In this tutorial, we will show you how to install Apache Guacamole on AlmaLinux 8. For those of you who didn’t know, Apache Guacamole is a clientless HTML5 web-based remote desktop gateway that supports standard protocols like VNC, RDP, and SSH. It does not need any third-party plugins and clients to work. You can access your machine using a web-based gateway. It can be put behind a proxy server which allows you to access your servers from anywhere in the world.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Apache Guacamoleon remote desktop on AlmaLinux 8. You can follow the same instructions for CentOS and Rocky Linux.
Prerequisites
- A server running one of the following operating systems: AlmaLinux 8, CentOS, and Rocky Linux 8.
- It’s recommended that you use a fresh OS install to prevent any potential issues
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install Apache Guacamole on AlmaLinux 8
Step 1. First, let’s start by ensuring your system is up-to-date.
sudo dnf install epel-release sudo dnf config-manager --set-enabled powertools sudo dnf update
Step 2. Install Required Dependencies.
Now install the required packages for Guacamole:
sudo dnf install cairo-devel libjpeg-turbo-devel libjpeg-devel libpng-devel libtool libuuid-devel uuid-devel make cmake sudo dnf install ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel compat-openssl10 libvorbis-devel libwebp-devel libgcrypt-devel
Step 3. Installing Apache Tomcat.
First, install Java OpenJDK 11 on your AlmaLinux system:
sudo dnf install java-11-openjdk-devel
Verify Java installation:
java -version
For additional resources on installing Java, read the post below:
Let’s create a group and user that will have access to Tomcat only and cannot be used for other purposes such as login to the system to install or delete anything:
sudo groupadd tomcat sudo mkdir /opt/tomcat sudo useradd -s /bin/nologin -g tomcat -d /opt/tomcat tomcat
Then, download the Apache Tomcat installer from the official page and save it in your working directory:
wget https://downloads.apache.org/tomcat/tomcat-10/v10.0.8/bin/apache-tomcat-10.0.8.tar.gz sudo tar -zxvf apache-tomcat-*.tar.gz -C /opt/tomcat --strip-components=1
Next, set the proper file permissions:
sudo chown -R tomcat: /opt/tomcat sudo sh -c 'chmod +x /opt/tomcat/bin/*.sh'
Now we create Apache Tomcat Systemd Service.
We need to create a startup script to manage Tomcat as systemd a service. Let’s create a tomcat.service file:
sudo nano /etc/systemd/system/tomcat.service
Add the following line:
[Unit] Description=Tomcat webs servlet container After=network.target [Service] Type=forking User=tomcat Group=tomcat Environment="JAVA_HOME=/usr/lib/jvm/jre" Environment="JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom" Environment="CATALINA_BASE=/opt/tomcat" Environment="CATALINA_HOME=/opt/tomcat" Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid" Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC" ExecStart=/opt/tomcat/bin/startup.sh ExecStop=/opt/tomcat/bin/shutdown.sh [Install] WantedBy=multi-user.target
Save and close, also start and enable Apache Tomcat service:
sudo systemctl daemon-reload sudo systemctl start tomcat sudo systemctl enable --now tomcat
Step 4. Installing Apache Guacamole on AlmaLinux 8.
By default, Apache Guacamole is not available on the AlmaLinux base repository. Now run the following command below to download the latest stable version of Guacamole from the official page:
wget https://dlcdn.apache.org/guacamole/1.4.0/source/guacamole-client-1.4.0.tar.gz tar -xvzf guacamole-server-1.4.0.tar.gz cd guacamole-server-1.4.0 ./configure --with-systemd-dir=/etc/systemd/system/
Next, compile and install the Guacamole using the following commands:
sudo make sudo make install sudo ldconfi
After that, reload the systemd daemon with the following command:
sudo systemctl daemon-reload sudo systemctl start guacd sudo systemctl enable guacd
Step 5. Installing Apache Guacamole Client.
Now we download the Guacamole client file with the following commands below:
sudo mkdir /etc/guacamole sudo wget https://downloads.apache.org/guacamole/1.4.0/binary/guacamole-1.4.0.war -O /etc/guacamole/guacamole.war
Then, create a symbolic link from /etc/guacamole/guacamole.war to the Tomcat webapps directory:
sudo ln -s /etc/guacamole/guacamole.war /opt/tomcat/webapps/
Change the permission of the app to tomcat user:
sudo chown -R tomcat:tomcat /opt/tomcat/webapps
Then, create a Guacamole configuration file with the following command:
sudo nano /etc/guacamole/guacd.conf
Add the following configuration:
# # guacd configuration file # [daemon] #pid_file = /var/run/guacd.pid log_level = info [server] bind_host = your-server-IP-address bind_port = 4822 # # The following parameters are valid only if # guacd was built with SSL support. # # [ssl] # server_certificate = /etc/ssl/certs/guacd.crt # server_key = /etc/ssl/private/guacd.key
Save and close a file, then restart the Guacamole server and Tomcat to apply the changes:
sudo systemctl restart tomcat guacd
Step 6. Configure Apache Guacamole.
We need to create a Guacamole user mapping file to define the remote server that you want to connect from Guacamole:
sudo mkdir /etc/guacamole/{extensions,lib}
Next, set the Guacamole home variable and store it in the /etc/default/tomcat configuration file:
echo "GUACAMOLE_HOME=/etc/guacamole" | sudo tee -a /etc/default/tomcat
Step 7. Setup Apache Guacamole Authentication.
Guacamole’s default authentication method reads all users and connections from a single file called user-mapping.xml. Now we generate the MD5 to be used when connecting to the Guacamole web UI:
echo -n YourStrongPassword | openssl md5
Then, run the commands below to create a new user-mapping.xml:
sudo nano /etc/guacamole/user-mapping.xml
Add the content below:
<user-mapping>
<!-- Per-user authentication and config information -->
<!-- A user using md5 to hash the password
guacadmin user and its md5 hashed password below is used to
login to Guacamole Web UI-->
<authorize
username="admin"
password="d41e98dbmwe4611d3a70f1a5b9bmw"
encoding="md5">
<!-- First authorized Remote connection -->
<connection name="AlmaLinux 8 Server SSH">
<protocol>ssh</protocol>
<param name="hostname">192.168.77.21</param>
<param name="username">chedelics</param>
<param name="port">22</param>
</connection>
<!-- Second authorized remote connection -->
<connection name="Windows Server 2019">
<protocol>rdp</protocol>
<param name="hostname">192.168.77.20</param>
<param name="port">3389</param>
<param name="username">idroot</param>
<param name="ignore-cert">true</param>
</connection>
</authorize>
</user-mapping>
Save the file and restart Guacamole and Tomcat:
sudo systemctl restart tomcat guacd
Step 8. Configure Firewall.
Allow the firewall to ports 4822 and 8080 then reload it with the following commands:
sudo firewall-cmd --permanent --add-port={4822,8080}/tcp
sudo firewall-cmd --reload
Step 9. Accessing Apache Guacamole Web Interface.
Once successfully installed, you can access it from the web browser using the address http://localhost:8080/guacamole. You should then see the Apache Guacamole portal to log in:
Congratulations! You have successfully installed Apache Guacamole. Thanks for using this tutorial for installing the Apache Guacamole remote desktop gateway on your AlmaLinux 8 system. For additional help or useful information, we recommend you check the official Apache website.
