Install and Use Guacamole Remote Desktop on CentOS 8

Apache Guacamole is a clientless remote desktop gateway that supports standard protocols like VNC, RDP, and SSH. Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.

Guacamole is separated into two pieces: guacamole-server, which provides the guacd proxy and related libraries, and guacamole-client, which provides the client to be served by your servlet container. In most cases, the only source you will need to build is guacamole-server, and downloading the latest guacamole.war from the project website will be sufficient to provide the client.

Installation on Ubuntu: Install and Use Guacamole Remote Desktop on Ubuntu

Step 1: Server Preparation

Apache Guacamole has many dependencies and we are going to deal with most of them in this step. You will notice that I used some packages from the Devel repository because getting them from the official repositories was a challange. Disable it once the packages we need are all installed.

sudo dnf update
sudo dnf install -y vim wget unzip make cmake wget gcc zlib-devel compat-openssl10
sudo dnf config-manager --set-enabled powertools
sudo dnf config-manager --enable devel
sudo dnf -y install cairo-devel libuv-devel libjpeg-turbo-devel libjpeg-devel libpng-devel libtool uuid-devel freerdp-devel pango-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel libssh2-devel libwebsockets-devel libtheora opus lame-libs
sudo dnf config-manager --disable devel

Install other libraries from source

There are some libraries that are not readily available on the repositories yet. They include libtelnet

curl -s https://api.github.com/repos/seanmiddleditch/libtelnet/releases/latest | grep browser_download_url  | cut -d '"' -f 4 | wget -qi -
tar -xf libtelnet-*.tar.gz
cd libtelnet-*/
./configure
make && sudo make install

Step 2: Install Apache Tomcat

Once the prerequisites are sorted, run the command below to install Apache Tomcat Java servelet container that serves Guacamole java client and all the required dependencies. Since it is in Java, let us first get Java installed.

Install Java on CentOS 8

Run the command below to fetch java-11-openjdk.

sudo yum install java-11-openjdk-devel

Create a file and set Java environment variables.

$ sudo vim /etc/profile.d/java11.sh

export JAVA_HOME=$(dirname $(dirname $(readlink -f $(which javac))))
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/jre/lib:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar

Source the file to start using it without logging out.

source /etc/profile.d/java11.sh

Install Apache Tomcat on CentOS 8

To install Apache Tomcat, kindly follow our detailed guide on how to install Apache Tomcat 9 on CentOS 8. Ignore the Java installation part since we already have it installed.

Step 3: Build the Guacamole Server From Source

guacamole-server contains all the native, server-side components required by Guacamole to connect to remote desktops. It provides a common C library, libguac, which all other native components depend on, as well as separate libraries for each supported protocol, and a proxy daemon, guacd, the heart of Guacamole.

Download the latest stable version of guacamole-server

cd ~
wget https://downloads.apache.org/guacamole/1.3.0/source/guacamole-server-1.3.0.tar.gz

Extract the downloaded archive.

tar -xvf guacamole-server-1.3.0.tar.gz

Change into the extracted directory.

cd guacamole-server-1.3.0

Configure the build environment. Running configure will determine which libraries are available on your system and will select the appropriate components for building depending on what you actually have installed.

./configure --with-init-dir=/etc/init.d

Then compile guacamole-server. Quite a bit of output will scroll up the screen as all the components are compiled

make

Once everything finishes, all you have left to do is type “sudo make install” to install the components that were built, and then “ldconfig” to update your system’s cache of installed libraries.

sudo make install

Update the system’s cache of installed libraries.

sudo ldconfig

Refresh systemd for it to find the guacd (Guacamole proxy daemon) service installed in /etc/init.d/ directory.

sudo systemctl daemon-reload

Once relaoded, start the guacd service.

sudo systemctl start guacd
sudo systemctl enable guacd

And to have that smile on your face, check its status.

$ systemctl status guacd
● guacd.service - LSB: Guacamole proxy daemon
   Loaded: loaded (/etc/rc.d/init.d/guacd; generated)
   Active: active (running) since Thu 2020-08-27 10:26:04 UTC; 43s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 51357 ExecStart=/etc/rc.d/init.d/guacd start (code=exited, status=0/SUCCESS)
    Tasks: 1 (limit: 11070)
   Memory: 11.9M
   CGroup: /system.slice/guacd.service
           └─51360 /usr/local/sbin/guacd -p /var/run/guacd.pid

Step 4: Install the Guacamole Web Application

There are two critical files involved in the deployment of Guacamole: guacamole.war, which is the file containing the web application, and guacamole.properties, the main configuration file for Guacamole. The recommend way to set up Guacamole involves placing these files in standard locations, and then creating symbolic links to them so that Tomcat can find them

guacamole-client contains all Java and Maven components of Guacamole (guacamole, guacamole-common, guacamole-ext, and guacamole-common-js). These components ultimately make up the web application that will serve the HTML5 Guacamole client to users that connect to your server. This web application will connect to guacd, part of guacamole-server, on behalf of connected users in order to serve them any remote desktop they are authorized to access.

Install Guacamole Client on CentOS 8

The Guacamole client is available as a binary. To install it, just pull it from the Guacamole binaries downloads page as shown below, copy it to /etc/guacamole/ directory and rename it at the same time.

cd ~
sudo mkdir /etc/guacamole
wget https://downloads.apache.org/guacamole/1.3.0/binary/guacamole-1.3.0.war
sudo mv guacamole-1.3.0.war /etc/guacamole/guacamole.war

To install the Guacamole client binary, create a symbolic link of the guacamole client to Tomcat webapps directory as shown below;

sudo ln -s /etc/guacamole/guacamole.war /usr/share/tomcat/webapps/

Step 5: Configure Guacamole Server

After the installation of the Guacamole server daemon, you need define how to Guacamole client will connect to the Guacamole server (guacd) under the /etc/guacamole/guacamole.properties configuration file. Within this configuration, you need to simply define Guacamole server hostname, port, user mapping configuration file, authentication provider.

GUACAMOLE_HOME is the name given to Guacamole’s configuration directory, which is located at /etc/guacamole by default. All configuration files, extensions, etc. reside within this directory.

Create GUACAMOLE_HOME environment variable

echo "GUACAMOLE_HOME=/etc/guacamole" | sudo tee -a /etc/default/tomcat

Create /etc/guacamole/guacamole.properties config file and populate is as shown below:

$ sudo vim /etc/guacamole/guacamole.properties
guacd-hostname: localhost
guacd-port:    4822
user-mapping:    /etc/guacamole/user-mapping.xml
auth-provider:    net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider

After the configuration is as pretty as above, save it and link the Guacamole configurations directory to Tomcat servlet directory as illustrated below.

sudo ln -s /etc/guacamole /usr/share/tomcat/.guacamole

Step 6: Setup Guacamole Authentication Method

Guacamole’s default authentication method reads all users and connections from a single file called user-mapping.xml. In this file, you need to define the users allowed to access Guacamole web UI, the servers to connect to and the method of connection.

Generate the MD5 hash of passwords for a user you are going to use to log into Guacamole web user interface. Replace you password accordingly.

$ echo -n StrongPassword | openssl md5
(stdin)= 0f6e4a1df0cf5ee97c2066953bed21b2

Once your password is ready, create the user-mapping file with sample contents illustrated below. You can place any hostname, usernames and hosts as per your environment.

$ sudo vim /etc/guacamole/user-mapping.xml

<user-mapping>

    <!-- Per-user authentication and config information -->

    <!-- A user using md5 to hash the password
         guacadmin user and its md5 hashed password below is used to 
             login to Guacamole Web UI-->
    <authorize 
            username="tech"
            password="0f6e4a1df0cf5ee97c2066953bed21b2"
            encoding="md5">

        <!-- First authorized Remote connection -->
        <connection name="RHEL 7 Maipo">
            <protocol>ssh</protocol>
            <param name="hostname">10.10.10.10</param>
            <param name="port">22</param>
        </connection>

        <!-- Second authorized remote connection -->
        <connection name="Windows Server 2019">
            <protocol>rdp</protocol>
            <param name="hostname">10.10.10.5</param>
            <param name="port">3389</param>
            <param name="username">tech</param>
            <param name="ignore-cert">true</param>
        </connection>

    </authorize>

</user-mapping>

Reference: Guacamole configurations documentation

Good stuff. Once everything is done, restart both Tomcat and guacd to realize the changes made.

sudo systemctl restart tomcat guacd

In case you have a firewall running and you haven’t allowd the ports yet, then this is the chance to do so as quickly as below:

sudo firewall-cmd --permanent --add-port={4822,8080}/tcp
sudo firewall-cmd --reload

Step 7: Getting Guacamole Web Interface

Thus far, we have setup everything well and we should therefore be ready to access the application we have been toiling to bring up. To access Guacamole’s web interface, simply point your browser to http://ip-or-domain-name:8080/guacamole and you should be greeted with a login screen as shown below:

As you can see, the connections we had made in the configuration file are already loaded when you login.

Simply click on the one you would wish to connect to and you will be prompted with a username and password whether via SSH or RDP.

Enter your server password

And we should be allowed in

Closing Remarks

Because the Guacamole client is an HTML5 web application, use of your computers is not tied to any one device or location. As long as you have access to a web browser, you have access to your machines. With both Guacamole and a desktop operating system hosted in the cloud, you can combine the convenience of Guacamole with the resilience and flexibility of cloud computing. Check it out and leverage on its flexibility and convenience especially during this season where most of us are working from home.

References:

Apache Guacamole Webpage

Apache Guacamole Documentation

As we appreciate your continued support, keep the fun as you grab other ideas from the exquisite guides shared below.

Easy way to Create SSH tunnels on Linux CLI

Install and Configure OpenSSH Server on Windows Server 2019

How To Set Up Two factor (2FA) Authentication for SSH on CentOS / RHEL 7/8