole/guacamole.properties
 +
 
 +
Press the <i>i</i> key to begin inserting text into the guacamole.properties file and include the following contents:
 +
# MySQL properties
 +
mysql-hostname: localhost
 +
mysql-port: 3306
 +
mysql-database: guacdb
 +
mysql-username: guacdb
 +
mysql-password: guacdb
 +
 +
# Additional settings
 +
mysql-default-max-connections-per-user: 0
 +
mysql-default-max-group-connections-per-user: 0
 +
 
 +
If you use vi for creating this file, press the <i>Esc</i> key to get back in command mode and <i>:wq</i> to write the changes and quit vi.
 +
 
 +
Now create a symbolic link of this file for Tomcat
 +
ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat/.guacamole/
 +
 
 +
=== Load Guacamole Data ===
 +
The schema for MySQL was downloaded in the previous process.
 +
Just change directories to the files location
 +
cd /var/hda/web-apps/guacamole/sqlauth/guacamole-auth-jdbc-0.9.9/mysql/schema/
 +
and run the following command:
 +
cat ./*.sql | mysql -uroot -p guacdb
 +
 
 +
::'''WARNING:'''  Please see [[Database Root Password]] for the appropriate login password.
 +
 
 +
== Install Guacamole Server ==
 +
Guacamole uses "guacd", a Guacamole server and a Guacamole Client for users to connect to the "guacd" server.  We first install Guacamole Server.
 +
 
 +
Change Directories
 +
cd /var/hda/web-apps/guacamole
 +
 
 +
Download Guacamole Server
 +
wget <nowiki>https://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-0.9.9.tar.gz</nowiki>
 +
 
 +
Unpackage it
 +
tar -xzf guacamole-server-0.9.9.tar.gz
 +
 
 +
Move to the Guacamole source code directory
 +
cd guacamole-server-0.9.9/
 +
 
 +
Configure, make and install it.
 +
./configure --with-init-dir=/etc/init.d
 +
make
 +
make install
 +
ldconfig
  
=== Downloading the Binary Packages ===
+
== Install Guacamole Client ==
Go to http://guac-dev.org/ and choose from the table the binary packages for your system.  For '''Fedora 14''', I chose the '''Fedora 15''' packages and they worked flawlessly.
+
Create a new directory and move to it.
 +
mkdir -p /var/lib/guacamole && cd /var/lib/guacamole/
  
=== Installing Guacamole ===
+
Download Guacamole Client.
In terminal, change directories to where the packages downloaded and execute the following as root:
+
wget <nowiki>http://sourceforge.net/projects/guacamole/files/current/binary/guacamole-0.9.9.war -O guacamole.war</nowiki>
{{Code|
 
Code = # tar -xzf guacamole-0.8.0-fedora-15-i386.tar.gz
 
# cd guacamole-0.8.0-fedora-15-i386/
 
# rpm -i *.rpm
 
}}
 
*Be aware that you may have to adjust the above code to match the file name you downloaded.
 
  
=== Setting up MySQL Authentication ===
+
Create a symbolic link of the file for Tomcat.
==== Making the Directory ====
+
ln -s /var/lib/guacamole/guacamole.war /var/lib/tomcat/webapps/
As root, create the "classpath" directory
 
{{Code|
 
Code = mkdir /var/lib/guacamole/classpath
 
}}
 
  
==== Installing MySQL Authentication Module ====
+
== Update Amahi Web App Files ==
Download the MySQL Authentication Module
+
Create Symbolic links between guacamole in Tomcat and Amahi's web app directory
http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-mysql-0.8.0.tar.gz/download
+
ln -s /var/lib/tomcat/webapps/guacamole/* /var/hda/web-apps/guacamole/html
  
Move to the directory containing the download and unpack the download
+
Make sure the owner of all the file is ''apache'' and the group is ''users''.
 +
chown -R apache:users /var/hda/web-apps/guacamole
  
{{Code|Code = # tar -xzf guacamole-auth-mysql-0.8.0.tar.gz}}
+
== Start Guacamole Server ==
*Be aware that you may have to adjust the above code to match the file name you downloaded.
+
Restart Tomcat.
 +
​systemctl restart tomcat
  
