someorg/Easy-Guacamole-Installer
1
0
Fork 0
mirror of https://github.com/itiligent/Easy-Guacamole-Installer.git synced 2025-12-13 18:02:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

1.5.3 3 tier architecture build support

Browse source
This commit is contained in:
itiligent 2023-09-09 18:38:05 +10:00
parent 798bd32f04
commit 4b8b5ab9b9
24 changed files with 240 additions and 134 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

68
1-setup.sh
View file

@ -6,6 +6,7 @@
# April 2023
#######################################################################################################################
# To install latest code snapshot:
# wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.sh && chmod +x 1-setup.sh && ./1-setup.sh
@ -21,6 +22,7 @@
# Or for Guacamole debug mode & verbose logs in the console:
# sudo systemctl stop guacd && sudo /usr/local/sbin/guacd -L debug -f
#######################################################################################################################
# Script pre-flight checks and settings ###############################################################################
#######################################################################################################################
@ -60,6 +62,7 @@ if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*'
exit 1
fi
#######################################################################################################################
# Core setup variables and mandatory inputs ###########################################################################
#######################################################################################################################
@ -71,7 +74,7 @@ DB_BACKUP_DIR=$USER_HOME_DIR/mysqlbackups
TMP_DIR=$DOWNLOAD_DIR/tmp
# GitHub download branch
GITHUB="https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/"
GITHUB="https://raw.githubusercontent.com/itiligent/Guacamole-Install/main"
# Version of Guacamole to install
GUAC_VERSION="1.5.3"
@ -82,9 +85,8 @@ MYSQLJCON="8.1.0"
# Set preferred Apache CDN download link)
GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GUAC_VERSION}"
# Force a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
# If MYSQL_VERSION is left blank, script will default to the distro default MYSQL packages.
MYSQL_VERSION=""
# Choose a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
MYSQL_VERSION="" # Blank "" forces distro default MySQL packages.
if [ -z "${MYSQL_VERSION}" ]; then
# Use Linux distro default version.
MYSQLSRV="default-mysql-server default-mysql-client mysql-common"
@ -161,11 +163,12 @@ mkdir -p $TMP_DIR
# Script branding header
echo
echo -e "${GREYB}Itiligent VDI & Jump Server Appliance Setup."
echo -e " ${LGREEN}Powered by Guacamole"
echo -e "${GREYB}Guacamole VDI & Jump Server Appliance Setup."
echo -e " ${LGREEN}Powered by Itiligent"
echo
echo
#######################################################################################################################
# Silent setup options - adding true/false or specific values below prevents prompt at install ########################
#######################################################################################################################
@ -204,6 +207,7 @@ RDP_SHARE_HOST="" # Custom Windows RDP share host name. (e.g. RDP_
RDP_SHARE_LABEL="RDP Share" # Custom Windows RDP share drive label (e.g. RDP_SHARE_LABEL on RDP_SHARE_HOST)
RDP_PRINTER_LABEL="RDP Printer" # Custom Windows RDP printer label
#######################################################################################################################
# Download GitHub setup scripts. To prevent overwrite, comment out lines of any scripts you have edited. ##############
#######################################################################################################################
@ -211,32 +215,32 @@ RDP_PRINTER_LABEL="RDP Printer" # Custom Windows RDP printer label
# Download the set of config scripts from GitHub
cd $DOWNLOAD_DIR
echo -e "${GREY}Downloading setup files...${DGREY}"
wget -q --show-progress ${GITHUB}2-install-guacamole.sh -O 2-install-guacamole.sh
wget -q --show-progress ${GITHUB}3-install-nginx.sh -O 3-install-nginx.sh
wget -q --show-progress ${GITHUB}4a-install-tls-self-signed-nginx.sh -O 4a-install-tls-self-signed-nginx.sh
wget -q --show-progress ${GITHUB}4b-install-tls-letsencrypt-nginx.sh -O 4b-install-tls-letsencrypt-nginx.sh
# Download the Guacamole manual add on/upgrade scripts
wget -q --show-progress ${GITHUB}add-auth-duo.sh -O add-auth-duo.sh
wget -q --show-progress ${GITHUB}add-auth-ldap.sh -O add-auth-ldap.sh
wget -q --show-progress ${GITHUB}add-auth-totp.sh -O add-auth-totp.sh
wget -q --show-progress ${GITHUB}add-xtra-quickconnect.sh -O add-xtra-quickconnect.sh
wget -q --show-progress ${GITHUB}add-xtra-histrecstor.sh -O add-xtra-histrecstor.sh
wget -q --show-progress ${GITHUB}add-smtp-relay-o365.sh -O add-smtp-relay-o365.sh
wget -q --show-progress ${GITHUB}add-tls-guac-daemon.sh -O add-tls-guac-daemon.sh
wget -q --show-progress ${GITHUB}add-fail2ban.sh -O add-fail2ban.sh
wget -q --show-progress ${GITHUB}backup-guac.sh -O backup-guac.sh
wget -q --show-progress ${GITHUB}upgrade-guac.sh -O upgrade-guac.sh
wget -q --show-progress ${GITHUB}refresh-tls-self-signed.sh -O refresh-tls-self-signed.sh
wget -q --show-progress ${GITHUB}/2-install-guacamole.sh -O 2-install-guacamole.sh
wget -q --show-progress ${GITHUB}/3-install-nginx.sh -O 3-install-nginx.sh
wget -q --show-progress ${GITHUB}/4a-install-tls-self-signed-nginx.sh -O 4a-install-tls-self-signed-nginx.sh
wget -q --show-progress ${GITHUB}/4b-install-tls-letsencrypt-nginx.sh -O 4b-install-tls-letsencrypt-nginx.sh
# Download the Guacamole optional feature scripts
wget -q --show-progress ${GITHUB}/guac-optional-features/add-auth-duo.sh -O add-auth-duo.sh
wget -q --show-progress ${GITHUB}/guac-optional-features/add-auth-ldap.sh -O add-auth-ldap.sh
wget -q --show-progress ${GITHUB}/guac-optional-features/add-auth-totp.sh -O add-auth-totp.sh
wget -q --show-progress ${GITHUB}/guac-optional-features/add-xtra-quickconnect.sh -O add-xtra-quickconnect.sh
wget -q --show-progress ${GITHUB}/guac-optional-features/add-xtra-histrecstor.sh -O add-xtra-histrecstor.sh
wget -q --show-progress ${GITHUB}/guac-optional-features/add-smtp-relay-o365.sh -O add-smtp-relay-o365.sh
wget -q --show-progress ${GITHUB}/guac-optional-features/add-tls-guac-daemon.sh -O add-tls-guac-daemon.sh
wget -q --show-progress ${GITHUB}/guac-optional-features/add-fail2ban.sh -O add-fail2ban.sh
wget -q --show-progress ${GITHUB}/guac-management/backup-guac.sh -O backup-guac.sh
wget -q --show-progress ${GITHUB}/guac-management/upgrade-guac.sh -O upgrade-guac.sh
wget -q --show-progress ${GITHUB}/guac-management/refresh-tls-self-signed.sh -O refresh-tls-self-signed.sh
# Download the (customisable) dark theme & branding template
wget -q --show-progress ${GITHUB}branding.jar -O branding.jar
wget -q --show-progress ${GITHUB}/branding.jar -O branding.jar
chmod +x *.sh
sleep 2
sleep 3
clear
# Script branding header
echo
echo -e "${GREYB}Itiligent VDI & Jump Server Appliance Setup."
echo -e " ${LGREEN}Powered by Guacamole"
echo -e "${GREYB}Guacamole VDI & Jump Server Appliance Setup."
echo -e " ${LGREEN}Powered by Itiligent"
echo
echo
@ -258,6 +262,7 @@ if [[ $OS_FLAVOUR = "debian" ]] && [[ $OS_VERSION = *"bookworm"* ]]; then
TOMCAT_VERSION="tomcat9"
fi
#######################################################################################################################
# Begin install menu prompts ##########################################################################################
#######################################################################################################################
@ -338,8 +343,8 @@ clear
# Script branding header
echo
echo -e "${GREYB}Itiligent VDI & Jump Server Appliance Setup."
echo -e " ${LGREEN}Powered by Guacamole"
echo -e "${GREYB}Guacamole VDI & Jump Server Appliance Setup."
echo -e " ${LGREEN}Powered by Itiligent"
echo
echo
@ -616,6 +621,7 @@ if [[ -z ${LE_EMAIL} ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
done
fi
#######################################################################################################################
# Start global setup actions #########################################################################################
#######################################################################################################################
@ -625,8 +631,8 @@ fi
# names shown here: https://guacamole.apache.org/doc/gug/installing-guacamole.html
clear
echo
echo -e "${GREYB}Itiligent VDI & Jump Server Appliance Setup."
echo -e " ${LGREEN}Powered by Guacamole"
echo -e "${GREYB}Guacamole VDI & Jump Server Appliance Setup."
echo -e " ${LGREEN}Powered by Itiligent"
echo
echo
@ -667,6 +673,7 @@ sed -i "s|CERT_ORG=|CERT_ORG='${CERT_ORG}'|g" $DOWNLOAD_DIR/add-tls-guac-daemon.
sed -i "s|CERT_OU=|CERT_OU='${CERT_OU}'|g" $DOWNLOAD_DIR/add-tls-guac-daemon.sh
sed -i "s|CERT_DAYS=|CERT_DAYS='${CERT_DAYS}'|g" $DOWNLOAD_DIR/add-tls-guac-daemon.sh
sed -i "s|INSTALL_MYSQL=|INSTALL_MYSQL='${INSTALL_MYSQL}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
sed -i "s|MYSQL_HOST=|MYSQL_HOST='${MYSQL_HOST}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
sed -i "s|MYSQL_PORT=|MYSQL_PORT='${MYSQL_PORT}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
sed -i "s|GUAC_USER=|GUAC_USER='${GUAC_USER}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
@ -747,6 +754,7 @@ echo "0 0 * * 1-5 ${DB_BACKUP_DIR}/backup-guac.sh # backup guacamole" >>cron_1
crontab cron_1
rm cron_1
#######################################################################################################################
# Start optional setup actions ######################################################################################
#######################################################################################################################

46
README.md
View file

@ -1,10 +1,10 @@
# Guacamole 1.5.3 VDI/Jump Server Appliance Build Script
<img src="https://github.githubassets.com/images/icons/emoji/sparkles.png" width="35"> This script makes setting up Guacamole 1.5.3 a breeze, with added features like TLS reverse proxy, AD integration, multi-factor authentication, Quick Connect, History Recording Storage, dark mode support, auto database backup, O365 email alerts, and enhanced security options.
