Install Guacamole from source on CentOS 7

This post was last updated on Apr 09, 2018. This guide is current as of Guacamole 0.9.14.

This is my third Guacamole post! My first post was back in 2013 and was for last updated to Guac 0.9.5 on CentOS 6. My second post was in 2015, and last updated to Guac 0.9.9 on CentOS 7. Guac 0.9.9 was releasted on Dec 18, 2015 which was the final stable release before moving joining the Apache Incubator program, and development has been swift since then. This guide will install the latest stable release under Apache.

I am installing the MySQL Authentication package which allows me to store connections and authentication information in a database, instead of a plain-text XML file. I am assuming that you are install as root, with SELinux and firewalld disabled (do this at your own risk! -- I run my Guac instance behind a reverse proxy so my Guac instance is not directly accessible from my WAN).

Let's Get Started!

1.) prerequisites:
yum -y install epel-release && yum -y update
wget -O /etc/yum.repos.d/home:felfert.repo
rpm -Uvh
yum -y groupinstall "Development Tools"
yum -y install cairo-devel ffmpeg-devel freerdp-devel git java-1.8.0-openjdk libguac libguac-client-rdp libguac-client-ssh libguac-client-vnc libjpeg-turbo-devel libpng-devel libssh2-devel libtelnet-devel libvncserver-devel libwebp-devel libvorbis-devel mariadb-server maven openssl-devel pango-devel pulseaudio-libs-devel terminus-fonts tomcat tomcat-admin-webapps tomcat-webapps uuid-devel wget

Above we are just installing adding the EPEL, Felfert, and nux-dextop repositories that contain the packages we need, and installing all our prereqs. Easy.

2.) guacd install
mkdir ~/guacamole && cd ~/guacamole
wget -O guacamole-server.tar.gz
tar -xvf guacamole-server.tar.gz
cd guacamole-server-*
autoreconf -fi
./configure --with-init-dir=/etc/init.d
make && make install && ldconfig

Guacamole is delivered in two different pieces. The back-end is what we just installed above, from source, called guacd (or guacamole daemon). The other piece is the guacamole client, or web frontend. Install next.

3.) guacamole client
cd ~/guacamole
wget -O guacamole-client.tar.gz
tar -xvf guacamole-client.tar.gz
cd guacamole-client-*
mvn package
cp ~/guacamole/guacamole-client-*/guacamole/target/guacamole-*.war /var/lib/tomcat/webapps/guacamole.war

We now have the guacamole server daemon and the guacamole client installed. Next up is the MySQL Authentication piece, using MariaDB.

4.) mysql authentication
mkdir -p ~/guacamole/sqlauth && cd ~/guacamole/sqlauth
tar -xvf mysql-connector-java-5.1.*.tar.gz
mkdir -p /usr/share/tomcat/.guacamole/{extensions,lib}
mv mysql-connector-java-5.1.*/mysql-connector-java-5.1.*-bin.jar /usr/share/tomcat/.guacamole/lib/
mv ~/guacamole/guacamole-client-*/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/target/guacamole-auth-jdbc-mysql-*.jar /usr/share/tomcat/.guacamole/extensions/

The above is downloading and prepping the guacamole-required pieces for db authentication.

5.) configure database
systemctl restart mariadb.service
mysqladmin -u root password MySQLRootPass
mysql -u root -p   # Enter above password
flush privileges;

Here we created the database and database user for guacd to use.

6.) extend database schema
cd ~/guacamole/guacamole-client-*/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/
cat ./*.sql | mysql -u root -p guacdb   # Enter SQL root password set above

And here we extend the schema of the database we created.

7.) configure guacamole
mkdir -p /etc/guacamole/ && vi /etc/guacamole/

The above is creating our needed directories, and then creating the file. This file is what tomcat uses to know what port to talk to guacd on as well as how to access the database. Here is a basic file that will do what you need.

# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacdb
mysql-username: guacuser
mysql-password: guacpass

# Additional settings
mysql-default-max-connections-per-user: 0
mysql-default-max-group-connections-per-user: 0

This will configure guacamole to use the database and user that we created on the default port of 4822. Note, this is for internal communication only and is not the port that you will be accessing the web interface on.

And we have to create a symlink so Guacamole can find the config file:

ln -s /etc/guacamole/ /usr/share/tomcat/.guacamole/
8.) Cleanup

All that's left is a little housecleaning!

cd ~ && rm -rf ~/guacamole
systemctl enable tomcat.service && systemctl enable mariadb.service && chkconfig guacd on
systemctl reboot

Once your server boots, you'll have Guacamole running and ready to be used! Head on over to http://guac_server_ip:8080/guacamole to start using your new Guacamole server! default username and password are both 'guacadmin'.

If you're having trouble accessing the webpage for Guacamole, make sure you have configured firewalld (or disabled it) to allow access to port 8080.

Leave me some feedback!

Related Posts

Share on: Twitter | Facebook | Google+ | Email

comments powered by Disqus