Changes

From Amahi Wiki
Jump to: navigation, search

Guacamole (view source)

Revision as of 03:38, 18 June 2017

4,832 bytes added ,  03:38, 18 June 2017
→‎Load Guacamole Data
{{NeedsUpdateMessageBox|backgroundcolor = #faa|image =Warning.png|heading =WARNING|message = This is recommended only for advanced users, proceed with caution.}}= What is Guacamole? = [https://guacamole.incubator.apache.org/ Guacamole] is an HTML5 remote desktop gateway that can be installed on Amahi 9 (Fedora 23). This guidance may work with other Amahi versions with some modification.
Guacamole provides access to desktop environments using remote desktop protocols like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing access to multiple desktops through a web browser.
 
No browser plugins are needed, and no client software needs to be installed. The client requires nothing more than a web browser supporting HTML5 and AJAX.
== What is Guacamole? == REF: [http://www.tecmint.com/guacamole-access-remote-linux-windows-machines-via-web-browser/ Setting Up Web-Based Guacamole is an HTML5 remote desktop gateway. Tool to Access Remote Linux/Windows Machines]
= Install Guacamole provides access to desktop environments using remote desktop protocols like VNC and RDP=<div style="border: 1px solid #A3B1BF; padding: . A centralized server acts 8em 1em; background-color: #E6F2FF; margin: 0px 1em;">'''WARNING:''' All commands in this tutorial are executed as a tunnel and proxy, allowing access to multiple desktops through a web browser<code>root</code> (or precede with <code>sudo</code>).</div>
No browser plugins are needed, and no client software needs to be installed. The client requires nothing more than a web browser supporting HTML5 and AJAX.
== Installing We have created a bash script to make installation simple or you can manually install using the guidance below. You '''MUST''' complete the [[Guacamole on #Create Amahi ==Web App|Create Amahi Web App]] step prior to executing the following:=== Dependencies ===*tomcat6 *libvncserver *freerdp (This is official on the Guacamole site wget <nowiki>https://www. Fedora 14 will not support Freerdp 1dropbox.0 or higher, thus RDP protocol in Guacamole is not availablecom/s/4hadafih8ahuj2n/install-guacamole. sh</nowiki> Leave freerdp out of the code below if you are running Fedora 14chmod 755 install-guacamole.)sh*libvorbis ./install-guacamole.sh
In terminal, as root, install dependencies with the following:Do NOT use this script on anything less than Amahi 9 / Fedora 23 unless you edit it first to match your systems' requirements. (See [[Guacamole#Install Dependencies|Install Dependencies]] to learn what changes are necessary.)
{{Code|Code = $ su= Create Amahi Web App ==PasswordLogin to your Amahi Dashboard and install the Amahi [https: # yum install tomcat6 libvncserver freerdp libvorbis}}//www.amahi.org/apps/web-apps Web Apps] plug-in. Ensure you '''enable''' [[Advanced Settings]].
=== Preparing Amahi ===
Login to your Amahi Dashboard and choose "Set Up" in the upper right.
Now select the "Apps" tab.
Click on "Webapps" and on the page that comes up choose the "New Web App" button at the bottom.
Fill in the name (guacamole) and leave everything else as it is.