<img src="https://github.githubassets.com/images/icons/emoji/sparkles.png" width="35"> This repo makes setting up Guacamole 1.5.3 a breeze, with added features like TLS reverse proxy, Active Directory integration, multi-factor authentication, Quick Connect, History Recording Storage, dark mode and custom UI templates, auto database backup, O365 email alerts, and enhanced security options. See below for enterprise and high availability deployments too.
## Automatic Installation
<img src="https://github.githubassets.com/images/icons/emoji/rocket.png" width="35"> To start building the Guacamole appliance, paste the below link into a terminal and follow the prompts **(no need for sudo, but the user must be a member of the sudo group)**:
<img src="https://github.githubassets.com/images/icons/emoji/rocket.png" width="35"> To start building your Guacamole appliance, paste the below link into a terminal and follow the prompts **(no need for sudo, but the user must be a member of the sudo group)**:
```shell
wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.sh && chmod +x 1-setup.sh && ./1-setup.sh
@ -14,27 +14,27 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
<img src="https://github.githubassets.com/images/icons/emoji/lock.png" width="35"> **Before diving in, make sure you have:**
- A compatible OS: Ubuntu 18.04 - 22.x, Debian 11 & 10, or Raspbian Buster/Bullseye (stick to stable releases for cloud images).
- A compatible OS: Ubuntu 18.04 - 22.x, Debian 10 or 11, or Raspbian Buster/Bullseye (If using vendor cloud images stick to stable releases).
- Minimum 8GB RAM and 40GB HDD.
- DNS entries matching your default route interface IP (essential for TLS).
- DNS entries matching your default appliance network interface IP (essential for TLS).
- Open TCP ports: 22, 80, and 443.
## Installation Menu
<img src="https://github.githubassets.com/images/icons/emoji/wrench.png" width="35"> **This script guides you through the installation process in the following steps:**
1. Confirm system hostname and local DNS domain suffix.
2. Choose a MySQL instance type and set security preferences.
3. Pick an authentication extension (DUO, TOTP, LDAP, or none).
4. Select optional console features: Quick Connect and History Recorded Storage.
1. Confirm your system hostname and local DNS domain suffix. (Must be consistent for TLS proxy)
2. Choose a locally installed or remote MySQL instance, set database security preferences.
3. Pick an authentication extension: DUO, TOTP, LDAP, or none.
4. Select optional console features: Quick Connect & History Recorded Storage UI integrations.
5. Decide on the Guacamole front end: Nginx reverse proxy (http or https) or keep the native Guacamole interface
**For the more security minded, there's several post-install hardening options available:**
**For the more security minded, there's several post-install hardening script options available:**
- `add-fail2ban.sh`: Adds a lockdown policy for Guacamole to guard against brute force attacks.
- `add-tls-guac-daemon.sh`: Wraps internal server daemon to guac application traffic in TLS.
- `add-tls-guac-daemon.sh`: Wraps internal server daemon <--> guac application traffic in TLS.
- `add-auth-ldap.sh`: A template script for Active Directory integration.
- `add-smtp-relay-o365.sh`: A template script for email alerts via MSO65 (BYO app password).
- `add-smtp-relay-o365.sh`: A template script for email alerts integrated with MSO65 (BYO app password).
## Active Directory Integration
@ -44,37 +44,37 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
<img src="https://github.githubassets.com/images/icons/emoji/art.png" width="35"> **Want to give Guacamole your personal touch? Follow the theme and branding instructions** [here](https://github.com/itiligent/Guacamole-Install/tree/main/custom-theme-builder).
## Installation Notes
## Custom Installation Notes
<img src="https://github.githubassets.com/images/icons/emoji/unicode/2699.png" width="35">
1. Paste and run the wget autorun link in your home directory.
2. Exit `1-setup.sh` at the first prompt. (At this point the scripts are downloaded only.)
3. Customise the huge number of installation variables available in `1-setup.sh` as required. (Certain combinations of edits will produce a fully unattended install.)
4. **Caution: If editing `1-setup.sh`, be aware that running the autorun link again re-downloads and overwrites all changes. You must run setup locally after editing.** (Also be sure to comment out the download links in the setup script to any other downloaded scripts that you may have edited. There should be little need to edit outside of the setup script's options.)
4. **Caution: If editing `1-setup.sh`, be aware that running the autorun link again re-downloads and overwrites all changes. You must run setup locally after editing.** (Also be sure to comment out the download links in the setup script for any other edited scripts. (There should be little need to edit outside of the setup script's options.)
5. The **upgrade-guac.sh, add-tls-guac-daemon.sh, refresh-tls-self-signed.sh & backup-guac.sh** scripts are automatically adjusted at installation to match your chosen installation settings. These can be run after install without any modification.
6. If the self-signed TLS proxy option is selected, browser client TLS certificates will be automatically created and saved to `$DOWNLOAD_DIR/guac-setup`.
7. Nginx is automatically configured to use TLS 1.2 or above (so really old browser versions may not work.)
8. A daily MySQL backup job will be automatically configured by the installer.
6. If the self-signed TLS proxy option is selected, browser client TLS certificates will be automatically created and saved to `$HOME/guac-setup`.
7. Note that Nginx is automatically configured to use TLS 1.2 or above (so really old browser versions may not work.)
8. A daily MySQL backup job will be automatically configured under the script owner's crontab.
9. **Security info:** The Quick Connect and History Recorded Storage options bring a few security implications; so be aware of potential risks in your particular environment.
## Upgrading Guacamole
<img src="https://github.githubassets.com/images/icons/emoji/globe_with_meridians.png" width="35"> To upgrade Guacamole, edit `upgrade-guac.sh` to relfect the latest available versions of Guacamole and MySQL connector/J before running it. This script will also automatically update the DUO, LDAP, TOTP, Quick Connect & History Recorded Storage extension if they are present.
<img src="https://github.githubassets.com/images/icons/emoji/globe_with_meridians.png" width="35"> To upgrade Guacamole, edit `upgrade-guac.sh` to relfect the latest versions of Guacamole and MySQL connector/J before running it. This script will also automatically update the DUO, LDAP, TOTP, Quick Connect & History Recorded Storage extension if they are found to be present.
## Enterprise Scale Out & High Availability
<img src="https://github.githubassets.com/images/icons/emoji/unicode/1f454.png" width="35"> For Enterprise deployments, did you know that Guacamole can be run in a load balanced farm? To achieve this, the database, application and front end components are usually **split into a 3 layers.** (VLANs & firewalls between the layers helps with security too.)
- **For the DATABASE layer:** Find the included `install-mysql-backend-only.sh` to install just a standalone instance of the Guacamole MySQL database.
- **For the APPLICATION layer:** Simply use the main setup script on as many application servers as you like, just make sure to say no to both the Install MYSQL locally option and any Nginx front end options.
- **For the Front end**: You'll need to roll your own load balancer. **HA Proxy** provides superior session affinity under load balanced conditions when compared to Open source Nginx (Nginx Plus gives you all the good stuff.) There's too many possible ways to achieve this, and the target audience for this sort of setup likely knows how to run with whats already provided.
<img src="https://github.githubassets.com/images/icons/emoji/unicode/1f454.png" width="35"> For Enterprise deployments, did you know that Guacamole can be run in a load balanced farm? To achieve this, the database, application and front end components are usually **split into 2 or 3 layers.** (VLANs & firewalls between the layers helps with security too.) See [here](https://github.com/itiligent/Guacamole-Install/tree/main/guac-enterprise-build) for useful related materials.
- **For the DATABASE layer:** Find the included `install-mysql-backend-only.sh` to install just a standalone backend instance of the Guacamole MySQL database.
- **For the APPLICATION layer:** Simply use the main setup script to build as many application servers as you like. For a true 3 layer load balanced system, make sure to **say no to both the "Install MySQL locally" option and all Nginx front end options.**
- **For the Front end**: There are may choices here. You can slightly modify the Nginx scripts for a front end TLS layer, however **HA Proxy** provides far superior session affinity under load balanced conditions when compared to Open Source Nginx (The paid for Nginx Plus gives you all the good stuff!) There's so many possible ways to achieve this in hardware and software. For this target audience there's plenty of config detail here help you begin to roll your own HA solution.
## Auto Download Manifest
<img src="https://github.githubassets.com/images/icons/emoji/package.png" width="35"> The autorun link downloads these repo files into `$DOWNLOAD_DIR/guac-setup`:
<img src="https://github.githubassets.com/images/icons/emoji/package.png" width="35"> The autorun link downloads these repo files into `$HOME/guac-setup`:
- `1-setup.sh`: The installation script.
- `2-install-guacamole.sh`: Guacamole main installation script.
- `2-install-guacamole.sh`: Guacamole main source build installation script.
- `3-install-nginx.sh`: Installs Nginx for reverse proxy (optional).
- `4a-install-tls-self-signed-nginx.sh`: Configures self-signed TLS for Nginx (optional).
- `4b-install-tls-letsencrypt-nginx.sh`: Installs Let's Encrypt for Nginx (optional).

0
custom-theme-builder/META-INF/MANIFEST.MF → guac-custom-theme-builder/META-INF/MANIFEST.MF
View file

0
custom-theme-builder/README.MD → guac-custom-theme-builder/README.MD
View file

0
custom-theme-builder/css/custom-theme.css → guac-custom-theme-builder/css/custom-theme.css
View file

0
custom-theme-builder/guac-manifest.json → guac-custom-theme-builder/guac-manifest.json
View file

0
custom-theme-builder/images/logo-144.png → guac-custom-theme-builder/images/logo-144.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 5.2 KiB

After

Width:  |  Height:  |  Size: 5.2 KiB

0
custom-theme-builder/images/logo-64.png → guac-custom-theme-builder/images/logo-64.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.9 KiB

After

Width:  |  Height:  |  Size: 1.9 KiB

0
custom-theme-builder/images/logo.png → guac-custom-theme-builder/images/logo.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 10 KiB

After

Width:  |  Height:  |  Size: 10 KiB

0
custom-theme-builder/translations/en.json → guac-custom-theme-builder/translations/en.json
View file

163
install-mysql-backend-only.sh → guac-enterprise-build/install-mysql-backend-only.sh
View file

@ -1,6 +1,6 @@
#!/bin/bash
#######################################################################################################################
# Guacamole db build script.
# Guacamole MySQL backend install script. (For split DB and guacamole application layers.)
# For Ubuntu / Debian / Raspbian
# David Harrop
# September 2023
@ -11,6 +11,13 @@
# Layer 2 = GUAC SERVER & APPLICATION - use the main setup script, and select remote MYSQL DB option.
# Layer 3 = FRONT END REV PROXY (Potentially load balanced & HA) - approach TBA
#######################################################################################################################
# Script pre-flight checks and settings ###############################################################################
#######################################################################################################################
clear
# Prepare text output colours
GREY='\033[0;37m'
DGREY='\033[0;90m'
@ -20,14 +27,33 @@ LGREEN='\033[0;92m'
LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour
# Setup download and temp directory paths
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
echo
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
exit 1
fi
#######################################################################################################################
# Initial environment setup ###########################################################################################
#######################################################################################################################
#Setup download and temp directory paths
USER_HOME_DIR=$(eval echo ~${SUDO_USER})
DOWNLOAD_DIR=$USER_HOME_DIR/guac-setup
mkdir -p $DOWNLOAD_DIR
chown -R $SUDO_USER:root $DOWNLOAD_DIR
# Install log Location
INSTALL_LOG="${DOWNLOAD_DIR}/mysql_install.log"
# Setup directory locations
mkdir -p $DOWNLOAD_DIR
sudo chown -R $SUDO_USER:root $DOWNLOAD_DIR
# Version of Guacamole auth jdbc database schema to use
GUAC_VERSION="1.5.3"
@ -35,6 +61,9 @@ GUAC_VERSION="1.5.3"
# Set preferred Apache CDN download link)
GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GUAC_VERSION}"
# Install log Location
INSTALL_LOG="${DOWNLOAD_DIR}/guacamole_${GUAC_VERSION}_mysql_install.log"
clear
# Script branding header
@ -44,30 +73,45 @@ echo -e " ${LGREEN}Powered by Itiligent"
echo
echo
#######################################################################################################################
# Silent setup options - adding true/false or specific values below prevents prompt at install ########################
#######################################################################################################################
BACKEND_MYSQL="true" # Separate the MySQL database and Guacamole application servers? (true/false)
MYSQL_BIND_ADDR="0.0.0.0" # Active when BACKEND_MYSQL="true". The the IP address to bind MySQL to.
SECURE_MYSQL="true" # Apply the mysql secure configuration tool (true/false)
MYSQL_PORT="3306" # Default is 3306
GUAC_DB="guacamole_db" # Default is guacamole_db
GUAC_USER="guacamole_user" # Default is guacamole_user
GUAC_PWD="test" # Requires an entry
MYSQL_ROOT_PWD="test" # Requires an entry.
DB_TZ=$(cat /etc/timezone) # Database timezone defaults is system TZ. Change to "UTC" if appropriate
# Force a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
# If MYSQL_VERSION is left blank, script will default to the distro default MYSQL packages.
MYSQL_VERSION=""
#######################################################################################################################
# Setup options. ######################################################################################################
#######################################################################################################################
BACKEND_MYSQL="true" # True: Allow $GUAC_USER remote login. False or "": Limits $GUAC_USER to localhost only login.
FRONTEND_NET="" # "" = allow login from any IP or wildcards e.g. 192.168.1.% (Needs BACKEND_SQL="true", else ignored)
MYSQL_BIND_ADDR="0.0.0.0" # Bind MySQL to this IP. (127.0.0.1, a specific IP or 0.0.0.0 for all interfaces)
SECURE_MYSQL="true" # Apply the mysql secure configuration tool (true/false)
MYSQL_PORT="3306" # Default is 3306
GUAC_DB="guacamole_db" # Default is guacamole_db
GUAC_USER="guacamole_user" # Default is guacamole_user
GUAC_PWD="test" # Requires an entry
MYSQL_ROOT_PWD="test" # Requires an entry.
DB_TZ=$(cat /etc/timezone) # Typically system default (cat /etc/timezone) or change to "UTC" if required.
# For a remotely accessed back end DB instance, keep this script set to BACKEND_MYSQL="true".
# Other options are fairly straight forward. For a typical back end server only the $FRONTEND_NET and $MYSQL_BIND_ADDR
# values may need closer attention.
# This script can also accommodate DR or migration scenarios: E.g Migration away from XML user mappings, PostGres to MySQL etc).
# To install a new MySQL database on the same server as the Guacamole application, set BACKEND_MYSQL="false" &
# MYSQL_BIND_ADDR="127.0.0.1". See bottom of this script for some remaining DB migration actions.
#######################################################################################################################
# Start install actions ##############################################################################################
#######################################################################################################################
# Choose a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
MYSQL_VERSION="" # Blank "" forces distro default MySQL packages.
if [ -z "${MYSQL_VERSION}" ]; then
# Use Linux distro default version.
MYSQLV="default-mysql-server default-mysql-client mysql-common"
DB_CMD="mysql"
DB_CMD="mysql" # mysql command is depricated
else
# Use official mariadb.org repo
MYSQLV="mariadb-server mariadb-client mariadb-common"
DB_CMD="mariadb"
DB_CMD="mariadb" # mysql command is depricated on newer versions
fi
# Update everything but don't do the annoying prompts during apt installs
@ -92,7 +136,7 @@ if [ -n "${MYSQL_VERSION}" ]; then
bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
fi
# Download Guacamole mysql specific components
# Download and extract the Guacamole SQL authentication extension containing the database schema
echo -e "${GREY}Downloading Guacamole database source files..."
wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
@ -115,6 +159,7 @@ else
echo
fi
# Set the root password without a reliance on debconf.
echo -e "${GREY}Setting MySQL root password..."
SQLCODE="
FLUSH PRIVILEGES;
@ -128,21 +173,22 @@ else
echo
fi
# Find the location of the MySQL or MariaDB config files. Add to this list for more candidates..
# Find the location of the MySQL or MariaDB config files. (Add to this list for more potential candidates.)
for x in /etc/mysql/mariadb.conf.d/50-server.cnf \
/etc/mysql/mysql.conf.d/mysqld.cnf \
/etc/mysql/my.cnf; do
# Check inside each to see if a [mysqld] or [mariadbd] section exists and assign x the correct filename.
# Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename.
if [ -e "${x}" ]; then
if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then
mysqlconfig="${x}"
# Reduce any duplicated section names, then remove the [ ] special characters (for sed cmd below)
# Reduce any duplicated section names, then sanitise the [ ] special characters for sed below)
config_section=$(grep -m 1 -E '^\[(mysqld|mariadbd)\]$' "${x}" | sed 's/\[\(.*\)\]/\1/')
break
fi
fi
done
# Set the MySQL Timezone
if [ -z "${mysqlconfig}" ]; then
echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings"
else
@ -169,10 +215,9 @@ else
echo
fi
# Change the default localhost MySQL binding IP address for remote Guacamole server accessibility
if [[ "${BACKEND_MYSQL}" = true ]]; then
echo -e "${GREY}Setting MySQL IP address binding to ${MYSQL_BIND_ADDR}..."
sed -i "s/bind-address[[:space:]]*=[[:space:]]*127\.0\.0\.1/bind-address = ${MYSQL_BIND_ADDR}/g" ${mysqlconfig}
# Set the MySQL binding IP address to whatever the setup variable is set to.
echo -e "${GREY}Setting MySQL IP address binding to ${MYSQL_BIND_ADDR}..."
sed -i "s/^bind-address[[:space:]]*=[[:space:]]*.*/bind-address = ${MYSQL_BIND_ADDR}/g" ${mysqlconfig}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
@ -180,17 +225,22 @@ else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
# Create ${GUAC_DB} and grant ${GUAC_USER} permissions to it
# Establish the appropriate form of Guacamole user account access (remote or localhost login permissions)
echo -e "${GREY}Setting up database access parameters for the Guacamole user ..."
if [[ "${BACKEND_MYSQL}" = true ]]; then
GUAC_USERHost="%"
echo -e "${YELLOW} MySQL ${GUAC_USER} is set to accept db login from any host, you may wish to limit this to specific IPs.${GREY}"
# e.g. RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';"
else
GUAC_USERHost=localhost
echo -e "${YELLOW}MySQL Guacamole user is set to only allow login from localhost.${GREY}"
if [ "${BACKEND_MYSQL}" = true ] && [ -z "${FRONTEND_NET}" ]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}"
# e.g. RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';"
GUAC_USERHost="%" # Allow all IPs
elif [ "${BACKEND_MYSQL}" = true ] && [ -n "${FRONTEND_NET}" ]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from ${FRONTEND_NET}.${GREY}"
GUAC_USERHost="${FRONTEND_NET}" # Apply the given range
elif [ "${BACKEND_MYSQL}" = false ] || [ -z "${BACKEND_MYSQL}" ]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}"
GUAC_USERHost=localhost # Assume a localhost only install
else
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}"
GUAC_USERHost=localhost # Assume a localhost only install
fi
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2
@ -218,7 +268,7 @@ else
echo
fi
# Add Guacamole schema to newly created database
# Add Guacamole's schema code to newly created database
echo -e "${GREY}Adding the Guacamole database schema..."
cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD}
if [ $? -ne 0 ]; then
@ -262,9 +312,8 @@ expect eof
fi
fi
# Restart MySQL service
# Restart & enable MySQL service at boot
echo -e "${GREY}Restarting MySQL service & enable at boot..."
