Automated Deployment - Apache Guacamole

Below script automates the deployment of Apache Guacamole on CentOS 9 with best practices.

#!/bin/bash
set -e

# Prompt user for database credentials
echo "Enter MySQL database details:"
read -p "MySQL Hostname: " MYSQL_HOSTNAME
read -p "MySQL Database Name: " MYSQL_DATABASE
read -p "MySQL Username: " MYSQL_USERNAME
read -s -p "MySQL Password: " MYSQL_PASSWORD

# Configure RPM Fusion Repository
echo "Updating system and installing dependencies..."
sudo yum install -y https://download1.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm
sudo dnf config-manager --set-enabled crb
sudo dnf install --nogpgcheck -y https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm
sudo dnf update -y
sudo dnf install epel-release -y
sudo yum install -y libjpeg-turbo-devel libpng-devel libtool \
                   ffmpeg ffmpeg-devel freerdp freerdp-devel \
                   pango-devel libssh-devel pulseaudio-libs-devel \
                   openssl-devel libuuid-devel uuid-devel java-11-openjdk-devel nano nginx wget mysql


# Verify Java Installation
java -version
echo "JAVA_HOME=/usr/lib/jvm/jre" | sudo tee -a /etc/environment
source /etc/environment

echo "Setting up Tomcat..."
sudo groupadd --system tomcat
sudo useradd -d /usr/share/tomcat -r -s /bin/false -g tomcat tomcat
sudo mkdir -p /usr/share/tomcat
cd /usr/share/tomcat
sudo wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.tar.gz
sudo tar -xvf apache-tomcat-9.0.43.tar.gz --strip-components=1
sudo chmod -R u+x /usr/share/tomcat/bin
sudo chown -R tomcat:tomcat /usr/share/tomcat/

# Create systemd service for Tomcat
echo "Creating Tomcat service..."
cat <<EOF | sudo tee /etc/systemd/system/tomcat.service
[Unit]
Description=Tomcat Server
After=syslog.target network.target

[Service]
Type=forking
User=tomcat
Group=tomcat
Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment='JAVA_OPTS=-Djava.awt.headless=true'
Environment=CATALINA_HOME=/usr/share/tomcat
Environment=CATALINA_BASE=/usr/share/tomcat
Environment=CATALINA_PID=/usr/share/tomcat/temp/tomcat.pid
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M'
ExecStart=/usr/share/tomcat/bin/catalina.sh start
ExecStop=/usr/share/tomcat/bin/catalina.sh stop

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo setenforce 0
sudo systemctl restart tomcat
sudo systemctl enable tomcat

# Modify server.xml for Tomcat
sudo sed -i 's/port="8080"/port="9090"/' /usr/share/tomcat/conf/server.xml

# Install and configure Guacamole
echo "Installing Guacamole..."
cd /root
wget https://downloads.apache.org/guacamole/1.5.5/source/guacamole-server-1.5.5.tar.gz
tar -xvzf guacamole-server-1.5.5.tar.gz
cd guacamole-server-1.5.5
./configure --with-init-dir=/etc/init.d
make
sudo make install
sudo ldconfig
sudo systemctl daemon-reload

# Create Guacamole service
echo "Creating Guacamole service..."
cat <<EOF | sudo tee /etc/systemd/system/guacd.service
[Unit]
Description=Guacamole Proxy Daemon (guacd)
After=network.target

[Service]
ExecStart=/usr/local/sbin/guacd -f
Restart=always
User=root
Group=root

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo systemctl enable guacd
sudo systemctl restart guacd

# Configure Guacamole
echo "Configuring Guacamole..."
sudo mkdir -p /etc/guacamole
cd /etc/guacamole
sudo wget https://downloads.apache.org/guacamole/1.5.5/binary/guacamole-1.5.5.war
sudo mv guacamole-1.5.5.war guacamole.war
sudo ln -s /etc/guacamole/guacamole.war /usr/share/tomcat/webapps/
echo "GUACAMOLE_HOME=/etc/guacamole" | sudo tee -a /etc/default/tomcat

cat <<EOF | sudo tee /etc/guacamole/guacamole.properties
guacd-hostname: localhost
guacd-port: 4822
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
mysql-hostname: $MYSQL_HOSTNAME
mysql-database: $MYSQL_DATABASE
mysql-username: $MYSQL_USERNAME
mysql-password: $MYSQL_PASSWORD
EOF

sudo ln -s /etc/guacamole /usr/share/tomcat/.guacamole

# Restart services
sudo systemctl restart tomcat guacd

# Set up MySQL Database for Guacamole
cd
echo "Setting up MySQL database..."
sudo mkdir -p /etc/guacamole/extensions /etc/guacamole/lib
wget https://dlcdn.apache.org/guacamole/1.5.5/binary/guacamole-auth-jdbc-1.5.5.tar.gz
tar xzf guacamole-auth-jdbc-1.5.5.tar.gz guacamole-auth-jdbc-1.5.5/mysql
sudo cp guacamole-auth-jdbc-1.5.5/mysql/guacamole-auth-jdbc-mysql-1.5.5.jar /etc/guacamole/extensions/

wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-9.2.0.tar.gz
tar xzvf mysql-connector-j-9.2.0.tar.gz
sudo cp mysql-connector-j-9.2.0/mysql-connector-j-9.2.0.jar /etc/guacamole/lib

sudo mysql -h $MYSQL_HOSTNAME -u $MYSQL_USERNAME -p"$MYSQL_PASSWORD" -D $MYSQL_DATABASE < guacamole-auth-jdbc-1.5.5/mysql/schema/001-create-schema.sql
sudo mysql -h $MYSQL_HOSTNAME -u $MYSQL_USERNAME -p"$MYSQL_PASSWORD" -D $MYSQL_DATABASE < guacamole-auth-jdbc-1.5.5/mysql/schema/002-create-admin-user.sql


# Setup self-signed SSL certificate for Nginx
echo "Generating self-signed SSL certificate..."
sudo mkdir -p /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout /etc/nginx/ssl/connection.guacamole.local.key \
  -out /etc/nginx/ssl/connection.guacamole.local.crt \
  -subj "/C=US/ST=State/L=City/O=Company/OU=Org/CN=connection.guacamole.local"

# Configure Nginx as a reverse proxy
echo "Configuring Nginx..."
cat <<EOF | sudo tee /etc/nginx/conf.d/guacamole.conf
server {
    listen 443 ssl;
    server_name connection.guacamole.local;

    ssl_certificate /etc/nginx/ssl/connection.guacamole.local.crt;
    ssl_certificate_key /etc/nginx/ssl/connection.guacamole.local.key;

    location / {
        proxy_pass http://localhost:9090/guacamole/;
        proxy_buffering off;
        proxy_http_version 1.1;

        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;

        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection "Upgrade";
    }

    location /websocket-tunnel {
        proxy_pass http://localhost:9090/guacamole/websocket-tunnel;
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header X-Forwarded-Proto https;
    }
}

server {
    listen 80;
    server_name connection.guacamole.local;
    return 301 https://\$host\$request_uri;
}
EOF


sudo systemctl enable nginx
sudo systemctl restart nginx

#Disable IPV6 Support

echo "Disablign IPV6..."
cat <<EOF | sudo tee /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
EOF


# Restart services again
sudo systemctl restart tomcat guacd nginx

# Completion message
echo "Installation and configuration complete! Access Guacamole at https://<server-ip>"

PreviousRegEx for Sensitive Data NextCharacters allowed in a domain name

Last updated 2 months ago

Was this helpful?

#!/bin/bash set -e # Prompt user for database credentials echo "Enter MySQL database details:" read -p "MySQL Hostname: " MYSQL_HOSTNAME read -p "MySQL Database Name: " MYSQL_DATABASE read -p "MySQL Username: " MYSQL_USERNAME read -s -p "MySQL Password: " MYSQL_PASSWORD # Configure RPM Fusion Repository echo "Updating system and installing dependencies..." sudo yum install -y https://download1.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm sudo dnf config-manager --set-enabled crb sudo dnf install --nogpgcheck -y https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm sudo dnf update -y sudo dnf install epel-release -y sudo yum install -y libjpeg-turbo-devel libpng-devel libtool \ ffmpeg ffmpeg-devel freerdp freerdp-devel \ pango-devel libssh-devel pulseaudio-libs-devel \ openssl-devel libuuid-devel uuid-devel java-11-openjdk-devel nano nginx wget mysql # Verify Java Installation java -version echo "JAVA_HOME=/usr/lib/jvm/jre" | sudo tee -a /etc/environment source /etc/environment echo "Setting up Tomcat..." sudo groupadd --system tomcat sudo useradd -d /usr/share/tomcat -r -s /bin/false -g tomcat tomcat sudo mkdir -p /usr/share/tomcat cd /usr/share/tomcat sudo wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.43/bin/apache-tomcat-9.0.43.tar.gz sudo tar -xvf apache-tomcat-9.0.43.tar.gz --strip-components=1 sudo chmod -R u+x /usr/share/tomcat/bin sudo chown -R tomcat:tomcat /usr/share/tomcat/ # Create systemd service for Tomcat echo "Creating Tomcat service..." cat <<EOF | sudo tee /etc/systemd/system/tomcat.service [Unit] Description=Tomcat Server After=syslog.target network.target [Service] Type=forking User=tomcat Group=tomcat Environment=JAVA_HOME=/usr/lib/jvm/jre Environment='JAVA_OPTS=-Djava.awt.headless=true' Environment=CATALINA_HOME=/usr/share/tomcat Environment=CATALINA_BASE=/usr/share/tomcat Environment=CATALINA_PID=/usr/share/tomcat/temp/tomcat.pid Environment='CATALINA_OPTS=-Xms512M -Xmx1024M' ExecStart=/usr/share/tomcat/bin/catalina.sh start ExecStop=/usr/share/tomcat/bin/catalina.sh stop [Install] WantedBy=multi-user.target EOF sudo systemctl daemon-reload sudo setenforce 0 sudo systemctl restart tomcat sudo systemctl enable tomcat # Modify server.xml for Tomcat sudo sed -i 's/port="8080"/port="9090"/' /usr/share/tomcat/conf/server.xml # Install and configure Guacamole echo "Installing Guacamole..." cd /root wget https://downloads.apache.org/guacamole/1.5.5/source/guacamole-server-1.5.5.tar.gz tar -xvzf guacamole-server-1.5.5.tar.gz cd guacamole-server-1.5.5 ./configure --with-init-dir=/etc/init.d make sudo make install sudo ldconfig sudo systemctl daemon-reload # Create Guacamole service echo "Creating Guacamole service..." cat <<EOF | sudo tee /etc/systemd/system/guacd.service [Unit] Description=Guacamole Proxy Daemon (guacd) After=network.target [Service] ExecStart=/usr/local/sbin/guacd -f Restart=always User=root Group=root [Install] WantedBy=multi-user.target EOF sudo systemctl daemon-reload sudo systemctl enable guacd sudo systemctl restart guacd # Configure Guacamole echo "Configuring Guacamole..." sudo mkdir -p /etc/guacamole cd /etc/guacamole sudo wget https://downloads.apache.org/guacamole/1.5.5/binary/guacamole-1.5.5.war sudo mv guacamole-1.5.5.war guacamole.war sudo ln -s /etc/guacamole/guacamole.war /usr/share/tomcat/webapps/ echo "GUACAMOLE_HOME=/etc/guacamole" | sudo tee -a /etc/default/tomcat cat <<EOF | sudo tee /etc/guacamole/guacamole.properties guacd-hostname: localhost guacd-port: 4822 auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider mysql-hostname: $MYSQL_HOSTNAME mysql-database: $MYSQL_DATABASE mysql-username: $MYSQL_USERNAME mysql-password: $MYSQL_PASSWORD EOF sudo ln -s /etc/guacamole /usr/share/tomcat/.guacamole # Restart services sudo systemctl restart tomcat guacd # Set up MySQL Database for Guacamole cd echo "Setting up MySQL database..." sudo mkdir -p /etc/guacamole/extensions /etc/guacamole/lib wget https://dlcdn.apache.org/guacamole/1.5.5/binary/guacamole-auth-jdbc-1.5.5.tar.gz tar xzf guacamole-auth-jdbc-1.5.5.tar.gz guacamole-auth-jdbc-1.5.5/mysql sudo cp guacamole-auth-jdbc-1.5.5/mysql/guacamole-auth-jdbc-mysql-1.5.5.jar /etc/guacamole/extensions/ wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-9.2.0.tar.gz tar xzvf mysql-connector-j-9.2.0.tar.gz sudo cp mysql-connector-j-9.2.0/mysql-connector-j-9.2.0.jar /etc/guacamole/lib sudo mysql -h $MYSQL_HOSTNAME -u $MYSQL_USERNAME -p"$MYSQL_PASSWORD" -D $MYSQL_DATABASE < guacamole-auth-jdbc-1.5.5/mysql/schema/001-create-schema.sql sudo mysql -h $MYSQL_HOSTNAME -u $MYSQL_USERNAME -p"$MYSQL_PASSWORD" -D $MYSQL_DATABASE < guacamole-auth-jdbc-1.5.5/mysql/schema/002-create-admin-user.sql # Setup self-signed SSL certificate for Nginx echo "Generating self-signed SSL certificate..." sudo mkdir -p /etc/nginx/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/nginx/ssl/connection.guacamole.local.key \ -out /etc/nginx/ssl/connection.guacamole.local.crt \ -subj "/C=US/ST=State/L=City/O=Company/OU=Org/CN=connection.guacamole.local" # Configure Nginx as a reverse proxy echo "Configuring Nginx..." cat <<EOF | sudo tee /etc/nginx/conf.d/guacamole.conf server { listen 443 ssl; server_name connection.guacamole.local; ssl_certificate /etc/nginx/ssl/connection.guacamole.local.crt; ssl_certificate_key /etc/nginx/ssl/connection.guacamole.local.key; location / { proxy_pass http://localhost:9090/guacamole/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "Upgrade"; } location /websocket-tunnel { proxy_pass http://localhost:9090/guacamole/websocket-tunnel; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-Proto https; } } server { listen 80; server_name connection.guacamole.local; return 301 https://\$host\$request_uri; } EOF sudo systemctl enable nginx sudo systemctl restart nginx #Disable IPV6 Support echo "Disablign IPV6..." cat <<EOF | sudo tee /etc/sysctl.conf net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 EOF # Restart services again sudo systemctl restart tomcat guacd nginx # Completion message echo "Installation and configuration complete! Access Guacamole at https://<server-ip>"