Apache Guacamole is a clientless remote desktop gateway that supports standard protocols like VNC, RDP, and SSH. Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.
Guacamole is separated into two pieces: guacamole-server, which provides the guacd proxy and related libraries, and guacamole-client, which provides the client to be served by your servlet container. In most cases, the only source you will need to build is guacamole-server, and downloading the latest guacamole.war from the project website will be sufficient to provide the client.
Step 1: Server Preparation
Apache Guacamole has many dependencies and we are going to deal with most of them in this step. You will notice that I used some packages from the Devel repository because getting them from the official repositories was a challange. Disable it once the packages we need are all installed.
sudo dnf update
sudo dnf install -y vim wget unzip make cmake wget gcc zlib-devel compat-openssl10
sudo dnf config-manager --set-enabled PowerTools
sudo dnf config-manager --enable Devel
sudo dnf -y install cairo-devel libuv-devel libjpeg-turbo-devel libjpeg-devel libpng-devel libtool uuid-devel freerdp-devel pango-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel libssh2-devel libwebsockets-devel libtheora opus lame-libs
sudo dnf config-manager --disable DevelInstall other libraries from source
There are some libraries that are not readily available on the repositories yet. They include libtelnet
wget https://github.com/seanmiddleditch/libtelnet/releases/download/0.23/libtelnet-0.23.tar.gz
tar -xf libtelnet-0.23.tar.gz
cd libtelnet-0.23
./configure
make && sudo make installStep 2: Install Apache Tomcat
Once the prerequisites are sorted, run the command below to install Apache Tomcat Java servelet container that serves Guacamole java client and all the required dependencies. Since it is in Java, let us first get Java installed.
Install Java on CentOS 8
Run the command below to fetch java-11-openjdk.
sudo yum install java-11-openjdk-develCreate a file and set Java environment variables.
$ sudo vim /etc/profile.d/java11.sh
export JAVA_HOME=$(dirname $(dirname $(readlink -f $(which javac))))
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/jre/lib:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jarSource the file to start using it without logging out.
source /etc/profile.d/java11.shInstall Apache Tomcat on CentOS 8
To install Apache Tomcat, kindly follow our detailed guide on how to install Apache Tomcat 9 on CentOS 8. Ignore the Java installation part since we already have it installed.
Step 3: Build the Guacamole Server From Source
guacamole-server contains all the native, server-side components required by Guacamole to connect to remote desktops. It provides a common C library, libguac, which all other native components depend on, as well as separate libraries for each supported protocol, and a proxy daemon, guacd, the heart of Guacamole.
Download the latest stable version of guacamole-server
cd ~
wget http://mirror.cc.columbia.edu/pub/software/apache/guacamole/1.2.0/source/guacamole-server-1.2.0.tar.gzExtract the downloaded archive.
tar -xvf guacamole-server-1.2.0.tar.gzChange into the extracted directory.
cd guacamole-server-1.2.0Configure the build environment. Running configure will determine which libraries are available on your system and will select the appropriate components for building depending on what you actually have installed.
./configure --with-init-dir=/etc/init.dThen compile guacamole-server. Quite a bit of output will scroll up the screen as all the components are compiled
makeOnce everything finishes, all you have left to do is type “sudo make install” to install the components that were built, and then “ldconfig” to update your system’s cache of installed libraries.
sudo make installUpdate the system’s cache of installed libraries.
sudo ldconfigRefresh systemd for it to find the guacd (Guacamole proxy daemon) service installed in /etc/init.d/ directory.
sudo systemctl daemon-reloadOnce relaoded, start the guacd service.
sudo systemctl start guacd
sudo systemctl enable guacdAnd to have that smile on your face, check its status.
$ systemctl status guacd
● guacd.service - LSB: Guacamole proxy daemon
Loaded: loaded (/etc/rc.d/init.d/guacd; generated)
Active: active (running) since Thu 2020-08-27 10:26:04 UTC; 43s ago
Docs: man:systemd-sysv-generator(8)
Process: 51357 ExecStart=/etc/rc.d/init.d/guacd start (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 11070)
Memory: 11.9M
CGroup: /system.slice/guacd.service
└─51360 /usr/local/sbin/guacd -p /var/run/guacd.pidStep 4: Install the Guacamole Web Application
There are two critical files involved in the deployment of Guacamole: guacamole.war, which is the file containing the web application, and guacamole.properties, the main configuration file for Guacamole. The recommend way to set up Guacamole involves placing these files in standard locations, and then creating symbolic links to them so that Tomcat can find them
guacamole-client contains all Java and Maven components of Guacamole (guacamole, guacamole-common, guacamole-ext, and guacamole-common-js). These components ultimately make up the web application that will serve the HTML5 Guacamole client to users that connect to your server. This web application will connect to guacd, part of guacamole-server, on behalf of connected users in order to serve them any remote desktop they are authorized to access.