# Set MySQl to start at boot
systemctl enable mysql
systemctl restart mysql
if [ $? -ne 0 ]; then
@ -292,3 +341,31 @@ fi
echo
printf "${LGREEN}Guacamole ${GUAC_VERSION} MySQL backend install complete! \n${NC}"
echo -e ${NC}
#######################################################################################################################
# Additional migration steps for adding MySQL to an existing Guacamole application server
#######################################################################################################################
# Download and upgrade Guacamole SQL authentication extension
#wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
#tar -xzf guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
#rm /etc/guacamole/extensions/guacamole-auth-jdbc-*.jar
#mv -f guacamole-auth-jdbc-${GUAC_VERSION}/mysql/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar /etc/guacamole/extensions/
#chmod 664 /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar
# Download MySQL connector/j
# MYSQLJCON="8.1.0"
#wget -q --show-progress -O mysql-connector-j-${MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}.tar.gz
#tar -xzf mysql-connector-j-${MYSQLJCON}.tar.gz
#rm /etc/guacamole/lib/mysql-connector-java.jar
#mv -f mysql-connector-j-${MYSQLJCON}/mysql-connector-j-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar
# Configure guacamole.properties file
#rm -f /etc/guacamole/guacamole.properties
#touch /etc/guacamole/guacamole.properties
#echo "mysql-hostname: ${MYSQL_HOST}" >>/etc/guacamole/guacamole.properties
#echo "mysql-port: ${MYSQL_PORT}" >>/etc/guacamole/guacamole.properties
#echo "mysql-database: ${GUAC_DB}" >>/etc/guacamole/guacamole.properties
#echo "mysql-username: ${GUAC_USER}" >>/etc/guacamole/guacamole.properties
#echo "mysql-password: ${GUAC_PWD}" >>/etc/guacamole/guacamole.properties

0
upgrade-mysql-backend-only.sh → guac-enterprise-build/upgrade-mysql-backend-only.sh
View file

0
backup-guac.sh → guac-management/backup-guac.sh
View file

0
refresh-tls-self-signed.sh → guac-management/refresh-tls-self-signed.sh
View file

80
upgrade-guac.sh → guac-management/upgrade-guac.sh
View file

@ -24,34 +24,30 @@ NC='\033[0m' #No Colour
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 2 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
echo
echo -e "${LRED}Possible previous upgrade files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
exit 1
fi
#######################################################################################################################
# Initial environment setup ###########################################################################################
#######################################################################################################################
# Script branding header
echo
echo -e "${GREYB}Itiligent VDI & Jump Server Appliance UPGRADE."
echo -e " ${LGREEN}Powered by Guacamole"
echo
#Setup download and temp directory paths
USER_HOME_DIR=$(eval echo ~${SUDO_USER})
DOWNLOAD_DIR=$USER_HOME_DIR/guac-setup
# Setup directory locations
mkdir -p $DOWNLOAD_DIR
sudo chown -R $SUDO_USER:root $DOWNLOAD_DIR
# Version of Guacamole to upgrade to. See https://guacamole.apache.org/releases/ for latest version info.
NEW_GUAC_VERSION="1.5.3"
@ -67,12 +63,12 @@ OLD_GUAC_VERSION=$(grep -oP 'Guacamole.API_VERSION = "\K[0-9\.]+' /var/lib/${TOM
# Set preferred Apache CDN download link
GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${NEW_GUAC_VERSION}"
# Set preferred Apache CDN download link
# Install log Location
LOG_LOCATION="${DOWNLOAD_DIR}/guacamole_${NEW_GUAC_VERSION}_upgrade.log"
INSTALL_LOG="${DOWNLOAD_DIR}/guacamole_${NEW_GUAC_VERSION}_upgrade.log"
# Auto updated values from main installer (manually update if blank)
INSTALL_MYSQL=
MYSQL_HOST=
MYSQL_PORT=
GUAC_USER=
@ -80,6 +76,13 @@ GUAC_PWD=
GUAC_DB=
MYSQL_ROOT_PWD=
# Script branding header
echo
echo -e "${GREYB}Guacamole VDI & Jump Server Appliance UPGRADE."
echo -e " ${LGREEN}Powered by Itiligent"
echo
#######################################################################################################################
# Start upgrade actions ##############################################################################################
#######################################################################################################################
@ -151,7 +154,7 @@ echo -e "${GREY}Compiling Guacamole-Server ${NEW_GUAC_VERSION} from source with
# Fix for warnings see #222 https://github.com/MysticRyuujin/guac-install/issues/222
export CFLAGS="-Wno-error"
# Configure Guacamole Server source
./configure --with-systemd-dir=/etc/systemd/system &>>${LOG_LOCATION}
./configure --with-systemd-dir=/etc/systemd/system &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo "Failed to configure guacamole-server"
echo "Trying again with --enable-allow-freerdp-snapshots"
@ -166,9 +169,9 @@ else
fi
echo -e "${GREY}Running make and building the upgraded Guacamole-Server application..."
make &>>${LOG_LOCATION}
make &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -176,18 +179,20 @@ else
fi
echo -e "${GREY}Installing the upgraded Guacamole-Server..."
make install &>>${LOG_LOCATION}
make install &>>${INSTALL_LOG}
ldconfig
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
ldconfig
cd ..
# Don't run the SQL upgrade commands if original setup option was set to remote MySQL instance. - Use separate DB update script.
if [ "${INSTALL_MYSQL}" = true ]; then
# Get list of SQL Upgrade Files
echo -e "${GREY}Upgrading MySQL Schema..."
UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/ | sort -V))
@ -197,30 +202,31 @@ for FILE in ${UPGRADEFILES[@]}; do
FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)')
if [[ $(echo -e "${FILEVERSION}\n${OLD_GUAC_VERSION}" | sort -V | head -n1) == ${OLD_GUAC_VERSION} && ${FILEVERSION} != ${OLD_GUAC_VERSION} ]]; then
echo "Patching ${GUAC_DB} with ${FILE}"
mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${LOG_LOCATION}
mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG}
fi
done
if [ $? -ne 0 ]; then
echo -e "${LRED}SQL upgrade failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
echo
fi
fi
# Check for TOTP extension and upgrade if found
for file in /etc/guacamole/extensions/guacamole-auth-totp*.jar; do
if [[ -f $file ]]; then
echo -e "${LGREEN}TOTP authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-totp*.jar &>>${LOG_LOCATION}
rm /etc/guacamole/extensions/guacamole-auth-totp*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz &>>${LOG_LOCATION}
mv -f guacamole-auth-totp-${NEW_GUAC_VERSION}/guacamole-auth-totp-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${LOG_LOCATION}
tar -xzf guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-auth-totp-${NEW_GUAC_VERSION}/guacamole-auth-totp-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-auth-totp-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded TOTP extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
@ -232,15 +238,15 @@ done
for file in /etc/guacamole/extensions/guacamole-auth-duo*.jar; do
if [[ -f $file ]]; then
echo -e "${LGREEN}DUO authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-duo*.jar &>>${LOG_LOCATION}
rm /etc/guacamole/extensions/guacamole-auth-duo*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz &>>${LOG_LOCATION}
mv -f guacamole-auth-duo-${NEW_GUAC_VERSION}/guacamole-auth-duo-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${LOG_LOCATION}
tar -xzf guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-auth-duo-${NEW_GUAC_VERSION}/guacamole-auth-duo-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-auth-duo-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded DUO extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
@ -252,15 +258,15 @@ done
for file in /etc/guacamole/extensions/guacamole-auth-ldap*.jar; do
if [[ -f $file ]]; then
echo -e "${LGREEN}LDAP authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-ldap*.jar &>>${LOG_LOCATION}
rm /etc/guacamole/extensions/guacamole-auth-ldap*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz &>>${LOG_LOCATION}
mv -f guacamole-auth-ldap-${NEW_GUAC_VERSION}/guacamole-auth-ldap-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${LOG_LOCATION}
tar -xzf guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-auth-ldap-${NEW_GUAC_VERSION}/guacamole-auth-ldap-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-auth-ldap-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded LDAP extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
@ -272,15 +278,15 @@ done
for file in /etc/guacamole/extensions/guacamole-auth-quickconnect*.jar; do
if [[ -f $file ]]; then
echo -e "${LGREEN}Quick Connect extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-quickconnect*.jar &>>${LOG_LOCATION}
rm /etc/guacamole/extensions/guacamole-auth-quickconnect*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz &>>${LOG_LOCATION}
mv -f guacamole-auth-quickconnect-${NEW_GUAC_VERSION}/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${LOG_LOCATION}
tar -xzf guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-auth-quickconnect-${NEW_GUAC_VERSION}/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded Quick Connect extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
@ -292,15 +298,15 @@ done
for file in /etc/guacamole/extensions/guacamole-history-recording-storage*.jar; do
if [[ -f $file ]]; then
echo -e "${LGREEN}History Recording Storage extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-history-recording-storage*.jar &>>${LOG_LOCATION}
rm /etc/guacamole/extensions/guacamole-history-recording-storage*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz"
exit 1
fi
tar -xzf guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz &>>${LOG_LOCATION}
mv -f guacamole-history-recording-storage-${NEW_GUAC_VERSION}/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${LOG_LOCATION}
tar -xzf guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
mv -f guacamole-history-recording-storage-${NEW_GUAC_VERSION}/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
chmod 664 /etc/guacamole/extensions/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.jar
echo -e "${LGREEN}Upgraded History Recording Storage extension to version ${NEW_GUAC_VERSION}${GREY}"
echo
@ -316,14 +322,13 @@ chown daemon:daemon /usr/sbin/.config/freerdp
mkdir -p /var/guacamole
chown daemon:daemon /var/guacamole
# Bring guacd and Tomcat back up
echo -e "${GREY}Starting guacd and Tomcat services..."
systemctl enable guacd
systemctl start guacd
systemctl start ${TOMCAT_VERSION}
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"
@ -334,9 +339,8 @@ fi
echo -e "${GREY}Clean up install files...${GREY}"
rm -rf guacamole-*
rm -rf mysql-connector-j-*
unset MYSQL_PWD
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
echo -e "${LGREEN}OK${GREY}"

0
add-auth-duo.sh → guac-optional-features/add-auth-duo.sh
View file

0
add-auth-ldap.sh → guac-optional-features/add-auth-ldap.sh
View file

0
add-auth-totp.sh → guac-optional-features/add-auth-totp.sh
View file

0
add-fail2ban.sh → guac-optional-features/add-fail2ban.sh
View file

0
add-smtp-relay-o365.sh → guac-optional-features/add-smtp-relay-o365.sh
View file

0
add-tls-guac-daemon.sh → guac-optional-features/add-tls-guac-daemon.sh
View file

0
add-xtra-histrecstor.sh → guac-optional-features/add-xtra-histrecstor.sh
View file

0
add-xtra-quickconnect.sh → guac-optional-features/add-xtra-quickconnect.sh
View file

17
useful-config-info.txt
View file

@ -67,6 +67,23 @@ UPDATE guacamole_user_attribute SET attribute_value='false' WHERE attribute_name
quit;
###############################################
# Quick troubleshoot SQL commands
###############################################
# Login
sudo mysql -u root -p
# Check time zone
SELECT @@time_zone;
# Rename user from local to remove access
use guacamole_db;
RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';
# Check user access
SELECT user,host FROM mysql.user;
SHOW GRANTS FOR guacamole_user;
#########################
Nginx load / DoS testing
#########################