Introduction In today’s digital age, remote access to computers and servers has become an essential requirement for businesses and individuals alike. Apache Guacamole is a powerful open-source solution that allows you to establish remote connections with your machines using various protocols, such as SSH, RDP, and VNC. In this comprehensive guide, we will walk you through the step-by-step process of setting up a Remote Desktop Gateway with Apache Guacamole on AlmaLinux 9.
Prerequisites
Before we dive into the installation process, make sure you have the following prerequisites in place:
- An AlmaLinux 9 server: We will be using a server with the hostname
guacamole-alma9
. - A non-root user with sudo privileges: This user will be used to execute administrative commands throughout the installation process.
- A domain name pointed to the server’s IP address: This will enable us to access the Apache Guacamole application remotely.
Setting Up Repositories
The first step is to set up the necessary repositories on your AlmaLinux server. We need to add the EPEL repository, enable the Code Ready Builder (CRB) repository, and add the RPMFusion repository. Open your terminal and run the following commands:
sudo dnf install wget nano epel-release dnf-utils sudo dnf config-manager --set-enabled crb sudo dnf install --nogpgcheck https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm-E%rhel).noarch.rpm https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm-E%rhel).noarch.rpm
Installing Dependencies
Now that the repositories are set up, we can proceed with installing the necessary dependencies for Apache Guacamole. We will be installing the following packages:
- Basic dependencies for compiling and installing
guacd
. - Java and Apache Tomcat for running the Apache Guacamole web application.
- MariaDB database server for user authentication.
- Nginx web server as a reverse proxy for the Apache Guacamole web application.
- Certbot for securing access to Apache Guacamole.
To install the dependencies for compiling guacd
, run the following command:
sudo dnf install cairo-devel libjpeg-turbo-devel libjpeg-devel libpng-devel libtool libuuid-devel uuid-devel make cmake ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel compat-openssl11 libvorbis-devel libwebp-devel libgcrypt-devel
Next, install Java 11 and Apache Tomcat 9 by running the following command:
sudo dnf install java-11-openjdk-devel tomcat
Verify the Java version by executing the following command:
java --version
To install MariaDB server, run the following command:
sudo dnf install mariadb-server
For Nginx and Certbot installation, use the following command:
sudo dnf install nginx certbot python3-certbot-nginx
Configuring Firewalld
To allow HTTP and HTTPS traffic, open the necessary ports using the following commands:
sudo firewall-cmd --add-service={http,https} --permanent sudo firewall-cmd --reload
Setting Up MariaDB Database
We will be using MariaDB as the authentication method for Apache Guacamole. First, secure the MariaDB installation by running the following command:
sudo mariadb-secure-installation
During the process, you will be prompted to set a root password and make other security-related configurations. Follow the prompts and secure your MariaDB installation.
Next, log in to the MariaDB server using the following command:
sudo mariadb -u root -p
Create a new database and user for Apache Guacamole with the following commands:
CREATE DATABASE guacamoledb; CREATE USER 'guacamole'@'localhost' IDENTIFIED BY 'GuacamolePassword'; GRANT SELECT,INSERT,UPDATE,DELETE ON guacamoledb.* TO 'guacamole'@'localhost'; FLUSH PRIVILEGES;
Verify the privileges for the user ‘guacamole’ with the following command:
SHOW GRANTS FOR 'guacamole'@'localhost';
Exit the MariaDB prompt by typing quit
.
Installing Apache Guacamole Server
Apache Guacamole comprises two main components :guacd
, an arbitrary remote desktop protocol, and the Guacamole web application. Let’s install them one by one.
Compiling and Installing guacd
Move to the /usr/src
directory and download the Apache Guacamole server source code:
cd /usr/src wget https://dlcdn.apache.org/guacamole/1.5.2/source/guacamole-server-1.5.2.tar.gz
Extract the downloaded file and enter the newly created directory:
tar -xf guacamole-server-1.5.2.tar.gz cd guacamole-server-*/
Configure the installation by running the following command:
./configure --with-systemd-dir=/etc/systemd/system/
Make sure that all the required libraries and services have a status of ‘yes’ in the configuration summary. If everything looks good, proceed with the compilation and installation:
sudo make && sudo make install
After the installation, reload the system libraries cache:
sudo ldconfig
Create a new configuration file for guacd
:
sudo mkdir -p /etc/guacamole/ sudo nano /etc/guacamole/guacd.conf
In the file, add the following content to configure guacd
to run on localhost
with port 4822
:
[server] bind_host = 127.0.0.1 bind_port = 4822
Save and exit the file.
Reload the systemd manager and start the guacd
service:
sudo systemctl daemon-reload
sudo systemctl start guacd
sudo systemctl enable guacd
Verify the status of the guacd
service:
sudo systemctl status guacd
You should see that the service is active and running.
