guacamole is working and the performances are linked to the network you are using. but in case you do not have time to spend with this you can trust:
La solution est Wallix Bastion (https://www.wallix.com/modules-bastion/).
(cf. certification CSPN ANSSI : https://www.ssi.gouv.fr/entreprise/certification_cspn/wallix-adminbastion-version-3-1-9-avec-correctifs-de-securite-3354-5420-et-5435/)
for remote control from internet : 'http://remoteclear.c2n.u-psud.fr'
for remote control from intranet: 'http://remoteclear-lan.c2n.u-psud.fr'
sudo add-apt-repository ppa:guacamole/stable
sudo update
sudo joe /etc/debconf.conf
sudo joe /etc/apt/sources.list
ls
sudo joe /etc/apt/sources.list.d/guacamole-ubuntu-stable-bionic.list
sudo update
sudo apt-get install guacamole
sudo apt-get install libguac-client-*
add-apt-repository ppa:webupd8team/java
apt -y update
apt -y upgrade
apt -y dist-upgrade
apt -y install libcairo2-dev libjpeg-turbo8-dev libpng-dev libossp-uuid-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev git build-essential autoconf libtool tomcat8 tomcat8-admin tomcat8-common tomcat8-docs tomcat8-user maven mysql-server mysql-client mysql-common mysql-utilities libpulse-dev libvorbis-dev ghostscript wget libfreerdp-dev maven-repo-helper maven-ant-helper default-jdk
export JAVA_HOME
mkdir -p /etc/guacamole
mkdir -p /etc/guacamole/lib
mkdir -p /etc/guacamole/extensions
echo "" >> /etc/default/tomcat8
echo "# GUACAMOLE ENV VARIABLE" >> /etc/default/tomcat8
echo "GUACAMOLE_HOME=/etc/guacamole" >> /etc/default/tomcat8
cd /opt
git clone https://github.com/apache/incubator-guacamole-server.git
cd incubator-guacamole-server/
autoreconf -fi
./configure --with-init-dir=/etc/init.d
make && make install
systemctl enable guacdTo enable the service @boot time for the server you can also do
sudo update-rc.d guacd defaultsBefore compiling the guacamole client, you have to get the sources
cd /opt
git clone https://github.com/apache/guacamole-client.git
cd guacamole-clientpom.xml files like this.
nano ./guacamole-client/guacamole-ext/pom.xml
nano ./guacamole-client/guacamole-common/pom.xmlIf the project uses source/target 8, adding <source>8</source> in javadoc configuration should make the project buildable on jdk {11, 12, 13}:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<configuration>
<source>8</source>
</configuration>
...
</plugin>
mvn package
cp ./guacamole/target/guacamole-1.1.0.war /var/lib/tomcat8/webapps/
cp ./extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/target/guacamole-auth-jdbc-mysql-0.9.10-incubating.jar /etc/guacamole/extensions/
cp ./extensions/guacamole-auth-ldap/target/guacamole-auth-ldap-0.9.10-incubating.jar /etc/guacamole/extensions/
wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.40.tar.gz
tar xf mysql-conn*
cp mysql-connector-java-5.1.40/mysql-connector-java-5.1.40-bin.jar /etc/guacamole/lib/
ln -s /usr/local/lib/freerdp/* /usr/lib/x86_64-linux-gnu/freerdp/.
echo "mysql-hostname: localhost" >> /etc/guacamole/guacamole.properties
echo "mysql-port: 3306" >> /etc/guacamole/guacamole.properties
echo "mysql-database: guacamole_db" >> /etc/guacamole/guacamole.properties
echo "mysql-username: guacamole_user" >> /etc/guacamole/guacamole.properties
echo "mysql-password: PASSWORD" >> /etc/guacamole/guacamole.properties
rm -rf /usr/share/tomcat8/.guacamole
ln -s /etc/guacamole /usr/share/tomcat8/.guacamole
service tomcat8 restart
mysql -u root -pMYSQLROOTPASSWORD
create database guacamole_db;
create user 'guacamole_user'@'localhost' identified by 'PASSWORD';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';
flush privileges;
quit
cat /opt/incubator-guacamole-client/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/*.sql | mysql -u root \
-pMYSQLROOTPASSWORD guacamole_db
systemctl restart guacd
systemctl restart tomcat8
Compilation of guacamole client, once it is done is in /target as tar.gz.
