Professional Documents
Culture Documents
Install The Guacamole Client
Install The Guacamole Client
Create a new group and user for Tomcat installation. Running the
Tomcat server with an unprivileged user is recommended for security
reasons.
groupadd tomcat
useradd -M -s /bin/nologin -g tomcat -d /opt/tomcat tomcat
Download the latest Tomcat server of version 8.5 from Apache mirror.
wget http://www-us.apache.org/dist/tomcat/tomcat-8/v8.5.28/bin/apache-
tomcat-8.5.28.tar.gz
Create a new systemd service file for managing the Tomcat server.
nano /etc/systemd/system/tomcat.service
Start the Tomcat server and enable it to automatically start at boot time.
systemctl start tomcat
systemctl enable tomcat
The Guacamole client is now installed on your server. You can check if
Guacamole client is working by going to http://your-server-
ip:8080/guacamole using your favorite browser. You should see the
Guacamole login interface. You will not be able to log in yet, as we have
not configured authentication yet.
Setting Up Authentication
The Guacamole client supports multiple authentication mechanisms
such as file-based auth, database auth, OAuth, and LDAP. In this section
of the tutorial, we will configure the database authentication using
MySQL database server.
MySQL database will be used to store the authentication and other data.
Since we do not require high performance and scalability
which ApasaraDB provides, we will install MySQL server on the same
ECS instance.
Install the MariaDB server, which is an open source fork of MySQL.
yum -y install mariadb mariadb-server
Set a password for the MySQL root user and secure the server instance
by removing the test database and user.
mysql_secure_installation
Now login to your MySQL shell using the root user and the password you
just created.
mysql -u root -p
Run the following queries to create a new database named guacdb along
with guacdb-user having full access to the database. Please change
StrongPassword to a very strong password.
CREATE DATABASE guacdb CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER 'guacdb-user'@'localhost' IDENTIFIED BY 'StrongPassword';
GRANT ALL PRIVILEGES ON guacdb.* TO 'guacdb-user'@'localhost';
FLUSH PRIVILEGES;
EXIT;
Now that our database server is running, we need to install the MySQL
connector and Guacamole JDBC auth plugin. Create new directories to
store the plugins.
mkdir -p /etc/guacamole/{extensions,lib}
Since we have already created the database and database user, we can
proceed to create the database schema and import the initial data. The
schema is shipped along with the JDBC extension.
Import the SQL schema and initial data into the guacdb database using
the following command. Provide the password of the MySQL root user
when prompted.
cd guacamole-auth-jdbc-0.9*/mysql/schema
cat *.sql | mysql -u root -p guacdb
Populate the file with the following configuration. Make sure to edit the
StrongPassword with the actual password of guacdb-user.
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacdb
mysql-username: guacdb-user
mysql-password: StrongPassword
mysql-default-max-connections-per-user: 0
mysql-default-max-group-connections-per-user: 0