Sebastian Mogilowskis Blog

Just another blog about administration, linux and other stuff

Install Guacamole 1.1.0 on Debian 10 with DB authentication

I started with a fresh Debian 10.3.0 with latest patches. I just installed vim and open-vm-tools because my server runs on an VMWare cluster

1. Install Tomcat 9

apt install tomcat9 tomcat9-admin tomcat9-common tomcat9-user

If you now open http://<YOUR_SERVER>:8080 you should get an “It works !” website.

2. Install Guacamole Server

2.1 Install required packages

apt install build-essential libcairo2-dev libjpeg62-turbo-dev libtool-bin libossp-uuid-dev libavcodec-dev libavutil-dev libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev libpulse-dev libssl-dev    libvorbis-dev libwebp-dev

2.2 Download and install Guacamole Server

tar vfx guacamole-server-1.1.0.tar.gz
cd guacamole-server-1.1.0/
autoreconf -fi
./configure --with-init-dir=/etc/init.d
make install

Activate Service and start it:

systemctl enable guacd
systemctl start guacd

3. Install Guacamole Client

3.1 Download

mkdir /etc/guacamole
cp guacamole-1.1.0.war /etc/guacamole/guacamole.war
ln -s /etc/guacamole/guacamole.war /var/lib/tomcat9/webapps/
mkdir /etc/guacamole/{extensions,lib}
echo "GUACAMOLE_HOME=/etc/guacamole" | tee -a /etc/default/tomcat9

4. Install Database Server

4.1 Install packages

apt install mariadb-server mariadb-client

Note: You should secure your DB installation by running ‘mysql_secure_installation’.

4.2 Create Database and user

 mysql -p
CREATE DATABASE guacamole_db;
CREATE USER 'guacamole_user'@'localhost' IDENTIFIED BY 'passw0rd';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';

4.3 Download jdbc-extension

tar vfx guacamole-auth-jdbc-1.1.0.tar.gz

4.4 Import Database

 cat guacamole-auth-jdbc-1.1.0/mysql/schema/*.sql | mysql -u root -p guacamole_db

4.5 Install extension

cp guacamole-auth-jdbc-1.1.0/mysql/guacamole-auth-jdbc-mysql-1.1.0.jar /etc/guacamole/extensions/

4.6 JDBC driver installieren

tar xvzf mysql-connector-java-8.0.13.tar.gz
cp mysql-connector-java-8.0.13/mysql-connector-java-8.0.13.jar /etc/guacamole/lib/

5. Configurate Guacamole

vim /etc/guacamole/
# Hostname and Guacamole server port
guacd-hostname: localhost
guacd-port: 4822

# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: passw0rd

After each modification of this file you have to restart your tomcat server.

systemctl restart tomcat9

6. Test

Open http://<YOUR_SERVER>:8080/guacamole in your browser and login with Username: ‘guacadmin’ and Password: ‘guacadmin’.

7. Apache reverse Proxy

7.1 Installation

apt install apache2 -y

7.2 Activate Modules

a2enmod rewrite
a2enmod proxy_http
a2enmod proxy_wstunnel

7.3 Apache config

vim /etc/apache2/sites-enabled/000-default.conf

And insert to the VirtualHost:

ProxyPass / flushpackets=on
ProxyPassReverse /
ProxyPassReverseCookiePath /guacamole /
Order allow,deny
Allow from all
ProxyPass ws://
ProxyPassReverse ws://
SetEnvIf Request_URI "^/tunnel" dontlog
CustomLog  /var/log/apache2/guac.log common env=!dontlog

7.4 Restart Apache

systemctl restart apache2.service

7.5 Test

Now you can access your Guacamole with http://<YOUR_SERVER>. But of course you should put this in an https site!

8. Debugging

Tomcat ist logging to tail /var/log/tomcat9/catalina.out

tail /var/log/tomcat9/catalina.out -f

show you the main log of your guacamole server.

If you need more details create ‘/etc/guacamole/logback.xml’ file:

 <!-- Appender for debugging -->
 <appender name="GUAC-DEBUG" class="ch.qos.logback.core.ConsoleAppender">
    <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>

 <!-- Log at Debug Level -->
 <root level="debug">
    <appender-ref ref="GUAC-DEBUG"/>

and restart Tomcat:

systemctl restart tomcat9

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.