‍

Introduction In today’s digital age, remote access to computers and servers has become an essential requirement for businesses and individuals alike. Apache Guacamole is a powerful open-source solution that allows you to establish remote connections with your machines using various protocols, such as SSH, RDP, and VNC. In this comprehensive guide, we will walk you through the step-by-step process of setting up a Remote Desktop Gateway with Apache Guacamole on AlmaLinux 9.

Prerequisites

Before we dive into the installation process, make sure you have the following prerequisites in place:

• An AlmaLinux 9 server: We will be using a server with the hostname guacamole-alma9.
• A non-root user with sudo privileges: This user will be used to execute administrative commands throughout the installation process.
• A domain name pointed to the server’s IP address: This will enable us to access the Apache Guacamole application remotely.

Setting Up Repositories

The first step is to set up the necessary repositories on your AlmaLinux server. We need to add the EPEL repository, enable the Code Ready Builder (CRB) repository, and add the RPMFusion repository. Open your terminal and run the following commands:

sudo dnf install wget nano epel-release dnf-utils
sudo dnf config-manager --set-enabled crb
sudo dnf install --nogpgcheck https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm-E%rhel).noarch.rpm
https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm-E%rhel).noarch.rpm

Installing Dependencies

Now that the repositories are set up, we can proceed with installing the necessary dependencies for Apache Guacamole. We will be installing the following packages:

• Basic dependencies for compiling and installing guacd.
• Java and Apache Tomcat for running the Apache Guacamole web application.
• MariaDB database server for user authentication.
• Nginx web server as a reverse proxy for the Apache Guacamole web application.
• Certbot for securing access to Apache Guacamole.

To install the dependencies for compiling guacd, run the following command:

sudo dnf install cairo-devel libjpeg-turbo-devel libjpeg-devel libpng-devel libtool libuuid-devel uuid-devel make cmake ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel compat-openssl11 libvorbis-devel libwebp-devel libgcrypt-devel

Next, install Java 11 and Apache Tomcat 9 by running the following command:

sudo dnf install java-11-openjdk-devel tomcat

Verify the Java version by executing the following command:

java --version

To install MariaDB server, run the following command:

sudo dnf install mariadb-server

For Nginx and Certbot installation, use the following command:

sudo dnf install nginx certbot python3-certbot-nginx

Configuring Firewalld

To allow HTTP and HTTPS traffic, open the necessary ports using the following commands:

sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload

Setting Up MariaDB Database

We will be using MariaDB as the authentication method for Apache Guacamole. First, secure the MariaDB installation by running the following command:

sudo mariadb-secure-installation

During the process, you will be prompted to set a root password and make other security-related configurations. Follow the prompts and secure your MariaDB installation.

Next, log in to the MariaDB server using the following command:

sudo mariadb -u root -p

Create a new database and user for Apache Guacamole with the following commands:

CREATE DATABASE guacamoledb;
CREATE USER 'guacamole'@'localhost' IDENTIFIED BY 'GuacamolePassword';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamoledb.* TO 'guacamole'@'localhost';
FLUSH PRIVILEGES;

Verify the privileges for the user ‘guacamole’ with the following command:

SHOW GRANTS FOR 'guacamole'@'localhost';

Exit the MariaDB prompt by typing quit.

Installing Apache Guacamole Server

Apache Guacamole comprises two main components :guacd, an arbitrary remote desktop protocol, and the Guacamole web application. Let’s install them one by one.

Compiling and Installing guacd

Move to the /usr/src directory and download the Apache Guacamole server source code:

cd /usr/src
wget https://dlcdn.apache.org/guacamole/1.5.2/source/guacamole-server-1.5.2.tar.gz

Extract the downloaded file and enter the newly created directory:

tar -xf guacamole-server-1.5.2.tar.gz
cd guacamole-server-*/

Configure the installation by running the following command:

./configure --with-systemd-dir=/etc/systemd/system/

Make sure that all the required libraries and services have a status of ‘yes’ in the configuration summary. If everything looks good, proceed with the compilation and installation:

sudo make && sudo make install

After the installation, reload the system libraries cache:

sudo ldconfig

Create a new configuration file for guacd:

sudo mkdir -p /etc/guacamole/
sudo nano /etc/guacamole/guacd.conf

In the file, add the following content to configure guacd to run on localhost with port 4822:

[server]
bind_host = 127.0.0.1
bind_port = 4822

Save and exit the file.

Reload the systemd manager and start the guacd service:

sudo systemctl daemon-reload
sudo systemctl start guacd
sudo systemctl enable guacd

Verify the status of the guacd service:

sudo systemctl status guacd

You should see that the service is active and running.

Installing Apache Guacamole Web Application

Now, let’s install the Apache Guacamole web application. Move to the /usr/src directory and download the .war file:

cd /usr/src
wget https://dlcdn.apache.org/guacamole/1.5.2/binary/guacamole-1.5.2.war

Copy the downloaded .war file to the Apache Tomcat webapps directory:

sudo cp guacamole-1.5.2.war /var/lib/tomcat/webapps/guacamole.war

Restart the Tomcat service to apply the changes:

sudo systemctl restart tomcat

Configuring Apache Guacamole with MariaDB Authentication

To configure Apache Guacamole with MariaDB authentication, follow these steps:

1. Create the necessary directories and set the GUACAMOLE_HOME environment variable:

sudo mkdir -p /etc/guacamole/{extensions,lib}
echo "GUACAMOLE_HOME=/etc/guacamole"| sudo tee -a /etc/sysconfig/tomcat

2. Download the Guacamole database extension and move it to the /etc/guacamole/extensions/ directory:

cd /usr/src
wget https://downloads.apache.org/guacamole/1.5.2/binary/guacamole-auth-jdbc-1.5.2.tar.gz
tar -xf guacamole-auth-jdbc-1.5.2.tar.gz
sudo mv guacamole-auth-jdbc-1.5.2/mysql/guacamole-auth-jdbc-mysql-1.5.2.jar /etc/guacamole/extensions/

3. Import the Apache Guacamole database schema to the guacamoledb database:

cd guacamole-auth-jdbc-1.5.2/mysql/schema
cat *.sql | mariadb -u root -p guacamoledb

4. Download the MySQL connector for the Java application and move it to the /etc/guacamole/lib/ directory:

cd /usr/src
wget https://dev.mysql.com/get/Downloads/Connector -J /mysql-connector-j-8.0.33.tar.gz
tar -xf mysql-connector-j-8.0.33.tar.gz
sudo mv mysql-connector-j-8.0.33/mysql-connector-j-8.0.33.jar /etc/guacamole/lib/

5. Create a configuration file for Apache Guacamole:

sudo nano /etc/guacamole/guacamole.properties

Add the following content to the file, replacing the placeholders with your specific values:

# MySQL properties
mysql-hostname: localhost
mysql-database: guacamoledb
mysql-username: guacamole
mysql-password: GuacamolePassword

Save and close the file.

6. Restart the Tomcat service:

sudo systemctl restart tomcat

Configuring Nginx as a Reverse Proxy

In the following steps, we will configure Nginx as a reverse proxy for Apache Guacamole and secure the installation with SSL certificates from Let’s Encrypt.

1. Open the Apache Tomcat configuration file:

sudo nano /etc/tomcat/server.xml

Within the <Host name="localhost" appBase="webapps" section, add the following configuration to enable reverse proxy:

<Host name="localhost"  appBase="webapps"
    unpackWARs="true" autoDeploy="true">

    <Valve className="org.apache.catalina.valves.RemoteIpValve"
        internalProxies="127.0.0.1"
        remoteIpHeader="x-forwarded-for"
        remoteIpProxiesHeader="x-forwarded-by"
        protocolHeader="x-forwarded-proto" />

Save the file and exit the editor.

2. Restart the Tomcat service to apply the changes:

sudo systemctl restart tomcat

3. Create an Nginx server block configuration file:

sudo nano /etc/nginx/conf.d/guacamole.conf

Add the following server block configuration, replacing guacamole.example.io with your domain name:

server {
    listen 80;
    server_name guacamole.example.io;

    access_log /var/log/nginx/guacamole-access.log;
    error_log /var/log/nginx/guacamole-error.log;

    location / {
        
        proxy_pass http://127.0.0.1:8080/guacamole/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        access_log off;
    }
}

Save the file and exit the editor.

4. Verify the Nginx configuration and restart the service:

sudo nginx -t
sudo systemctl restart nginx

5. Secure your Apache Guacamole installation with Let’s Encrypt SSL certificates:

sudo certbot --nginx --agree-tos --no-eff-email --redirect --hsts --staple-ocsp --emailtest@example.io -d guacamole.example.io

Replace emailtest@example.io with your email address.

Accessing Apache Guacamole

Congratulations! You have successfully set up Apache Guacamole as a Remote Desktop Gateway on your AlmaLinux 9 server. Now, let’s access your remote machines using the Apache Guacamole web application.

1. Launch your web browser and visit your Apache Guacamole installation’s domain name (e.g., https://guacamole.example.io).
2. Log in using the default credentials: username guacadmin and password guacadmin.
3. Once logged in, you will see the Apache Guacamole user dashboard. From here, you can create and manage your remote connections.
4. To create a new connection, click on the Admin menu and select Settings. Then, click on the Connections tab and click the Create a new connection button.
5. Fill in the connection details, such as the name, protocol, target host IP address, port, and credentials. Save the connection settings.
6. Back on the user dashboard, you will see your newly created connection. Click on it to establish a remote connection to the target host.

With Apache Guacamole, you can securely access your remote machines from anywhere using just a web browser.

Conclusion

Setting up a Remote Desktop Gateway with Apache Guacamole on AlmaLinux 9 is a powerful solution that enables you to establish secure and efficient remote connections to your machines. By following this comprehensive guide, you have successfully installed and configured Apache Guacamole with MariaDB authentication, Nginx as a reverse proxy, and secured the installation with Let’s Encrypt SSL certificates. You are now empowered with the ability to access your servers or desktops easily and securely via the Apache Guacamole web application.

If you are looking for reliable and scalable cloud hosting solutions, consider Shape.host. With their Cloud VPS services, you can benefit from the expertise of a trusted provider, ensuring the efficiency and security of your remote access infrastructure. Shape.host is committed to empowering businesses with top-notch cloud hosting solutions.