dpkg-reconfigure tzdata
export guacver=1.3.0
export tomcatver=9.0.45
export loginPwHash=$(echo -n SuperGeheimesPasswort | openssl md5 | awk '{ print $2 }')
echo $loginPwHash> /tmp/password.loginhash
export dbpw=$(openssl rand -hex 8)
export dbpw=2b2cb9cd9ddd9e1d
echo $dbpw > /tmp/password.database
Step 1: Server Preparation
apt update apt install -y gcc vim curl wget g++ software-properties-common apt install -y libcairo2-dev libjpeg-turbo8-dev libpng-dev libtool-bin libossp-uuid-dev libavcodec-dev libavutil-dev libswscale-dev build-essential libpango1.0-dev libssh2-1-dev libvncserver-dev libtelnet-dev libssl-dev libvorbis-dev libwebp-dev libjpeg62-dev libavformat-dev libwebsockets-dev libpulse-dev add-apt-repository ppa:remmina-ppa-team/freerdp-daily apt update apt install freerdp2-dev freerdp2-x11 -y
Step 2: Install Apache Tomcat
apt install openjdk-11-jdk default–jdk
mkdir /opt/tomcat
sudo groupadd tomcat
useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat
# useradd -m -U -d /opt/tomcat -s /bin/false tomcat
#apt install -y make tomcat9
wget https://downloads.apache.org/tomcat/tomcat-9/v${tomcatver}/bin/apache-tomcat-${tomcatver}.tar.gz -P ~
tar -xzf apache-tomcat-${tomcatver}.tar.gz -C /opt/tomcat/
mv /opt/tomcat/apache-tomcat-${tomcatver} /opt/tomcat/tomcatapp
chown -R tomcat: /opt/tomcat
chmod +x /opt/tomcat/tomcatapp/bin/*.sh
cat << EOF > /etc/systemd/system/tomcat.service
[Unit]
Description=Tomcat 9 servlet container
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"
Environment="CATALINA_BASE=/opt/tomcat/tomcatapp"
Environment="CATALINA_HOME=/opt/tomcat/tomcatapp"
Environment="CATALINA_PID=/opt/tomcat/tomcatapp/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/tomcatapp/bin/startup.sh
ExecStop=/opt/tomcat/tomcatapp/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now tomcat
systemctl status tomcat
sudo ufw allow 8080/tcp
Step 3: Build the Guacamole Server From Source
wget https://downloads.apache.org/guacamole/${guacver}/source/guacamole-server-${guacver}.tar.gz -P ~
tar xzf ~/guacamole-server-${guacver}.tar.gz
cd ~/guacamole-server-${guacver}
./configure --with-init-dir=/etc/init.d
make
make install
ldconfig
systemctl daemon-reload
systemctl start guacd
systemctl enable guacd
systemctl status guacd
mkdir /etc/guacamole
mkdir /etc/guacamole/extensions
mkdir /etc/guacamole/lib
Step 4: Install the Guacamole Web Application
wget https://downloads.apache.org/guacamole/${guacver}/binary/guacamole-${guacver}.war -P ~
mv ~/guacamole-${guacver}.war /etc/guacamole/guacamole.war
ln -s /etc/guacamole/guacamole.war /opt/tomcat/tomcatapp/webapps
Step 5: Configure Guacamole Server
echo "GUACAMOLE_HOME=/etc/guacamole" | sudo tee -a /etc/default/tomcat cat << EOF > /etc/guacamole/guacamole.properties guacd-hostname: localhost guacd-port: 4822 user-mapping: /etc/guacamole/user-mapping.xml auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider EOF ln -s /etc/guacamole /opt/tomcat/tomcatapp/.guacamole
Step 6: Setup Guacamole Authentication Method
cat << EOF > /etc/guacamole/user-mapping.xml
<user-mapping>
<!-- Per-user authentication and config information -->
<!-- A user using md5 to hash the password
guacadmin user and its md5 hashed password below is used to
login to Guacamole Web UI-->
<authorize
username="patrick"
password="${loginPwHash}"
encoding="md5">
<connection name="SSH: Videostation">
<protocol>ssh</protocol>
<param name="hostname">192.168.178.59</param>