 +
Start Guacamole Server.
 +
/etc/init.d/guacd start
  
Copy all of the ".jar" files in the /lib of the downloaded file to the classpath directory you created.
+
Configure Guacamole Server to start at boot.
{{Code|
+
systemctl enable tomcat
Code = cp -r /whereever/you/downloaded/it/guacamole-auth-mysql-0.8.0/lib/*.jar /var/lib/guacamole/classpath
+
chkconfig guacd on
}}
 
  
You need one more ".jar" file (MySQL Connector-J)that is not included in the guacamole-auth-mysql module.  You can get it here: http://dev.mysql.com/downloads/connector/j/
+
= Log In to Guacamole =
 +
You can access the web login screen for Guacamole from computers in the network via '''<nowiki>http://****:8080/guacamole</nowiki>''' (Where the ''****'' is the IP address of your Amahi server).
  
Move to the directory containing the download and unpack the download
+
The default user name/password is ''guacadmin''/''guacadmin''. You can change your password by editing your own user in the administration screen.
  
{{Code|Code = # tar -xzf mysql-connector-java-5.1.25.tar.gz}}
+
= Access Outside the Network =
*Be aware that you may have to adjust the above code to match the file name you downloaded.
+
If you want Guacamole's web interface to be accessible outside of your LAN you will have to forward a random, unused port (1111, for example) to port 8080 in your router.
  
 +
Then when you access Guacamole from outside your LAN you will need to add ''/guacamole'' to the end of your url. (<nowiki>http://servername.yourhda.com:1111/guacamole</nowiki>).
  
Copy mysql-connector-java-5.1.23-bin.jar to the classpath directory you created.
+
If you do not add ''/guacamole'' to your url, you will see a blank page since you did not specify which application in Tomcat you wanted to access.
{{Code|
 
Code = cp -r /whereever/you/downloaded/it/mysql-connector-java-5.1.25/mysql-connector-java-5.1.23-bin.jar /var/lib/guacamole/classpath
 
}}
 
  
==== Making the MySQL Tables ====
+
The safest and most secure method to access Guacamole is using [https://www.amahi.org/apps/openvpn OpenVPN] and an [[OpenVPN_clients|OpenVPN client]] from a smart phone, tablet, or computer.
Now we need to create a MySQL Table that Guacamole can use
 
{{Code|
 
Code = $ mysql -u root -p
 
Enter password: default for Amahi is hda
 
mysql> CREATE DATABASE guacamole;
 
Query OK, 1 row affected (0.00 sec)
 
  
mysql> CREATE USER 'guacamole'@'localhost' IDENTIFIED BY 'some_password';
+
= Making Preset Connections in Guacamole =
Query OK, 0 rows affected (0.00 sec)
 
  
mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole.* TO 'guacamole'@'localhost';
+
In Guacamole, an administrative User can create Connections that will be available to Guacamole users.
Query OK, 0 rows affected (0.00 sec)
 
  
mysql> FLUSH PRIVILEGES;
+
== Enabling RDP in Windows Home and Basic Editions ==
Query OK, 0 rows affected (0.02 sec)
+
"Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection." ''1''
  
mysql> quit
+
If you do not have Windows pro or ultimate versions you have to run a patch that activates RDP.
Bye
 
}}
 
The database and user can be named whatever you like, but the above coding steps refer to both as "guacamole". Naturally, you should choose a real password for your user rather than the string "some_password" shown above.
 
  
==== Running the SQL scripts ====
+
RDP Wrapper Library is an option for enabling RDP features.  (Use this at your own risk.  Please read RDP Wrapper Library literature and follow directions to install.  Any problems are to be addressed with RDP Wrapper Library support.)
 +
https://github.com/stascorp/rdpwrap/releases
  
The SQL scripts that create the database schema and default administrator user are included in the guacamole-auth-mysql-0.8.0 archive you downloaded within the schema/ directory. Change directories to the guacamole-auth-mysql-0.8.0 archive.
+
If you have Windows Professional or Ultimate, you will need to "Allow Remote Access to Your Computer."  (A simple Internet search of this phrase with your Windows version offers many tutorials on this.)
{{Code|Code = cd /whereever/you/downloaded/it/guacamole-auth-mysql-0.8.0}}
 
  
The scripts are named such that they can be run in order with one command:
+
== Guacamole RDP Connections to Windows Computers ==
$ cat schema/*.sql | mysql -u root -p guacamole
+
After you have login to Guacamole click on your login name in the upper right .
Ender password: Amahi default  is hda
+
In the drop-down menu choose "Settings."
To get all of the MySQL code to appear on this page I had to format it as a block quote. You do run the above in terminal.
+
Click on the Connections tab on the settings page.  
 +
Click the "New Connection" button.  
  
