Last active
March 15, 2018 16:00
-
-
Save john-clark/2d8214db831baebf52e8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Guacamole installation | |
# Supports Ubuntu 14.04,15.10 and Debian wheezy,jessie | |
# 32 and 64 bit | |
# Script to be run as sudo/root | |
# ver 1.5 | |
# To be run on a FRESH OS install | |
# Do not install anything other than base OS | |
# Bharath Chari 2016 | |
# http://chari.titanium.ee | |
# Updated 03-Feb-2016 | |
#Variables for guacamole/mysql connector versionsare set here. | |
#Don't modify unless you know what you're doing | |
GUAC_VER=0.9.9 | |
MYSQL_CONNECTOR_VERSION=5.1.38 | |
# DO NOT MODIFY BELOW THIS LINE. | |
echo "Checking system.." | |
# Check if user is root or sudo | |
if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi | |
# Check if this script has already been run successfully. | |
test -f /var/lock/guac-installed.lock && { echo "Guacamole already installed. This script cannot be run"; exit 1; } | |
# install lsb-release to check Distro version. Also gives us an idea if it's an apt based system! | |
apt-get -qq install lsb-release -y || { echo "Unsupported distribution. Aborting installation."; exit 1; } | |
# fetch the codename of the distribution (eg: trusty,wily,wheezy,jessie) | |
DISTVER=$(lsb_release -c | cut -d':' -f 2 | sed 's/[[:space:]]//g') | |
# Set Tomcat version depending on which distribution version else exit script | |
case $DISTVER in | |
trusty|wheezy) | |
TOMCAT_VER=tomcat7 | |
;; | |
wily|jessie) | |
TOMCAT_VER=tomcat8 | |
;; | |
*) | |
echo "Unsupported distribution. Sorry. Installation aborted" | |
echo "Script works on Ubuntu (trusty,wily) and Debian (wheezy,jessie)" | |
exit 1; | |
esac | |
# Set environment to non-interactive | |
export DEBIAN_FRONTEND="noninteractive" | |
# Today's date | |
TODAY=$(date +"%m-%d-%Y") | |
# get architecture - 32 bit or 64 bit | |
if [ $(getconf LONG_BIT | grep 64) ]; then ARCH="x86_64"; else ARCH="i386"; fi | |
# Find hostname | |
MYHOST=$(hostname -f) | |
#Helper functions | |
# Generate random string for passwords and directory names | |
genrand () { cat /dev/urandom | tr -dc '0-9A-Za-z+=_' | fold -w $1 | head -n 1 ; } | |
# Create temp directory for downloads. Uses genrand() to create random string | |
tmpdir=$(genrand 32) | |
cd ~ | |
mkdir $tmpdir && cd $tmpdir | |
# Get passwords from user | |
clear | |
echo "Set passwords for the system" | |
echo "Note: Passwords will NOT be displayed on screen!" | |
echo | |
while true | |
do | |
read -s -p "MySQL ROOT Password: " MYSQL_ROOT_PASSWD | |
echo | |
read -s -p "MySQL ROOT Password (again): " password2 | |
echo | |
[ "$MYSQL_ROOT_PASSWD" = "$password2" ] && break | |
echo "Passwords don't match. Please try again" | |
done | |
echo | |
while true | |
do | |
read -s -p "Set Guacamole DATABASE Password: " GUAC_DB_PASSWD | |
echo | |
read -s -p "Guacamole DATABASE Password (again): " password2 | |
echo | |
[ "$GUAC_DB_PASSWD" = "$password2" ] && break | |
echo "Passwords don't match. Please try again" | |
done | |
echo | |
while true | |
do | |
read -s -p "Set Guacamole (guacadmin) WEB ADMIN Password: " GUAC_ADMIN_PASSWORD | |
echo | |
read -s -p "Guacamole (guacadmin) WEB ADMIN Password (again): " password2 | |
echo | |
[ "$GUAC_ADMIN_PASSWORD" = "$password2" ] && break | |
echo "Passwords don't match. Please try again" | |
done | |
# End password input | |
# Upgrade all packages | |
apt-get -qq update && apt-get upgrade -y | |
#Install required dependencies | |
echo "Installing packages" | |
# Tomcat version is determined by distro | |
apt-get -qq install $TOMCAT_VER -y | |
apt-get -qq install $TOMCAT_VER-admin $TOMCAT_VER-docs -y | |
apt-get -qq install debconf-utils build-essential automake libtool shtool checkinstall ntp fail2ban git -y | |
apt-get -qq install libcairo2-dev libjpeg62* libpng12-dev libossp-uuid-dev libpango1.0-dev -y | |
apt-get -qq install libfreerdp-dev libvncserver-dev libpulse-dev libvorbis-dev libssl-dev libssh2-1-dev libtelnet-dev -y | |
#apt-get -qq install default-jdk -y | |
#MySQL install with preset password stored in variable MYSQL_ROOT_PASSWD | |
echo mysql-server mysql-server/root_password password $MYSQL_ROOT_PASSWD | debconf-set-selections | |
echo mysql-server mysql-server/root_password_again password $MYSQL_ROOT_PASSWD | debconf-set-selections | |
apt-get -qq install mysql-server mysql-client mysql-common mysql-utilities -y | |
# Fetch and install guacamole server and client | |
echo "Downloading and configuring guacamole.." | |
#Fetch/compile/install guacamole-server-version defined in variable GUAC_VER | |
