Difference between revisions of "Guacamole"

From Linuxintro
(qr370h5s2s)
 
(42 intermediate revisions by 5 users not shown)
Line 7: Line 7:
  
 
Sometimes in your Linux life, you need to control your servers in the internet with a graphical user interface. This is tedious when you are behind a corporate firewall blocking ssh requests to the public internet. Typical corporate firewalls only allow proxified client access to port 80, 8080 and 443 in the public internet. One way to go is to use a browser to display a Linux desktop. The solution is [http://guacamole.sourceforge.net/ guacamole].
 
Sometimes in your Linux life, you need to control your servers in the internet with a graphical user interface. This is tedious when you are behind a corporate firewall blocking ssh requests to the public internet. Typical corporate firewalls only allow proxified client access to port 80, 8080 and 443 in the public internet. One way to go is to use a browser to display a Linux desktop. The solution is [http://guacamole.sourceforge.net/ guacamole].
 +
 +
<youtube width="200" height="320">1oT7KWK5Lgs</youtube>
  
 
= Quickstart =
 
= Quickstart =
 
This will show you  
 
This will show you  
* how to install guacamole 0.9.3 on Ubuntu (tested with 14.04)
+
* how to install guacamole 1.5.2 on Ubuntu (tested with 20.04)
 
* how to make this configuration survive a reboot
 
* how to make this configuration survive a reboot
 
* how to secure transmission with SSL
 
* how to secure transmission with SSL
 
* how to make the website accessible from behind a firewall (port 80 or 443)
 
* how to make the website accessible from behind a firewall (port 80 or 443)
  
Here's what you do as root user:
+
Here's what you do:
 +
* become root user
 +
sudo su -
 
* install software that we will need later:
 
* install software that we will need later:
 
  apt-get update
 
  apt-get update
  apt-get install tomcat6 tightvncserver gcc make xterm
+
  apt-get install tomcat9 tightvncserver ubuntu-gnome-desktop xfonts-75dpi xfonts-100dpi gnome-panel
  
 
== configure VNC server ==
 
== configure VNC server ==
Guacamole does the communication between a VNC server and the web browser. So whatever you see in VNC will be in the browser. In this example let's use xfce as desktop environment:
+
Guacamole does the communication between a VNC server and the web browser. So whatever you see in VNC will be in the browser. In this example let's use GNOME as desktop environment:
* install xfce:
+
 
apt-get install xfce4
+
* write the startup for your VNC sessions:
* activate gnome for your VNC:
 
 
  cd
 
  cd
 
  mkdir .vnc
 
  mkdir .vnc
 
  cat >> .vnc/xstartup <<EOF
 
  cat >> .vnc/xstartup <<EOF
 
  #!/bin/sh
 
  #!/bin/sh
  xfce4-session || xterm
+
   
 +
export XKL_XMODMAP_DISABLE=1
 +
export XDG_CURRENT_DESKTOP="GNOME-Flashback:GNOME"
 +
export XDG_MENU_PREFIX="gnome-flashback-"
 +
 +
gnome-session --builtin --session=gnome-flashback-metacity --disable-acceleration-check --debug &
 
  EOF
 
  EOF
  chmod 777 .vnc/xstartup
+
  chmod +x .vnc/xstartup
  
 
== deploy guacamole client ==
 
== deploy guacamole client ==
* download the guacamole webapp from http://sourceforge.net/projects/guacamole/files/current/binary/
+
* download the guacamole webapp, today, 1.5.2 is the latest:
 +
wget https://archive.apache.org/dist/guacamole/1.5.2/binary/guacamole-1.5.2.war
 
* deploy it
 
* deploy it
  # mv guacamole-0.9.3.war /var/lib/tomcat6/webapps/
+
  mv guacamole-1.5.2.war /var/lib/tomcat9/webapps/guacamole.war
* surf to http://localhost:8080/guacamole-0.9.3. A folder /var/lib/tomcat6/webapps/guacamole-0.9.3 will be created with some content. We will need that later.
+
* test it by surfing to http://yourserver:8080/guacamole (don't forget to replace yourserver by your server or your server's IP address ;)
 
* although login is not yet possible your browser will show a login screen like that:
 
* although login is not yet possible your browser will show a login screen like that:
  
[[File:guacamole-login.png]]
+
<pic src=https://linuxintro.org/images/4/44/Screenshot_2023-09-21_2.56.57_PM.png width=25% align=text />
 +
 
 +
== install guacamole server ==
 +
* install some [[dependencies]] that the server will need to build with vnc support:
 +
apt-get install gcc make libvncserver-dev libpng-dev libcairo-dev libossp-uuid-dev
 +
* download guacamole-server, in this case version 1.5.2:
 +
wget https://archive.apache.org/dist/guacamole/1.5.2/source/guacamole-server-1.5.2.tar.gz
 +
* unpack it:
 +
tar xvzf guacamole-server-1.5.2.tar.gz
 +
* build the server:
 +
cd guacamole-server-1.5.2
 +
./configure && make -j8 && make install
 +
* the following step is ugly; installation and binary do not completely fit so we must do that:
 +
ln -s /usr/local/lib/libguac.so* /lib
 +
ln -s /usr/local/lib/libguac-client-vnc.so* /lib/
 +
* now we start the guacamole daemon:
 +
# guacd
 +
guacd[54873]: INFO:    Guacamole proxy daemon (guacd) version 1.5.2 started
  
The most {common|typical|usual} {side {effects|results|impacts}|adverse effects|negative effects|negative side effects} #file_links<>links/imp_files/19.08.15.txt",1,S] {reported|stated|mentioned} by {about|regarding|concerning} one fifth of the {patients|clients|people} were {nausea|queasiness} and {vomiting|throwing up}. The {following|complying with|adhering to} {symptoms|signs} {should|ought to|can|must|need to} be {reported|stated|mentioned} to your {{health|wellness|health and wellness|safety} {care|treatment}|healthcare|medical} {provider|service provider|company|supplier|carrier} {as {soon|quickly} as|as quickly as|when} {possible|feasible}: {chest|breast|upper body} {pain|discomfort}, {blurred|obscured|beclouded|masked} {vision|eyesight}, {dizziness|lightheadedness}, fainting, {rash|breakout}, {loss|reduction} of {vision|eyesight} or hearing, {painful|unpleasant|uncomfortable|distressing} {erection|construction}, lightheadedness and {shortness|lack} #file_links<>links/imp_files/19.08.15.txt",1,S] of breath. Tretinoin Cream (tretinoin topical) {can|could} #file_links<>links/imp_files/19.08.15.txt",1,S] be {used|utilized|made use of} by {patients|clients|people} {diagnosed|identified|figured out|detected} with {acne|acne breakouts|pimples}. Nonteratogenic Effects: Because #file_links<>links/imp_files/19.08.15.txt",1,S] of the {known|recognized|well-known} {effects|results|impacts} of nonsteroidal anti-inflammatory {drugs|medicines|medications} on the fetal {cardiovascular|cardio} system ({closure|closing} of ductus arteriosus), {use|usage} {{during|throughout} {pregnancy|maternity}|while pregnant} ({particularly|especially|specifically} late {pregnancy|maternity}) {should|ought to|must|need to} be {avoided|prevented|stayed clear of}. The {truth|reality|fact|honest truth} is, {online|on-line|on the internet|internet} {shopping|buying} #file_links<>links/imp_files/19.08.15.txt",1,S] {can|could} {become|come to be|end up being} {a true|a real} {discovery|revelation} if you have {a reliable|a dependable|a reputable|a trustworthy|a trusted} {pharmacy|drug store} to {shop|go shopping|look} {with|from}. This is not #file_links<>links/imp_files/19.08.15.txt",1,S] {a complete|a total|a full} {list|listing} of {side {effects|results|impacts}|adverse effects|negative effects|negative side effects} {and|and also|as well as} others {may|might|could} {occur|happen|take place}. It {has|has actually} #file_links<>links/imp_files/19.08.15.txt",1,S] been {also|likewise|additionally} {reported|stated|mentioned} to {cause|trigger|create|induce} miscarriage and {death|fatality} of the {fetus|unborn child}. John's wort, epilepsy {drugs|medicines}, {drugs|medicines} for {normal|typical|regular} blood {lipid|crowd} {levels|degrees}, antidiabetes {medications|medicines}, antifungals, {depression|misery} {medications|medicines}, rifampicin, or HIV #file_links<>links/imp_files/19.08.15.txt",1,S] {medications|medicines}. {Controlled|Regulated|Measured} {studies|research studies|researches} in {{small|little|tiny} numbers|handful} of {patients|clients|people|individuals} {suggest|recommend} that #file_links<>links/imp_files/19.08.15.txt",1,S] the concomitant {use|usage} of Calan {and|and also|as well as} {oral|dental} beta-adrenergic {blocking|obstructing} {agents|representatives|brokers} {may|might|could} be {beneficial|advantageous|useful|helpful|valuable} in {certain|specific|particular} {patients|clients|people|individuals} with {chronic|persistent} {stable|steady|secure} angina or {hypertension|high blood pressure}, {but|however|yet} {available|offered|readily available} {information|info|details} is not {sufficient|adequate|enough|ample} to {predict|anticipate|forecast} with {confidence|self-confidence} the {effects|results|impacts} of {concurrent|simultaneous} {treatment|therapy} in {patients|clients|people|individuals} with left ventricular {dysfunction|disorder} or {cardiac|heart} {conduction|transmission} {abnormalities|irregularities|problems}. Tadalafil {is one of|is among|is just one of} the {three|3} world-famous {treatments|therapies|procedures} for impotence that {has|has actually} #file_links<>links/imp_files/19.08.15.txt",1,S] been {used|utilized|made use of} {for years|for many years} in {males|mens|guys} {with|regarding} impotence. You {can|could} ask your {pharmacist|pharmacologist} of your {doctor|physician|medical professional} {any|any type of|any kind of|any sort of} {questions|concerns|inquiries} you have {about|regarding|concerning} your {treatment|therapy|procedure} or #file_links<>links/imp_files/19.08.15.txt",1,S] if you are in {doubt|question|uncertainty} {about|regarding|concerning} taking {a dosage|a dose|a quantity} of Tadalafil. Your {dose|dosage|amount} of Vardenafil {may|might|could} {require|need|call for} {an adjustment|a modification|a change}. {{Even|Also} if you #file_links<>links/imp_files/19.08.15.txt",1,S] are {using|utilizing|withing|making use of} {any|any type of|any kind of|any sort of} {herbal|natural|organic} {preparations|prep works|plannings} (such as St. Shallaki is {used|utilized|made use of} in {osteoarthritis|osteo arthritis}, {juvenile|adolescent} rheumatoid {arthritis|joint inflammation}, soft {tissue|cells} #file_links<>links/imp_files/19.08.15.txt",1,S] fibrositis {and|and also|as well as} spondylitis. Tamiflu #file_links<>links/imp_files/19.08.15.txt",1,S] is {commonly|typically|frequently|generally|often} {prescribed|recommended|suggested} for the {treatment|therapy|procedure} of {flu|influenza} in {{adults|grownups} and {children|kids|youngsters}|{children|kids|youngsters} and {adults|grownups}} 1 year and older. Antabuse (disulfiram) is {a prescription|a prescribed} {{drug|medicine} {used|utilized|made use of}|substance abuse} for {patients|clients|people} with {drinking|consuming} {problem|issue|trouble} ({chronic|persistent} {alcoholism|alcohol dependency|alcohol addiction|addiction to alcohol}) #file_links<>links/imp_files/19.08.15.txt",1,S] to {help|assist|aid} them {quit|stop|give up}. It {may|might|could} {take up|use up} to {a few|a couple of} months #file_links<>links/imp_files/19.08.15.txt",1,S] to {see|think of} the {first|initial|very first} {results|outcomes} of the {treatment|therapy|procedure}. Asacol ® (mesalamine) delayed-release {tablets|tablet computers} are {indicated|suggested|shown} for the {treatment|therapy} of {mildly|slightly|gently} to {moderately|reasonably} {active|energetic} ulcerative colitis in {patients|clients|people|individuals} #file_links<>links/imp_files/19.08.15.txt",1,S] 5 years {of age|old} {and|and also|as well as} older.
+
== configure guacamole ==
 +
* create a folder for guacamole's configuration:
 +
mkdir /etc/guacamole
 +
* create a file /etc/guacamole/guacamole.properties with the content
 +
# Hostname and port of guacamole proxy
 +
guacd-hostname: localhost
 +
guacd-port:    4822
 +
 +
# Location to read extra .jar's from
 +
lib-directory:  /var/lib/tomcat9/webapps/guacamole-1.3.0/WEB-INF/classes
 +
 +
# Authentication provider class
 +
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
 +
 +
# Properties used by BasicFileAuthenticationProvider
 +
basic-user-mapping: /etc/guacamole/user-mapping.xml
 +
 
 +
* create a file /etc/guacamole/user-mapping.xml with the content
 +
 
 +
<user-mapping>
 +
    <authorize username="user" password="password">
 +
      <protocol>vnc</protocol>
 +
          <param name="hostname">localhost</param>
 +
          <param name="port">5901</param>
 +
          <param name="password">password</param>
 +
    </authorize>
 +
</user-mapping>
  
COCs {have|have actually} been {shown|revealed} #file_links<>links/imp_files/19.08.15.txt",1,S] to {significantly|considerably|substantially|dramatically} {decrease|reduce|lower|minimize} plasma {concentrations|focus|attentions} of lamotrigine, likely {due to|because of|as a result of} induction of lamotrigine glucuronidation. This {information|info|details} is {not {specific|particular|certain}|general} {medical|clinical} {advice|guidance|recommendations|suggestions|insight} {and|and also|as well as} does not {replace|change} {information|info|details} #file_links<>links/imp_files/19.08.15.txt",1,S] you {receive|get|obtain} from your {{health|wellness|health and wellness} {care|treatment}|healthcare|medical} {provider|service provider|company|supplier|carrier}. Antabuse (disulfiram) is {a prescription|a prescribed} {drug|medicine} #file_links<>links/imp_files/19.08.15.txt",1,S] {intended|meant|planned} for {patients|clients|people} {diagnosed|identified|figured out|detected} with {chronic|persistent} {alcoholism|alcohol dependency|alcohol addiction|addiction to alcohol} that are {unable|not able|incapable} to {quit|stop|give up}. {Make sure|Ensure|Make certain|See to it} you do not {drink|consume} {any|any type of|any kind of|any sort of} {alcohol|liquor|alcoholic beverages}, {even|also} in the {smallest|tiniest} {amounts|quantities}, {during|throughout} the 12 {hours|hrs} {before|prior to} your {dose|dosage|amount} and for {at {least|the very least}|a minimum of|at the very least} {two|2} weeks after you have {stopped|quit} the {treatment|therapy|procedure}. Do not take this {drug|medicine} {{more|much more|a lot more} {than|compared to}|greater than} {{once|when|as soon as} a day|daily}. {If you {missed|missed out on} {a dose|a dosage|an amount} and it's {almost|practically|virtually|nearly} time to take {another|an additional|one more} one do not take {two|2} {tablets|tablet computers} to {make up for|offset|balance} the {missed|missed out on} one. |, if you {missed|missed out on} {a dose|a dosage|an amount} and it's {almost|practically|virtually|nearly} time to take {another|an additional|one more} one do not take {two|2} {tablets|tablet computers} to make up for the {missed|missed out on} one..} {Side {effects|results|impacts}|Adverse effects|Negative effects|Negative side effects} are {different|various} {for every|for each|for every single} {person|individual}, so you {{need|require|really need} to|have to|should} {watch|view|enjoy|see} your {condition|problem|disorder} {closely|carefully|very closely}. {If {any|any type of|any kind of|any sort of} {symptoms|signs} {appear|show up} and {{get|obtain} {worse|even worse}|become worse|worsen} {with|regarding} time {contact|get in touch with|call} your {doctor|physician|medical professional} to {discuss|talk about|go over|review} {possible|feasible} {solutions|options|remedies}. |, if {any|any type of|any kind of|any sort of} {symptoms|signs} {appear|show up} #file_links<>links/imp_files/19.08.15.txt",1,S] and {get|obtain} {worse|even worse} {with|regarding} time {contact|get in touch with|call} your {doctor|physician|medical professional} to {discuss|talk about|go over|review} {possible|feasible} {solutions|options|remedies}. You {also|likewise|additionally} {{want|desire|wish} to|wish to|intend to} {make {sure|certain}|ensure|make certain|see to it} your Erythromycin {{works|functions} for|helps} you #file_links<>links/imp_files/19.08.15.txt",1,S] {{just|simply} as|equally as|equally} well as {brand|brand name} Erythromycin {would|would certainly} and is {delivered|provided} to your doorstep in {a short|a brief|a smaller} {{period|duration} of time|time period|time frame|amount of time}. Cardizem #file_links<>links/imp_files/19.08.15.txt",1,S] {may|might|could} {impair|harm|hinder} your {thinking|reasoning} or {reactions|responses}. {{Be {careful|cautious|mindful}|Beware|Make sure|Take care} if you {drive or do|do or drive} anything that {requires|needs} you to be {alert|sharp}.|If you {drive or do|do or drive} anything that {requires|needs} you to be {alert|sharp}, be {careful|cautious|mindful}.} {Avoid|Prevent|Stay clear of} {drinking|consuming} {alcohol|liquor|alcoholic beverages} while taking Cardizem. Propranolol {can|could} be {prescribed|recommended|suggested} {to {prevent|avoid|stop|protect against}|to avoid|to stop} {chest|breast} {pain|discomfort}, {{tremors|tremblings|trembles} and {migraines|migraine headaches}|{migraines|migraine headaches} and {tremors|tremblings|trembles}}, {as well as|in addition to|along with|and also} to {treat|deal with|address|manage|help with} #file_links<>links/imp_files/19.08.15.txt",1,S] {{high|higher} blood {pressure|stress|tension}|hypertension} and {abnormal|unusual|irregular|uncommon} heart {rhythms|tempos}. You {may|might|could} {{need|require|really need} to|have to|should} be taking Seroquel {regularly|routinely|frequently|consistently|on a regular basis} for {a specific|a particular|a certain} {{period|duration} of time|time period|time frame|amount of time} for the {treatment|therapy|procedure} of {schizophrenia|mental illness} #file_links<>links/imp_files/19.08.15.txt",1,S] and {bipolar {disorder|condition|ailment}|bipolar illness|bipolar affective disorder} {symptoms|signs}. This {information|info|details} #file_links<>links/imp_files/19.08.15.txt",1,S] does not {endorse|back|supported|recommend} {any|any type of|any kind of|any sort of} {medicine|medication} as {safe|risk-free|secure}, {effective|efficient|reliable}, or {approved|authorized|accepted} for {treating|dealing with} {any|any type of|any kind of|any sort of} {patient|client|person|individual} or {health|wellness|health and wellness} {condition|problem|disorder}. If #file_links<>links/imp_files/19.08.15.txt",1,S] you {have|have actually} been {prescribed|recommended|suggested} the {liquid|fluid} {form|type|kind} of this {medicine|medication} - {make {sure|certain}|ensure|make certain|see to it} you take it {using|utilizing|making use of} {a special|an unique} measuring {device|system|gadget|tool}, as {otherwise|or else} you {may|might|could} take {{more|even more|additional} or {less|much less}|basically|essentially} {than|compared to} {recommended|suggested|advised}. On our {safe|risk-free|secure} {comparison|contrast|evaluation} {page|web page}, you {will|will certainly} {{find|discover|locate} out|discover|learn|figure out} the {truth|reality|fact|honest truth} {about|regarding|concerning} {online|on-line|on the internet|internet} {{shopping|buying} for|looking for|searching for|buying|purchasing} Elimite and {will|will certainly} {be able to|have the ability to} #file_links<>links/imp_files/19.08.15.txt",1,S] {purchase|buy|acquire} {efficient|effective|reliable} Elimite with {a discount|a price cut|a rebate|a markdown} from {any of|any one of} the {online|on-line|on the internet|internet} {pharmacies|drug stores} we are {recommending|suggesting|advising}. Rimonabant is #file_links<>links/imp_files/19.08.15.txt",1,S] {an appetite|a hunger|a cravings} suppressant {pill|tablet|medicine} that {helps|assists|aids} to {increase|enhance|raise|boost|ever increasing|improve} the {effectiveness|efficiency} of {slimming|slendering|thinning} programs. You {must|should|need to|have to} {talk|speak|chat} #file_links<>links/imp_files/19.08.15.txt",1,S] with your {healthcare|health care|medical care} {provider|service provider|company|supplier|carrier} for {complete|total|full} {information|info|details} {about|regarding|concerning} the {risks|dangers|threats} {and|and also|as well as} {benefits|advantages|perks} of {using|utilizing} this {medicine|medication}. In {patients|clients|people|individuals} {who|that|which} are {elderly|senior}, volume-depleted ({including|consisting of} those on diuretic {therapy|treatment}), or {with|regarding} {compromised|jeopardized|endangered} {renal|kidney} {function|feature}, coadministration of NSAIDs, {including|consisting of} {selective|careful|discerning} COX-2 {inhibitors|preventions}, {with|regarding} angiotensin II receptor {antagonists|villains}, {including|consisting of} irbesartan, {may|might|could} {result in|lead to|cause} {deterioration|wear and tear|degeneration|damage} of {renal|kidney} {function|feature}, {including|consisting of} {possible|feasible} {acute|severe|intense} #file_links<>links/imp_files/19.08.15.txt",1,S] {renal|kidney} {failure|failing}. The {condition|problem|disorder} #file_links<>links/imp_files/19.08.15.txt",1,S] of such {patients|clients|people} {{needs|requires|really needs} to|has to|should} be {monitored|kept track of|overseen} by the {doctor|physician|medical professional} {regularly|routinely|frequently|consistently|on a regular basis} {to {prevent|avoid|stop|protect against}|to avoid|to stop} {problems|issues|troubles}. Do not {use|utilize|make use of} Astelin Nasal Spray for {a condition|a problem|a disorder} for which it #file_links<>links/imp_files/19.08.15.txt",1,S] was not {prescribed|recommended|suggested}. The {tablets|tablet computers} of #file_links<>links/imp_files/19.08.15.txt",1,S] Cialis are yellow, almond-shaped and {film|movie} {coated|covered|layered}. You {may|might|could} not {be able to|have the ability to} take Erythromycin if you have myasthenia gravis or liver {disease|illness|condition} or are {using|utilizing|making use of} {drugs|medicines} like theophylline, cholesterol-lowering {medications|medicines}, blood {thinners|slimmers}, phenytoin, alprazolam, valproic acid, ergotamine, {other|various other|people} {antibiotics|prescription antibiotics|anti-biotics}, #file_links<>links/imp_files/19.08.15.txt",1,S] {carbamazepine, triazolam or dihydroergotamine|carbamazepine, dihydroergotamine or triazolam|triazolam, carbamazepine or dihydroergotamine|triazolam, dihydroergotamine or carbamazepine|dihydroergotamine, carbamazepine or triazolam|dihydroergotamine, triazolam or carbamazepine}, {{because|since|due to the fact that} of|due to|as a result of} the {potential|prospective|possible} {health|wellness|health and wellness} {effects|results|impacts} that {may|might|could} {occur|happen|take place|develop}. As long as those {side {effects|results|impacts}|adverse effects|negative effects|negative side effects} to not {{get|obtain} {worse|even worse}|become worse|worsen} or {persist|continue|linger}, you do not {{need|require|really need} to|have to|should} {report|state|mention} #file_links<>links/imp_files/19.08.15.txt",1,S] them. {Get|Obtain|Acquire} {emergency|emergency situation} {medical|clinical} {help|assistance|aid} if you have {any of|any one of} these {signs|indications|indicators} of {{an allergic|a sensitive|a hypersensitive} {reaction|response}|an allergy} to Desogen: hives; {difficult|challenging|tough|hard} breathing; swelling of your face, lips, #file_links<>links/imp_files/19.08.15.txt",1,S] tongue, or {throat|neck}. Some MEDICINES MAY INTERACT with Ponstel. {Tell|Inform} #file_links<>links/imp_files/19.08.15.txt",1,S] your {{health|wellness|health and wellness} {care|treatment}|healthcare|medical} {provider|service provider|company|supplier|carrier} if you are taking {{any|any type of|any kind of|any sort of} {other|various other}|other} {medicines|medications}, {especially|particularly|specifically} {any of|any one of} the {following|complying with|adhering to|belowing}. Do not {start|begin} #file_links<>links/imp_files/19.08.15.txt",1,S] or {stop|quit} taking Tegretol {{during|throughout} {pregnancy|maternity}|while pregnant|prenatal} without your {doctor|physician|medical professional}'s {advice|guidance|recommendations|suggestions|insight|assistance}. It {can|could} be #file_links<>links/imp_files/19.08.15.txt",1,S] taken by {men|guys} {with|regarding} {certain|specific|particular} {medical|clinical|health care} {conditions|problems|disorders} {including|consisting of|featuring} {diabetes|diabetic issues} and {hypertension|high blood pressure}. The dopaminergic {neurons|nerve cells} in the tuberoinfundibular {process|procedure} #file_links<>links/imp_files/19.08.15.txt",1,S] {modulate|regulate} the secretion of prolactin from the anterior pituitary by {secreting|producing} a prolactin {inhibitory|repressive} {factor|element|aspect} ({thought|idea} to be dopamine); in the corpus striatum the dopaminergic {neurons|nerve cells} are {{involved|included|entailed} in|associated with} the {control|command} of {motor|electric motor} {function|feature}. {Clinically|Scientifically|Medically}, Parlodel {significantly|considerably|substantially|dramatically} {reduces|decreases|minimizes|lowers|lessens} plasma {levels|degrees} of prolactin in {patients|clients|people|individuals} with {physiologically|from a physical standpoint} {elevated|raised} prolactin {as well as|in addition to|along with|and also} in {patients|clients|people|individuals} with hyperprolactinemia. {Using|Utilizing|Making use of} {dry|completely dry} hands, {remove|eliminate|get rid of|take out} #file_links<>links/imp_files/19.08.15.txt",1,S] the {tablet|tablet computer} {and|and also|as well as} {place|location|area} it on your tongue. {Get|Obtain|End up|Acquire} #file_links<>links/imp_files/19.08.15.txt",1,S] {emergency|emergency situation} {medical|clinical} {help|assistance|aid} if you have {any of|any one of} these {signs|indications|indicators} of {{an allergic|a sensitive|a hypersensitive} {reaction|response}|an allergy}: hives; {difficult|challenging|tough|hard} breathing; swelling of your face, lips, tongue, or {throat|neck}. NSAID {medicines|medications} {should|ought to|must|need to} {never|never ever} be {used|utilized|made use of} {right|best|ideal|appropriate} {before|prior to|just before} or after a heart {surgery|surgical treatment|surgical procedure} called a "coronary {artery|canal} {bypass|avoid|sidestep|get around} graft #file_links<>links/imp_files/19.08.15.txt",1,S] (CABG).". The {manufacturer|producer|maker|supplier} #file_links<>links/imp_files/19.08.15.txt",1,S] {recommends|suggests|advises} that {a decision|a choice} be made whether to {discontinue|cease|terminate|stop} nursing or to {discontinue|cease|terminate|stop} mefenamic acid, {taking {into|right into} account|considering|taking into consideration|thinking about} the {importance|significance|value|relevance} of the {drug|medicine|medication} to the {mother|mom|mommy}. Depakote {can|could} {also|likewise|additionally} {cause|trigger|create|induce} {serious|major|severe|significant} {harm|damage|injury} to #file_links<>links/imp_files/19.08.15.txt",1,S] the {pancreas|pancreatic}, which {may|might|could} {{get|obtain|acquire} {worse|even worse}|become worse|worsen} {quickly|rapidly|swiftly|promptly}. You {must|should|need to|have to} {avoid|prevent|stay clear of|stay away from} {pregnancy|maternity} not {only|just} {during|throughout} #file_links<>links/imp_files/19.08.15.txt",1,S] the {period|duration} of the {treatment|therapy|procedure} {but|however|yet} {also|likewise|additionally} one month {before|previously|in the past} and a month after it.
 
  
 
== configure tomcat ==
 
== configure tomcat ==
 
* find out your tomcat's user directory:
 
* find out your tomcat's user directory:
 
  # cat /etc/passwd|grep tomcat
 
  # cat /etc/passwd|grep tomcat
  tomcat6:x:113:116::/usr/share/tomcat6:/bin/false
+
  tomcat6:x:113:116::/usr/share/tomcat9:/bin/false
: in this case it is /usr/share/tomcat6
+
: in this case it is /usr/share/tomcat9
 
* create a folder .guacamole in your tomcat's user directory:
 
* create a folder .guacamole in your tomcat's user directory:
  mkdir /usr/share/tomcat6/.guacamole
+
  mkdir /usr/share/tomcat9/.guacamole
 
* link guacamole.properties into your tomcat's user directories' guacamole folder
 
* link guacamole.properties into your tomcat's user directories' guacamole folder
  ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat6/.guacamole
+
  ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat9/.guacamole
  
 
== finishing ==
 
== finishing ==
 
* start a vnc server, as password set password (the vnc password given in user-mappings.xml)
 
* start a vnc server, as password set password (the vnc password given in user-mappings.xml)
 
  vncserver
 
  vncserver
* restart your tomcat server
+
* if it requires a password, use '''''password'''''. Don't set a view-only password.
/etc/init.d/tomcat6 restart
+
* point your browser to http://localhost:8080/guacamole
* point your browser to http://localhost:8080/guacamole-0.9.3
 
 
* log in as user, password password (the user given in user-mappings.xml)
 
* log in as user, password password (the user given in user-mappings.xml)
 
* you should see a screen like this:
 
* you should see a screen like this:
  
[[File:Guacamole-after-login.png]]
+
<pic src=http://www.linuxintro.org/images/Guacamole-after-login.png width=30% align=text />
  
 
Now when you click on "Default" you will see your VNC desktop in your browser.
 
Now when you click on "Default" you will see your VNC desktop in your browser.
  
* next steps: SSL
+
== secure transmission ==
* next steps: proxypass
+
[[Set up apache for https]] so your passwords are not transmitted unencrypted over the internet
 +
 
 +
== make it work from behind a firewall ==
 +
Most companies will have an internet proxy that does not allow users to access port 8080 on a server outside the company network. So you need a reverse proxy that tells apache if someone calls http://yourserver.yourdomain/guacamole this is forwarded to http://yourserver.yourdomain:8080 internally. To do this,
 +
* edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this:
 +
APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5"
 +
 
 +
* edit /etc/apache2/default-server.conf, add a block
 +
<IfModule mod_proxy.c>
 +
<Location /guacamole>
 +
    ProxyPass http://127.0.0.1:8080
 +
</Location>
 +
</IfModule>
  
 
= Persist it =
 
= Persist it =
Add the following line to /etc/crontab:
+
You want your configuration to survive a reboot so add the following lines to /etc/crontab:
 
  @reboot root /usr/local/sbin/guacd &
 
  @reboot root /usr/local/sbin/guacd &
 +
@reboot  thorsten USER=thorsten /usr/bin/vncserver >>/tmp/vnc-startup-error 2>&1
 +
 +
Replace thorsten with the OS user to start vncserver.
 +
 +
= Beautify it =
 +
You may want to run bash as a shell, in this case edit /etc/passwd and enter /bin/bash instead of /bin/sh
  
 
= TroubleShooting =
 
= TroubleShooting =
Line 88: Line 156:
 
* cat /etc/passwd gives me a line
 
* cat /etc/passwd gives me a line
 
  tomcat6:x:113:116::/usr/share/tomcat6:/bin/false
 
  tomcat6:x:113:116::/usr/share/tomcat6:/bin/false
 
+
 
  ll /usr/share/tomcat6/.guacamole/
 
  ll /usr/share/tomcat6/.guacamole/
 
  total 8
 
  total 8
Line 94: Line 162:
 
  drwxr-xr-x 6 root root 4096 Nov 26 07:57 ../
 
  drwxr-xr-x 6 root root 4096 Nov 26 07:57 ../
 
  lrwxrwxrwx 1 root root  35 Nov 26 07:58 guacamole.properties -> /etc/guacamole/guacamole.properties
 
  lrwxrwxrwx 1 root root  35 Nov 26 07:58 guacamole.properties -> /etc/guacamole/guacamole.properties
 +
  
 
* works now. So the thing is:
 
* works now. So the thing is:
Line 115: Line 184:
 
When logging in I got an error message
 
When logging in I got an error message
 
  Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'http://162.209.103.145:8080/guacamole-0.8.3/login'.
 
  Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'http://162.209.103.145:8080/guacamole-0.8.3/login'.
 +
 
Solution was to:
 
Solution was to:
 
  /etc/init.d/tomcat6 restart
 
  /etc/init.d/tomcat6 restart

Latest revision as of 16:51, 30 December 2023


A Linux desktop in a browser

Overview

Guacamole is a program to control a Linux desktop over the network in a browser.

Sometimes in your Linux life, you need to control your servers in the internet with a graphical user interface. This is tedious when you are behind a corporate firewall blocking ssh requests to the public internet. Typical corporate firewalls only allow proxified client access to port 80, 8080 and 443 in the public internet. One way to go is to use a browser to display a Linux desktop. The solution is guacamole.

Quickstart

This will show you

  • how to install guacamole 1.5.2 on Ubuntu (tested with 20.04)
  • how to make this configuration survive a reboot
  • how to secure transmission with SSL
  • how to make the website accessible from behind a firewall (port 80 or 443)

Here's what you do:

  • become root user
sudo su -
  • install software that we will need later:
apt-get update
apt-get install tomcat9 tightvncserver ubuntu-gnome-desktop xfonts-75dpi xfonts-100dpi gnome-panel

configure VNC server

Guacamole does the communication between a VNC server and the web browser. So whatever you see in VNC will be in the browser. In this example let's use GNOME as desktop environment:

  • write the startup for your VNC sessions:
cd
mkdir .vnc
cat >> .vnc/xstartup <<EOF
#!/bin/sh

export XKL_XMODMAP_DISABLE=1
export XDG_CURRENT_DESKTOP="GNOME-Flashback:GNOME"
export XDG_MENU_PREFIX="gnome-flashback-"

gnome-session --builtin --session=gnome-flashback-metacity --disable-acceleration-check --debug &
EOF
chmod +x .vnc/xstartup

deploy guacamole client

  • download the guacamole webapp, today, 1.5.2 is the latest:
wget https://archive.apache.org/dist/guacamole/1.5.2/binary/guacamole-1.5.2.war
  • deploy it
mv guacamole-1.5.2.war /var/lib/tomcat9/webapps/guacamole.war
  • test it by surfing to http://yourserver:8080/guacamole (don't forget to replace yourserver by your server or your server's IP address ;)
  • although login is not yet possible your browser will show a login screen like that:

install guacamole server

  • install some dependencies that the server will need to build with vnc support:
apt-get install gcc make libvncserver-dev libpng-dev libcairo-dev libossp-uuid-dev
  • download guacamole-server, in this case version 1.5.2:
wget https://archive.apache.org/dist/guacamole/1.5.2/source/guacamole-server-1.5.2.tar.gz
  • unpack it:
tar xvzf guacamole-server-1.5.2.tar.gz
  • build the server:
cd guacamole-server-1.5.2
./configure && make -j8 && make install
  • the following step is ugly; installation and binary do not completely fit so we must do that:
ln -s /usr/local/lib/libguac.so* /lib
ln -s /usr/local/lib/libguac-client-vnc.so* /lib/
  • now we start the guacamole daemon:
# guacd
guacd[54873]: INFO:     Guacamole proxy daemon (guacd) version 1.5.2 started

configure guacamole

  • create a folder for guacamole's configuration:
mkdir /etc/guacamole
  • create a file /etc/guacamole/guacamole.properties with the content
# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port:     4822

# Location to read extra .jar's from
lib-directory:  /var/lib/tomcat9/webapps/guacamole-1.3.0/WEB-INF/classes

# Authentication provider class
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider

# Properties used by BasicFileAuthenticationProvider
basic-user-mapping: /etc/guacamole/user-mapping.xml
  • create a file /etc/guacamole/user-mapping.xml with the content
<user-mapping>
   <authorize username="user" password="password">
      <protocol>vnc</protocol>
         <param name="hostname">localhost</param>
         <param name="port">5901</param>
         <param name="password">password</param>
    </authorize>
</user-mapping>


configure tomcat

  • find out your tomcat's user directory:
# cat /etc/passwd|grep tomcat
tomcat6:x:113:116::/usr/share/tomcat9:/bin/false
in this case it is /usr/share/tomcat9
  • create a folder .guacamole in your tomcat's user directory:
mkdir /usr/share/tomcat9/.guacamole
  • link guacamole.properties into your tomcat's user directories' guacamole folder
ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat9/.guacamole

finishing

  • start a vnc server, as password set password (the vnc password given in user-mappings.xml)
vncserver
  • if it requires a password, use password. Don't set a view-only password.
  • point your browser to http://localhost:8080/guacamole
  • log in as user, password password (the user given in user-mappings.xml)
  • you should see a screen like this:

Now when you click on "Default" you will see your VNC desktop in your browser.

secure transmission

Set up apache for https so your passwords are not transmitted unencrypted over the internet

make it work from behind a firewall

Most companies will have an internet proxy that does not allow users to access port 8080 on a server outside the company network. So you need a reverse proxy that tells apache if someone calls http://yourserver.yourdomain/guacamole this is forwarded to http://yourserver.yourdomain:8080 internally. To do this,

  • edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this:
APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5"
  • edit /etc/apache2/default-server.conf, add a block
<IfModule mod_proxy.c>
<Location /guacamole>
    ProxyPass http://127.0.0.1:8080
</Location>
</IfModule>

Persist it

You want your configuration to survive a reboot so add the following lines to /etc/crontab:

@reboot root /usr/local/sbin/guacd &
@reboot  thorsten USER=thorsten /usr/bin/vncserver >>/tmp/vnc-startup-error 2>&1

Replace thorsten with the OS user to start vncserver.

Beautify it

You may want to run bash as a shell, in this case edit /etc/passwd and enter /bin/bash instead of /bin/sh

TroubleShooting

invalid login

  • now the problem is that tomcat does not know where to find the Authentication class:

/var/lib/tomcat6/webapps/guacamole/WEB-INF/classes/net/sourceforge/guacamole/net/basic/BasicFileAuthenticationProvider.class

is not in /etc/guacamole/guacamole.properties

  • so add it
  • cat /etc/passwd gives me a line
tomcat6:x:113:116::/usr/share/tomcat6:/bin/false

ll /usr/share/tomcat6/.guacamole/
total 8
drwxr-xr-x 2 root root 4096 Nov 26 07:58 ./
drwxr-xr-x 6 root root 4096 Nov 26 07:57 ../
lrwxrwxrwx 1 root root   35 Nov 26 07:58 guacamole.properties -> /etc/guacamole/guacamole.properties


  • works now. So the thing is:
    • take care that it is called guacamole and not guacamole-0.8.3 (sure?)
    • make sure the classpath in /etc/guacamole/guacamole.properties is correct, e.g.
# Location to read extra .jar's from
lib-directory:  /var/lib/tomcat6/webapps/guacamole/WEB-INF/classes

Server error

  • now I got a server error so I straced guacd:
strace -p 15332

and saw

[pid 20344] open("/usr/lib/x86_64-linux-gnu/libguac-client-vnc.so", O_RDONLY) = -1 ENOENT (No such file or directory)

so the problem is that libguac-client-vnc.so is missing.

  • downloaded java version 1.7.45 and compiled guacamole-client using mvn. But there was no *.so* file in it
  • so installed libvncserver-dev and rebuild and reinstalled guacamole-server
  • and there it is, libguac-client-vnc.so
  • now the error message changed from "server error" to "unauthorized"

Failed to load

When logging in I got an error message

Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'http://162.209.103.145:8080/guacamole-0.8.3/login'.

Solution was to:

/etc/init.d/tomcat6 restart

Error initializing VNC client

After logging in I got the error message

Error initializing VNC client

Solution was to start

vncserver

Could not connect

If you surf to the page and get an error message like

Unable to connect

It probably means that tomcat is not running. It must be possible to connect to port 8080, a java process for tomcat must be running.

/etc/init.d/tomcat6 status

must deliver something like

* Tomcat servlet engine is running with pid 17546

See also