Installing Apache Guacamole Web Application
Now, let’s install the Apache Guacamole web application. Move to the /usr/src
directory and download the .war
file:
cd /usr/src wget https://dlcdn.apache.org/guacamole/1.5.2/binary/guacamole-1.5.2.war
Copy the downloaded .war
file to the Apache Tomcat webapps directory:
sudo cp guacamole-1.5.2.war /var/lib/tomcat/webapps/guacamole.war
Restart the Tomcat service to apply the changes:
sudo systemctl restart tomcat
Configuring Apache Guacamole with MariaDB Authentication
To configure Apache Guacamole with MariaDB authentication, follow these steps:
- Create the necessary directories and set the
GUACAMOLE_HOME
environment variable:
sudo mkdir -p /etc/guacamole/{extensions,lib} echo "GUACAMOLE_HOME=/etc/guacamole"| sudo tee -a /etc/sysconfig/tomcat
- Download the Guacamole database extension and move it to the
/etc/guacamole/extensions/
directory:
cd /usr/src wget https://downloads.apache.org/guacamole/1.5.2/binary/guacamole-auth-jdbc-1.5.2.tar.gz tar -xf guacamole-auth-jdbc-1.5.2.tar.gz sudo mv guacamole-auth-jdbc-1.5.2/mysql/guacamole-auth-jdbc-mysql-1.5.2.jar /etc/guacamole/extensions/
- Import the Apache Guacamole database schema to the
guacamoledb
database:
cd guacamole-auth-jdbc-1.5.2/mysql/schema cat *.sql | mariadb -u root -p guacamoledb
- Download the MySQL connector for the Java application and move it to the
/etc/guacamole/lib/
directory:
cd /usr/src wget https://dev.mysql.com/get/Downloads/Connector -J /mysql-connector-j-8.0.33.tar.gz tar -xf mysql-connector-j-8.0.33.tar.gz sudo mv mysql-connector-j-8.0.33/mysql-connector-j-8.0.33.jar /etc/guacamole/lib/
- Create a configuration file for Apache Guacamole:
sudo nano /etc/guacamole/guacamole.properties
Add the following content to the file, replacing the placeholders with your specific values:
# MySQL properties mysql-hostname: localhost mysql-database: guacamoledb mysql-username: guacamole mysql-password: GuacamolePassword
Save and close the file.
- Restart the Tomcat service:
sudo systemctl restart tomcat
Configuring Nginx as a Reverse Proxy
In the following steps, we will configure Nginx as a reverse proxy for Apache Guacamole and secure the installation with SSL certificates from Let’s Encrypt.
- Open the Apache Tomcat configuration file:
sudo nano /etc/tomcat/server.xml
Within the <Host name="localhost" appBase="webapps"
section, add the following configuration to enable reverse proxy:
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" />
Save the file and exit the editor.
- Restart the Tomcat service to apply the changes:
sudo systemctl restart tomcat
- Create an Nginx server block configuration file:
sudo nano /etc/nginx/conf.d/guacamole.conf
Add the following server block configuration, replacing guacamole.example.io
with your domain name:
server { listen 80; server_name guacamole.example.io; access_log /var/log/nginx/guacamole-access.log; error_log /var/log/nginx/guacamole-error.log; location / { proxy_pass http://127.0.0.1:8080/guacamole/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; access_log off; } }
Save the file and exit the editor.
- Verify the Nginx configuration and restart the service:
sudo nginx -t
sudo systemctl restart nginx
- Secure your Apache Guacamole installation with Let’s Encrypt SSL certificates:
sudo certbot --nginx --agree-tos --no-eff-email --redirect --hsts --staple-ocsp --emailtest@example.io -d guacamole.example.io
Replace emailtest@example.io
with your email address.
Accessing Apache Guacamole
Congratulations! You have successfully set up Apache Guacamole as a Remote Desktop Gateway on your AlmaLinux 9 server. Now, let’s access your remote machines using the Apache Guacamole web application.
- Launch your web browser and visit your Apache Guacamole installation’s domain name (e.g.,
https://guacamole.example.io
). - Log in using the default credentials: username
guacadmin
and passwordguacadmin
. - Once logged in, you will see the Apache Guacamole user dashboard. From here, you can create and manage your remote connections.
- To create a new connection, click on the
Admin
menu and selectSettings
. Then, click on theConnections
tab and click theCreate a new connection
button. - Fill in the connection details, such as the name, protocol, target host IP address, port, and credentials. Save the connection settings.
- Back on the user dashboard, you will see your newly created connection. Click on it to establish a remote connection to the target host.
With Apache Guacamole, you can securely access your remote machines from anywhere using just a web browser.
Conclusion
Setting up a Remote Desktop Gateway with Apache Guacamole on AlmaLinux 9 is a powerful solution that enables you to establish secure and efficient remote connections to your machines. By following this comprehensive guide, you have successfully installed and configured Apache Guacamole with MariaDB authentication, Nginx as a reverse proxy, and secured the installation with Let’s Encrypt SSL certificates. You are now empowered with the ability to access your servers or desktops easily and securely via the Apache Guacamole web application.
If you are looking for reliable and scalable cloud hosting solutions, consider Shape.host. With their Cloud VPS services, you can benefit from the expertise of a trusted provider, ensuring the efficiency and security of your remote access infrastructure. Shape.host is committed to empowering businesses with top-notch cloud hosting solutions.