Difference between revisions of "Guacamole 0.8.3"

From Linuxintro
imported>ThorstenStaerk
imported>ThorstenStaerk
m (ThorstenStaerk moved page Guacamole to Guacamole 0.8.3)
 
(46 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 +
<metadesc>How to set up Guacamole, make it survive a reboot, secure transmission with SSL, put it onto port 80 or 443.</metadesc>
 +
 +
<pic src="http://www.linuxintro.org/images/Snapshot-guacamole.png" width=50% border=1 caption="A Linux desktop in a browser" align=right />
 +
 
= Overview =
 
= Overview =
 
Guacamole is a [[program]] to [[control a Linux desktop]] over the [[network]] in a browser.
 
Guacamole is a [[program]] to [[control a Linux desktop]] over the [[network]] in a browser.
  
Sometimes in your Linux life, you need to control your servers in the internet with a graphical user interface. This is tedious when you are behind a corporate firewall blocking ssh requests to the public internet. Typical corporate firewalls only allow proxified client access to port 80, 8080 and 443 in the public internet. One way to go is to use a browser to display a Linux desktop. The solution is not, however, to use [[Vnc#for_a_web_browser|VNC for a web browser]], as it will be blocked by corporate firewalls. The solution is [http://guacamole.sourceforge.net/ guacamole].
+
Sometimes in your Linux life, you need to control your servers in the internet with a graphical user interface. This is tedious when you are behind a corporate firewall blocking ssh requests to the public internet. Typical corporate firewalls only allow proxified client access to port 80, 8080 and 443 in the public internet. One way to go is to use a browser to display a Linux desktop. The solution is [http://guacamole.sourceforge.net/ guacamole].
 
 
[[File:Snapshot-guacamole.png|250px]]
 
  
 
= Quickstart =
 
= Quickstart =
 
This will show you  
 
This will show you  
* how to install guacamole 0.8.3 on Ubuntu 10.04
+
* how to install guacamole 0.8.3 on Ubuntu (tested with 10.04 till 14.04)
 
* how to make this configuration survive a reboot
 
* how to make this configuration survive a reboot
 
* how to secure transmission with SSL
 
* how to secure transmission with SSL
 
* how to make the website accessible from behind a firewall (port 80 or 443)
 
* how to make the website accessible from behind a firewall (port 80 or 443)
  
Here's what you do:
+
Here's what you do as root user:
 +
* install software that we will need later:
 +
apt-get update
 +
apt-get install tomcat6 tightvncserver gcc make xterm
 +
 
 +
== configure VNC server ==
 +
Guacamole does the communication between a VNC server and the web browser. So whatever you see in VNC will be in the browser. In this example let's use xfce as desktop environment:
 +
* install xfce:
 +
apt-get install xfce4
 +
* activate gnome for your VNC:
 +
cd
 +
mkdir .vnc
 +
cat >> .vnc/xstartup <<EOF
 +
#!/bin/sh
 +
xfce4-session || xterm
 +
EOF
 +
chmod 777 .vnc/xstartup
 +
 
 +
== deploy guacamole client ==
 
* download the guacamole webapp from http://sourceforge.net/projects/guacamole/files/current/binary/
 
* download the guacamole webapp from http://sourceforge.net/projects/guacamole/files/current/binary/
 
* deploy it
 
* deploy it
 
  # mv guacamole-0.8.3.war /var/lib/tomcat6/webapps/
 
  # mv guacamole-0.8.3.war /var/lib/tomcat6/webapps/
 
* surf to http://localhost:8080/guacamole-0.8.3. A folder /var/lib/tomcat6/webapps/guacamole-0.8.3 will be created with some content. We will need that later.
 
* surf to http://localhost:8080/guacamole-0.8.3. A folder /var/lib/tomcat6/webapps/guacamole-0.8.3 will be created with some content. We will need that later.
* download guacamole-server and guacamole-client from http://sourceforge.net/projects/guacamole/files/current/source/
+
* although login is not yet possible your browser will show a login screen like that:
 +
 
 +
[[File:guacamole-login.png]]
 +
 
 +
== install guacamole server ==
 +
* install some [[dependencies]] that the server will need to build with vnc support:
 +
apt-get install libvncserver-dev libpng-dev libcairo-dev
 +
* download guacamole-server from http://sourceforge.net/projects/guacamole/files/current/source/
 
* unpack it
 
* unpack it
* install a [[dependency]] so the server will be build with vnc support:
+
  tar xvzf guacamole-server-0.8.3.tar.gz
  apt-get install libvncserver-dev
 
 
* build the server:
 
* build the server:
  # ./configure && make -j8 && make install
+
  cd guacamole-server-0.8.3
* the following step is ugly; installation has not completely done what it should so we must do that:
+
./configure && make -j8 && make install
  # cp ./src/libguac/.libs/libguac.so.5.0.0 /usr/lib/libguac.so
+
* the following step is ugly; installation and binary do not completely fit so we must do that:
  # ln -s /usr/local/lib/libguac-client-vnc.so /lib/
+
  ln -s /usr/local/lib/libguac.so* /lib
 +
  ln -s /usr/local/lib/libguac-client-vnc.so* /lib/
 
* now we start the guacamole daemon
 
* now we start the guacamole daemon
 
  # guacd  
 
  # guacd  
Line 33: Line 60:
 
  guacd[11581]: INFO:  Exiting and passing control to PID 11582
 
  guacd[11581]: INFO:  Exiting and passing control to PID 11582
  
* create a folder /etc/guacamole
+
== configure guacamole ==
 +
* create a folder for guacamole's configuration:
 
  mkdir /etc/guacamole
 
  mkdir /etc/guacamole
 
* create a file /etc/guacamole/guacamole.properties with the content
 
* create a file /etc/guacamole/guacamole.properties with the content
Line 42: Line 70:
 
  # Location to read extra .jar's from
 
  # Location to read extra .jar's from
 
  lib-directory:  /var/lib/tomcat6/webapps/guacamole-0.8.3/WEB-INF/classes
 
  lib-directory:  /var/lib/tomcat6/webapps/guacamole-0.8.3/WEB-INF/classes
 
 
   
 
   
 
  # Authentication provider class
 
  # Authentication provider class
Line 59: Line 86:
 
  </user-mapping>
 
  </user-mapping>
  
 +
== configure tomcat ==
 
* find out your tomcat's user directory:
 
* find out your tomcat's user directory:
 
  # cat /etc/passwd|grep tomcat
 
  # cat /etc/passwd|grep tomcat
Line 67: Line 95:
 
* link guacamole.properties into your tomcat's user directories' guacamole folder
 
* link guacamole.properties into your tomcat's user directories' guacamole folder
 
  ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat6/.guacamole
 
  ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat6/.guacamole
 +
 +
== finishing ==
 +
* start a vnc server, as password set password (the vnc password given in user-mappings.xml)
 +
vncserver
 +
* restart your tomcat server
 +
/etc/init.d/tomcat6 restart
 +
* point your browser to http://localhost:8080/guacamole-0.8.3
 +
* log in as user, password password (the user given in user-mappings.xml)
 +
* you should see a screen like this:
 +
 +
[[File:Guacamole-after-login.png]]
 +
 +
Now when you click on "Default" you will see your VNC desktop in your browser.
 +
 +
* next steps: SSL
 +
* next steps: proxypass
 +
 +
= Persist it =
 +
Add the following line to /etc/crontab:
 +
@reboot root /usr/local/sbin/guacd &
 +
 +
= TroubleShooting =
 +
 +
== invalid login ==
 
* now the problem is that tomcat does not know where to find the Authentication class:
 
* now the problem is that tomcat does not know where to find the Authentication class:
  
Line 89: Line 141:
 
  lib-directory:  /var/lib/tomcat6/webapps/guacamole/WEB-INF/classes
 
  lib-directory:  /var/lib/tomcat6/webapps/guacamole/WEB-INF/classes
  
* start a vnc server, as password set password (the vnc password given in user-mappings.xml)
+
== Server error ==
vncserver
 
* point your browser to http://localhost:8080/guacamole-0.8.3
 
* log in as user, password password (the user given in user-mappings.xml)
 
 
 
* next steps: SSL
 
* next steps: proxypass
 
 
 
= Server error =
 
 
* now I got a server error so I straced guacd:
 
* now I got a server error so I straced guacd:
 
  strace -p 15332
 
  strace -p 15332
Line 109: Line 153:
  
 
= See also =
 
= See also =
 +
* [[connect to a Linux computer]]
 +
* [[guacamole 0.9.3 on Ubuntu]]
 +
* [[guacamole 0.8 on SUSE]]
 +
* [[guacamole 0.3.0 on Ubuntu 10.04]]
 +
* [[cool things]]
 +
* [[schedule tAsks]]
 +
* http://guac-dev.org/Debian%20Install%20Instructions
 +
* ulteo
 
* http://www.filegott.se/prd/index.php/how-tos/19-how-to-setup-guacamole-in-linux-ubuntu
 
* http://www.filegott.se/prd/index.php/how-tos/19-how-to-setup-guacamole-in-linux-ubuntu
 
* http://guac-dev.org/doc/gug/installing-guacamole.html#idp99200
 
* http://guac-dev.org/doc/gug/installing-guacamole.html#idp99200
 +
 +
[[Category:Tool]]
 +
[[Category:Webmaster]]

Latest revision as of 06:30, 6 June 2015


A Linux desktop in a browser

Overview

Guacamole is a program to control a Linux desktop over the network in a browser.

Sometimes in your Linux life, you need to control your servers in the internet with a graphical user interface. This is tedious when you are behind a corporate firewall blocking ssh requests to the public internet. Typical corporate firewalls only allow proxified client access to port 80, 8080 and 443 in the public internet. One way to go is to use a browser to display a Linux desktop. The solution is guacamole.

Quickstart

This will show you

  • how to install guacamole 0.8.3 on Ubuntu (tested with 10.04 till 14.04)
  • how to make this configuration survive a reboot
  • how to secure transmission with SSL
  • how to make the website accessible from behind a firewall (port 80 or 443)

Here's what you do as root user:

  • install software that we will need later:
apt-get update
apt-get install tomcat6 tightvncserver gcc make xterm

configure VNC server

Guacamole does the communication between a VNC server and the web browser. So whatever you see in VNC will be in the browser. In this example let's use xfce as desktop environment:

  • install xfce:
apt-get install xfce4
  • activate gnome for your VNC:
cd
mkdir .vnc
cat >> .vnc/xstartup <<EOF
#!/bin/sh
xfce4-session || xterm
EOF
chmod 777 .vnc/xstartup

deploy guacamole client

# mv guacamole-0.8.3.war /var/lib/tomcat6/webapps/
  • surf to http://localhost:8080/guacamole-0.8.3. A folder /var/lib/tomcat6/webapps/guacamole-0.8.3 will be created with some content. We will need that later.
  • although login is not yet possible your browser will show a login screen like that:

Guacamole-login.png

install guacamole server

  • install some dependencies that the server will need to build with vnc support:
apt-get install libvncserver-dev libpng-dev libcairo-dev
tar xvzf guacamole-server-0.8.3.tar.gz
  • build the server:
cd guacamole-server-0.8.3
./configure && make -j8 && make install
  • the following step is ugly; installation and binary do not completely fit so we must do that:
ln -s /usr/local/lib/libguac.so* /lib
ln -s /usr/local/lib/libguac-client-vnc.so* /lib/
  • now we start the guacamole daemon
# guacd 
guacd[11581]: INFO:  Guacamole proxy daemon (guacd) version 0.8.3
guacd[11581]: INFO:  Successfully bound socket to host ::1, port 4822
guacd[11581]: INFO:  Exiting and passing control to PID 11582

configure guacamole

  • create a folder for guacamole's configuration:
mkdir /etc/guacamole
  • create a file /etc/guacamole/guacamole.properties with the content
# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port:     4822

# Location to read extra .jar's from
lib-directory:  /var/lib/tomcat6/webapps/guacamole-0.8.3/WEB-INF/classes

# Authentication provider class
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider

# Properties used by BasicFileAuthenticationProvider
basic-user-mapping: /etc/guacamole/user-mapping.xml
  • create a file /etc/guacamole/user-mapping.xml with the content
<user-mapping>
   <authorize username="user" password="password">
      <protocol>vnc</protocol>
         <param name="hostname">localhost</param>
         <param name="port">5901</param>
         <param name="password">password</param>
    </authorize>
</user-mapping>

configure tomcat

  • find out your tomcat's user directory:
# cat /etc/passwd|grep tomcat
tomcat6:x:113:116::/usr/share/tomcat6:/bin/false
in this case it is /usr/share/tomcat6
  • create a folder .guacamole in your tomcat's user directory:
mkdir /usr/share/tomcat6/.guacamole
  • link guacamole.properties into your tomcat's user directories' guacamole folder
ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat6/.guacamole

finishing

  • start a vnc server, as password set password (the vnc password given in user-mappings.xml)
vncserver
  • restart your tomcat server
/etc/init.d/tomcat6 restart

Guacamole-after-login.png

Now when you click on "Default" you will see your VNC desktop in your browser.

  • next steps: SSL
  • next steps: proxypass

Persist it

Add the following line to /etc/crontab:

@reboot root /usr/local/sbin/guacd &

TroubleShooting

invalid login

  • now the problem is that tomcat does not know where to find the Authentication class:

/var/lib/tomcat6/webapps/guacamole/WEB-INF/classes/net/sourceforge/guacamole/net/basic/BasicFileAuthenticationProvider.class

is not in /etc/guacamole/guacamole.properties

  • so add it
  • cat /etc/passwd gives me a line
tomcat6:x:113:116::/usr/share/tomcat6:/bin/false
ll /usr/share/tomcat6/.guacamole/
total 8
drwxr-xr-x 2 root root 4096 Nov 26 07:58 ./
drwxr-xr-x 6 root root 4096 Nov 26 07:57 ../
lrwxrwxrwx 1 root root   35 Nov 26 07:58 guacamole.properties -> /etc/guacamole/guacamole.properties
  • works now. So the thing is:
    • take care that it is called guacamole and not guacamole-0.8.3 (sure?)
    • make sure the classpath in /etc/guacamole/guacamole.properties is correct, e.g.
# Location to read extra .jar's from
lib-directory:  /var/lib/tomcat6/webapps/guacamole/WEB-INF/classes

Server error

  • now I got a server error so I straced guacd:
strace -p 15332

and saw

[pid 20344] open("/usr/lib/x86_64-linux-gnu/libguac-client-vnc.so", O_RDONLY) = -1 ENOENT (No such file or directory)

so the problem is that libguac-client-vnc.so is missing.

  • downloaded java version 1.7.45 and compiled guacamole-client using mvn. But there was no *.so* file in it
  • so installed libvncserver-dev and rebuild and reinstalled guacamole-server
  • and there it is, libguac-client-vnc.so
  • now the error message changed from "server error" to "unauthorized"

See also