Created
April 24, 2016 17:15
-
-
Save larencejg/a29c667272ca1f0261543deeb2b436e7 to your computer and use it in GitHub Desktop.
Guacamole 0.9.9 install script working on UBUNTU 15.10 with TOMCAT8, NGINX/1.9.3, MYSQL 5.6.30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# define some variables | |
guac_version=0.9.9 | |
mysql_version=5.1.38 | |
mysql_root_password="MYSQL_ROOT_PWD" # change this password | |
mysql_user_password="MYSQL_USER_PWD" # change this password | |
server_name="HOSTNAME!" #Change HOSTNAME! below in two places, when creating the ssl cert and setting up NGINX | |
# WORKING ON UBUNTU 15.10 WITH GUAC 0.9.9, TOMCAT8, NGINX/1.9.3, MYSQL 5.6.30 | |
# Borrowed install procedure mostly from Chase Wright http://chasewright.com/guacamole-with-mysql-on-ubuntu/ | |
#Update Everything | |
apt-get update && apt-get -y dist-upgrade | |
#Make sure that make is installed | |
apt-get install make | |
# Provide mysql root password to automate installation | |
sudo debconf-set-selections <<< "mysql-server mysql-server/root_password password $mysql_root_password" | |
sudo debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $mysql_root_password" | |
#Install Stuff | |
#You will be prompted for a mysql root password. Remember this for the configuration step; change MYSQLROOTPASSWORD to whatever you enter here. | |
apt-get -y install libcairo2-dev libpng12-dev libossp-uuid-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev mysql-server mysql-client mysql-common mysql-utilities tomcat8 | |
# Install libjpeg-turbo-dev | |
wget -O libjpeg-turbo-official_1.4.2_amd64.deb http://downloads.sourceforge.net/project/libjpeg-turbo/1.4.2/libjpeg-turbo-official_1.4.2_amd64.deb | |
dpkg -i libjpeg-turbo-official_1.4.2_amd64.deb | |
# Add GUACAMOLE_HOME to Tomcat8 ENV | |
echo "" >> /etc/default/tomcat8 | |
echo "# GUACAMOLE EVN VARIABLE" >> /etc/default/tomcat8 | |
echo "GUACAMOLE_HOME=/etc/guacamole" >> /etc/default/tomcat8 | |
#Download Guacamole Files | |
wget -O guacamole-$guac_version.war http://downloads.sourceforge.net/project/guacamole/current/binary/guacamole-$guac_version.war | |
wget -O guacamole-server-$guac_version.tar.gz http://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-$guac_version.tar.gz | |
wget -O guacamole-auth-jdbc-$guac_version.tar.gz http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-$guac_version.tar.gz | |
wget -O mysql-connector-java-$mysql_version.tar.gz http://dev.mysql.com/get/Downloads/Connector/j/mysql-connector-java-$mysql_version.tar.gz | |
#Extract Guac | |
tar -xzf guacamole-server-$guac_version.tar.gz | |
tar -xzf guacamole-auth-jdbc-$guac_version.tar.gz | |
tar -xzf mysql-connector-java-$mysql_version.tar.gz | |
# MAKE DIRECTORIES | |
mkdir /etc/guacamole | |
mkdir /etc/guacamole/lib | |
mkdir /etc/guacamole/extensions | |
# Install GUACD | |
cd guacamole-server-$guac_version | |
./configure --with-init-dir=/etc/init.d | |
make | |
make install | |
ldconfig | |
systemctl enable guacd | |
cd .. | |
# Move files to correct locations | |
mv guacamole-$guac_version.war /etc/guacamole/guacamole.war | |
ln -s /etc/guacamole/guacamole.war /var/lib/tomcat8/webapps/ | |
cp mysql-connector-java-$mysql_version/mysql-connector-java-$mysql_version-bin.jar /etc/guacamole/lib/ | |
cp guacamole-auth-jdbc-$guac_version/mysql/guacamole-auth-jdbc-mysql-$guac_version.jar /etc/guacamole/extensions/ | |
# Fix the audio problem (over RDP) | |
mkdir /usr/lib/x86_64-linux-gnu/freerdp | |
ln -sv /usr/local/lib/freerdp/guacdr-client.so /usr/lib/x86_64-linux-gnu/freerdp | |
ln -sv /usr/local/lib/freerdp/guacsnd-client.so /usr/lib/x86_64-linux-gnu/freerdp | |
service guacd restart | |
# Configure guacamole.properties | |
echo "mysql-hostname: localhost" >> /etc/guacamole/guacamole.properties | |
echo "mysql-port: 3306" >> /etc/guacamole/guacamole.properties | |
echo "mysql-database: guacamole_db" >> /etc/guacamole/guacamole.properties | |
echo "mysql-username: guacamole_user" >> /etc/guacamole/guacamole.properties | |
echo "mysql-password: $mysql_user_password" >> /etc/guacamole/guacamole.properties | |
rm -rf /usr/share/tomcat8/.guacamole | |
ln -s /etc/guacamole /usr/share/tomcat8/.guacamole | |
# Restart Tomcat Service | |
service tomcat8 restart | |
#Configure the MySQL database | |
# Lay down mysql configuration script | |
sudo cat <<EOF2 > guacamolemysql.sql | |
#MySQL Guacamole Script | |
CREATE DATABASE guacamole_db; | |
CREATE USER 'guacamole_user'@'localhost' IDENTIFIED BY '$mysql_user_password'; | |
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost'; | |
FLUSH PRIVILEGES; | |
quit | |
EOF2 | |
# Create Guacamole database and user | |
sudo mysql -u root -p$mysql_root_password < guacamolemysql.sql | |
