Difference between revisions of "Guacamole 0.8.3"

From Linuxintro
imported>ThorstenStaerk
imported>ThorstenStaerk
Line 13: Line 13:
 
* how to make the website accessible from behind a firewall (port 80 or 443)
 
* how to make the website accessible from behind a firewall (port 80 or 443)
  
Here's what you do:
+
Here's what you do as root user:
 +
* install tomcat
 +
apt-get update
 +
apt-get install tomcat6
 
* download the guacamole webapp from http://sourceforge.net/projects/guacamole/files/current/binary/
 
* download the guacamole webapp from http://sourceforge.net/projects/guacamole/files/current/binary/
 
* deploy it
 
* deploy it

Revision as of 08:19, 29 November 2013

Overview

Guacamole is a program to control a Linux desktop over the network in a browser.

Sometimes in your Linux life, you need to control your servers in the internet with a graphical user interface. This is tedious when you are behind a corporate firewall blocking ssh requests to the public internet. Typical corporate firewalls only allow proxified client access to port 80, 8080 and 443 in the public internet. One way to go is to use a browser to display a Linux desktop. The solution is not, however, to use VNC for a web browser, as it will be blocked by corporate firewalls. The solution is guacamole.

Snapshot-guacamole.png

Quickstart

This will show you

  • how to install guacamole 0.8.3 on Ubuntu 10.04
  • how to make this configuration survive a reboot
  • how to secure transmission with SSL
  • how to make the website accessible from behind a firewall (port 80 or 443)

Here's what you do as root user:

  • install tomcat
apt-get update
apt-get install tomcat6
# mv guacamole-0.8.3.war /var/lib/tomcat6/webapps/
apt-get install libvncserver-dev
  • build the server:
# ./configure && make -j8 && make install
  • the following step is ugly; installation has not completely done what it should so we must do that:
# cp ./src/libguac/.libs/libguac.so.5.0.0 /usr/lib/libguac.so
# ln -s /usr/local/lib/libguac-client-vnc.so /lib/
  • now we start the guacamole daemon
# guacd 
guacd[11581]: INFO:  Guacamole proxy daemon (guacd) version 0.8.3
guacd[11581]: INFO:  Successfully bound socket to host ::1, port 4822
guacd[11581]: INFO:  Exiting and passing control to PID 11582
  • create a folder /etc/guacamole
mkdir /etc/guacamole
  • create a file /etc/guacamole/guacamole.properties with the content
# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port:     4822

# Location to read extra .jar's from
lib-directory:  /var/lib/tomcat6/webapps/guacamole-0.8.3/WEB-INF/classes


# Authentication provider class
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider

# Properties used by BasicFileAuthenticationProvider
basic-user-mapping: /etc/guacamole/user-mapping.xml
  • create a file /etc/guacamole/user-mapping.xml with the content
<user-mapping>
   <authorize username="user" password="password">
      <protocol>vnc</protocol>
         <param name="hostname">localhost</param>
         <param name="port">5901</param>
         <param name="password">password</param>
    </authorize>
</user-mapping>
  • find out your tomcat's user directory:
# cat /etc/passwd|grep tomcat
tomcat6:x:113:116::/usr/share/tomcat6:/bin/false
in this case it is /usr/share/tomcat6
  • create a folder .guacamole in your tomcat's user directory:
mkdir /usr/share/tomcat6/.guacamole
  • link guacamole.properties into your tomcat's user directories' guacamole folder
ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat6/.guacamole
  • now the problem is that tomcat does not know where to find the Authentication class:

/var/lib/tomcat6/webapps/guacamole/WEB-INF/classes/net/sourceforge/guacamole/net/basic/BasicFileAuthenticationProvider.class

is not in /etc/guacamole/guacamole.properties

  • so add it
  • cat /etc/passwd gives me a line
tomcat6:x:113:116::/usr/share/tomcat6:/bin/false
ll /usr/share/tomcat6/.guacamole/
total 8
drwxr-xr-x 2 root root 4096 Nov 26 07:58 ./
drwxr-xr-x 6 root root 4096 Nov 26 07:57 ../
lrwxrwxrwx 1 root root   35 Nov 26 07:58 guacamole.properties -> /etc/guacamole/guacamole.properties
  • works now. So the thing is:
    • take care that it is called guacamole and not guacamole-0.8.3 (sure?)
    • make sure the classpath in /etc/guacamole/guacamole.properties is correct, e.g.
# Location to read extra .jar's from
lib-directory:  /var/lib/tomcat6/webapps/guacamole/WEB-INF/classes
  • start a vnc server, as password set password (the vnc password given in user-mappings.xml)
vncserver
  • next steps: SSL
  • next steps: proxypass

Server error

  • now I got a server error so I straced guacd:
strace -p 15332

and saw

[pid 20344] open("/usr/lib/x86_64-linux-gnu/libguac-client-vnc.so", O_RDONLY) = -1 ENOENT (No such file or directory)

so the problem is that libguac-client-vnc.so is missing.

  • downloaded java version 1.7.45 and compiled guacamole-client using mvn. But there was no *.so* file in it
  • so installed libvncserver-dev and rebuild and reinstalled guacamole-server
  • and there it is, libguac-client-vnc.so
  • now the error message changed from "server error" to "unauthorized"

See also