<param name="port">22</param>
<param name="username">godfather</param>
<param name="password">${GUAC_PASSWORD}</param>
</connection>
<connection name="SSH: Audiostation">
<protocol>ssh</protocol>
<param name="hostname">192.168.178.58</param>
<param name="port">22</param>
<param name="username">godfather</param>
<param name="password">${GUAC_PASSWORD}</param>
</connection>
<connection name="SSH: Guacamole">
<protocol>ssh</protocol>
<param name="hostname">192.168.178.232</param>
<param name="port">22</param>
<param name="username">godfather</param>
<param name="password">${GUAC_PASSWORD}</param>
</connection>
<connection name="SSH: PiHole">
<protocol>ssh</protocol>
<param name="hostname">192.168.178.231</param>
<param name="port">22</param>
<param name="username">godfather</param>
<param name="password">${GUAC_PASSWORD}</param>
</connection>
<connection name="RDP: nb-pb-skuld">
<protocol>rdp</protocol>
<param name="hostname">192.168.178.105</param>
<param name="port">3389</param>
<param name="security">nla</param>
<param name="username">patrick</param>
<param name="password">${GUAC_PASSWORD}</param>
<param name="ignore-cert">true</param>
</connection>
</authorize>
</user-mapping>
EOF
systemctl restart tomcat guacd
sudo ufw allow 4822/tcp
Step 7: Switch Guacamole to MariaDB
apt install -y make mariadb-server wget --trust-server-names "https://apache.org/dyn/closer.cgi?action=download&filename=guacamole/$guacver/binary/guacamole-auth-jdbc-$guacver.tar.gz" -O /usr/src/guacamole-auth-jdbc-$guacver.tar.gz wget "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-8.0.21.tar.gz" -O /usr/src/mysql-connector-java-8.0.21.tar.gz tar xvzf /usr/src/guacamole-auth-jdbc-$guacver.tar.gz -C /usr/src/ tar xvzf /usr/src/mysql-connector-java-8.0.21.tar.gz -C /usr/src/ cp /usr/src/guacamole-auth-jdbc-$guacver/mysql/guacamole-auth-jdbc-mysql-$guacver.jar /etc/guacamole/extensions/ cp /usr/src/mysql-connector-java-8.0.21/mysql-connector-java-8.0.21.jar /etc/guacamole/lib/ mysql -u root -p -e "CREATE USER 'guacamole'@'localhost' IDENTIFIED BY '$dbpw';" mysql -u root -p -e "CREATE DATABASE IF NOT EXISTS guacamole DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;" mysql -u root -p -e "GRANT SELECT,INSERT,UPDATE,DELETE,CREATE ON guacamole.* TO 'guacamole'@'localhost' IDENTIFIED BY '$dbpw' WITH GRANT OPTION;" mysql -u root -p -e "FLUSH PRIVILEGES;" mysql -uguacamole -p$dbpw guacamole < /usr/src/guacamole-auth-jdbc-$guacver/mysql/schema/001-create-schema.sql mysql -uguacamole -p$dbpw guacamole < /usr/src/guacamole-auth-jdbc-$guacver/mysql/schema/002-create-admin-user.sql cp /etc/guacamole/guacamole.properties /etc/guacamole/guacamole.properties.xmlnodb cat << EOF > /etc/guacamole/guacamole.properties # # Hostname and Guacamole server port # guacd-hostname: 127.0.0.1 guacd-port: 4822 # # MySQL properties # mysql-hostname: 127.0.0.1 mysql-port: 3306 mysql-database: guacamole mysql-username: guacamole mysql-password: $dbpw EOF
Step 8: Timezone-error
cp /etc/mysql/mariadb.conf.d/50-server.cnf /etc/mysql/mariadb.conf.d/50-server.cnf.orginal mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql sed -i '30 i\# Timezone' /etc/mysql/mariadb.conf.d/50-server.cnf sed -i '31 i\default_time_zone=Europe/Berlin' /etc/mysql/mariadb.conf.d/50-server.cnf sed -i '32 i\ ' /etc/mysql/mariadb.conf.d/50-server.cnf systemctl restart mariadb.service systemctl restart tomcat.service