* NoteEdit ''####-guacamole.conf'' in '''/etc/httpd/conf.d''' (replacing #### with the appropriate number): vi /etc/httpd/conf.d/####-guacamole.conf Right below the ''ServerAlias'' line, add the following: ProxyPass / <nowiki>http://localhost:8080/guacamole/</nowiki> ProxyPassReverse / <nowiki>http://localhost: If 8080/guacamole/</nowiki> Again, if you use vi for creating this file, press the <i>Esc</i> key to get back in command mode and <i>:wq</i> to write the changes and quit vi. Restart Apache systemctl restart httpd == Install Dependencies ==Due to the Fedora 23 ''freerdp'' packages being unstable, we must use the CentOS stable version. (Do not do not see this if you are installing on Fedora 21 or below) To install, execute the following:<pre>wget https://www.dropbox.com/s/p2uc1rcpckky75v/libxkbfile-1.0.8-5.el7.x86_64.rpmwget https://www.dropbox.com/s/0tjm7q93z9pw0hj/freerdp-libs-1.0.2-6.el7_2.1.x86_64.rpmwget https://www.dropbox.com/s/aysml7coehz0hqi/freerdp-devel-1.0.2-6.el7_2.1.x86_64.rpmrpm -Uvh libxkbfile-1.0.8-5.el7.x86_64.rpmrpm -Uvh freerdp-libs-1.0.2-6.el7_2.1.x86_64.rpmrpm -Uvh freerdp-devel-1.0.2-6.el7_2.1.x86_64.rpm</pre>  Now install the Fedora dependencies:For Fedora 23 or newer (Fedora 21, substitute <code>yum</code> for <code>dnf</code> and add <code>freerdp-devel</code> to the list of dependencies): dnf install tomcat gcc cairo-devel libjpeg-devel libpng-devel uuid-devel pango-devel \ libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel \ libvorbis-devel libwebp-devel dejavu-sans-mono-fonts terminus-fonts terminus-fonts-console == Configure MySQL Authentication ===== Install MySQL Authentication Module ===Create a working directory and move there mkdir -p /var/hda/web-apps/guacamole/sqlauth && cd /var/hda/web-apps/guacamole/sqlauth Download Guacamole's authorization module wget <nowiki>http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-0.9.9.tar.gz</nowiki> Unpack it tar -zxf guacamole-auth-jdbc-0.9.9.tar.gz Download MySQL and Java Connector wget <nowiki>http://dev.mysql.com/get/Downloads/Connector/j/mysql-connector-java-5.1.38.tar.gz</nowiki> Unpack it tar -zxf mysql-connector-java-5.1.38.tar.gz Create directories for the extensions in Tomcat's folders mkdir -p /usr/share/tomcat/.guacamole/{extensions,lib} Move the modules to their respective directories. mv guacamole-auth-jdbc-0.9.9/mysql/guacamole-auth-jdbc-mysql-0.9.9.jar /usr/share/tomcat/.guacamole/extensions/ mv mysql-connector-java-5.1.38/mysql-connector-java-5.1.38-bin.jar /usr/share/tomcat/.guacamole/lib/  Restart MariaDB systemctl restart mariadb === Create the Database === hda-create-db-and-user guacdb === Configure Database Settings ===Create a directory for the configuration file. mkdir -p /etc/guacamole/ Create a file called "Webappsguacamole.properties" option under "Apps" then in that directory vi /etc/guacamole/guacamole.properties Press the <i>i</i> key to begin inserting text into the guacamole.properties file and include the following contents: # MySQL properties mysql-hostname: localhost mysql-port: 3306 mysql-database: guacdb mysql-username: guacdb mysql-password: guacdb # Additional settings mysql-default-max-connections-per-user: 0 mysql-default-max-group-connections-per-user: 0 If you need use vi for creating this file, press the <i>Esc</i> key to activate get back in command mode and <i>:wq</i> to write the changes and quit vi. Now create a symbolic link of this file for Tomcat ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat/.guacamole/ === Load Guacamole Data ===The schema for MySQL was downloaded in the previous process.Just change directories to the files location cd /var/hda/web-apps/guacamole/sqlauth/guacamole-auth-jdbc-0.9.9/mysql/schema/ and run the following command: cat ./*.sql | mysql -uroot -p guacdb ::'''WARNING:''' Please see [[Database Root Password]] for the appropriate login password. == Install Guacamole Server ==Guacamole uses "Advanced Settingsguacd" under , a Guacamole server and a Guacamole Client for users to connect to the "Settingsguacd" tab of your Amahi dashboardserver. We first install Guacamole Server. Change Directories cd /var/hda/web-apps/guacamole Download Guacamole Server wget <nowiki>https://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-0.9.9.tar.gz</nowiki> Unpackage it tar -xzf guacamole-server-0.9.9.tar.gz Move to the Guacamole source code directory cd guacamole-server-0.9.9/ Configure, make and install it. ./configure --with-init-dir=/etc/init.d make make install ldconfig
=== Downloading the Binary Packages =Install Guacamole Client ==Go Create a new directory and move to http:it. mkdir -p /var/lib/guacamole && cd /var/guac-dev.orglib/guacamole/ and choose from the table the binary packages for your system. For '''Fedora 14''', I chose the '''Fedora 15''' packages and they worked flawlessly.
