Skip to content

Instantly share code, notes, and snippets.

@john-clark
Last active March 15, 2018 16:00
Show Gist options
  • Save john-clark/2d8214db831baebf52e8 to your computer and use it in GitHub Desktop.
Save john-clark/2d8214db831baebf52e8 to your computer and use it in GitHub Desktop.
#!/bin/bash
# Guacamole installation
# Supports Ubuntu 14.04,15.10 and Debian wheezy,jessie
# 32 and 64 bit
# Script to be run as sudo/root
# ver 1.5
# To be run on a FRESH OS install
# Do not install anything other than base OS
# Bharath Chari 2016
# http://chari.titanium.ee
# Updated 03-Feb-2016
#Variables for guacamole/mysql connector versionsare set here.
#Don't modify unless you know what you're doing
GUAC_VER=0.9.9
MYSQL_CONNECTOR_VERSION=5.1.38
# DO NOT MODIFY BELOW THIS LINE.
echo "Checking system.."
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi
# Check if this script has already been run successfully.
test -f /var/lock/guac-installed.lock && { echo "Guacamole already installed. This script cannot be run"; exit 1; }
# install lsb-release to check Distro version. Also gives us an idea if it's an apt based system!
apt-get -qq install lsb-release -y || { echo "Unsupported distribution. Aborting installation."; exit 1; }
# fetch the codename of the distribution (eg: trusty,wily,wheezy,jessie)
DISTVER=$(lsb_release -c | cut -d':' -f 2 | sed 's/[[:space:]]//g')
# Set Tomcat version depending on which distribution version else exit script
case $DISTVER in
trusty|wheezy)
TOMCAT_VER=tomcat7
;;
wily|jessie)
TOMCAT_VER=tomcat8
;;
*)
echo "Unsupported distribution. Sorry. Installation aborted"
echo "Script works on Ubuntu (trusty,wily) and Debian (wheezy,jessie)"
exit 1;
esac
# Set environment to non-interactive
export DEBIAN_FRONTEND="noninteractive"
# Today's date
TODAY=$(date +"%m-%d-%Y")
# get architecture - 32 bit or 64 bit
if [ $(getconf LONG_BIT | grep 64) ]; then ARCH="x86_64"; else ARCH="i386"; fi
# Find hostname
MYHOST=$(hostname -f)
#Helper functions
# Generate random string for passwords and directory names
genrand () { cat /dev/urandom | tr -dc '0-9A-Za-z+=_' | fold -w $1 | head -n 1 ; }
# Create temp directory for downloads. Uses genrand() to create random string
tmpdir=$(genrand 32)
cd ~
mkdir $tmpdir && cd $tmpdir
# Get passwords from user
clear
echo "Set passwords for the system"
echo "Note: Passwords will NOT be displayed on screen!"
echo
while true
do
read -s -p "MySQL ROOT Password: " MYSQL_ROOT_PASSWD
echo
read -s -p "MySQL ROOT Password (again): " password2
echo
[ "$MYSQL_ROOT_PASSWD" = "$password2" ] && break
echo "Passwords don't match. Please try again"
done
echo
while true
do
read -s -p "Set Guacamole DATABASE Password: " GUAC_DB_PASSWD
echo
read -s -p "Guacamole DATABASE Password (again): " password2
echo
[ "$GUAC_DB_PASSWD" = "$password2" ] && break
echo "Passwords don't match. Please try again"
done
echo
while true
do
read -s -p "Set Guacamole (guacadmin) WEB ADMIN Password: " GUAC_ADMIN_PASSWORD
echo
read -s -p "Guacamole (guacadmin) WEB ADMIN Password (again): " password2
echo
[ "$GUAC_ADMIN_PASSWORD" = "$password2" ] && break
echo "Passwords don't match. Please try again"
done
# End password input
# Upgrade all packages
apt-get -qq update && apt-get upgrade -y
#Install required dependencies
echo "Installing packages"
# Tomcat version is determined by distro
apt-get -qq install $TOMCAT_VER -y
apt-get -qq install $TOMCAT_VER-admin $TOMCAT_VER-docs -y
apt-get -qq install debconf-utils build-essential automake libtool shtool checkinstall ntp fail2ban git -y
apt-get -qq install libcairo2-dev libjpeg62* libpng12-dev libossp-uuid-dev libpango1.0-dev -y
apt-get -qq install libfreerdp-dev libvncserver-dev libpulse-dev libvorbis-dev libssl-dev libssh2-1-dev libtelnet-dev -y
#apt-get -qq install default-jdk -y
#MySQL install with preset password stored in variable MYSQL_ROOT_PASSWD
echo mysql-server mysql-server/root_password password $MYSQL_ROOT_PASSWD | debconf-set-selections
echo mysql-server mysql-server/root_password_again password $MYSQL_ROOT_PASSWD | debconf-set-selections
apt-get -qq install mysql-server mysql-client mysql-common mysql-utilities -y
# Fetch and install guacamole server and client
echo "Downloading and configuring guacamole.."
#Fetch/compile/install guacamole-server-version defined in variable GUAC_VER
wget -O guacamole-server-$GUAC_VER.tar.gz http://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-$GUAC_VER.tar.gz
tar -zxvf guacamole-server-$GUAC_VER.tar.gz
cd guacamole-server-$GUAC_VER/
./configure --with-init-dir=/etc/init.d
make
make install;
ldconfig
#Fetch / install client, JDBC-auth and mysql connectors
mkdir -p /var/lib/guacamole && cd /var/lib/guacamole/
wget http://sourceforge.net/projects/guacamole/files/current/binary/guacamole-$GUAC_VER.war -O guacamole.war
ln -s /var/lib/guacamole/guacamole.war /var/lib/$TOMCAT_VER/webapps/guacamole.war
mkdir -p ~/$tmpdir/guacamole/sqlauth && cd ~/$tmpdir/guacamole/sqlauth
wget -O guacamole-auth-jdbc-$GUAC_VER.tar.gz http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-$GUAC_VER.tar.gz
tar -zxvf guacamole-auth-jdbc-$GUAC_VER.tar.gz
wget -O mysql-connector-java-$MYSQL_CONNECTOR_VERSION.tar.gz http://dev.mysql.com/get/Downloads/Connector/j/mysql-connector-java-$MYSQL_CONNECTOR_VERSION.tar.gz
tar -zxf mysql-connector-java-$MYSQL_CONNECTOR_VERSION.tar.gz
mkdir -p /usr/share/$TOMCAT_VER/.guacamole/{extensions,lib}
mv guacamole-auth-jdbc-$GUAC_VER/mysql/guacamole-auth-jdbc-mysql-$GUAC_VER.jar /usr/share/$TOMCAT_VER/.guacamole/extensions/
mv mysql-connector-java-$MYSQL_CONNECTOR_VERSION/mysql-connector-java-$MYSQL_CONNECTOR_VERSION-bin.jar /usr/share/$TOMCAT_VER/.guacamole/lib/
service mysql restart
# Create Guacamole mysql user and db
mysql --host=localhost --user=root --password=$MYSQL_ROOT_PASSWD << END
CREATE DATABASE IF NOT EXISTS guacdb;
CREATE USER 'guacuser'@'localhost' IDENTIFIED BY '$GUAC_DB_PASSWD';
grant select,insert,update,delete on guacdb.* to 'guacuser'@'localhost';
flush privileges;
END
cd ~/$tmpdir/guacamole/sqlauth/guacamole-auth-jdbc-$GUAC_VER/mysql/schema/
cat ./*.sql | mysql --host=localhost --user=root --password=$MYSQL_ROOT_PASSWD guacdb
# Create guacamole.properties file
mkdir -p /etc/guacamole/
cat > /etc/guacamole/guacamole.properties << EOG
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacdb
mysql-username: guacuser
mysql-password:$GUAC_DB_PASSWD
mysql-disallow-duplicate-connections: false
EOG
ln -s /etc/guacamole/guacamole.properties /usr/share/$TOMCAT_VER/.guacamole/
# Change default guacadmin password in guacdb
mysql --host=localhost --user=root --password=$MYSQL_ROOT_PASSWD << END
USE guacdb;
SET @salt = UNHEX(SHA2(UUID(), 256));
UPDATE guacamole_user
SET
password_salt = @salt,
password_hash = UNHEX(SHA2(CONCAT('$GUAC_ADMIN_PASSWORD', HEX(@salt)), 256))
WHERE
username = 'guacadmin';
END
#Adding patch for entropy in virtual machines
sec_file=/jre/lib/security/java.security
java_path=$(dirname $(dirname $(readlink -f $(which javac))))
if grep -xq "urandom" $java_path$sec_file ; then
echo "File already patched to use /dev/urandom"
else
echo "securerandom.source=file:/dev/./urandom">> $java_path$sec_file
fi
# Add links for FreeRDP depending on architecture
mkdir /usr/lib/$ARCH-linux-gnu/freerdp/
ln -s /usr/local/lib/freerdp/guac*.so /usr/lib/$ARCH-linux-gnu/freerdp/
# Adding startup services
case $DISTVER in
trusty|wheezy|wily)
update-rc.d guacd defaults
update-rc.d mysql defaults
update-rc.d $TOMCAT_VER defaults
;;
jessie)
systemctl enable $TOMCAT_VER
systemctl enable mysql
systemctl enable guacd
;;
*)
esac
#proxy 8080
apt-get -qq install nginx -y
unlink /etc/nginx/sites-enabled/default
echo <<< EOL
server {
listen 80;
location / {
proxy_pass http://localhost:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_cookie_path /guacamole/ /;
access_log off;
}
}
EOL >> /etc/nginx/sites-enabled/reverse-proxy-guacamole;
service nginx restart
## Cleaning up
cd ~
rm -rf $tmpdir
touch /var/lock/guac-installed.lock
echo "Done"
echo
echo "#################################################################################"
echo "Guacamole install complete. Reboot server now - sudo shutdown -r now"
echo "After rebooting, you can access your installation at:"
echo " http://$MYHOST or http://$MYHOST:8080/guacamole"
echo "#################################################################################"
exit 0;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment