Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Guacamole 0.9.5 Ubuntu Installer
#!/bin/bash
################################
## Guacamole Installer Script ##
## Green Reed Technology 2015 ##
######## Martez Reed ###########
################################
## Define variables
guac_version=0.9.5
mysql_version=5.1.30
mysql_username=root
mysql_password=greenrt
ssl_country=US
ssl_state=IL
ssl_city=Chicago
ssl_org=IT
ssl_certname=guacamole.company.local
#System Update
sudo apt-get update -y
#System Upgrade
sudo apt-get upgrade -y
#Install Tomcat 7
sudo apt-get install -y tomcat7
# Install Packages
sudo apt-get install -y make libcairo2-dev libpango-1.0-0 libpango1.0-dev libssh2-1-dev libpng12-dev freerdp-x11 libssh2-1 libvncserver-dev libfreerdp-dev libvorbis-dev libssl1.0.0 gcc libssh-dev libpulse-dev tomcat7-admin tomcat7-docs libtelnet-dev libossp-uuid-dev
#Download Guacamole Client
sudo wget http://sourceforge.net/projects/guacamole/files/current/binary/guacamole-$guac_version.war
#Download Guacamole Server
sudo wget http://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-$guac_version.tar.gz
# Untar the guacamole server source files
tar -xzf guacamole-server-$guac_version.tar.gz
# Change directory to the source files
cd guacamole-server-$guac_version/
#
./configure --with-init-dir=/etc/init.d
#
sudo make
#
sudo make install
#
sudo update-rc.d guacd defaults
#
sudo ldconfig
# Create guacamole configuration directory
sudo mkdir /etc/guacamole
# Create guacamole.properties configuration file
sudo cat <<EOF1 > /etc/guacamole/guacamole.properties
# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port: 4822
# Auth provider class (authenticates user/pass combination, needed if using the provided login screen)
#auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
#basic-user-mapping: /etc/guacamole/user-mapping.xml
# Auth provider class
auth-provider: net.sourceforge.guacamole.net.auth.mysql.MySQLAuthenticationProvider
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole
mysql-username: guacamole
mysql-password: greenrt
lib-directory: /var/lib/guacamole/classpath
EOF1
#
sudo mkdir /usr/share/tomcat7/.guacamole
# Create a symbolic link of the properties file for Tomcat7
sudo ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat7/.guacamole
# Move up a directory to copy the guacamole.war file
cd ..
# Copy the guacamole war file to the Tomcat 7 webapps directory
sudo cp guacamole-$guac_version.war /var/lib/tomcat7/webapps/guacamole.war
# Start the Guacamole (guacd) service
sudo service guacd start
# Restart Tomcat 7
sudo service tomcat7 restart
########################################
# MySQL Installation and configuration #
########################################
# Download Guacamole MySQL Authentication Module
sudo wget http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-mysql-$guac_version.tar.gz
# Untar the Guacamole MySQL Authentication Module
sudo tar -xzf guacamole-auth-mysql-$guac_version.tar.gz
# Create Guacamole classpath directory for MySQL Authentication files
sudo mkdir -p /var/lib/guacamole/classpath
# Copy Guacamole MySQL Authentication module files to the created directory
sudo cp guacamole-auth-mysql-$guac_version/lib/* /var/lib/guacamole/classpath/
# Download MySQL Connector-J
sudo wget http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-$mysql_version.tar.gz
# Untar the MySQL Connector-J
sudo tar -xzf mysql-connector-java-$mysql_version.tar.gz
# Copy the MySQL Connector-J jar file to the guacamole classpath diretory
sudo cp mysql-connector-java-$mysql_version/mysql-connector-java-$mysql_version-bin.jar /var/lib/guacamole/classpath/
# Provide mysql root password to automate installation
sudo debconf-set-selections <<< "mysql-server mysql-server/root_password password greenrt"
sudo debconf-set-selections <<< "mysql-server mysql-server/root_password_again password greenrt"
# Install MySQL
sudo apt-get install -y mysql-server
# Lay down mysql configuration script
sudo cat <<EOF2 > guacamolemysql.sql
#MySQL Guacamole Script
CREATE DATABASE guacamole;
CREATE USER 'guacamole'@'localhost' IDENTIFIED BY 'greenrt';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole.* TO 'guacamole'@'localhost';
FLUSH PRIVILEGES;
quit
EOF2
# Create Guacamole database and user
sudo mysql -u root --password=greenrt < guacamolemysql.sql
# Change directory to mysql-auth directory
cd guacamole-auth-mysql-$guac_version
# Run database scripts to create schema and users
sudo cat schema/*.sql | mysql -u root --password=greenrt guacamole
##########################################
# NGINX Installation and configuration #
##########################################
# Install Nginx
sudo apt-get install -y nginx
# Create directory to store server key and certificate
sudo mkdir /etc/nginx/ssl
# Create self-signed certificate
sudo openssl req -x509 -subj '/C=US/ST=IL/L=Chicago/O=IT/CN=guacamole.localdomain.local' -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -extensions v3_ca
# Add proxy settings to nginx config file (/etc/nginx/sites-enabled/default)
# Borrowed configuration from Eric Oud Ammerveled (http://sourceforge.net/p/guacamole/discussion/1110834/thread/6961d682/#aca9)
cat <<'EOF3' > /etc/nginx/sites-enabled/default
# ANOTHER SERVER LISTENING ON PORT 443 (SSL) to secure the Guacamole traffic and proxy the requests to Tomcat7
server {
listen 443 ssl;
server_name guacamole.localdomain.local;
# This part is for SSL config only
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:10m;
ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_stapling on;
ssl_stapling_verify on;
ssl_prefer_server_ciphers on;
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Found below settings to be performing best but it will work with your own
tcp_nodelay on;
tcp_nopush off;
sendfile on;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 2 1k;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
# HINT: You might want to enable access_log during the testing!
access_log off;
# Don't turn ON proxy_buffering!; this will impact the line quality
proxy_buffering off;
proxy_redirect off;
# Enabling websockets using the first 3 lines; Check /var/log/tomcat7/catalina.out while testing; guacamole will show you a fallback message if websockets fail to work.
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Just something that was advised by someone from the dev team; worked fine without it too.
proxy_cookie_path /guacamole/ /;
location / {
# I am running the Tomcat7 and Guacamole on the local server
proxy_pass http://localhost:8080;
break;
}
}
EOF3
# Restart nginx service
sudo service nginx restart
# Restart tomcat7
sudo service tomcat7 restart
# Restart guacd
sudo service guacd restart
################################################
# Firewall Configuration #
################################################
# Disable Firewall
sudo disable ufw
# Allow HTTPS access
sudo ufw allow https
# Enable Firewall
sudo ufw enable
# Disable IPv6
sudo cat <<EOF3 >> /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
EOF3
# Activate sysctl
sudo sysctl -p
@dfiel

This comment has been minimized.

Copy link

@dfiel dfiel commented Nov 13, 2015

This is not updated for 0.9.8

@aefimovru

This comment has been minimized.

Copy link

@aefimovru aefimovru commented Dec 30, 2015

Great! Waiting for 0.9.9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.