dpkg-reconfigure tzdata
export guacver=1.3.0
export tomcatver=9.0.45
export loginPwHash=$(echo -n SuperGeheimesPasswort | openssl md5 | awk '{ print $2 }')
echo $loginPwHash> /tmp/password.loginhash
export dbpw=$(openssl rand -hex 8)
export dbpw=2b2cb9cd9ddd9e1d
echo $dbpw > /tmp/password.database

Step 1: Server Preparation 

apt update
apt install -y gcc vim curl wget g++ software-properties-common
apt install -y libcairo2-dev libjpeg-turbo8-dev libpng-dev libtool-bin libossp-uuid-dev libavcodec-dev libavutil-dev libswscale-dev build-essential libpango1.0-dev libssh2-1-dev libvncserver-dev libtelnet-dev libssl-dev libvorbis-dev libwebp-dev libjpeg62-dev libavformat-dev libwebsockets-dev libpulse-dev


add-apt-repository ppa:remmina-ppa-team/freerdp-daily
apt update
apt install freerdp2-dev freerdp2-x11 -y

Step 2: Install Apache Tomcat 

apt install openjdk-11-jdk default–jdk

mkdir /opt/tomcat
sudo groupadd tomcat
useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat
# useradd -m -U -d /opt/tomcat -s /bin/false tomcat


#apt install -y make tomcat9
wget https://downloads.apache.org/tomcat/tomcat-9/v${tomcatver}/bin/apache-tomcat-${tomcatver}.tar.gz -P ~
tar -xzf apache-tomcat-${tomcatver}.tar.gz -C /opt/tomcat/
mv /opt/tomcat/apache-tomcat-${tomcatver} /opt/tomcat/tomcatapp
chown -R tomcat: /opt/tomcat
chmod +x /opt/tomcat/tomcatapp/bin/*.sh

cat << EOF > /etc/systemd/system/tomcat.service
[Unit]
Description=Tomcat 9 servlet container
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat

Environment="JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"

Environment="CATALINA_BASE=/opt/tomcat/tomcatapp"
Environment="CATALINA_HOME=/opt/tomcat/tomcatapp"
Environment="CATALINA_PID=/opt/tomcat/tomcatapp/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/tomcatapp/bin/startup.sh
ExecStop=/opt/tomcat/tomcatapp/bin/shutdown.sh

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now tomcat
systemctl status tomcat

sudo ufw allow 8080/tcp

Step 3: Build the Guacamole Server From Source 

wget https://downloads.apache.org/guacamole/${guacver}/source/guacamole-server-${guacver}.tar.gz -P ~
tar xzf ~/guacamole-server-${guacver}.tar.gz
cd ~/guacamole-server-${guacver}
./configure --with-init-dir=/etc/init.d

make
make install
ldconfig
systemctl daemon-reload
systemctl start guacd
systemctl enable guacd
systemctl status guacd

mkdir /etc/guacamole
mkdir /etc/guacamole/extensions
mkdir /etc/guacamole/lib

Step 4: Install the Guacamole Web Application 

wget https://downloads.apache.org/guacamole/${guacver}/binary/guacamole-${guacver}.war -P ~
mv ~/guacamole-${guacver}.war /etc/guacamole/guacamole.war
ln -s /etc/guacamole/guacamole.war /opt/tomcat/tomcatapp/webapps

Step 5: Configure Guacamole Server 

echo "GUACAMOLE_HOME=/etc/guacamole" | sudo tee -a /etc/default/tomcat

cat << EOF > /etc/guacamole/guacamole.properties
guacd-hostname: localhost
guacd-port:    4822
user-mapping:    /etc/guacamole/user-mapping.xml
auth-provider:    net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
EOF 

ln -s /etc/guacamole /opt/tomcat/tomcatapp/.guacamole

Step 6: Setup Guacamole Authentication Method 

cat << EOF > /etc/guacamole/user-mapping.xml
<user-mapping>
    <!-- Per-user authentication and config information -->

    <!-- A user using md5 to hash the password
         guacadmin user and its md5 hashed password below is used to
             login to Guacamole Web UI-->
    <authorize
            username="patrick"
            password="${loginPwHash}"
            encoding="md5">

        <connection name="SSH: Videostation">
            <protocol>ssh</protocol>
            <param name="hostname">192.168.178.59</param>
            <param name="port">22</param>
            <param name="username">godfather</param>
            <param name="password">${GUAC_PASSWORD}</param>
        </connection>

        <connection name="SSH: Audiostation">
            <protocol>ssh</protocol>
            <param name="hostname">192.168.178.58</param>
            <param name="port">22</param>
            <param name="username">godfather</param>
            <param name="password">${GUAC_PASSWORD}</param>
        </connection>

        <connection name="SSH: Guacamole">
            <protocol>ssh</protocol>
            <param name="hostname">192.168.178.232</param>
            <param name="port">22</param>
            <param name="username">godfather</param>
            <param name="password">${GUAC_PASSWORD}</param>
        </connection>

        <connection name="SSH: PiHole">
            <protocol>ssh</protocol>
            <param name="hostname">192.168.178.231</param>
            <param name="port">22</param>
            <param name="username">godfather</param>
            <param name="password">${GUAC_PASSWORD}</param>
        </connection>

        <connection name="RDP: nb-pb-skuld">
            <protocol>rdp</protocol>
            <param name="hostname">192.168.178.105</param>
            <param name="port">3389</param>
            <param name="security">nla</param>
            <param name="username">patrick</param>
            <param name="password">${GUAC_PASSWORD}</param>
            <param name="ignore-cert">true</param>
        </connection>

    </authorize>
</user-mapping>
EOF

systemctl restart tomcat guacd

sudo ufw allow 4822/tcp

Step 7: Switch Guacamole to MariaDB 

apt install -y make mariadb-server

wget --trust-server-names "https://apache.org/dyn/closer.cgi?action=download&filename=guacamole/$guacver/binary/guacamole-auth-jdbc-$guacver.tar.gz" -O /usr/src/guacamole-auth-jdbc-$guacver.tar.gz
wget "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-8.0.21.tar.gz" -O /usr/src/mysql-connector-java-8.0.21.tar.gz

tar xvzf /usr/src/guacamole-auth-jdbc-$guacver.tar.gz -C /usr/src/
tar xvzf /usr/src/mysql-connector-java-8.0.21.tar.gz -C /usr/src/

cp /usr/src/guacamole-auth-jdbc-$guacver/mysql/guacamole-auth-jdbc-mysql-$guacver.jar /etc/guacamole/extensions/
cp /usr/src/mysql-connector-java-8.0.21/mysql-connector-java-8.0.21.jar /etc/guacamole/lib/

mysql -u root -p -e "CREATE USER 'guacamole'@'localhost' IDENTIFIED BY '$dbpw';"
mysql -u root -p -e "CREATE DATABASE IF NOT EXISTS guacamole DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;"
mysql -u root -p -e "GRANT SELECT,INSERT,UPDATE,DELETE,CREATE ON guacamole.* TO 'guacamole'@'localhost' IDENTIFIED BY '$dbpw' WITH GRANT OPTION;"
mysql -u root -p -e "FLUSH PRIVILEGES;"

mysql -uguacamole -p$dbpw guacamole < /usr/src/guacamole-auth-jdbc-$guacver/mysql/schema/001-create-schema.sql
mysql -uguacamole -p$dbpw guacamole < /usr/src/guacamole-auth-jdbc-$guacver/mysql/schema/002-create-admin-user.sql

cp /etc/guacamole/guacamole.properties /etc/guacamole/guacamole.properties.xmlnodb
cat << EOF > /etc/guacamole/guacamole.properties
#
# Hostname and Guacamole server port
#
guacd-hostname: 127.0.0.1
guacd-port: 4822
# 
# MySQL properties
#
mysql-hostname: 127.0.0.1
mysql-port: 3306
mysql-database: guacamole
mysql-username: guacamole
mysql-password: $dbpw
EOF

Step 8: Timezone-error 

cp /etc/mysql/mariadb.conf.d/50-server.cnf /etc/mysql/mariadb.conf.d/50-server.cnf.orginal
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
sed -i '30 i\# Timezone' /etc/mysql/mariadb.conf.d/50-server.cnf
sed -i '31 i\default_time_zone=Europe/Berlin' /etc/mysql/mariadb.conf.d/50-server.cnf
sed -i '32 i\ ' /etc/mysql/mariadb.conf.d/50-server.cnf
systemctl restart mariadb.service

systemctl restart tomcat.service
Diese Website verwendet Cookies. Durch die Nutzung der Website stimmen Sie dem Speichern von Cookies auf Ihrem Computer zu. Außerdem bestätigen Sie, dass Sie unsere Datenschutzbestimmungen gelesen und verstanden haben. Wenn Sie nicht einverstanden sind, verlassen Sie die Website.Weitere Information