Guacamole on Ubuntu 20.04

Posted on by somik

There are a lot of solutions to remote access your server, however the fastest is to access it directly from the browser itself. The Guacamole sits between your server’s SSH/RDP and your browser so you can access it directly from the browser without going through the hassle of using RDP or Reminna and what not.

Switch to the root user first as most of the codes needs to run as root

sudo su -

Then install the dependencies needed to build the server. I’m guessing you already have a Ubuntu 20.04 server with ssh access up and running.

apt install build-essential gcc g++ libcairo2-dev libjpeg-turbo8-dev libpng-dev libtool-bin libossp-uuid-dev libavcodec-dev libavformat-dev libavutil-dev libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev wget nano

After the installation is complete, download the latest version of guacamole tarball and extract it.

wget https://downloads.apache.org/guacamole/1.3.0/source/guacamole-server-1.3.0.tar.gz
tar xzf guacamole-server-1.3.0.tar.gz

Then go into the directory and check the configuration.

cd guacamole-server-1.3.0
./configure --with-init-dir=/etc/init.d

You should get something similar to the bellow.

...
...
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commands

------------------------------------------------
guacamole-server version 1.3.0
------------------------------------------------

   Library status:

     freerdp2 ............ yes
     pango ............... yes
     libavcodec .......... yes
     libavformat.......... yes
     libavutil ........... yes
     libssh2 ............. yes
     libssl .............. yes
     libswscale .......... yes
     libtelnet ........... yes
     libVNCServer ........ yes
     libvorbis ........... yes
     libpulse ............ yes
     libwebsockets ....... yes
     libwebp ............. yes
     wsock32 ............. no

   Protocol support:

      Kubernetes .... yes
      RDP ........... yes
      SSH ........... yes
      Telnet ........ yes
      VNC ........... yes

   Services / tools:

      guacd ...... yes
      guacenc .... yes
      guaclog .... yes

   FreeRDP plugins: /usr/lib/x86_64-linux-gnu/freerdp2
   Init scripts: /etc/init.d
   Systemd units: no

Type "make" to compile guacamole-server.

If you get the protocol supports correct, lets make it. It’ll take some time to complete on lower end systems.

make

And install it

make install

Once done, run the ldconfig command. This will create the necessary links and also cache to the most recent shared libraries found in the guacamole server directory that you just installed.

ldconfig

Start up the guac server

systemctl daemon-reload
systemctl start guacd
systemctl enable guacd

You can check to see if the server is running by doing

 systemctl status guacd

Now install tomcat server which is required for the client side setup

apt install tomcat9 tomcat9-admin tomcat9-common tomcat9-user -y

Install the guac client in etc folder

mkdir /etc/guacamole
wget https://downloads.apache.org/guacamole/1.3.0/binary/guacamole-1.3.0.war -O /etc/guacamole/guacamole.war

Create a symbolic link to the war file to tomcat webapps directory

ln -s /etc/guacamole/guacamole.war /var/lib/tomcat9/webapps/

Restart tomcat and guac server

systemctl restart tomcat9
systemctl restart guacd

Configure the guacamole server by first creating configuration directories

mkdir /etc/guacamole/extensions
mkdir /etc/guacamole/lib

Next set the guacamole home directory environment variable in tomcat config file

echo "GUACAMOLE_HOME=/etc/guacamole" >> /etc/default/tomcat9

Create guacamole config file as following:

nano /etc/guacamole/guacamole.properties

And change it to the following

guacd-hostname: localhost
guacd-port:     4822
user-mapping:   /etc/guacamole/user-mapping.xml
auth-provider:  net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider

Save and exit with Crtl+x followed by Y to confirm and Enter key to save.

Link the guacamole configuration file to the tomcat directory

ln -s /etc/guacamole /usr/share/tomcat9/.guacamole

Now lets generate a secure password. Replace the word “my-secret-password” with your password in the following command

echo -n my-secret-password | openssl md5

Create the user configuration files as following

nano /etc/guacamole/user-mapping.xml

Provide the hashed password and any servers you want to remote access

<user-mapping>
        
    <!-- Per-user authentication and config information -->

    <!-- A user using md5 to hash the password
         guacadmin user and its md5 hashed password below is used to 
             login to Guacamole Web UI-->
    <authorize 
            username="guacadmin"
            password="5f4dcc3b5aa765d61d8327deb882cf99"
            encoding="md5">

        <!-- First authorized Remote connection -->
        <connection name="CentOS-Server">
            <protocol>ssh</protocol>
            <param name="hostname">192.168.1.156</param>
            <param name="port">22</param>
        </connection>

        <!-- Second authorized remote connection -->
        <connection name="Windows 7">
            <protocol>rdp</protocol>
            <param name="hostname">192.168.1.122</param>
            <param name="port">3389</param>
            <param name="username">Administrator</param>
            <param name="ignore-cert">true</param>
        </connection>

    </authorize>

</user-mapping>

Save and exit with Crtl+x followed by Y to confirm and Enter key to save.

Now just restart tomcat and guac servers

systemctl restart tomcat9 guacd

And access the guacamole webgui by going to http://ip-address:8080/guacamole/