wget -O guacamole-server-$GUAC_VER.tar.gz http://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-$GUAC_VER.tar.gz | |
tar -zxvf guacamole-server-$GUAC_VER.tar.gz | |
cd guacamole-server-$GUAC_VER/ | |
./configure --with-init-dir=/etc/init.d | |
make | |
make install; | |
ldconfig | |
#Fetch / install client, JDBC-auth and mysql connectors | |
mkdir -p /var/lib/guacamole && cd /var/lib/guacamole/ | |
wget http://sourceforge.net/projects/guacamole/files/current/binary/guacamole-$GUAC_VER.war -O guacamole.war | |
ln -s /var/lib/guacamole/guacamole.war /var/lib/$TOMCAT_VER/webapps/guacamole.war | |
mkdir -p ~/$tmpdir/guacamole/sqlauth && cd ~/$tmpdir/guacamole/sqlauth | |
wget -O guacamole-auth-jdbc-$GUAC_VER.tar.gz http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-$GUAC_VER.tar.gz | |
tar -zxvf guacamole-auth-jdbc-$GUAC_VER.tar.gz | |
wget -O mysql-connector-java-$MYSQL_CONNECTOR_VERSION.tar.gz http://dev.mysql.com/get/Downloads/Connector/j/mysql-connector-java-$MYSQL_CONNECTOR_VERSION.tar.gz | |
tar -zxf mysql-connector-java-$MYSQL_CONNECTOR_VERSION.tar.gz | |
mkdir -p /usr/share/$TOMCAT_VER/.guacamole/{extensions,lib} | |
mv guacamole-auth-jdbc-$GUAC_VER/mysql/guacamole-auth-jdbc-mysql-$GUAC_VER.jar /usr/share/$TOMCAT_VER/.guacamole/extensions/ | |
mv mysql-connector-java-$MYSQL_CONNECTOR_VERSION/mysql-connector-java-$MYSQL_CONNECTOR_VERSION-bin.jar /usr/share/$TOMCAT_VER/.guacamole/lib/ | |
service mysql restart | |
# Create Guacamole mysql user and db | |
mysql --host=localhost --user=root --password=$MYSQL_ROOT_PASSWD << END | |
CREATE DATABASE IF NOT EXISTS guacdb; | |
CREATE USER 'guacuser'@'localhost' IDENTIFIED BY '$GUAC_DB_PASSWD'; | |
grant select,insert,update,delete on guacdb.* to 'guacuser'@'localhost'; | |
flush privileges; | |
END | |
cd ~/$tmpdir/guacamole/sqlauth/guacamole-auth-jdbc-$GUAC_VER/mysql/schema/ | |
cat ./*.sql | mysql --host=localhost --user=root --password=$MYSQL_ROOT_PASSWD guacdb | |
# Create guacamole.properties file | |
mkdir -p /etc/guacamole/ | |
cat > /etc/guacamole/guacamole.properties << EOG | |
mysql-hostname: localhost | |
mysql-port: 3306 | |
mysql-database: guacdb | |
mysql-username: guacuser | |
mysql-password:$GUAC_DB_PASSWD | |
mysql-disallow-duplicate-connections: false | |
EOG | |
ln -s /etc/guacamole/guacamole.properties /usr/share/$TOMCAT_VER/.guacamole/ | |
# Change default guacadmin password in guacdb | |
mysql --host=localhost --user=root --password=$MYSQL_ROOT_PASSWD << END | |
USE guacdb; | |
SET @salt = UNHEX(SHA2(UUID(), 256)); | |
UPDATE guacamole_user | |
SET | |
password_salt = @salt, | |
password_hash = UNHEX(SHA2(CONCAT('$GUAC_ADMIN_PASSWORD', HEX(@salt)), 256)) | |
WHERE | |
username = 'guacadmin'; | |
END | |
#Adding patch for entropy in virtual machines | |
sec_file=/jre/lib/security/java.security | |
java_path=$(dirname $(dirname $(readlink -f $(which javac)))) | |
if grep -xq "urandom" $java_path$sec_file ; then | |
echo "File already patched to use /dev/urandom" | |
else | |
echo "securerandom.source=file:/dev/./urandom">> $java_path$sec_file | |
fi | |
# Add links for FreeRDP depending on architecture | |
mkdir /usr/lib/$ARCH-linux-gnu/freerdp/ | |
ln -s /usr/local/lib/freerdp/guac*.so /usr/lib/$ARCH-linux-gnu/freerdp/ | |
# Adding startup services | |
case $DISTVER in | |
trusty|wheezy|wily) | |
update-rc.d guacd defaults | |
update-rc.d mysql defaults | |
update-rc.d $TOMCAT_VER defaults | |
;; | |
jessie) | |
systemctl enable $TOMCAT_VER | |
systemctl enable mysql | |
systemctl enable guacd | |
;; | |
*) | |
esac | |
#proxy 8080 | |
apt-get -qq install nginx -y | |
unlink /etc/nginx/sites-enabled/default | |
echo <<< EOL | |
server { | |
listen 80; | |
location / { | |
proxy_pass http://localhost:8080/guacamole/; | |
proxy_buffering off; | |
proxy_http_version 1.1; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection $http_connection; | |
proxy_cookie_path /guacamole/ /; | |
access_log off; | |
} | |
} | |
EOL >> /etc/nginx/sites-enabled/reverse-proxy-guacamole; | |
service nginx restart | |
## Cleaning up | |
cd ~ | |
rm -rf $tmpdir | |
touch /var/lock/guac-installed.lock | |
echo "Done" | |
echo | |
echo "#################################################################################" | |
echo "Guacamole install complete. Reboot server now - sudo shutdown -r now" | |
echo "After rebooting, you can access your installation at:" | |
echo " http://$MYHOST or http://$MYHOST:8080/guacamole" | |
echo "#################################################################################" | |
exit 0; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment