1.5.3 3 tier architecture build support

1-setup.sh

@@ -6,6 +6,7 @@
 # April 2023
 #######################################################################################################################
 
+
 # To install latest code snapshot:
 # wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.sh && chmod +x 1-setup.sh && ./1-setup.sh
 
@@ -21,6 +22,7 @@
 # Or for Guacamole debug mode & verbose logs in the console:
 #     sudo systemctl stop guacd && sudo /usr/local/sbin/guacd -L debug -f
 
+
 #######################################################################################################################
 # Script pre-flight checks and settings ###############################################################################
 #######################################################################################################################
@@ -60,6 +62,7 @@ if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*'
     exit 1
 fi
 
+
 #######################################################################################################################
 # Core setup variables and mandatory inputs ###########################################################################
 #######################################################################################################################
@@ -71,7 +74,7 @@ DB_BACKUP_DIR=$USER_HOME_DIR/mysqlbackups
 TMP_DIR=$DOWNLOAD_DIR/tmp
 
 # GitHub download branch
-GITHUB="https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/"
+GITHUB="https://raw.githubusercontent.com/itiligent/Guacamole-Install/main"
 
 # Version of Guacamole to install
 GUAC_VERSION="1.5.3"
@@ -82,9 +85,8 @@ MYSQLJCON="8.1.0"
 # Set preferred Apache CDN download link)
 GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GUAC_VERSION}"
 
-# Force a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
+# Choose a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
-# If MYSQL_VERSION is left blank, script will default to the distro default MYSQL packages.
+MYSQL_VERSION="" # Blank "" forces distro default MySQL packages.
-MYSQL_VERSION=""
 if [ -z "${MYSQL_VERSION}" ]; then
     # Use Linux distro default version.
     MYSQLSRV="default-mysql-server default-mysql-client mysql-common"
@@ -161,11 +163,12 @@ mkdir -p $TMP_DIR
 
 # Script branding header
 echo
-echo -e "${GREYB}Itiligent VDI & Jump Server Appliance Setup."
+echo -e "${GREYB}Guacamole VDI & Jump Server Appliance Setup."
-echo -e "                       ${LGREEN}Powered by Guacamole"
+echo -e "                         ${LGREEN}Powered by Itiligent"
 echo
 echo
 
+
 #######################################################################################################################
 # Silent setup options - adding true/false or specific values below prevents prompt at install ########################
 #######################################################################################################################
@@ -204,6 +207,7 @@ RDP_SHARE_HOST=""               # Custom Windows RDP share host name. (e.g. RDP_
 RDP_SHARE_LABEL="RDP Share"     # Custom Windows RDP share drive label (e.g. RDP_SHARE_LABEL on RDP_SHARE_HOST)
 RDP_PRINTER_LABEL="RDP Printer" # Custom Windows RDP printer label
 
+
 #######################################################################################################################
 # Download GitHub setup scripts. To prevent overwrite, comment out lines of any scripts you have edited. ##############
 #######################################################################################################################
@@ -211,32 +215,32 @@ RDP_PRINTER_LABEL="RDP Printer" # Custom Windows RDP printer label
 # Download the set of config scripts from GitHub
 cd $DOWNLOAD_DIR
 echo -e "${GREY}Downloading setup files...${DGREY}"
-wget -q --show-progress ${GITHUB}2-install-guacamole.sh -O 2-install-guacamole.sh
+wget -q --show-progress ${GITHUB}/2-install-guacamole.sh -O 2-install-guacamole.sh
-wget -q --show-progress ${GITHUB}3-install-nginx.sh -O 3-install-nginx.sh
+wget -q --show-progress ${GITHUB}/3-install-nginx.sh -O 3-install-nginx.sh
-wget -q --show-progress ${GITHUB}4a-install-tls-self-signed-nginx.sh -O 4a-install-tls-self-signed-nginx.sh
+wget -q --show-progress ${GITHUB}/4a-install-tls-self-signed-nginx.sh -O 4a-install-tls-self-signed-nginx.sh
-wget -q --show-progress ${GITHUB}4b-install-tls-letsencrypt-nginx.sh -O 4b-install-tls-letsencrypt-nginx.sh
+wget -q --show-progress ${GITHUB}/4b-install-tls-letsencrypt-nginx.sh -O 4b-install-tls-letsencrypt-nginx.sh
-# Download the Guacamole manual add on/upgrade scripts
+# Download the Guacamole optional feature scripts
-wget -q --show-progress ${GITHUB}add-auth-duo.sh -O add-auth-duo.sh
+wget -q --show-progress ${GITHUB}/guac-optional-features/add-auth-duo.sh -O add-auth-duo.sh
-wget -q --show-progress ${GITHUB}add-auth-ldap.sh -O add-auth-ldap.sh
+wget -q --show-progress ${GITHUB}/guac-optional-features/add-auth-ldap.sh -O add-auth-ldap.sh
-wget -q --show-progress ${GITHUB}add-auth-totp.sh -O add-auth-totp.sh
+wget -q --show-progress ${GITHUB}/guac-optional-features/add-auth-totp.sh -O add-auth-totp.sh
-wget -q --show-progress ${GITHUB}add-xtra-quickconnect.sh -O add-xtra-quickconnect.sh
+wget -q --show-progress ${GITHUB}/guac-optional-features/add-xtra-quickconnect.sh -O add-xtra-quickconnect.sh
-wget -q --show-progress ${GITHUB}add-xtra-histrecstor.sh -O add-xtra-histrecstor.sh
+wget -q --show-progress ${GITHUB}/guac-optional-features/add-xtra-histrecstor.sh -O add-xtra-histrecstor.sh
-wget -q --show-progress ${GITHUB}add-smtp-relay-o365.sh -O add-smtp-relay-o365.sh
+wget -q --show-progress ${GITHUB}/guac-optional-features/add-smtp-relay-o365.sh -O add-smtp-relay-o365.sh
-wget -q --show-progress ${GITHUB}add-tls-guac-daemon.sh -O add-tls-guac-daemon.sh
+wget -q --show-progress ${GITHUB}/guac-optional-features/add-tls-guac-daemon.sh -O add-tls-guac-daemon.sh
-wget -q --show-progress ${GITHUB}add-fail2ban.sh -O add-fail2ban.sh
+wget -q --show-progress ${GITHUB}/guac-optional-features/add-fail2ban.sh -O add-fail2ban.sh
-wget -q --show-progress ${GITHUB}backup-guac.sh -O backup-guac.sh
+wget -q --show-progress ${GITHUB}/guac-management/backup-guac.sh -O backup-guac.sh
-wget -q --show-progress ${GITHUB}upgrade-guac.sh -O upgrade-guac.sh
+wget -q --show-progress ${GITHUB}/guac-management/upgrade-guac.sh -O upgrade-guac.sh
-wget -q --show-progress ${GITHUB}refresh-tls-self-signed.sh -O refresh-tls-self-signed.sh
+wget -q --show-progress ${GITHUB}/guac-management/refresh-tls-self-signed.sh -O refresh-tls-self-signed.sh
 # Download the (customisable) dark theme & branding template
-wget -q --show-progress ${GITHUB}branding.jar -O branding.jar
+wget -q --show-progress ${GITHUB}/branding.jar -O branding.jar
 chmod +x *.sh
-sleep 2
+sleep 3
 clear
 
 # Script branding header
 echo
-echo -e "${GREYB}Itiligent VDI & Jump Server Appliance Setup."
+echo -e "${GREYB}Guacamole VDI & Jump Server Appliance Setup."
-echo -e "                       ${LGREEN}Powered by Guacamole"
+echo -e "                         ${LGREEN}Powered by Itiligent"
 echo
 echo
 
@@ -258,6 +262,7 @@ if [[ $OS_FLAVOUR = "debian" ]] && [[ $OS_VERSION = *"bookworm"* ]]; then
     TOMCAT_VERSION="tomcat9"
 fi
 
+
 #######################################################################################################################
 # Begin install menu prompts ##########################################################################################
 #######################################################################################################################
@@ -338,8 +343,8 @@ clear
 