#Populate the database | |
#Make sure you change tYSQLROOTPASSWORD | |
cat guacamole-auth-jdbc-$guac_version/mysql/schema/*.sql | mysql -u root -p$mysql_root_password guacamole_db | |
########################################## | |
# NGINX Installation and configuration # | |
########################################## | |
# Install Nginx | |
sudo apt-get install -y nginx | |
# Create directory to store server key and certificate | |
sudo mkdir /etc/nginx/ssl | |
# Create self-signed certificate (Change hostname! no quotes) | |
sudo openssl req -x509 -subj '/C=US/ST=IL/L=Chicago/O=IT/CN="HOSTNAME!".localdomain.local' -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -extensions v3_ca | |
# Add proxy settings to nginx config file (/etc/nginx/sites-enabled/default) | |
# Borrowed configuration from Eric Oud Ammerveled (http://sourceforge.net/p/guacamole/discussion/1110834/thread/6961d682/#aca9) | |
sudo cat <<'EOF3' > /etc/nginx/sites-enabled/default | |
# ANOTHER SERVER LISTENING ON PORT 443 (SSL) to secure the Guacamole traffic and proxy the requests to Tomcat7 | |
server { | |
listen 443 ssl; | |
server_name "HOSTNAME".localdomain.local; #(Change hostname! no quotes) | |
# This part is for SSL config only | |
ssl on; | |
ssl_certificate /etc/nginx/ssl/nginx.crt; | |
ssl_certificate_key /etc/nginx/ssl/nginx.key; | |
ssl_session_cache shared:SSL:10m; | |
ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL'; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
ssl_prefer_server_ciphers on; | |
# ssl_dhparam /etc/ssl/certs/dhparam.pem; | |
# Found below settings to be performing best but it will work with your own | |
tcp_nodelay on; | |
tcp_nopush off; | |
sendfile on; | |
client_body_buffer_size 10K; | |
client_header_buffer_size 1k; | |
client_max_body_size 8m; | |
large_client_header_buffers 2 1k; | |
client_body_timeout 12; | |
client_header_timeout 12; | |
keepalive_timeout 15; | |
send_timeout 10; | |
# HINT: You might want to enable access_log during the testing! | |
access_log off; | |
# Don't turn ON proxy_buffering!; this will impact the line quality | |
proxy_buffering off; | |
proxy_redirect off; | |
# Enabling websockets using the first 3 lines; Check /var/log/tomcat8/catalina.out while testing; guacamole will show you a fallback message if websockets fail to work. | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
# Just something that was advised by someone from the dev team; worked fine without it too. | |
proxy_cookie_path /guacamole/ /; | |
location / { | |
# I am running the Tomcat8 and Guacamole on the local server | |
proxy_pass http://localhost:8080; | |
break; | |
} | |
} | |
EOF3 | |
# Restart nginx service | |
sudo service nginx restart | |
# Restart tomcat7 | |
sudo service tomcat8 restart | |
# Restart guacd | |
sudo service guacd restart | |
################################################ | |
# Firewall Configuration # | |
################################################ | |
# Disable Firewall | |
sudo ufw disable | |
# Allow HTTPS access | |
sudo ufw allow https | |
# Allow SSH access | |
sudo ufw allow ssh | |
# Enable Firewall | |
sudo ufw --force enable | |
# Disable IPv6 | |
sudo cat <<EOF3 >> /etc/sysctl.conf | |
net.ipv6.conf.all.disable_ipv6 = 1 | |
net.ipv6.conf.default.disable_ipv6 = 1 | |
net.ipv6.conf.lo.disable_ipv6 = 1 | |
EOF3 | |
# Activate sysctl to pickup the changes to /etc/syscrl.conf | |
sudo sysctl -p | |
# Cleanup Downloads | |
rm libjpeg-turbo-official_1.4.2_amd64.deb | |
rm guacamole-server-$guac_version.tar.gz | |
rm guacamole-auth-jdbc-$guac_version.tar.gz | |
rm mysql-connector-java-$mysql_version.tar.gz | |
#Remove tempfile | |
rm guacamolemysql.sql | |
# Cleanup Folders | |
rm -rf mysql-connector-java-$mysql_version/ | |
rm -rf guacamole-auth-jdbc-$guac_version/ | |
rm -rf guacamole-server-$guac_version/ | |
# Here are some customizations useful when installing Guacamole on a VMware ESXi as a | |
# guest VM that has promiscuity enabled on the virtual network interface (aka CCIE lab) | |
# In particular, don't log UFW (firewall) block messages when my FIOS router | |
sudo ufw disable | |
ufw deny in to 224.0.0.1 | |
sudo ufw --force enable | |
# Comment out the unused IPV6 lines in /etc/hosts so localhost is bound only to IPV4 127.0.0.1 in the logs | |
sed -i -e 's/^::1/#::1/g' -e 's/^ff02/#ff02/g' /etc/hosts | |
# load the open-vm-tools | |
apt-get -y install open-vm-tools | |
echo "Installation complete" | |
echo " " | |
echo "Test access to guacamole using (user=guacadmin pwd=guacadmin):" | |
/sbin/ifconfig -a | grep 'inet addr:' | cut -d: -f2 | awk '{printf "\nhttps://%s:/guacamole/#/login\n", $1}' | |
# end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment