Difference between pages "Regular expressions" and "Guacamole"

From Linuxintro
(Difference between pages)
imported>ThorstenStaerk
 
imported>ThorstenStaerk
 
Line 1: Line 1:
Regular expressions allow you to formulate patterns to search for. Here's an example: It is easy to search for the string "Sep" in a file, you do it with
+
<metadesc>How to set up Guacamole, make it survive a reboot, secure transmission with SSL, put it onto port 80 or 443.</metadesc>
[[grep]] "Sep" file
 
This gives you all lines containing the string "Sep". But what do you do if you only want lines ''starting'' with "Sep", for example, to read all lines in your syslog regarding september? Then you need '''regular expressions'''. It works like this:
 
grep -E "^Sep" /var/log/messages
 
gives you all entries for september in your syslog. And there is much more you can do with regular expressions.
 
  
= Escaping =
+
<pic src="http://www.linuxintro.org/images/Snapshot-guacamole.png" width=50% border=1 caption="A Linux desktop in a browser" align=right />
The characters ^ and \ are seen as control-characters. ^ means "at the beginning of a line". With a backslash, you can ''escape'' these control-characters, meaning they act as body-characters again:
 
grep "^hallo" file
 
finds all occurrences of "hallo" at the beginning of a line in ''file''.
 
grep "\^hallo"
 
finds all occurrences of "^hallo" in a file
 
grep "\\^hallo"
 
finds all occurrences of "\^hallo" in a file
 
grep "\\\\^hallo"
 
finds all occurrences of "\\^hallo" in a file
 
And so on...
 
  
= Write regular expressions =
+
= Overview =
For "finding a pattern defined by a regular expression", we speak of "matching".
+
Guacamole is a [[program]] to [[control a Linux desktop]] over the [[network]] in a browser.
  
== Beginning of a line is ==
+
Sometimes in your Linux life, you need to control your servers in the internet with a graphical user interface. This is tedious when you are behind a corporate firewall blocking ssh requests to the public internet. Typical corporate firewalls only allow proxified client access to port 80, 8080 and 443 in the public internet. One way to go is to use a browser to display a Linux desktop. The solution is [http://guacamole.sourceforge.net/ guacamole].
grep "^hallo" ''file''
 
prints all occurrences of "hallo" at the beginning of a line in ''file''.
 
  
== The end of a line ==
+
= Quickstart =
grep "hallo$" ''file''
+
This will show you
prints all occurrences of "hallo" at the end of a line in ''file''.
+
* how to install guacamole 0.9.3 on Ubuntu (tested with 14.04)
 +
* how to make this configuration survive a reboot
 +
* how to secure transmission with SSL
 +
* how to make the website accessible from behind a firewall (port 80 or 443)
  
== Find string1 OR string2 ==
+
Here's what you do as root user:
  grep -E "Sep|Aug" ''file''
+
* install software that we will need later:
prints all lines from ''file'' that contain "Sep" ''or'' "Aug".
+
  apt-get update
 +
apt-get install tomcat6 tightvncserver gcc make xterm
  
== Match a group of characters ==
+
== configure VNC server ==
  grep -E "L[I,1]NUX" ''file''
+
Guacamole does the communication between a VNC server and the web browser. So whatever you see in VNC will be in the browser. In this example let's use xfce as desktop environment:
prints all lines from ''file'' that contain "LINUX" or "L1NUX"
+
* install xfce:
 +
apt-get install xfce4
 +
* activate gnome for your VNC:
 +
cd
 +
mkdir .vnc
 +
cat >> .vnc/xstartup <<EOF
 +
#!/bin/sh
 +
  xfce4-session || xterm
 +
EOF
 +
chmod 777 .vnc/xstartup
  
== Match a range of characters ==
+
== deploy guacamole client ==
  grep -E "foo[1-9]" ''file''
+
* download the guacamole webapp from http://sourceforge.net/projects/guacamole/files/current/binary/
prints all lines from ''file'' that contain "foo1" or "foo2" till "foo9"
+
* deploy it
 +
  # mv guacamole-0.8.3.war /var/lib/tomcat6/webapps/
 +
* surf to http://localhost:8080/guacamole-0.8.3. A folder /var/lib/tomcat6/webapps/guacamole-0.8.3 will be created with some content. We will need that later.
 +
* although login is not yet possible your browser will show a login screen like that:
  
== NOT the following characters ==
+
[[File:guacamole-login.png]]
To invert matching for a group of characters
 
grep -E "for[^ e]" ''file''
 
prints all lines from ''file'' that contain "for", but not followed by a space or an e, so not "for you" or "foresee"
 
  
With grep you have an additional possibility to invert matches:
+
== install guacamole server ==
  grep -Ev "gettimeofday" ''file''
+
* install some [[dependencies]] that the server will need to build with vnc support:
prints all lines from ''file'' that do NOT contain "gettimeofday". This is a grep feature.
+
  apt-get install libvncserver-dev libpng-dev libcairo-dev
 +
* download guacamole-server from http://sourceforge.net/projects/guacamole/files/current/source/
 +
* unpack it, in this example 0.9.3:
 +
tar xvzf guacamole-server-0.9.3.tar.gz
 +
* build the server:
 +
cd guacamole-server-0.9.3
 +
./configure && make -j8 && make install
 +
* the following step is ugly; installation and binary do not completely fit so we must do that:
 +
ln -s /usr/local/lib/libguac.so* /lib
 +
ln -s /usr/local/lib/libguac-client-vnc.so* /lib/
 +
* now we start the guacamole daemon:
 +
# guacd
 +
guacd[17669]: INFO:  Guacamole proxy daemon (guacd) version 0.9.3
 +
guacd[17669]: INFO:  Successfully bound socket to host ::1, port 4822
 +
guacd[17669]: INFO:  Exiting and passing control to PID 17671
 +
root@tstaerk-desktop:/var/log# guacd[17671]: INFO:  Exiting and passing control to PID 17672
  
== Any character ==
+
== configure guacamole ==
  grep -E "L.nux" ''file''
+
* create a folder for guacamole's configuration:
matches any character that is not a newline, e.g. Linux, Lenux and Lnux in ''file''.  
+
mkdir /etc/guacamole
 +
* create a file /etc/guacamole/guacamole.properties with the content
 +
# Hostname and port of guacamole proxy
 +
guacd-hostname: localhost
 +
  guacd-port:    4822
 +
 +
# Location to read extra .jar's from
 +
lib-directory:  /var/lib/tomcat6/webapps/guacamole-0.9.3/WEB-INF/classes
 +
 +
# Authentication provider class
 +
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
 +
 +
# Properties used by BasicFileAuthenticationProvider
 +
basic-user-mapping: /etc/guacamole/user-mapping.xml
 +
* create a file /etc/guacamole/user-mapping.xml with the content
 +
<user-mapping>
 +
    <authorize username="user" password="password">
 +
      <protocol>vnc</protocol>
 +
          <param name="hostname">localhost</param>
 +
          <param name="port">5901</param>
 +
          <param name="password">password</param>
 +
    </authorize>
 +
</user-mapping>
  
== Match one or more times ==
+
== configure tomcat ==
  grep -E "L[i]+nux" ''file''
+
* find out your tomcat's user directory:
Match if i is there at least once in ''file''  
+
  # cat /etc/passwd|grep tomcat
The + here is a quantifier. It means, that i occurs 1 or more times. It is also possible to accept 0 or more times if you replace the + by a *.
+
tomcat6:x:113:116::/usr/share/tomcat6:/bin/false
 +
: in this case it is /usr/share/tomcat6
 +
* create a folder .guacamole in your tomcat's user directory:
 +
mkdir /usr/share/tomcat6/.guacamole
 +
* link guacamole.properties into your tomcat's user directories' guacamole folder
 +
ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat6/.guacamole
  
== Match ''n'' times ==
+
== finishing ==
/etc/services is a table for protocols (services) and their port numbers. The protocols are filled up with blanks to have 16 characters. If you want to replace all protocols for port 3200 with sapdp00 you do it like this:
+
* start a vnc server, as password set password (the vnc password given in user-mappings.xml)
  [[sed]] -ri "s/.{16}3200/sapdp00 3200/" /etc/services
+
  vncserver
 +
* restart your tomcat server
 +
/etc/init.d/tomcat6 restart
 +
* point your browser to http://localhost:8080/guacamole-0.9.3
 +
* log in as user, password password (the user given in user-mappings.xml)
 +
* you should see a screen like this:
  
== Backreferences ==
+
[[File:Guacamole-after-login.png]]
Backreferences allows you to reuse matches. For example consider the following line from /var/log/[[apache]]2/access_log:
 
84.163.99.149 - - [21/Jan/2012:15:23:40 +0100] "GET /wiki/Special:RecentChanges HTTP/1.1" 200 66493 "http://www.linuxintro.org/index.php?title=Configuring_and_securing_sshd&action=history" "Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
 
If you want to "extract the string containing GET between the quotes" you best use backreferences like this:
 
[[cat]] /var/log/apache2/access_log | [[sed]] "s;.*\(GET [^\"]*\).*;\1;"
 
  
= Read regular expressions =
+
Now when you click on "Default" you will see your VNC desktop in your browser.
  
== * ==
+
* next steps: SSL
An asterisk is a quantifier saying "whatever number of".
+
* next steps: proxypass
grep -E "Li*nux" file
 
Lnux
 
Linux
 
Liinux
 
Liiinux
 
An asterisk is placed next to an atom that can be repeated in whatever number. In the above example, the atom is the ''i'' character, but it can also be a group of characters:
 
grep -E "ba(na)*" file
 
ba
 
bana
 
banana
 
bananana
 
  
== ^ ==
+
= Persist it =
The ^ character stands for
+
Add the following line to /etc/crontab:
* the beginning of a line if it stands at the beginning of a branch
+
  @reboot root /usr/local/sbin/guacd &
# grep ^foo
 
barfoo
 
foo
 
foo
 
* "not" if it stands behind a bracket
 
# grep for[^e]
 
foresee
 
for each
 
for each
 
* the ^ character if it is escaped
 
# grep "\^"
 
adsf
 
as^df
 
  as^df
 
  
= Understand regular expressions =
+
= TroubleShooting =
  
== Branches, Pieces and Atoms ==
+
== invalid login ==
A regular expression consists of one or more ''branches'', separated by "|", the "OR" sign. If one of the branches ''matches'', the expression matches:
+
* now the problem is that tomcat does not know where to find the Authentication class:
grep -E "Tom|Harry"
 
Here, the expression is ''Tom''|''Harry'', and ''Tom'' and ''Harry'' are both branches.
 
  
A branch consists of one or more pieces, seen in its particular order. A piece is an atom optionally followed by a [[Regular_expressions#quantifiers|quantifier]]:
+
/var/lib/tomcat6/webapps/guacamole/WEB-INF/classes/net/sourceforge/guacamole/net/basic/BasicFileAuthenticationProvider.class
grep -E "To*m"
 
Here, T is a piece as well as o* and m.
 
  
An atom is a character, a bracket expression or a subexpression. Each line can be an atom:
+
is not in /etc/guacamole/guacamole.properties
a
 
b
 
[^e]
 
(this is a subexpression)
 
  
== quantifiers ==
+
* so add it
A quantifier is used to define that an atom can exist several times. The * quantifier defines the atom in front of it can occur 0, 1 or several times:
+
* cat /etc/passwd gives me a line
  grep -E "To*m"
+
tomcat6:x:113:116::/usr/share/tomcat6:/bin/false
Will find all lines containing Tom, Toom, Tooom and Tm.
+
 
 +
ll /usr/share/tomcat6/.guacamole/
 +
total 8
 +
drwxr-xr-x 2 root root 4096 Nov 26 07:58 ./
 +
drwxr-xr-x 6 root root 4096 Nov 26 07:57 ../
 +
lrwxrwxrwx 1 root root  35 Nov 26 07:58 guacamole.properties -> /etc/guacamole/guacamole.properties
 +
 
 +
* works now. So the thing is:
 +
** take care that it is called guacamole and not guacamole-0.8.3 (sure?)
 +
** make sure the classpath in /etc/guacamole/guacamole.properties is correct, e.g.
 +
# Location to read extra .jar's from
 +
lib-directory:  /var/lib/tomcat6/webapps/guacamole/WEB-INF/classes
 +
 
 +
== Server error ==
 +
* now I got a server error so I straced guacd:
 +
  strace -p 15332
 +
and saw
 +
[pid 20344] open("/usr/lib/x86_64-linux-gnu/libguac-client-vnc.so", O_RDONLY) = -1 ENOENT (No such file or directory)
 +
so the problem is that libguac-client-vnc.so is missing.
 +
* downloaded java version 1.7.45 and compiled guacamole-client using mvn. But there was no *.so* file in it
 +
* so installed libvncserver-dev and rebuild and reinstalled guacamole-server
 +
* and there it is, libguac-client-vnc.so
 +
* now the error message changed from "server error" to "unauthorized"
  
 
= See also =
 
= See also =
* [[scripting tutorial]]
+
* [[connect to a Linux computer]]
* [http://www.linuxintro.org/regex RegEx ComPoser]
+
* [[guacamole 0.8 on SUSE]]
* [http://www.gskinner.com/RegExr/ RegEx training]
+
* [[guacamole 0.3.0 on Ubuntu 10.04]]
 +
* [[cool things]]
 +
* [[schedule tAsks]]
 +
* http://guac-dev.org/Debian%20Install%20Instructions
 +
* ulteo
 +
* http://www.filegott.se/prd/index.php/how-tos/19-how-to-setup-guacamole-in-linux-ubuntu
 +
* http://guac-dev.org/doc/gug/installing-guacamole.html#idp99200
 +
 
 +
[[Category:Tool]]
 +
[[Category:Webmaster]]

Revision as of 12:42, 6 June 2015


A Linux desktop in a browser

Overview

Guacamole is a program to control a Linux desktop over the network in a browser.

Sometimes in your Linux life, you need to control your servers in the internet with a graphical user interface. This is tedious when you are behind a corporate firewall blocking ssh requests to the public internet. Typical corporate firewalls only allow proxified client access to port 80, 8080 and 443 in the public internet. One way to go is to use a browser to display a Linux desktop. The solution is guacamole.

Quickstart

This will show you

  • how to install guacamole 0.9.3 on Ubuntu (tested with 14.04)
  • how to make this configuration survive a reboot
  • how to secure transmission with SSL
  • how to make the website accessible from behind a firewall (port 80 or 443)

Here's what you do as root user:

  • install software that we will need later:
apt-get update
apt-get install tomcat6 tightvncserver gcc make xterm

configure VNC server

Guacamole does the communication between a VNC server and the web browser. So whatever you see in VNC will be in the browser. In this example let's use xfce as desktop environment:

  • install xfce:
apt-get install xfce4
  • activate gnome for your VNC:
cd
mkdir .vnc
cat >> .vnc/xstartup <<EOF
#!/bin/sh
xfce4-session || xterm
EOF
chmod 777 .vnc/xstartup

deploy guacamole client

# mv guacamole-0.8.3.war /var/lib/tomcat6/webapps/
  • surf to http://localhost:8080/guacamole-0.8.3. A folder /var/lib/tomcat6/webapps/guacamole-0.8.3 will be created with some content. We will need that later.
  • although login is not yet possible your browser will show a login screen like that:

Guacamole-login.png

install guacamole server

  • install some dependencies that the server will need to build with vnc support:
apt-get install libvncserver-dev libpng-dev libcairo-dev
tar xvzf guacamole-server-0.9.3.tar.gz
  • build the server:
cd guacamole-server-0.9.3
./configure && make -j8 && make install
  • the following step is ugly; installation and binary do not completely fit so we must do that:
ln -s /usr/local/lib/libguac.so* /lib
ln -s /usr/local/lib/libguac-client-vnc.so* /lib/
  • now we start the guacamole daemon:
# guacd
guacd[17669]: INFO:  Guacamole proxy daemon (guacd) version 0.9.3
guacd[17669]: INFO:  Successfully bound socket to host ::1, port 4822
guacd[17669]: INFO:  Exiting and passing control to PID 17671
root@tstaerk-desktop:/var/log# guacd[17671]: INFO:  Exiting and passing control to PID 17672

configure guacamole

  • create a folder for guacamole's configuration:
mkdir /etc/guacamole
  • create a file /etc/guacamole/guacamole.properties with the content
# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port:     4822

# Location to read extra .jar's from
lib-directory:  /var/lib/tomcat6/webapps/guacamole-0.9.3/WEB-INF/classes

# Authentication provider class
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider

# Properties used by BasicFileAuthenticationProvider
basic-user-mapping: /etc/guacamole/user-mapping.xml
  • create a file /etc/guacamole/user-mapping.xml with the content
<user-mapping>
   <authorize username="user" password="password">
      <protocol>vnc</protocol>
         <param name="hostname">localhost</param>
         <param name="port">5901</param>
         <param name="password">password</param>
    </authorize>
</user-mapping>

configure tomcat

  • find out your tomcat's user directory:
# cat /etc/passwd|grep tomcat
tomcat6:x:113:116::/usr/share/tomcat6:/bin/false
in this case it is /usr/share/tomcat6
  • create a folder .guacamole in your tomcat's user directory:
mkdir /usr/share/tomcat6/.guacamole
  • link guacamole.properties into your tomcat's user directories' guacamole folder
ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat6/.guacamole

finishing

  • start a vnc server, as password set password (the vnc password given in user-mappings.xml)
vncserver
  • restart your tomcat server
/etc/init.d/tomcat6 restart

Guacamole-after-login.png

Now when you click on "Default" you will see your VNC desktop in your browser.

  • next steps: SSL
  • next steps: proxypass

Persist it

Add the following line to /etc/crontab:

@reboot root /usr/local/sbin/guacd &

TroubleShooting

invalid login

  • now the problem is that tomcat does not know where to find the Authentication class:

/var/lib/tomcat6/webapps/guacamole/WEB-INF/classes/net/sourceforge/guacamole/net/basic/BasicFileAuthenticationProvider.class

is not in /etc/guacamole/guacamole.properties

  • so add it
  • cat /etc/passwd gives me a line
tomcat6:x:113:116::/usr/share/tomcat6:/bin/false
ll /usr/share/tomcat6/.guacamole/
total 8
drwxr-xr-x 2 root root 4096 Nov 26 07:58 ./
drwxr-xr-x 6 root root 4096 Nov 26 07:57 ../
lrwxrwxrwx 1 root root   35 Nov 26 07:58 guacamole.properties -> /etc/guacamole/guacamole.properties
  • works now. So the thing is:
    • take care that it is called guacamole and not guacamole-0.8.3 (sure?)
    • make sure the classpath in /etc/guacamole/guacamole.properties is correct, e.g.
# Location to read extra .jar's from
lib-directory:  /var/lib/tomcat6/webapps/guacamole/WEB-INF/classes

Server error

  • now I got a server error so I straced guacd:
strace -p 15332

and saw

[pid 20344] open("/usr/lib/x86_64-linux-gnu/libguac-client-vnc.so", O_RDONLY) = -1 ENOENT (No such file or directory)

so the problem is that libguac-client-vnc.so is missing.

  • downloaded java version 1.7.45 and compiled guacamole-client using mvn. But there was no *.so* file in it
  • so installed libvncserver-dev and rebuild and reinstalled guacamole-server
  • and there it is, libguac-client-vnc.so
  • now the error message changed from "server error" to "unauthorized"

See also