==== Configuring Guacamole to Use MySQL Authentication ====
+
Below are some VERY basic settings for an RDP connection in Guacamole:
You will need to edit /etc/guacamole/guacamole.properties
 
  
Start at the line "# Hostname and port of guacamole proxy" and replace everything below it with this:
+
Name: whatever you want to call it (One can put "RDP" within the name so as to differentiate between connections types in the list)
 +
Location: ROOT
 +
Protocol: RDP
  
  guacd-hostname: localhost
+
  Maximum number of connections: 2
  guacd-port:     4822
+
  Maximum number of connections per user:2
+
 
  # Auth provider class (authenticates user/pass combination, needed if using the provided login screen)
+
  Host Name: The fixed IP address of the computer to which you wished to connect. (For example ''192.168.1.10'')
auth-provider: net.sourceforge.guacamole.net.auth.mysql.MySQLAuthenticationProvider
 
basic-user-mapping: /etc/guacamole/user-mapping.xml
 
 
# Location to read extra .jar's from
 
lib-directory:  /var/lib/guacamole/classpath
 
 
# MySQL properties
 
mysql-hostname: localhost
 
mysql-port: 3306
 
mysql-database: guacamole
 
mysql-username: guacamole
 
mysql-password: some_password
 
  
Use the real password you chose when creating the MySQL database for the Guacamole database in place of the string "some_password" as shown above.
+
All the other settings are left either blank or as they were.
  
=== Deploying Guacamole ===
+
Note: Using RDP, only one device at a time can be logged in under a specific user. If you are logging into a Windows computer by the user "Fred" by RDP using Guacamole, any other device signed in as "Fred" will be logged out.  The side effect is that, when using RDP, a technician (using Guacamole) and client (on their Window computer) cannot see the same active desktop simultaneously.  As a workaround, one can set up a VNC and an RDP connection for each Windows computer. RDP can be quicker and more fluid so use RDP when working alone and VNC when one needs to see what is currently happening on a Users computer under their account.
To deploy Guacamole, you must make two symbolic links: one effectively copying the web application (now located at /var/lib/guacamole/guacamole.war) into the directory Tomcat monitors for web application deployment, and the other effectively copying the configuration file, guacamole.properties, into the Tomcat's classpath, such that Guacamole can find it once it runs. This must be done as root:
 
{{Code|
 
Code = # ln -s /var/lib/guacamole/guacamole.war /var/lib/tomcat6/webapps
 
# ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat6/lib
 
}}
 
  
Restart Tomcat
+
Special Note: Once settings are in place, users can click on their User Name in the upper right corner and choose "Home" from the drop-down menu to return to the home screen and use pre-configured connections.
{{Code|Code = service tomcat6 restart}}
 
  
Start Guacamole's service
+
== Guacamole VNC Connections to Computers ==
{{Code|Code = service guacd start}}
+
"In computing, Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network."''2''
  
Now configure the tomcat6 and guacd services to run automatically
+
In order to connect through Guacamole to a client device by VNC, one needs to install VNC client software on the device and configure it to the user's desired specifications.  In this publication, we will use a Windows based client and UltraVNC software, though this is by no means prescriptive for everyone.
  
{{Code|
+
===Guacamole VNC Connections to Windows Computers ===
Code = # chkconfig tomcat6 on
+
====UltraVNC Settings for Windows====
# chkconfig guacd on
+
Be sure to install UltraVNC to run as a service on the client system.  Once UltraVNC is installed on the Windows computer, right-click on the system tray icon and choose "Admin Properties" from the menu that comes up.  Set the following values:
}}
 
  
== Configuring Guacamole and Amahi ==
+
Display Number or Ports to use: Select Ports and set Main and Http so something specific (e.g. 5904, 5804)
Create Symbolic links between guacamole in Tomcat and Amahi's webapp directory
+
Authentication: Set both the VNC Password and the View-Only Password.  (Write them down. You will need it later.)
  
