I started with a fresh Debian 10.3.0 with latest patches. I just installed vim and open-vm-tools because my server runs on an VMWare cluster
1. Install Tomcat 9
apt install tomcat9 tomcat9-admin tomcat9-common tomcat9-user
If you now open http://<YOUR_SERVER>:8080 you should get an “It works !” website.
2. Install Guacamole Server
2.1 Install required packages
apt install build-essential libcairo2-dev libjpeg62-turbo-dev libtool-bin libossp-uuid-dev libavcodec-dev libavutil-dev libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev
2.2 Download and install Guacamole Server
wget https://mirror.dkd.de/apache/guacamole/1.1.0/source/guacamole-server-1.1.0.tar.gz tar vfx guacamole-server-1.1.0.tar.gz cd guacamole-server-1.1.0/
autoreconf -fi ./configure --with-init-dir=/etc/init.d make make install
Activate Service and start it:
ldconfig systemctl enable guacd systemctl start guacd
3. Install Guacamole Client
3.1 Download
wget http://us.mirrors.quenda.co/apache/guacamole/1.1.0/binary/guacamole-1.1.0.war
mkdir /etc/guacamole
cp guacamole-1.1.0.war /etc/guacamole/guacamole.war
ln -s /etc/guacamole/guacamole.war /var/lib/tomcat9/webapps/
mkdir /etc/guacamole/{extensions,lib}
echo "GUACAMOLE_HOME=/etc/guacamole" | tee -a /etc/default/tomcat9
4. Install Database Server
4.1 Install packages
apt install mariadb-server mariadb-client
Note: You should secure your DB installation by running ‘mysql_secure_installation’.
4.2 Create Database and user
mysql -p
CREATE DATABASE guacamole_db; CREATE USER 'guacamole_user'@'localhost' IDENTIFIED BY 'passw0rd'; GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost'; FLUSH PRIVILEGES; quit;
4.3 Download jdbc-extension
wget http://apache.mirror.digionline.de/guacamole/1.1.0/binary/guacamole-auth-jdbc-1.1.0.tar.gz
tar vfx guacamole-auth-jdbc-1.1.0.tar.gz
4.4 Import Database
cat guacamole-auth-jdbc-1.1.0/mysql/schema/*.sql | mysql -u root -p guacamole_db
4.5 Install extension
cp guacamole-auth-jdbc-1.1.0/mysql/guacamole-auth-jdbc-mysql-1.1.0.jar /etc/guacamole/extensions/
4.6 JDBC driver installieren
wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-8.0.13.tar.gz
tar xvzf mysql-connector-java-8.0.13.tar.gz
cp mysql-connector-java-8.0.13/mysql-connector-java-8.0.13.jar /etc/guacamole/lib/
4.7 Configure DB Time zone
See this Issue: https://issues.apache.org/jira/browse/GUACAMOLE-760 to fix the following error after restart you have to configurate the time zone of your DB.
Error querying database. Cause: java.sql.SQLException: The server time zone value 'CEST' is unrecognized or represents more than one time zone. You must configure either the server or JDBC driver (via the serverTimezone configuration property) to use a more specifc time zone value if you want to utilize time zone support.
Import time zones to your database:
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
Now open ‘/etc/mysql/mariadb.conf.d/50-server.cnf’ with your editor and add the following line:
default_time_zone='Europe/Berlin'
Replace ‘Europe/Berlin’ with your correct time zone! And restart the database:
systemctl restart mariadb.service
5. Configurate Guacamole
vim /etc/guacamole/guacamole.properties
# Hostname and Guacamole server port guacd-hostname: localhost guacd-port: 4822 # MySQL properties mysql-hostname: localhost mysql-port: 3306 mysql-database: guacamole_db mysql-username: guacamole_user mysql-password: passw0rd
After each modification of this file you have to restart your tomcat server.
systemctl restart tomcat9
6. Test
Open http://<YOUR_SERVER>:8080/guacamole in your browser and login with Username: ‘guacadmin’ and Password: ‘guacadmin’.
7. Apache reverse Proxy
7.1 Installation
apt install apache2 -y
7.2 Activate Modules
a2enmod rewrite a2enmod proxy_http a2enmod proxy_wstunnel
7.3 Apache config
vim /etc/apache2/sites-enabled/000-default.conf
And insert to the VirtualHost:
ProxyPass / http://127.0.0.1:8080/guacamole/ flushpackets=on ProxyPassReverse / http://127.0.0.1:8080/guacamole/ ProxyPassReverseCookiePath /guacamole / <Location /websocket-tunnel> Order allow,deny Allow from all ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel </Location> SetEnvIf Request_URI "^/tunnel" dontlog CustomLog /var/log/apache2/guac.log common env=!dontlog
7.4 Restart Apache
systemctl restart apache2.service
7.5 Test
Now you can access your Guacamole with http://<YOUR_SERVER>. But of course you should put this in an https site!
8. Debugging
Tomcat ist logging to tail /var/log/tomcat9/catalina.out
tail /var/log/tomcat9/catalina.out -f
show you the main log of your guacamole server.
If you need more details create ‘/etc/guacamole/logback.xml’ file:
<configuration>
<!-- Appender for debugging -->
<appender name="GUAC-DEBUG" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<!-- Log at Debug Level -->
<root level="debug">
<appender-ref ref="GUAC-DEBUG"/>
</root>
</configuration>
and restart Tomcat:
systemctl restart tomcat9
Bastian
17 Jun 2020Hi,
thanks for the instraction. I have followed this 1to1. But I get only a white webseite when i open the URL. I see no error message in the logfiles. have you a idea?
best regards
sebastian
17 Jun 2020Hi,
have you see #8 Debugging and set the debug level?
Do you get the white page on port 8080, too?
White
Greetings
Sebastian
CLAIN
9 Jul 2020Best tutorial for Apache Guacamole on Debian 10 (works for 1.2.0 version).
Shahid
21 Jul 2020I’m getting this error on guacamole server.
Jul 21 06:58:39 guacamole2 guacd[17033]: TLS session initialized.
Jul 21 06:58:39 guacamole2 guacd[17033]: TLS anonymous credential created.
Jul 21 06:58:39 guacamole2 guacd[17033]: TLS handshake blocking.
Jul 21 06:58:40 guacamole2 guacd[17033]: TLS handshake failed: A TLS fatal alert has been received..
Jul 21 06:58:40 guacamole2 guacd[17033]: Unable to connect to VNC server.
Jul 21 06:58:40 guacamole2 guacd[17033]: User “@5a5376d4-dcf2-4642-b800-48794d2081e7” disconnected (0 users remain)
Jul 21 06:58:40 guacamole2 guacd[17033]: Last user of connection “$7dd6540c-ed2f-4b1b-89e3-a3ae3c38ab0e” disconnected
Jul 21 06:58:40 guacamole2 guacd[16906]: Connection “$7dd6540c-ed2f-4b1b-89e3-a3ae3c38ab0e” removed.
Shahid
21 Jul 2020I follow this document. Now getting this error:
Jul 21 06:58:39 guacamole2 guacd[17033]: 1) Received security type 261
Jul 21 06:58:39 guacamole2 guacd[17033]: TLS session initialized.
Jul 21 06:58:39 guacamole2 guacd[17033]: TLS anonymous credential created.
Jul 21 06:58:39 guacamole2 guacd[17033]: TLS handshake blocking.
Jul 21 06:58:40 guacamole2 guacd[17033]: TLS handshake failed: A TLS fatal alert has been received..
Jul 21 06:58:40 guacamole2 guacd[17033]: Unable to connect to VNC server.
Jul 21 06:58:40 guacamole2 guacd[17033]: User “@5a5376d4-dcf2-4642-b800-48794d2081e7” disconnected (0 users remain)
Richard
25 Jan 2021Very nice guide dude, just an update, rdp sessions and remoteapp will time out at 2~3 minutes on guacamole 1.1.0, this is fixed on 1.2.0. Used this guide with 1.2.0 packages worked like charm.
Thomas Henrique
26 Jan 2021Very good, the best manual I’ve ever used. I have problems only with the integration with Active Directory that will not go at all.