Install Guacamole Client on CentOS 8
The Guacamole client is available as a binary. To install it, just pull it from the Guacamole binaries downloads page as shown below, copy it to /etc/guacamole/ directory and rename it at the same time.
cd ~
sudo mkdir /etc/guacamole
wget https://downloads.apache.org/guacamole/1.2.0/binary/guacamole-1.2.0.war -O /etc/guacamole/guacamole.warTo install the Guacamole client binary, create a symbolic link of the guacamole client to Tomcat webapps directory as shown below;
sudo ln -s /etc/guacamole/guacamole.war /usr/share/tomcat/webapps/Step 5: Configure Guacamole Server
After the installation of the Guacamole server daemon, you need define how to Guacamole client will connect to the Guacamole server (guacd) under the /etc/guacamole/guacamole.properties configuration file. Within this configuration, you need to simply define Guacamole server hostname, port, user mapping configuration file, authentication provider.
GUACAMOLE_HOME is the name given to Guacamole’s configuration directory, which is located at /etc/guacamole by default. All configuration files, extensions, etc. reside within this directory.
Create GUACAMOLE_HOME environment variable
echo "GUACAMOLE_HOME=/etc/guacamole" | sudo tee -a /etc/default/tomcatCreate /etc/guacamole/guacamole.properties config file and populate is as shown below:
$ sudo vim /etc/guacamole/guacamole.properties
guacd-hostname: localhost
guacd-port: 4822
user-mapping: /etc/guacamole/user-mapping.xml
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProviderAfter the configuration is as pretty as above, save it and link the Guacamole configurations directory to Tomcat servlet directory as illustrated below.
sudo ln -s /etc/guacamole /usr/share/tomcat/.guacamoleStep 6: Setup Guacamole Authentication Method
Guacamole’s default authentication method reads all users and connections from a single file called user-mapping.xml. In this file, you need to define the users allowed to access Guacamole web UI, the servers to connect to and the method of connection.
Generate the MD5 hash of passwords for a user you are going to use to log into Guacamole web user interface. Replace you password accordingly.
$ echo -n StrongPassword | openssl md5
(stdin)= 0f6e4a1df0cf5ee97c2066953bed21b2Once your password is ready, create the user-mapping file with sample contents illustrated below. You can place any hostname, usernames and hosts as per your environment.
$ sudo vim /etc/guacamole/user-mapping.xml
<user-mapping>
<!-- Per-user authentication and config information -->
<!-- A user using md5 to hash the password
guacadmin user and its md5 hashed password below is used to
login to Guacamole Web UI-->
<authorize
username="tech"
password="0f6e4a1df0cf5ee97c2066953bed21b2"
encoding="md5">
<!-- First authorized Remote connection -->
<connection name="RHEL 7 Maipo">
<protocol>ssh</protocol>
<param name="hostname">10.10.10.10</param>
<param name="port">22</param>
</connection>
<!-- Second authorized remote connection -->
<connection name="Windows Server 2019">
<protocol>rdp</protocol>
<param name="hostname">10.10.10.5</param>
<param name="port">3389</param>
<param name="username">tech</param>
<param name="ignore-cert">true</param>
</connection>
</authorize>
</user-mapping>Good stuff. Once everything is done, restart both Tomcat and guacd to realize the changes made.
sudo systemctl restart tomcat guacdIn case you have a firewall running and you haven’t allowd the ports yet, then this is the chance to do so as quickly as below:
sudo firewall-cmd --permanent --add-port={4822,8080}/tcp
sudo firewall-cmd --reloadStep 7: Getting Guacamole Web Interface
Thus far, we have setup everything well and we should therefore be ready to access the application we have been toiling to bring up. To access Guacamole’s web interface, simply point your browser to http://ip-or-domain-name:8080/guacamole and you should be greeted with a login screen as shown below:
As you can see, the connections we had made in the configuration file are already loaded when you login.
Simply click on the one you would wish to connect to and you will be prompted with a username and password whether via SSH or RDP.
Enter your server password
And we should be allowed in
Closing Remarks
Because the Guacamole client is an HTML5 web application, use of your computers is not tied to any one device or location. As long as you have access to a web browser, you have access to your machines. With both Guacamole and a desktop operating system hosted in the cloud, you can combine the convenience of Guacamole with the resilience and flexibility of cloud computing. Check it out and leverage on its flexibility and convenience especially during this season where most of us are working from home.
References:
Apache Guacamole Documentation
As we appreciate your continued support, keep the fun as you grab other ideas from the exquisite guides shared below.
Easy way to Create SSH tunnels on Linux CLI
Install and Configure OpenSSH Server on Windows Server 2019
How To Set Up Two factor (2FA) Authentication for SSH on CentOS / RHEL 7/8