{{Code|
+
Click "OK" and then give permission for the program to make changes to your system.
Code = # ln -s /var/lib/tomcat6/webapps/guacamole/admin.xhtml /var/hda/web-apps/guacamole/html
 
# ln -s /var/lib/tomcat6/webapps/guacamole/agpl-3.0-standalone.html /var/hda/web-apps/guacamole/html
 
# ln -s /var/lib/tomcat6/webapps/guacamole/client.xhtml /var/hda/web-apps/guacamole/html
 
# ln -s /var/lib/tomcat6/webapps/guacamole/guacamole-common-js /var/hda/web-apps/guacamole/html
 
# ln -s /var/lib/tomcat6/webapps/guacamole/images /var/hda/web-apps/guacamole/html
 
# ln -s /var/lib/tomcat6/webapps/guacamole/index.xhtml /var/hda/web-apps/guacamole/html
 
# ln -s /var/lib/tomcat6/webapps/guacamole/layouts /var/hda/web-apps/guacamole/html
 
# ln -s /var/lib/tomcat6/webapps/guacamole/META-INF /var/hda/web-apps/guacamole/html
 
# ln -s /var/lib/tomcat6/webapps/guacamole/scripts /var/hda/web-apps/guacamole/html
 
# ln -s /var/lib/tomcat6/webapps/guacamole/styles /var/hda/web-apps/guacamole/html
 
# ln -s /var/lib/tomcat6/webapps/guacamole/WEB-INF /var/hda/web-apps/guacamole/html
 
}}
 
*Hint: Count your links and make sure you have all of them!
 
  
 +
====Guacamole Settings to Connect to the Windows client====
 +
After logging in to Guacamole click on your login name in the upper right .
 +
In the drop-down menu choose "Settings."
 +
Click on the Connections tab on the settings page.
 +
Click the "New Connection" button.
  
As root, create .htaccess file in /var/hda/web-apps/guacamole/html
+
Below are some VERY basic settings for a VNC connection in Guacamole:
{{Code|
 
Code = # cd /var/hda/web-apps/guacamole/html
 
# gedit .htaccess
 
}}
 
  
This is the text for the .htaccess file:
+
Name: whatever you want to call it (One can put "VNC" within the name so as to differentiate between connections types in the list)
  RewriteEngine On
+
  Location: ROOT
  RewriteCond %{SERVER_PORT} 80
+
  Protocol: VNC
RewriteRule (.*) http://%{HTTP_HOST}:8080/guacamole [R,L]
 
  
Make sure the owner of all the file is apache and the group is users.
+
Maximum number of connections: 2
{{Code|
+
Maximum number of connections per user:2
Code = # chown -R apache /var/hda/web-apps/guacamole
 
# chgrp -R users /var/hda/web-apps/guacamole
 
}}
 
  
In /etc/httpd/conf.d/####-guacamole.conf, change "AllowOverride AuthConfig" to "AllowOverride FileInfo Limit Options Indexes"
+
Host Name: The fixed IP address of the computer to which you wished to connect. (For example ''192.168.1.10'')
 +
Port: The Main port number which was set in the Windows UltraVNC client software (e.g. 5904).
 +
Password: The VNC Password set earlier in the Windows UltraVNC client software.
  
== Logging In to Guacamole ==
+
All the other settings are left either blank or as they were.
You can access the web login screen for Guacamole from the server at http://127.0.0.1:8080/guacamole
 
  
The default user is "guacadmin", with the default password of "guacadmin". You can change your password by editing your own user in the administration screen.
+
Special Note: Once settings are in place, users can click on their User Name in the upper right corner and choose "Home" from the drop-down menu to return to the home screen and use pre-configured connections.
  
