Install Guacamole on CentOS 7

This post is for installing the latest version of Guacamole on CentOS 7, as there are several difference from the previous guide I did. If you want to read more about Guacamole, and how awesome it is, I recommend you take a glance at my previous post here.

**Note, I am installing the MySQL Authentication package which allows me to store connections and authentication information in a database, instead of a plain-text XML file.
Let’s Get Started!

1.) prerequisites:

yum -y install epel-release wget
wget -O /etc/yum.repos.d/home:felfert.repo
yum -y install cairo-devel freerdp-devel gcc java-1.8.0-openjdk.x86_64 libguac libguac-client-rdp libguac-client-ssh libguac-client-vnc \
libjpeg-turbo-devel libpng-devel libssh2-devel libtelnet-devel libvncserver-devel libvorbis-devel libwebp-devel openssl-devel pango-devel \
pulseaudio-libs-devel terminus-fonts tomcat tomcat-admin-webapps tomcat-webapps uuid-devel

Above we are just installing adding the EPEL and Felfert repositories that contain the files we need, and installing all our prereqs. Easy.

2.) guacd install

mkdir ~/guacamole && cd ~/
tar -xzf guacamole-server-0.9.9.tar.gz && cd guacamole-server-0.9.9
./configure --with-init-dir=/etc/init.d
make install

Guacamole is delivered in two different pieces. The back-end is what we just installed above, from source, called guacd (or guacamole daemon). The other piece is the guacamole client, or web frontend. This is delivered via Jetty, and installed next.

3.) guacamole client

mkdir -p /var/lib/guacamole && cd /var/lib/guacamole/
wget -O guacamole.war
ln -s /var/lib/guacamole/guacamole.war /var/lib/tomcat/webapps/
rm -rf /usr/lib64/freerdp/
ln -s /usr/local/lib/freerdp/ /usr/lib64/freerdp/

We now have the guacamole server daemon and the guacamole client installed. Next up is the MySQL Authentication piece, using MariaDB.

4.) mysql authentication

yum -y install mariadb mariadb-server
mkdir -p ~/guacamole/sqlauth && cd ~/guacamole/sqlauth
tar -zxf guacamole-auth-jdbc-0.9.9.tar.gz
tar -zxf mysql-connector-java-5.1.38.tar.gz
mkdir -p /usr/share/tomcat/.guacamole/{extensions,lib}
mv guacamole-auth-jdbc-0.9.9/mysql/guacamole-auth-jdbc-mysql-0.9.9.jar /usr/share/tomcat/.guacamole/extensions/
mv mysql-connector-java-5.1.38/mysql-connector-java-5.1.38-bin.jar /usr/share/tomcat/.guacamole/lib/
systemctl restart mariadb.service

The above is installing mariadb, downloading the needed .jar’s, and moving them to where they belong. All but one jar file is included in the Guacamole MySQL Auth download, which is the MySQL Java Connector.

5.) configure database

mysqladmin -u root password MySQLRootPass
mysql -u root -p   # Enter above password
create database guacdb;
create user 'guacuser'@'localhost' identified by 'guacDBpass';
grant select,insert,update,delete on guacdb.* to 'guacuser'@'localhost';
flush privileges;

Here we created the database and user for guacd to use.

6.) extend database schema

cd ~/guacamole/sqlauth/guacamole-auth-jdbc-0.9.9/mysql/schema/
cat ./*.sql | mysql -u root -p guacdb   # Enter SQL root password set above

And here we extend the schema of the database we created.

7.) configure guacamole

mkdir -p /etc/guacamole/ && vi /etc/guacamole/

The above is creating our needed directories, and then creating the file. This file is what tomcat uses to know what port to talk to guacd on as well as how to access the database. Here is a basic file that will do what you need.

# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacdb
mysql-username: guacuser
mysql-password: guacDBpass

# Additional settings
mysql-default-max-connections-per-user: 0
mysql-default-max-group-connections-per-user: 0

This will configure guacamole to use the database and user that we created on the default port of 4822. Note, this is for internal communication only and is not the port that you will be accessing the web interface on.

And we have to create a symlink so Guacamole can find the config file:

ln -s /etc/guacamole/ /usr/share/tomcat/.guacamole/

8.) Cleanup

All that’s left is a little housecleaning!

cd ~ && rm -rf guacamole*
systemctl enable tomcat.service && systemctl enable mariadb.service && chkconfig guacd on
systemctl reboot

Once your server boots, you’ll have Guacamole running and ready to be used! Head on over to http://guac_server_ip:8080/guacamole to start using your new Guacamole server! default username and password are both ‘guacadmin’.

If you’re having trouble accessing the webpage for Guacamole, make sure you have configured firewalld (or disabled it) to allow access to port 8080.

Leave me some feedback!

Continue Reading