How To Install Apache Guacamole on AlmaLinux 8

Install Apache Guacamole on AlmaLinux 8

In this tutorial, we will show you how to install Apache Guacamole on AlmaLinux 8. For those of you who didn’t know, Apache Guacamole is a clientless HTML5 web based remote desktop gateway supports standard protocols like VNC, RDP, and SSH. It does not need any third-party plugins and clients to work. You can access your machine using a web-based gateway. It can be put behind a proxy server which allows you to access your servers from anywhere in the world.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Apache Guacamoleon remote desktop on AlmaLinux 8. You can follow the same instructions for CentOS and Rocky Linux.

Prerequisites

  • A server running one of the following operating systems: AlmaLinux 8, CentOS, and Rocky Linux 8.
  • It’s recommended that you use a fresh OS install to prevent any potential issues
  • A non-root sudo useror access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Apache Guacamole on AlmaLinux 8

Step 1. First, let’s start by ensuring your system is up-to-date.

sudo dnf install epel-release
sudo dnf config-manager --set-enabled powertools
sudo dnf update

Step 2. Install Required Dependencies.

Now install the required packages for Guacamole:

sudo dnf install cairo-devel libjpeg-turbo-devel libjpeg-devel libpng-devel libtool libuuid-devel uuid-devel make cmake
sudo dnf install ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel compat-openssl10 libvorbis-devel libwebp-devel libgcrypt-devel

Step 3. Installing Apache Tomcat.

First, install Java OpenJDK 11 on your AlmaLinux system:

sudo dnf install java-11-openjdk-devel

Verify Java installation:

java -version

Let’s create a group and user that will have access to Tomcat only and cannot be used for other purposes such as login to the system to install or delete anything:

sudo groupadd tomcat
sudo mkdir /opt/tomcat
sudo useradd -s /bin/nologin -g tomcat -d /opt/tomcat tomcat

Then, download the Apache Tomcat installer from the official page and save it in your working directory:

wget https://downloads.apache.org/tomcat/tomcat-10/v10.0.8/bin/apache-tomcat-10.0.8.tar.gz
sudo tar -zxvf apache-tomcat-*.tar.gz -C /opt/tomcat --strip-components=1

Next, set the proper file permissions:

sudo chown -R tomcat: /opt/tomcat
sudo sh -c 'chmod +x /opt/tomcat/bin/*.sh'

Now we create Apache Tomcat Systemd Service.

We need to create a startup script to manage Tomcat as systemd a service. Let’s create a tomcat.service file:

sudo nano /etc/systemd/system/tomcat.service

Add the following line:

[Unit]
Description=Tomcat webs servlet container
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat

Environment="JAVA_HOME=/usr/lib/jvm/jre"
Environment="JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom"

Environment="CATALINA_BASE=/opt/tomcat"
Environment="CATALINA_HOME=/opt/tomcat"
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh

[Install]
WantedBy=multi-user.target

Save and close, also start and enable Apache Tomcat service:

sudo systemctl daemon-reload
sudo systemctl start tomcat
sudo systemctl enable --now tomcat

Step 4. Installing Apache Guacamole on AlmaLinux 8.

By default, Apache Guacamole is not available on the AlmaLinux base repository. Now run the following command below to download the latest stable version of Guacamole from the official page:

wget https://dlcdn.apache.org/guacamole/1.4.0/source/guacamole-client-1.4.0.tar.gz
tar -xvzf guacamole-server-1.4.0.tar.gz
cd guacamole-server-1.4.0
./configure --with-systemd-dir=/etc/systemd/system/

Next, compile and install the Guacamole using the following commands:

sudo make
sudo make install
sudo ldconfi

After that, reload the systemd daemon with the following command:

sudo systemctl daemon-reload
sudo systemctl start guacd
sudo systemctl enable guacd

Step 5. Installing Apache Guacamole Client.

Now we download the Guacamole client file with the following commands below:

sudo mkdir /etc/guacamole
sudo wget https://downloads.apache.org/guacamole/1.4.0/binary/guacamole-1.4.0.war -O /etc/guacamole/guacamole.war

Then, create a symbolic link from /etc/guacamole/guacamole.war to the Tomcat webapps directory:

sudo ln -s /etc/guacamole/guacamole.war /opt/tomcat/webapps/

Change the permission of the app to tomcat user:

sudo chown -R tomcat:tomcat /opt/tomcat/webapps

Then, create a Guacamole configuration file with the following command:

sudo nano /etc/guacamole/guacd.conf

Add the following configuration:

#
# guacd configuration file
#

[daemon]

#pid_file = /var/run/guacd.pid
log_level = info

[server]

bind_host = your-server-IP-address
bind_port = 4822

#
# The following parameters are valid only if
# guacd was built with SSL support.
#

# [ssl]

# server_certificate = /etc/ssl/certs/guacd.crt
# server_key = /etc/ssl/private/guacd.key

Save and close a file, then restart the Guacamole server and Tomcat to apply the changes:

sudo systemctl restart tomcat guacd

Step 6. Configure Apache Guacamole.

We need to create a Guacamole user mapping file to define the remote server that you want to connect from Guacamole:

sudo mkdir /etc/guacamole/{extensions,lib}

Next, set the Guacamole home variable and store it in the /etc/default/tomcat configuration file:

echo "GUACAMOLE_HOME=/etc/guacamole" | sudo tee -a /etc/default/tomcat

Step 7. Setup Apache Guacamole Authentication.

Guacamole’s default authentication method reads all users and connections from a single file called user-mapping.xml. Now we generate the MD5 to be used when connecting to the Guacamole web UI:

echo -n YourStrongPassword | openssl md5

Then, run the commands below to create a new user-mapping.xml:

sudo nano /etc/guacamole/user-mapping.xml

Add the content below:

<user-mapping>
        
    <!-- Per-user authentication and config information -->

    <!-- A user using md5 to hash the password
         guacadmin user and its md5 hashed password below is used to 
             login to Guacamole Web UI-->
    <authorize 
            username="admin"
            password="d41e98dbmwe4611d3a70f1a5b9bmw"
            encoding="md5">

        <!-- First authorized Remote connection -->
        <connection name="AlmaLinux 8 Server SSH">
            <protocol>ssh</protocol>
            <param name="hostname">192.168.77.21</param>
            <param name="username">chedelics</param>
            <param name="port">22</param>
        </connection>

        <!-- Second authorized remote connection -->
        <connection name="Windows Server 2019">
            <protocol>rdp</protocol>
            <param name="hostname">192.168.77.20</param>
            <param name="port">3389</param>
            <param name="username">idroot</param>
            <param name="ignore-cert">true</param>
        </connection>

    </authorize>

</user-mapping>

Save the file and restart Guacamole and Tomcat:

sudo systemctl restart tomcat guacd

Step 8. Configure Firewall.

Allow the firewall to ports 4822 and 8080 then reload it with the following commands:

sudo firewall-cmd --permanent --add-port={4822,8080}/tcp
sudo firewall-cmd --reload

Step 9. Accessing Apache Guacamole Web Interface.

Once successfully installed, you can access it from the web browser using the address http://localhost:8080/guacamole. You should then see the Apache Guacamole portal to log in:

Install Apache Guacamole on AlmaLinux 8

Congratulations! You have successfully installed Apache Guacamole. Thanks for using this tutorial for installing the Apache Guacamole remote desktop gateway on your AlmaLinux 8 system. For additional help or useful information, we recommend you check the official Apache website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!