=== Installing Download Guacamole ===Client.In terminal, change directories to where the packages downloaded and execute the following as root wget <nowiki>http:{{Code|Code = # tar -xzf //sourceforge.net/projects/guacamole/files/current/binary/guacamole-0.89.9.0-fedora-15war -i386.tar.gz# cd O guacamole-0.8.0-fedora-15-i386war</# rpm -i *.rpm}}*Be aware that you may have to adjust the above code to match the file name you downloaded.nowiki>
=== Setting up MySQL Authentication ======= Making the Directory ====As root, create Create a symbolic link of the "classpath" directoryfile for Tomcat.{{Code|Code = mkdir ln -s /var/lib/guacamole/classpath}}guacamole.war /var/lib/tomcat/webapps/
==== Installing MySQL Authentication Module ==Update Amahi Web App Files ==Download the MySQL Authentication ModuleCreate Symbolic links between guacamole in Tomcat and Amahi's web app directoryhttp: ln -s /var/lib/sourceforge.nettomcat/projectswebapps/guacamole/files* /currentvar/extensionshda/web-apps/guacamole-auth-mysql-0.8.0.tar.gz/downloadhtml
Move to Make sure the directory containing owner of all the download file is ''apache'' and unpack the downloadgroup is ''users''. chown -R apache:users /var/hda/web-apps/guacamole
{{Code|Code = # tar -xzf guacamole-auth-mysql-0.8.0.tar= Start Guacamole Server ==Restart Tomcat.gz}}*Be aware that you may have to adjust the above code to match the file name you downloaded. ​systemctl restart tomcat
Start Guacamole Server.
/etc/init.d/guacd start
Copy all of the ".jar" files in the /lib of the downloaded file Configure Guacamole Server to the classpath directory you createdstart at boot.{{Code|Code = cp -r /whereever/you/downloaded/it/guacamole-auth-mysql-0.8.0/lib/*.jar /var/lib/guacamole/classpath systemctl enable tomcat}} chkconfig guacd on
= Log In to Guacamole =You need one more ".jar" file (MySQL Connector-J)that is not included can access the web login screen for Guacamole from computers in the guacamole-auth-mysql module. You can get it here: network via '''<nowiki>http://dev.mysql.com****:8080/downloads/connector/jguacamole</nowiki>''' (Where the ''****'' is the IP address of your Amahi server).
Move to The default user name/password is ''guacadmin''/''guacadmin''. You can change your password by editing your own user in the directory containing the download and unpack the downloadadministration screen.
{{Code|Code = # tar -xzf mysql-connector-java-5.1.25.tar.gz}}Access Outside the Network =*Be aware that If you may want Guacamole's web interface to be accessible outside of your LAN you will have to adjust the above code forward a random, unused port (1111, for example) to match the file name you downloadedport 8080 in your router.
Then when you access Guacamole from outside your LAN you will need to add ''/guacamole'' to the end of your url. (<nowiki>http://servername.yourhda.com:1111/guacamole</nowiki>).
Copy mysql-connector-java-5.1.23-bin.jar If you do not add ''/guacamole'' to the classpath directory your url, you will see a blank page since you created.{{Code|Code = cp -r /whereever/did not specify which application in Tomcat you/downloaded/it/mysql-connector-java-5.1.25/mysql-connector-java-5.1.23-binwanted to access.jar /var/lib/guacamole/classpath}}
==== Making the MySQL Tables ====Now we need The safest and most secure method to create a MySQL Table that access Guacamole can use{{Codeis using [https://www.amahi.org/apps/openvpn OpenVPN] and an [[OpenVPN_clients|Code = $ mysql -u root -pEnter password: default for Amahi is hdamysql> CREATE DATABASE guacamole;Query OKOpenVPN client]] from a smart phone, tablet, 1 row affected (0or computer.00 sec)
mysql> CREATE USER 'guacamole'@'localhost' IDENTIFIED BY 'some_password';Query OK, 0 rows affected (0.00 sec)= Making Preset Connections in Guacamole =
mysql> GRANT SELECTIn Guacamole,INSERT,UPDATE,DELETE ON guacamole.* TO 'guacamole'@'localhost';Query OK, 0 rows affected (0an administrative User can create Connections that will be available to Guacamole users.00 sec)
mysql> FLUSH PRIVILEGES;== Enabling RDP in Windows Home and Basic Editions ==Query OK"Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, 0 rows affected (0which provides a user with a graphical interface to connect to another computer over a network connection.02 sec)" ''1''
mysql> quitBye}}The database and user can be named whatever If you like, but the above coding steps refer do not have Windows pro or ultimate versions you have to both as "guacamole". Naturally, you should choose run a real password for your user rather than the string "some_password" shown abovepatch that activates RDP.
