Steve Borba

My notes, I hope they help you, feel free to comment/add to them

Guacamole

Use Docker, so much easier, compose.yaml

services:
  mysql:
    image: mysql
    restart: unless-stopped
    container_name: guac-mysql
    environment:
      - MYSQL_DATABASE=guacamole
      - MYSQL_USER=guacamole
      - MYSQL_PASSWORD=<RANDOMPW>
      - MYSQL_ROOT_PASSWORD=<RANDOMPW2>
    volumes:
      - ./data:/var/lib/mysql
      - ./docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
  guacd:
    image: guacamole/guacd
    restart: unless-stopped
    container_name: guacd
  guacamole:
    image: guacamole/guacamole
    restart: unless-stopped
    depends_on:
      - mysql
      - guacd
    ports:
      - 8080:8080
    environment:
      - GUACD_HOSTNAME=guacd
      - MYSQL_HOSTNAME=guac-mysql
      - MYSQL_DATABASE=guacamole
      - MYSQL_USER=guacamole
      - MYSQL_PASSWORD=<RANDOMPW>
mkdir docker-entrypoint-initdb.d
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > ./docker-entrypoint-initdb.d/initdb.sql
docker-compose up -d

OLD WAY

Install Linux (at this time Ubuntu 22.04 LTS)
Install mariadb, guacd and tomcat

apt install mariadb-server guacd tomcat9

download tomcat application bundles

wget https://archive.apache.org/dist/guacamole/1.4.0/binary/guacamole-1.4.0.war
mv guacamole-1.4.0.war /var/lib/tomcat9/webapps/guacamole.war

https://archive.apache.org/dist/guacamole/1.4.0/binary/guacamole-auth-jdbc-1.4.0.tar.gz
tar -xzf guacamole-auth-jdbc-1.4.0.tar.gz

mv guacamole-auth-jdbc-1.4.0/mysql/guacamole-auth-jdbc-mysql-1.4.0.jar /etc/guacamole/extensions/

setup database/driver

RND_PASSWORD=$(tr -dc 'A-Za-z0-9~!@#$%^&*()-_=+[]\\{}|;:,\./?' </dev/urandom | head -c 20 ; echo '')
mysql -e 'CREATE DATABASE guacamole_db;'
cat guacamole-auth-jdbc-1.4.0/mysql/schema/*.sql | mysql guacamole_db
mysql -e "CREATE USER 'guacamole_user'@'localhost' IDENTIFIED BY '$RND_PASSWORD';"
mysql -e "GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';"

wget https://cdn.mysql.com//Downloads/Connector-J/mysql-connector-j_8.0.33-1ubuntu22.04_all.deb
dpkg -i mysql-connector-j_8.0.33-1ubuntu22.04_all.deb
cp /usr/share/java/mysql-connector-java-*.jar /etc/guacamole/lib/mysql-connector.jar

Create directories and initial settings

mkdir -p /etc/guacamole/{extensions,lib}

echo "mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: $RND_PASSWORD" >> /etc/guacamole/guacamole.properties

echo "[server]
bind_host = 0.0.0.0
bind_port = 4822" >> /etc/guacamole/guacd.conf

Configure tomcat

echo GUACAMOLE_HOME=/etc/guacamole >> /etc/default/tomcat9

echo '<% response.sendRedirect("/guacamole"); %>' > /var/lib/tomcat9/webapps/ROOT/index.jsp
rm /var/lib/tomcat9/webapps/ROOT/index.html

Now adding https is a little tricker, use your normal way to get a cert, like certbot

sudo certbot certonly --standalone --preferred-challenges http -d example.steveborba.com

and then edit /etc/tomcat9/server.xml and put something like this

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150" SSLEnabled="true">
  <SSLHostConfig>
    <Certificate certificateKeyFile="/etc/letsencrypt/live/example.steveborba.com/privkey.pem"
                 certificateFile="/etc/letsencrypt/live/example.steveborba.com/cert.pem"
                 certificateChainFile="/etc/letsencrypt/live/example.steveborba.com/chain.pem"
                 type="RSA" />
   </SSLHostConfig>
</Connector>

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>