larencejg/new_guac_builder_0.9.9.sh

## new_guac_builder_0.9.9.sh
#!/bin/bash

# define some variables

guac_version=0.9.9
mysql_version=5.1.38
mysql_root_password="MYSQL_ROOT_PWD" # change this password
mysql_user_password="MYSQL_USER_PWD" # change this password
server_name="HOSTNAME!"  #Change HOSTNAME! below in two places, when creating the ssl cert and setting up NGINX

# WORKING ON UBUNTU 15.10 WITH GUAC 0.9.9, TOMCAT8, NGINX/1.9.3, MYSQL 5.6.30

# Borrowed install procedure mostly from Chase Wright http://chasewright.com/guacamole-with-mysql-on-ubuntu/

#Update Everything
apt-get update && apt-get -y dist-upgrade

#Make sure that make is installed
apt-get install make

# Provide mysql root password to automate installation
sudo debconf-set-selections <<< "mysql-server mysql-server/root_password password $mysql_root_password"
sudo debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $mysql_root_password"

#Install Stuff
#You will be prompted for a mysql root password. Remember this for the configuration step; change MYSQLROOTPASSWORD to whatever you enter here.
apt-get -y install libcairo2-dev libpng12-dev libossp-uuid-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev mysql-server mysql-client mysql-common mysql-utilities tomcat8

# Install libjpeg-turbo-dev
wget -O libjpeg-turbo-official_1.4.2_amd64.deb http://downloads.sourceforge.net/project/libjpeg-turbo/1.4.2/libjpeg-turbo-official_1.4.2_amd64.deb
dpkg -i libjpeg-turbo-official_1.4.2_amd64.deb

# Add GUACAMOLE_HOME to Tomcat8 ENV
echo "" >> /etc/default/tomcat8
echo "# GUACAMOLE EVN VARIABLE" >> /etc/default/tomcat8
echo "GUACAMOLE_HOME=/etc/guacamole" >> /etc/default/tomcat8

#Download Guacamole Files
wget -O guacamole-$guac_version.war http://downloads.sourceforge.net/project/guacamole/current/binary/guacamole-$guac_version.war
wget -O guacamole-server-$guac_version.tar.gz http://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-$guac_version.tar.gz
wget -O guacamole-auth-jdbc-$guac_version.tar.gz http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-$guac_version.tar.gz
wget -O mysql-connector-java-$mysql_version.tar.gz http://dev.mysql.com/get/Downloads/Connector/j/mysql-connector-java-$mysql_version.tar.gz

#Extract Guac
tar -xzf guacamole-server-$guac_version.tar.gz
tar -xzf guacamole-auth-jdbc-$guac_version.tar.gz
tar -xzf mysql-connector-java-$mysql_version.tar.gz

# MAKE DIRECTORIES
mkdir /etc/guacamole
mkdir /etc/guacamole/lib
mkdir /etc/guacamole/extensions

# Install GUACD
cd guacamole-server-$guac_version
./configure --with-init-dir=/etc/init.d
make
make install
ldconfig
systemctl enable guacd
cd ..

# Move files to correct locations
mv guacamole-$guac_version.war /etc/guacamole/guacamole.war
ln -s /etc/guacamole/guacamole.war /var/lib/tomcat8/webapps/
cp mysql-connector-java-$mysql_version/mysql-connector-java-$mysql_version-bin.jar /etc/guacamole/lib/
cp guacamole-auth-jdbc-$guac_version/mysql/guacamole-auth-jdbc-mysql-$guac_version.jar /etc/guacamole/extensions/

# Fix the audio problem (over RDP)

mkdir /usr/lib/x86_64-linux-gnu/freerdp
ln -sv /usr/local/lib/freerdp/guacdr-client.so /usr/lib/x86_64-linux-gnu/freerdp
ln -sv /usr/local/lib/freerdp/guacsnd-client.so /usr/lib/x86_64-linux-gnu/freerdp
service guacd restart

# Configure guacamole.properties
echo "mysql-hostname: localhost" >> /etc/guacamole/guacamole.properties
echo "mysql-port: 3306" >> /etc/guacamole/guacamole.properties
echo "mysql-database: guacamole_db" >> /etc/guacamole/guacamole.properties
echo "mysql-username: guacamole_user" >> /etc/guacamole/guacamole.properties

echo "mysql-password: $mysql_user_password" >> /etc/guacamole/guacamole.properties
rm -rf /usr/share/tomcat8/.guacamole
ln -s /etc/guacamole /usr/share/tomcat8/.guacamole

# Restart Tomcat Service
service tomcat8 restart

#Configure the MySQL database
# Lay down mysql configuration script
sudo cat <<EOF2 > guacamolemysql.sql
#MySQL Guacamole Script

CREATE DATABASE guacamole_db;

CREATE USER 'guacamole_user'@'localhost' IDENTIFIED BY '$mysql_user_password';

GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';

FLUSH PRIVILEGES;

quit
EOF2

# Create Guacamole database and user
sudo mysql -u root -p$mysql_root_password < guacamolemysql.sql

#Populate the database
#Make sure you change tYSQLROOTPASSWORD
cat guacamole-auth-jdbc-$guac_version/mysql/schema/*.sql | mysql -u root -p$mysql_root_password guacamole_db

##########################################
# NGINX Installation and configuration #
##########################################

# Install Nginx
sudo apt-get install -y nginx

# Create directory to store server key and certificate
sudo mkdir /etc/nginx/ssl

# Create self-signed certificate  (Change hostname! no quotes)
sudo openssl req -x509 -subj '/C=US/ST=IL/L=Chicago/O=IT/CN="HOSTNAME!".localdomain.local' -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -extensions v3_ca

# Add proxy settings to nginx config file (/etc/nginx/sites-enabled/default)
# Borrowed configuration from Eric Oud Ammerveled (http://sourceforge.net/p/guacamole/discussion/1110834/thread/6961d682/#aca9)

sudo cat <<'EOF3' > /etc/nginx/sites-enabled/default
# ANOTHER SERVER LISTENING ON PORT 443 (SSL) to secure the Guacamole traffic and proxy the requests to Tomcat7
server {
    listen 443 ssl;

    server_name "HOSTNAME".localdomain.local; #(Change hostname! no quotes)

# This part is for SSL config only
    ssl on;
    ssl_certificate      /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key  /etc/nginx/ssl/nginx.key;
    ssl_session_cache shared:SSL:10m;
    ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_prefer_server_ciphers on;
#    ssl_dhparam /etc/ssl/certs/dhparam.pem;

# Found below settings to be performing best but it will work with your own
    tcp_nodelay    on;
    tcp_nopush     off;
    sendfile       on;
    client_body_buffer_size 10K;
    client_header_buffer_size 1k;
    client_max_body_size 8m;
    large_client_header_buffers 2 1k;
    client_body_timeout 12;
    client_header_timeout 12;
    keepalive_timeout 15;
    send_timeout 10;

# HINT: You might want to enable access_log during the testing!
    access_log off;

# Don't turn ON proxy_buffering!; this will impact the line quality
    proxy_buffering off;
    proxy_redirect  off;

# Enabling websockets using the first 3 lines; Check /var/log/tomcat8/catalina.out while testing; guacamole will show you a fallback message if websockets fail to work.
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

# Just something that was advised by someone from the dev team; worked fine without it too.
    proxy_cookie_path /guacamole/ /;

    location / {
            # I am running the Tomcat8 and Guacamole on the local server
            proxy_pass http://localhost:8080;
            break;
    }
}
EOF3

# Restart nginx service
sudo service nginx restart

# Restart tomcat7
sudo service tomcat8 restart

# Restart guacd
sudo service guacd restart

################################################
#           Firewall Configuration             #
################################################

# Disable Firewall
sudo ufw disable

# Allow HTTPS access
sudo ufw allow https

# Allow SSH access
sudo ufw allow ssh

# Enable Firewall
sudo ufw --force enable

# Disable IPv6
sudo cat <<EOF3 >> /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
EOF3

# Activate sysctl to pickup the changes to /etc/syscrl.conf
sudo sysctl -p

# Cleanup Downloads
rm libjpeg-turbo-official_1.4.2_amd64.deb
rm guacamole-server-$guac_version.tar.gz
rm guacamole-auth-jdbc-$guac_version.tar.gz
rm mysql-connector-java-$mysql_version.tar.gz

#Remove tempfile
rm guacamolemysql.sql

# Cleanup Folders
rm -rf mysql-connector-java-$mysql_version/
rm -rf guacamole-auth-jdbc-$guac_version/
rm -rf guacamole-server-$guac_version/

# Here are some customizations useful when installing Guacamole on a VMware ESXi as a
# guest VM that has promiscuity enabled on the virtual network interface (aka CCIE lab)

# In particular, don't log UFW (firewall) block messages when my FIOS router

sudo ufw disable
ufw deny in to 224.0.0.1
sudo ufw --force enable

# Comment out the unused IPV6 lines in /etc/hosts so localhost is bound only to IPV4 127.0.0.1 in the logs

sed -i -e 's/^::1/#::1/g' -e 's/^ff02/#ff02/g' /etc/hosts

# load the open-vm-tools

apt-get -y install open-vm-tools

echo "Installation complete"
echo "  "
echo "Test access to guacamole using (user=guacadmin pwd=guacadmin):"

/sbin/ifconfig -a | grep 'inet addr:' | cut -d: -f2 | awk '{printf "\nhttps://%s:/guacamole/#/login\n", $1}'

# end
	#!/bin/bash

	# define some variables

	guac_version=0.9.9
	mysql_version=5.1.38
	mysql_root_password="MYSQL_ROOT_PWD" # change this password
	mysql_user_password="MYSQL_USER_PWD" # change this password
	server_name="HOSTNAME!" #Change HOSTNAME! below in two places, when creating the ssl cert and setting up NGINX

	# WORKING ON UBUNTU 15.10 WITH GUAC 0.9.9, TOMCAT8, NGINX/1.9.3, MYSQL 5.6.30

	# Borrowed install procedure mostly from Chase Wright http://chasewright.com/guacamole-with-mysql-on-ubuntu/

	#Update Everything
	apt-get update && apt-get -y dist-upgrade

	#Make sure that make is installed
	apt-get install make

	# Provide mysql root password to automate installation
	sudo debconf-set-selections <<< "mysql-server mysql-server/root_password password $mysql_root_password"
	sudo debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $mysql_root_password"

	#Install Stuff
	#You will be prompted for a mysql root password. Remember this for the configuration step; change MYSQLROOTPASSWORD to whatever you enter here.
	apt-get -y install libcairo2-dev libpng12-dev libossp-uuid-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev mysql-server mysql-client mysql-common mysql-utilities tomcat8

	# Install libjpeg-turbo-dev
	wget -O libjpeg-turbo-official_1.4.2_amd64.deb http://downloads.sourceforge.net/project/libjpeg-turbo/1.4.2/libjpeg-turbo-official_1.4.2_amd64.deb
	dpkg -i libjpeg-turbo-official_1.4.2_amd64.deb

	# Add GUACAMOLE_HOME to Tomcat8 ENV
	echo "" >> /etc/default/tomcat8
	echo "# GUACAMOLE EVN VARIABLE" >> /etc/default/tomcat8
	echo "GUACAMOLE_HOME=/etc/guacamole" >> /etc/default/tomcat8

	#Download Guacamole Files
	wget -O guacamole-$guac_version.war http://downloads.sourceforge.net/project/guacamole/current/binary/guacamole-$guac_version.war
	wget -O guacamole-server-$guac_version.tar.gz http://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-$guac_version.tar.gz
	wget -O guacamole-auth-jdbc-$guac_version.tar.gz http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-$guac_version.tar.gz
	wget -O mysql-connector-java-$mysql_version.tar.gz http://dev.mysql.com/get/Downloads/Connector/j/mysql-connector-java-$mysql_version.tar.gz

	#Extract Guac
	tar -xzf guacamole-server-$guac_version.tar.gz
	tar -xzf guacamole-auth-jdbc-$guac_version.tar.gz
	tar -xzf mysql-connector-java-$mysql_version.tar.gz

	# MAKE DIRECTORIES
	mkdir /etc/guacamole
	mkdir /etc/guacamole/lib
	mkdir /etc/guacamole/extensions

	# Install GUACD
	cd guacamole-server-$guac_version
	./configure --with-init-dir=/etc/init.d
	make
	make install
	ldconfig
	systemctl enable guacd
	cd ..

	# Move files to correct locations
	mv guacamole-$guac_version.war /etc/guacamole/guacamole.war
	ln -s /etc/guacamole/guacamole.war /var/lib/tomcat8/webapps/
	cp mysql-connector-java-$mysql_version/mysql-connector-java-$mysql_version-bin.jar /etc/guacamole/lib/
	cp guacamole-auth-jdbc-$guac_version/mysql/guacamole-auth-jdbc-mysql-$guac_version.jar /etc/guacamole/extensions/

	# Fix the audio problem (over RDP)

	mkdir /usr/lib/x86_64-linux-gnu/freerdp
	ln -sv /usr/local/lib/freerdp/guacdr-client.so /usr/lib/x86_64-linux-gnu/freerdp
	ln -sv /usr/local/lib/freerdp/guacsnd-client.so /usr/lib/x86_64-linux-gnu/freerdp
	service guacd restart

	# Configure guacamole.properties
	echo "mysql-hostname: localhost" >> /etc/guacamole/guacamole.properties
	echo "mysql-port: 3306" >> /etc/guacamole/guacamole.properties
	echo "mysql-database: guacamole_db" >> /etc/guacamole/guacamole.properties
	echo "mysql-username: guacamole_user" >> /etc/guacamole/guacamole.properties

	echo "mysql-password: $mysql_user_password" >> /etc/guacamole/guacamole.properties
	rm -rf /usr/share/tomcat8/.guacamole
	ln -s /etc/guacamole /usr/share/tomcat8/.guacamole

	# Restart Tomcat Service
	service tomcat8 restart

	#Configure the MySQL database
	# Lay down mysql configuration script
	sudo cat <<EOF2 > guacamolemysql.sql
	#MySQL Guacamole Script

	CREATE DATABASE guacamole_db;

	CREATE USER 'guacamole_user'@'localhost' IDENTIFIED BY '$mysql_user_password';

	GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';

	FLUSH PRIVILEGES;

	quit
	EOF2

	# Create Guacamole database and user
	sudo mysql -u root -p$mysql_root_password < guacamolemysql.sql

	#Populate the database
	#Make sure you change tYSQLROOTPASSWORD
	cat guacamole-auth-jdbc-$guac_version/mysql/schema/*.sql \| mysql -u root -p$mysql_root_password guacamole_db

	##########################################
	# NGINX Installation and configuration #
	##########################################

	# Install Nginx
	sudo apt-get install -y nginx

	# Create directory to store server key and certificate
	sudo mkdir /etc/nginx/ssl

	# Create self-signed certificate (Change hostname! no quotes)
	sudo openssl req -x509 -subj '/C=US/ST=IL/L=Chicago/O=IT/CN="HOSTNAME!".localdomain.local' -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -extensions v3_ca

	# Add proxy settings to nginx config file (/etc/nginx/sites-enabled/default)
	# Borrowed configuration from Eric Oud Ammerveled (http://sourceforge.net/p/guacamole/discussion/1110834/thread/6961d682/#aca9)

	sudo cat <<'EOF3' > /etc/nginx/sites-enabled/default
	# ANOTHER SERVER LISTENING ON PORT 443 (SSL) to secure the Guacamole traffic and proxy the requests to Tomcat7
	server {
	listen 443 ssl;

	server_name "HOSTNAME".localdomain.local; #(Change hostname! no quotes)

	# This part is for SSL config only
	ssl on;
	ssl_certificate /etc/nginx/ssl/nginx.crt;
	ssl_certificate_key /etc/nginx/ssl/nginx.key;
	ssl_session_cache shared:SSL:10m;
	ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_prefer_server_ciphers on;
	# ssl_dhparam /etc/ssl/certs/dhparam.pem;

	# Found below settings to be performing best but it will work with your own
	tcp_nodelay on;
	tcp_nopush off;
	sendfile on;
	client_body_buffer_size 10K;
	client_header_buffer_size 1k;
	client_max_body_size 8m;
	large_client_header_buffers 2 1k;
	client_body_timeout 12;
	client_header_timeout 12;
	keepalive_timeout 15;
	send_timeout 10;

	# HINT: You might want to enable access_log during the testing!
	access_log off;

	# Don't turn ON proxy_buffering!; this will impact the line quality
	proxy_buffering off;
	proxy_redirect off;

	# Enabling websockets using the first 3 lines; Check /var/log/tomcat8/catalina.out while testing; guacamole will show you a fallback message if websockets fail to work.
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";

	# Just something that was advised by someone from the dev team; worked fine without it too.
	proxy_cookie_path /guacamole/ /;

	location / {
	# I am running the Tomcat8 and Guacamole on the local server
	proxy_pass http://localhost:8080;
	break;
	}
	}
	EOF3

	# Restart nginx service
	sudo service nginx restart

	# Restart tomcat7
	sudo service tomcat8 restart

	# Restart guacd
	sudo service guacd restart

	################################################
	# Firewall Configuration #
	################################################

	# Disable Firewall
	sudo ufw disable

	# Allow HTTPS access
	sudo ufw allow https

	# Allow SSH access
	sudo ufw allow ssh

	# Enable Firewall
	sudo ufw --force enable

	# Disable IPv6
	sudo cat <<EOF3 >> /etc/sysctl.conf
	net.ipv6.conf.all.disable_ipv6 = 1
	net.ipv6.conf.default.disable_ipv6 = 1
	net.ipv6.conf.lo.disable_ipv6 = 1
	EOF3

	# Activate sysctl to pickup the changes to /etc/syscrl.conf
	sudo sysctl -p

	# Cleanup Downloads
	rm libjpeg-turbo-official_1.4.2_amd64.deb
	rm guacamole-server-$guac_version.tar.gz
	rm guacamole-auth-jdbc-$guac_version.tar.gz
	rm mysql-connector-java-$mysql_version.tar.gz

	#Remove tempfile
	rm guacamolemysql.sql

	# Cleanup Folders
	rm -rf mysql-connector-java-$mysql_version/
	rm -rf guacamole-auth-jdbc-$guac_version/
	rm -rf guacamole-server-$guac_version/

	# Here are some customizations useful when installing Guacamole on a VMware ESXi as a
	# guest VM that has promiscuity enabled on the virtual network interface (aka CCIE lab)

	# In particular, don't log UFW (firewall) block messages when my FIOS router

	sudo ufw disable
	ufw deny in to 224.0.0.1
	sudo ufw --force enable

	# Comment out the unused IPV6 lines in /etc/hosts so localhost is bound only to IPV4 127.0.0.1 in the logs

	sed -i -e 's/^::1/#::1/g' -e 's/^ff02/#ff02/g' /etc/hosts

	# load the open-vm-tools

	apt-get -y install open-vm-tools

	echo "Installation complete"
	echo " "
	echo "Test access to guacamole using (user=guacadmin pwd=guacadmin):"

	/sbin/ifconfig -a \| grep 'inet addr:' \| cut -d: -f2 \| awk '{printf "\nhttps://%s:/guacamole/#/login\n", $1}'

	# end