==== Running the SQL scripts ====RDP Wrapper Library is an option for enabling RDP features. (Use this at your own risk. Please read RDP Wrapper Library literature and follow directions to install. Any problems are to be addressed with RDP Wrapper Library support.) https://github.com/stascorp/rdpwrap/releases
The SQL scripts that create the database schema and default administrator user are included in the guacamole-auth-mysql-0.8.0 archive If you have Windows Professional or Ultimate, you downloaded within the schema/ directory. Change directories will need to "Allow Remote Access to the guacamole-auth-mysql-0.8.0 archive.{{Code|Code = cd /whereever/you/downloaded/it/guacamole-auth-mysql-0Your Computer.8" (A simple Internet search of this phrase with your Windows version offers many tutorials on this.0}})
The scripts are named such that they can be run == Guacamole RDP Connections to Windows Computers ==After you have login to Guacamole click on your login name in order with one command:the upper right . $ cat schema/*In the drop-down menu choose "Settings.sql | mysql -u root -p guacamole" Ender password: Amahi default is hdaTo get all of Click on the MySQL code to appear Connections tab on this the settings page I had to format it as a block quote. You do run Click the above in terminal"New Connection" button.
==== Configuring Below are some VERY basic settings for an RDP connection in Guacamole to Use MySQL Authentication ====You will need to edit /etc/guacamole/guacamole.properties:
Start at the line Name: whatever you want to call it (One can put "# Hostname and port of guacamole proxyRDP" and replace everything below it with thiswithin the name so as to differentiate between connections types in the list) Location: ROOT Protocol:RDP
guacd-hostnameMaximum number of connections: localhost2 guacd-portMaximum number of connections per user: 48222 # Auth provider class (authenticates user/pass combination, needed if using Host Name: The fixed IP address of the provided login screen) auth-provider: netcomputer to which you wished to connect.sourceforge(For example ''192.guacamole168.net1.auth.mysql.MySQLAuthenticationProvider basic-user-mapping: /etc/guacamole/user-mapping.xml # Location to read extra .jar10''s from lib-directory: /var/lib/guacamole/classpath # MySQL properties mysql-hostname: localhost mysql-port: 3306 mysql-database: guacamole mysql-username: guacamole mysql-password: some_password)
Use All the real password you chose when creating the MySQL database for the Guacamole database in place of the string "some_password" other settings are left either blank or as shown abovethey were.
=== Deploying Guacamole ===To deploy GuacamoleNote: Using RDP, you must make two symbolic links: only one effectively copying the web application (now located device at /var/lib/guacamole/guacamolea time can be logged in under a specific user.war) If you are logging into a Windows computer by the directory Tomcat monitors for web application deploymentuser "Fred" by RDP using Guacamole, and the any other effectively copying the configuration filedevice signed in as "Fred" will be logged out. The side effect is that, guacamole.propertieswhen using RDP, into a technician (using Guacamole) and client (on their Window computer) cannot see the Tomcat's classpathsame active desktop simultaneously. As a workaround, such that Guacamole one can find it once it runsset up a VNC and an RDP connection for each Windows computer. This must RDP can be done as root:{{Code|Code = # ln -s /var/lib/guacamole/guacamole.war /var/lib/tomcat6/webapps# ln -s /etc/guacamole/guacamolequicker and more fluid so use RDP when working alone and VNC when one needs to see what is currently happening on a Users computer under their account.properties /usr/share/tomcat6/lib}}
Restart Tomcat{{Code|Code = service tomcat6 restart}}Special Note: Once settings are in place, users can click on their User Name in the upper right corner and choose "Home" from the drop-down menu to return to the home screen and use pre-configured connections.