With everything configured correctly you should be able to access the web login screen through Amahi at http://guacamole.yourhdaname.com:8080/guacamole/
+
== References ==
 +
''1'' https://en.wikipedia.org/wiki/Remote_Desktop_Protocol
  
== Port Forwarding ==
+
''2'' Richardson, T.; Stafford-Fraser, Q.; Wood, K. R.; Hopper, A. (1998). "Virtual network computing" (PDF). IEEE Internet Computing. 2: 33. doi:10.1109/4236.656066.
If you want Guacamole's web interface to be accessible outside of your LAN you will have to forward a random, unused port (1111, for example) to port 8080 in your router. Then when you access Guacamole from outside your LAN you will need to add "/guacamole" to the end of your url. (serverblahblah.yourhda.com:1111/guacamole)  If you do not add "/guacamole" to your url, you will see a blank page since you did not specify which application in Tomcat you wanted to access.
 

Latest revision as of 03:38, 18 June 2017

Warning.png WARNING
This is recommended only for advanced users, proceed with caution.


What is Guacamole?

Guacamole is an HTML5 remote desktop gateway that can be installed on Amahi 9 (Fedora 23). This guidance may work with other Amahi versions with some modification.

Guacamole provides access to desktop environments using remote desktop protocols like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing access to multiple desktops through a web browser.

No browser plugins are needed, and no client software needs to be installed. The client requires nothing more than a web browser supporting HTML5 and AJAX.

REF: Setting Up Web-Based Guacamole Tool to Access Remote Linux/Windows Machines

Install Guacamole

WARNING: All commands in this tutorial are executed as root (or precede with sudo).


We have created a bash script to make installation simple or you can manually install using the guidance below. You MUST complete the Create Amahi Web App step prior to executing the following: 

wget https://www.dropbox.com/s/4hadafih8ahuj2n/install-guacamole.sh
chmod 755 install-guacamole.sh
./install-guacamole.sh

Do NOT use this script on anything less than Amahi 9 / Fedora 23 unless you edit it first to match your systems' requirements. (See Install Dependencies to learn what changes are necessary.)

Create Amahi Web App

Login to your Amahi Dashboard and install the Amahi Web Apps plug-in. Ensure you enable Advanced Settings.

Now select the "Apps" tab. Click on "Webapps" and on the page that comes up choose the "New Web App" button at the bottom. Fill in the name (guacamole) and leave everything else as it is.

Edit ####-guacamole.conf in /etc/httpd/conf.d (replacing #### with the appropriate number): 

vi /etc/httpd/conf.d/####-guacamole.conf

Right below the ServerAlias line, add the following: 

ProxyPass / http://localhost:8080/guacamole/
ProxyPassReverse / http://localhost:8080/guacamole/

Again, if you use vi for creating this file, press the Esc key to get back in command mode and :wq to write the changes and quit vi.

Restart Apache 

systemctl restart httpd

Install Dependencies

Due to the Fedora 23 freerdp packages being unstable, we must use the CentOS stable version. (Do not do this if you are installing on Fedora 21 or below) To install, execute the following: 

wget https://www.dropbox.com/s/p2uc1rcpckky75v/libxkbfile-1.0.8-5.el7.x86_64.rpm
wget https://www.dropbox.com/s/0tjm7q93z9pw0hj/freerdp-libs-1.0.2-6.el7_2.1.x86_64.rpm
wget https://www.dropbox.com/s/aysml7coehz0hqi/freerdp-devel-1.0.2-6.el7_2.1.x86_64.rpm
rpm -Uvh libxkbfile-1.0.8-5.el7.x86_64.rpm
rpm -Uvh freerdp-libs-1.0.2-6.el7_2.1.x86_64.rpm
rpm -Uvh freerdp-devel-1.0.2-6.el7_2.1.x86_64.rpm

Now install the Fedora dependencies: For Fedora 23 or newer (Fedora 21, substitute yum for dnf and add freerdp-devel to the list of dependencies): 

dnf install tomcat gcc cairo-devel libjpeg-devel libpng-devel uuid-devel pango-devel \
libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel \
libvorbis-devel libwebp-devel dejavu-sans-mono-fonts terminus-fonts terminus-fonts-console

Configure MySQL Authentication

Install MySQL Authentication Module

Create a working directory and move there 

mkdir -p /var/hda/web-apps/guacamole/sqlauth && cd /var/hda/web-apps/guacamole/sqlauth

Download Guacamole's authorization module 

wget http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-0.9.9.tar.gz

Unpack it 

tar -zxf guacamole-auth-jdbc-0.9.9.tar.gz

Download MySQL and Java Connector 

wget http://dev.mysql.com/get/Downloads/Connector/j/mysql-connector-java-5.1.38.tar.gz

Unpack it 

tar -zxf mysql-connector-java-5.1.38.tar.gz

Create directories for the extensions in Tomcat's folders 

mkdir -p /usr/share/tomcat/.guacamole/{extensions,lib}

Move the modules to their respective directories. 

mv guacamole-auth-jdbc-0.9.9/mysql/guacamole-auth-jdbc-mysql-0.9.9.jar /usr/share/tomcat/.guacamole/extensions/
mv mysql-connector-java-5.1.38/mysql-connector-java-5.1.38-bin.jar /usr/share/tomcat/.guacamole/lib/


Restart MariaDB 

systemctl restart mariadb

Create the Database

hda-create-db-and-user guacdb

Configure Database Settings

Create a directory for the configuration file. 

mkdir -p /etc/guacamole/

Create a file called "guacamole.properties" in that directory 

vi /etc/guacamole/guacamole.properties

Press the i key to begin inserting text into the guacamole.properties file and include the following contents: 

# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacdb
mysql-username: guacdb
mysql-password: guacdb

# Additional settings
mysql-default-max-connections-per-user: 0
mysql-default-max-group-connections-per-user: 0

If you use vi for creating this file, press the Esc key to get back in command mode and :wq to write the changes and quit vi.

Now create a symbolic link of this file for Tomcat 

ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat/.guacamole/

Load Guacamole Data

The schema for MySQL was downloaded in the previous process. Just change directories to the files location 

cd /var/hda/web-apps/guacamole/sqlauth/guacamole-auth-jdbc-0.9.9/mysql/schema/

and run the following command: 

cat ./*.sql | mysql -uroot -p guacdb
WARNING: Please see Database Root Password for the appropriate login password.

Install Guacamole Server

Guacamole uses "guacd", a Guacamole server and a Guacamole Client for users to connect to the "guacd" server. We first install Guacamole Server.

Change Directories 

cd /var/hda/web-apps/guacamole

Download Guacamole Server 

wget https://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-0.9.9.tar.gz

Unpackage it 

tar -xzf guacamole-server-0.9.9.tar.gz

Move to the Guacamole source code directory 

cd guacamole-server-0.9.9/

Configure, make and install it. 

./configure --with-init-dir=/etc/init.d
make
make install
ldconfig

Install Guacamole Client

Create a new directory and move to it. 

mkdir -p /var/lib/guacamole && cd /var/lib/guacamole/

Download Guacamole Client. 

wget http://sourceforge.net/projects/guacamole/files/current/binary/guacamole-0.9.9.war -O guacamole.war

Create a symbolic link of the file for Tomcat. 

ln -s /var/lib/guacamole/guacamole.war /var/lib/tomcat/webapps/

Update Amahi Web App Files

Create Symbolic links between guacamole in Tomcat and Amahi's web app directory 

ln -s /var/lib/tomcat/webapps/guacamole/* /var/hda/web-apps/guacamole/html

Make sure the owner of all the file is apache and the group is users. 

chown -R apache:users /var/hda/web-apps/guacamole

Start Guacamole Server

Restart Tomcat. 

​systemctl restart tomcat

Start Guacamole Server. 

/etc/init.d/guacd start

Configure Guacamole Server to start at boot. 

systemctl enable tomcat
chkconfig guacd on

Log In to Guacamole

You can access the web login screen for Guacamole from computers in the network via http://****:8080/guacamole (Where the **** is the IP address of your Amahi server).

The default user name/password is guacadmin/guacadmin. You can change your password by editing your own user in the administration screen.

Access Outside the Network

If you want Guacamole's web interface to be accessible outside of your LAN you will have to forward a random, unused port (1111, for example) to port 8080 in your router.

Then when you access Guacamole from outside your LAN you will need to add /guacamole to the end of your url. (http://servername.yourhda.com:1111/guacamole).

If you do not add /guacamole to your url, you will see a blank page since you did not specify which application in Tomcat you wanted to access.

The safest and most secure method to access Guacamole is using OpenVPN and an OpenVPN client from a smart phone, tablet, or computer.

Making Preset Connections in Guacamole

In Guacamole, an administrative User can create Connections that will be available to Guacamole users.

Enabling RDP in Windows Home and Basic Editions

"Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection." 1

If you do not have Windows pro or ultimate versions you have to run a patch that activates RDP.

RDP Wrapper Library is an option for enabling RDP features. (Use this at your own risk. Please read RDP Wrapper Library literature and follow directions to install. Any problems are to be addressed with RDP Wrapper Library support.) 

https://github.com/stascorp/rdpwrap/releases

If you have Windows Professional or Ultimate, you will need to "Allow Remote Access to Your Computer." (A simple Internet search of this phrase with your Windows version offers many tutorials on this.)

Guacamole RDP Connections to Windows Computers

After you have login to Guacamole click on your login name in the upper right . In the drop-down menu choose "Settings." Click on the Connections tab on the settings page. Click the "New Connection" button.

Below are some VERY basic settings for an RDP connection in Guacamole: 

Name: whatever you want to call it (One can put "RDP" within the name so as to differentiate between connections types in the list)
Location: ROOT
Protocol: RDP

Maximum number of connections: 2
Maximum number of connections per user:2

Host Name: The fixed IP address of the computer to which you wished to connect. (For example 192.168.1.10)

All the other settings are left either blank or as they were.

Note: Using RDP, only one device at a time can be logged in under a specific user. If you are logging into a Windows computer by the user "Fred" by RDP using Guacamole, any other device signed in as "Fred" will be logged out. The side effect is that, when using RDP, a technician (using Guacamole) and client (on their Window computer) cannot see the same active desktop simultaneously. As a workaround, one can set up a VNC and an RDP connection for each Windows computer. RDP can be quicker and more fluid so use RDP when working alone and VNC when one needs to see what is currently happening on a Users computer under their account.

Special Note: Once settings are in place, users can click on their User Name in the upper right corner and choose "Home" from the drop-down menu to return to the home screen and use pre-configured connections.

Guacamole VNC Connections to Computers

"In computing, Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network."2

In order to connect through Guacamole to a client device by VNC, one needs to install VNC client software on the device and configure it to the user's desired specifications. In this publication, we will use a Windows based client and UltraVNC software, though this is by no means prescriptive for everyone.

Guacamole VNC Connections to Windows Computers

UltraVNC Settings for Windows

Be sure to install UltraVNC to run as a service on the client system. Once UltraVNC is installed on the Windows computer, right-click on the system tray icon and choose "Admin Properties" from the menu that comes up. Set the following values: 

Display Number or Ports to use: Select Ports and set Main and Http so something specific (e.g. 5904, 5804)
Authentication: Set both the VNC Password and the View-Only Password.  (Write them down. You will need it later.)

Click "OK" and then give permission for the program to make changes to your system.

Guacamole Settings to Connect to the Windows client

After logging in to Guacamole click on your login name in the upper right . In the drop-down menu choose "Settings." Click on the Connections tab on the settings page. Click the "New Connection" button.

Below are some VERY basic settings for a VNC connection in Guacamole: 

Name: whatever you want to call it (One can put "VNC" within the name so as to differentiate between connections types in the list)
Location: ROOT
Protocol: VNC

Maximum number of connections: 2
Maximum number of connections per user:2

Host Name: The fixed IP address of the computer to which you wished to connect. (For example 192.168.1.10)
Port: The Main port number which was set in the Windows UltraVNC client software (e.g. 5904).
Password: The VNC Password set earlier in the Windows UltraVNC client software.

All the other settings are left either blank or as they were.

Special Note: Once settings are in place, users can click on their User Name in the upper right corner and choose "Home" from the drop-down menu to return to the home screen and use pre-configured connections.

References

1 https://en.wikipedia.org/wiki/Remote_Desktop_Protocol

2 Richardson, T.; Stafford-Fraser, Q.; Wood, K. R.; Hopper, A. (1998). "Virtual network computing" (PDF). IEEE Internet Computing. 2: 33. doi:10.1109/4236.656066.

Retrieved from "https://wiki.amahi.org/index.php?title=Guacamole&oldid=108736"