How To Install Apache Guacamole on Rocky Linux 9
In this tutorial, we will show you how to install Apache Guacamole on Rocky Linux 9. Apache Guacamole is a powerful, clientless remote desktop gateway that provides seamless access to various remote protocols through a web browser. This comprehensive guide will walk you through the process of installing Apache Guacamole on Rocky Linux 9, an enterprise-grade platform known for its stability and performance. By following this tutorial, you’ll be able to set up a secure, scalable remote access solution for your organization.
Introduction
Apache Guacamole offers a unique approach to remote desktop access, eliminating the need for client-side software or plugins. It supports multiple protocols, including VNC, RDP, and SSH, making it a versatile solution for managing diverse IT environments. Rocky Linux 9, as a robust and reliable operating system, provides an excellent foundation for deploying Guacamole in production environments.
In this guide, we’ll cover everything from system preparation to post-installation configuration, ensuring you have a fully functional and secure Guacamole instance. We’ll also delve into performance optimization, security best practices, and troubleshooting tips to help you maintain a smooth-running system.
Technical Prerequisites
A. System Requirements
Before beginning the installation process, ensure your system meets the following minimum requirements:
- CPU: 2 cores (4 cores recommended for production use)
- RAM: 4GB (8GB or more recommended for multiple concurrent sessions)
- Storage: At least 20GB of free disk space
- Operating System: Rocky Linux 9 (fresh installation recommended)
B. Network Preparations
Proper network configuration is crucial for a secure and accessible Guacamole deployment:
- Configure a domain name and set up a DNS A record pointing to your server’s IP address.
- Ensure the following ports are open and accessible:
- 8080/tcp (Tomcat)
- 4822/tcp (Guacamole proxy daemon)
- If deploying in an enterprise environment, consult with your network team regarding firewall rules and any necessary VPN configurations.
C. Software Dependencies
Guacamole relies on several software components. Prepare your system by enabling the necessary repositories:
sudo dnf install epel-release
sudo dnf config-manager --set-enabled crb
sudo dnf updateEnsure you have Java JDK 11 or later installed:
sudo dnf install java-11-openjdk-develFor the database backend, we’ll use MySQL in this guide, but PostgreSQL is also a viable option.
System Preparation
A. Initial Server Setup
Begin by updating your Rocky Linux 9 system to ensure you have the latest security patches and software versions:
sudo dnf update && sudo dnf upgrade -yConfigure SELinux to allow Guacamole services to function properly:
sudo setsebool -P httpd_can_network_connect 1Set your system’s timezone to ensure accurate logging:
sudo timedatectl set-timezone America/New_YorkB. Security Hardening
Implement basic security measures to protect your Guacamole server:
- Configure firewalld rules:
sudo firewall-cmd --permanent --add-port=8080/tcp sudo firewall-cmd --permanent --add-port=4822/tcp sudo firewall-cmd --reload - Set up SSH key authentication and disable password login:
sudo nano /etc/ssh/sshd_configModify the following lines:
PasswordAuthentication no PubkeyAuthentication yesRestart the SSH service:
sudo systemctl restart sshd - Install and configure Fail2ban to protect against brute-force attacks:
sudo dnf install fail2ban sudo systemctl enable fail2ban sudo systemctl start fail2ban
Dependency Installation
A. Core Libraries
Install the necessary development tools and libraries:
sudo dnf groupinstall "Development Tools" -y
sudo dnf install freerdp-devel libssh-devel libvncserver-devel libwebsockets-develB. Multimedia Support
For audio support and session recording, install the following packages:
sudo dnf install ffmpeg-devel pulseaudio-libs-devel cairo-develC. Database Setup
Install and secure MariaDB:
sudo dnf install mariadb-server
sudo systemctl enable mariadb
sudo systemctl start mariadb
sudo mysql_secure_installationCreate a database and user for Guacamole:
CREATE DATABASE guacamole_db;
CREATE USER 'guacamole_user'@'localhost' IDENTIFIED BY 'strong_password';
GRANT ALL PRIVILEGES ON guacamole_db.* TO 'guacamole_user'@'localhost';
FLUSH PRIVILEGES;Guacamole-Server Compilation
A. Source Acquisition
Download and extract the latest Guacamole server source:
wget https://downloads.apache.org/guacamole/1.5.5/source/guacamole-server-1.5.5.tar.gz
tar -xzf guacamole-server-1.5.5.tar.gz
cd guacamole-server-1.5.5B. Build Process
Configure and compile the Guacamole server:
./configure --with-init-dir=/etc/init.d --enable-kubernetes
make
sudo make install
sudo ldconfigC. Post-Install Configuration
Create a systemd service file for guacd:
sudo nano /etc/systemd/system/guacd.serviceAdd the following content:
[Unit]
Description=Guacamole proxy daemon
After=network.target
[Service]
User=root
Group=root
ExecStart=/usr/local/sbin/guacd -f
[Install]
WantedBy=multi-user.targetEnable and start the guacd service:
sudo systemctl daemon-reload
sudo systemctl enable guacd
sudo systemctl start guacdWeb Application Deployment
A. Tomcat 10 Setup
Install and configure Tomcat 10:
sudo dnf install tomcat
sudo systemctl enable tomcat
sudo systemctl start tomcatB. WAR File Deployment
Download and deploy the Guacamole web application:
wget https://downloads.apache.org/guacamole/1.5.5/binary/guacamole-1.5.5.war
sudo mv guacamole-1.5.5.war /var/lib/tomcat/webapps/guacamole.warC. Configuration Files
Create and configure the guacamole.properties file:
sudo mkdir -p /etc/guacamole
sudo nano /etc/guacamole/guacamole.propertiesAdd the following content, adjusting the database details as necessary:
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: strong_password
# Auth provider class
auth-provider: net.sourceforge.guacamole.net.auth.mysql.MySQLAuthenticationProviderDatabase Integration
A. Schema Import
Import the Guacamole database schema:
wget https://downloads.apache.org/guacamole/1.5.5/binary/guacamole-auth-jdbc-1.5.5.tar.gz
tar -xzf guacamole-auth-jdbc-1.5.5.tar.gz
cat guacamole-auth-jdbc-1.5.5/mysql/schema/*.sql | mysql -u root -p guacamole_dbB. Connection Pooling
For improved performance, configure connection pooling in guacamole.properties:
mysql-default-max-connections-per-user: 3
mysql-default-max-group-connections-per-user: 3
mysql-default-max-connections: 20Reverse Proxy Setup
A. Nginx Configuration
Install and configure Nginx as a reverse proxy:
sudo dnf install nginx
sudo nano /etc/nginx/conf.d/guacamole.confAdd the following configuration:
server {
listen 80;
server_name guacamole.yourdomain.com;
location / {
proxy_pass http://localhost:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_cookie_path /guacamole/ /;
}
}
B. Let’s Encrypt Integration
Secure your Guacamole instance with a free SSL certificate from Let’s Encrypt:
sudo dnf install certbot python3-certbot-nginx
sudo certbot --nginx -d guacamole.yourdomain.comPost-Install Configuration
A. Initial Login
Access your Guacamole instance at https://guacamole.yourdomain.com and log in with the default credentials:
- Username: guacadmin
- Password: guacadmin
Immediately change the default password and create a new admin account.
B. Connection Protocols
Configure RDP, SSH, and VNC connections through the Guacamole web interface. Optimize RDP performance by adjusting color depth and enabling drive redirection as needed.
Maintenance & Security
A. Backup Strategies
Implement regular backups of your Guacamole database and configuration files:
mysqldump -u root -p guacamole_db > guacamole_db_backup.sql
sudo tar -czf guacamole_config_backup.tar.gz /etc/guacamoleB. Update Management
Regularly update your Rocky Linux system and Guacamole components. Check the official Guacamole website for new releases and follow their upgrade instructions.
C. Audit Practices
Enable session recording and regularly review access logs to maintain security and compliance:
sudo nano /etc/guacamole/guacamole.propertiesAdd the following lines:
recording-path: /var/lib/guacamole/recordings
recording-name-format: ${GUAC_DATE}-${GUAC_TIME}-${GUAC_USERNAME}-${GUAC_CONNECTION}Troubleshooting
Common issues and their solutions:
- If guacd fails to start, check system logs:
journalctl -u guacd - For database connection issues, verify MySQL credentials and network connectivity
- If you encounter “No supported authentication methods available” errors, ensure the correct authentication plugins are installed and configured
Congratulations! You have successfully installed Apache Guacamole. Thanks for using this tutorial for installing the Apache Guacamole remote desktop gateway on Rocky Linux 9 system. For additional help or useful information, we recommend you check the official Apache website.