Start == GuacamoleVNC Connections to Computers =="In computing, Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network."''2''s service{{Code|Code = service guacd start}}
Now In order to connect through Guacamole to a client device by VNC, one needs to install VNC client software on the device and configure it to the tomcat6 user's desired specifications. In this publication, we will use a Windows based client and guacd services to run automaticallyUltraVNC software, though this is by no means prescriptive for everyone.
{{Code|===Guacamole VNC Connections to Windows Computers ===Code = # chkconfig tomcat6 ===UltraVNC Settings for Windows====Be sure to install UltraVNC to run as a service on the client system. Once UltraVNC is installed on# chkconfig guacd the Windows computer, right-click on}}the system tray icon and choose "Admin Properties" from the menu that comes up. Set the following values:
== Configuring Guacamole Display Number or Ports to use: Select Ports and Amahi ==set Main and Http so something specific (e.g. 5904, 5804)Create Symbolic links between guacamole in Tomcat Authentication: Set both the VNC Password and Amahi's webapp directorythe View-Only Password. (Write them down. You will need it later.)
{{Code|Code = # ln -s /var/lib/tomcat6/webapps/guacamole/admin.xhtml /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/agpl-3.0-standalone.html /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/client.xhtml /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/guacamole-common-js /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/images /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/index.xhtml /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/layouts /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/META-INF /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/scripts /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/styles /var/hda/web-apps/guacamole/html# ln -s /var/lib/tomcat6/webapps/guacamole/WEB-INF /var/hda/web-apps/guacamole/html}}*Hint: Count your links Click "OK" and then give permission for the program to make sure you have all of them!changes to your system.
====Guacamole Settings to Connect to the Windows client====
After logging in to Guacamole click on your login name in the upper right .
In the drop-down menu choose "Settings."
Click on the Connections tab on the settings page.
Click the "New Connection" button.
As root, create .htaccess file Below are some VERY basic settings for a VNC connection in /var/hda/web-apps/guacamole/html{{Code|Code = # cd /var/hda/web-apps/guacamole/html# gedit .htaccess}}Guacamole:
This is Name: whatever you want to call it (One can put "VNC" within the text for name so as to differentiate between connections types in the .htaccess file:list) RewriteEngine OnLocation: ROOT RewriteCond %{SERVER_PORT} 80 RewriteRule (.*) http://%{HTTP_HOST}Protocol:8080/guacamole [R,L]VNC
Make sure the owner Maximum number of all the file is apache and the group is users.connections: 2{{Code|Code = # chown -R apache /var/hda/web-apps/guacamole# chgrp -R users /var/hda/web-apps/guacamole}} Maximum number of connections per user:2
In /etc/httpd/conf Host Name: The fixed IP address of the computer to which you wished to connect.d/####-guacamole(For example ''192.168.1.10'') Port: The Main port number which was set in the Windows UltraVNC client software (e.g. 5904). Password: The VNC Password set earlier in the Windows UltraVNC client software.conf, change "AllowOverride AuthConfig" to "AllowOverride FileInfo Limit Options Indexes"
== Logging In to Guacamole ==You can access All the web login screen for Guacamole from the server at http://127.0.0other settings are left either blank or as they were.1:8080/guacamole
The default user is "guacadmin"Special Note: Once settings are in place, with users can click on their User Name in the default password of upper right corner and choose "guacadminHome". You can change your password by editing your own user in from the drop-down menu to return to the administration home screenand use pre-configured connections.
With everything configured correctly you should be able to access the web login screen through Amahi at http== References ==''1'' https://guacamoleen.yourhdanamewikipedia.com:8080org/guacamolewiki/Remote_Desktop_Protocol
== Port Forwarding ==If you want Guacamole's web interface to be accessible outside of your LAN you will have to forward a random'2'' Richardson, T.; Stafford-Fraser, Q.; Wood, K. R.; Hopper, unused port A. (1111, for example1998) to port 8080 in your router. Then when you access Guacamole from outside your LAN you will need to add "/guacamoleVirtual network computing" to the end of your url(PDF). (serverblahblahIEEE Internet Computing.yourhda2: 33.comdoi:111110.1109/guacamole) If you do not add "/guacamole" to your url, you will see a blank page since you did not specify which application in Tomcat you wanted to access4236.656066.
Bigfoot65
Trusted, Bureaucrats, Administrators
12,424

edits

Retrieved from "https://wiki.amahi.org/index.php/Special:MobileDiff/97951...108736"