You have to untar it and in the directory you have to use jar
jar -cvf guacamole.war *.war file that you copy in the wabapp of tomcat8
sudo cp guacamole.war /var/lib/tomcat8/webapps/
in /etc/guacamole/guacamole.properties
guacd-hostname: localhost
guacd-port: 4822
user-mapping: /etc/guacamole/user-mapping.xml
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
basic-user-mapping: /etc/guacamole/user-mapping.xml
#lib-directory: /var/lib/tomcat8/webapps/guacamole/WEB-INF/classes
sudo joe /etc/guacamole/guacamole.properties
sudo joe /etc/guacamole/user-mapping.xml
sudo update
<user-mapping>
<authorize
username="stephane"
password="ff4a146903c58ec0fc543a630115ec44"
encoding="md5">
<connection name="S4800">
<protocol>rdp</protocol>
<param name="hostname">192.168.72.38</param>
<param name="port">3389</param>
<param name="server-layout">fr-fr-azerty</param>
<param name="color-depth">16</param>
<param name="enable-printing">false</param>
</connection>
</authorize>
</user-mapping>
There are some options for each kind of protocol. Hereafter you will find some tips to configure these protocol with common parameters
<user-mapping>
<authorize
username="stephane"
password="ff4a146903c58ec0fc543a630115ec44"
encoding="md5">
<connection name="machine2">
<protocol>vnc</protocol>
<param name="hostname">192.168.???.???</param>
<param name="port">5900</param>
<param name="password">******</param>
</connection>
</authorize>
</user-mapping>
from ubuntu packages .deb
You need to manually add the guacamole.war java client execution soft to the TOMCAT 8 machine.
just put the .war file to the /var/lib/tomcat8/webapp directory and the default behaviour should be to install and deploy the webapp automatically.
Be careful to take the right version of the .war for your right server version of guacd.
exemple /etc/guacamole/guacamole.properties
# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port: 4822
# Auth provider class (authenticates user/pass combination, needed if using the provided login screen)
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
basic-user-mapping: /etc/guacamole/user-mapping.xml
/etc/guacamole/tomcat.xml
<Context path="/guacamole" docBase="/usr/share/guacamole/guacamole">
<Resources allowLinking="true" />
</Context>
configuration of the machines access for specific users is done in /etc/guacamole/user-mapping.xml
<user-mapping>
<!-- Example user configurations are given below. For more information,
see the user-mapping.xml section of the Guacamole configuration
documentation: http://guac-dev.org/Configuring%20Guacamole -->
<!-- Per-user authentication and config information -->
<authorize username="stephane" password="58tsxxj96">
<connection name="TerraNova">
<protocol>ssh</protocol>
<param name="hostname">192.168.0.2</param>
<param name="port">22</param>
<param name="server-layout">fr-fr-azerty</param>
</connection>
<connection name="MediaCenter">
<protocol>ssh</protocol>
<param name="hostname">192.168.0.9</param>
<param name="port">22</param>
<param name="server-layout">fr-fr-azerty</param>
</connection>
<connection name="KidPaddle">
<protocol>ssh</protocol>
<param name="hostname">192.168.0.5</param>
<param name="port">22</param>
<param name="server-layout">fr-fr-azerty</param>
</connection>
</authorize>
<!-- Another user, but using md5 to hash the password
(example below uses the md5 hash of "PASSWORD") -->
<!--
<authorize
username="USERNAME2"
password="319f4d26e3c536b5dd871bb2c52e3178"
encoding="md5">
<protocol>vnc</protocol>
<param name="hostname">localhost</param>
<param name="port">5901</param>
<param name="password">VNCPASS</param>
</authorize>
-->
</user-mapping>You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.
For example, to add the manager-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above.
<role rolename=“manager-gui”/> <user username=“tomcat” password=“s3cret” roles=“manager-gui”/>
Note that for Tomcat 7 onwards, the roles required to use the manager application were changed from the single manager role to the following four roles. You will need to assign the role(s) required for the functionality you wish to access.
manager-gui - allows access to the HTML GUI and the status pages manager-script - allows access to the text interface and the status pages manager-jmx - allows access to the JMX proxy and the status pages manager-status - allows access to the status pages only
The HTML interface is protected against CSRF but the text and JMX interfaces are not. To maintain the CSRF protection:
Users with the manager-gui role should not be granted either the manager-script or manager-jmx roles. If the text or jmx interfaces are accessed through a browser (e.g. for testing since these interfaces are intended for tools not humans) then the browser must be closed afterwards to terminate the session.
For more information - please see the Manager App HOW-TO.
in the file /etc/tomcat8/server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
Basic instructions for the server and the client are there:
http://guacamole.apache.org/doc/gug/installing-guacamole.html#building-guacamole-server
to simplify I give the instruction to copy and paste:
sudo apt-get install build-essential
sudo apt-get install libcairo2-dev libjpeg-turbo8-dev libpng-dev libossp-uuid-devsudo apt-get install libavcodec-dev libavutil-dev libswscale-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libvorbis-dev libwebp-devFor the git code for the server you will need to do:
autoreconf -fi
For the client (in JAVA)
don't forget to set up the JAVA_HOME
export JAVA_HOME=/usr/lib/jvm/default-java
echo $JAVA_HOMEInstalling packages:
sudo apt install openjdk-11-jdk javaccFor the server compilation: http://guacamole.apache.org/doc/gug/installing-guacamole.html#building-guacamole-server
The server name is remoteclear. From internet the IP is 129.175.134.79
from intranet : the sever name is remoteclear-lan and the IP is 192.168.70.103
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name remoteclear remoteclear-lan remoteclear.c2n.u-psud.fr remoteclear-lan.c2n.u-psud.fr;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}Si NGINX n'est pas installé:
sudo apt-get install nginx