 # Script branding header
 echo
-echo -e "${GREYB}Itiligent VDI & Jump Server Appliance Setup."
+echo -e "${GREYB}Guacamole VDI & Jump Server Appliance Setup."
-echo -e "                       ${LGREEN}Powered by Guacamole"
+echo -e "                         ${LGREEN}Powered by Itiligent"
 echo
 echo
 
@@ -616,6 +621,7 @@ if [[ -z ${LE_EMAIL} ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
     done
 fi
 
+
 #######################################################################################################################
 # Start global setup actions  #########################################################################################
 #######################################################################################################################
@@ -625,8 +631,8 @@ fi
 # names shown here: https://guacamole.apache.org/doc/gug/installing-guacamole.html
 clear
 echo
-echo -e "${GREYB}Itiligent VDI & Jump Server Appliance Setup."
+echo -e "${GREYB}Guacamole VDI & Jump Server Appliance Setup."
-echo -e "                       ${LGREEN}Powered by Guacamole"
+echo -e "                         ${LGREEN}Powered by Itiligent"
 echo
 echo
 
@@ -667,6 +673,7 @@ sed -i "s|CERT_ORG=|CERT_ORG='${CERT_ORG}'|g" $DOWNLOAD_DIR/add-tls-guac-daemon.
 sed -i "s|CERT_OU=|CERT_OU='${CERT_OU}'|g" $DOWNLOAD_DIR/add-tls-guac-daemon.sh
 sed -i "s|CERT_DAYS=|CERT_DAYS='${CERT_DAYS}'|g" $DOWNLOAD_DIR/add-tls-guac-daemon.sh
 
+sed -i "s|INSTALL_MYSQL=|INSTALL_MYSQL='${INSTALL_MYSQL}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
 sed -i "s|MYSQL_HOST=|MYSQL_HOST='${MYSQL_HOST}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
 sed -i "s|MYSQL_PORT=|MYSQL_PORT='${MYSQL_PORT}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
 sed -i "s|GUAC_USER=|GUAC_USER='${GUAC_USER}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
@@ -747,6 +754,7 @@ echo "0 0 * * 1-5 ${DB_BACKUP_DIR}/backup-guac.sh # backup guacamole" >>cron_1
 crontab cron_1
 rm cron_1
 
+
 #######################################################################################################################
 # Start optional setup actions   ######################################################################################
 #######################################################################################################################

README.md

@@ -1,10 +1,10 @@
 # Guacamole 1.5.3 VDI/Jump Server Appliance Build Script
 
-<img src="https://github.githubassets.com/images/icons/emoji/sparkles.png" width="35"> This script makes setting up Guacamole 1.5.3 a breeze, with added features like TLS reverse proxy, AD integration, multi-factor authentication, Quick Connect, History Recording Storage, dark mode support, auto database backup, O365 email alerts, and enhanced security options.
+<img src="https://github.githubassets.com/images/icons/emoji/sparkles.png" width="35"> This repo makes setting up Guacamole 1.5.3 a breeze, with added features like TLS reverse proxy, Active Directory integration, multi-factor authentication, Quick Connect, History Recording Storage, dark mode and custom UI templates, auto database backup, O365 email alerts, and enhanced security options. See below for enterprise and high availability deployments too.
 
 ## Automatic Installation
 
-<img src="https://github.githubassets.com/images/icons/emoji/rocket.png" width="35"> To start building the Guacamole appliance, paste the below link into a terminal and follow the prompts **(no need for sudo, but the user must be a member of the sudo group)**:
+<img src="https://github.githubassets.com/images/icons/emoji/rocket.png" width="35"> To start building your Guacamole appliance, paste the below link into a terminal and follow the prompts **(no need for sudo, but the user must be a member of the sudo group)**:
 
 ```shell
 wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.sh && chmod +x 1-setup.sh && ./1-setup.sh
@@ -14,27 +14,27 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
 
 <img src="https://github.githubassets.com/images/icons/emoji/lock.png" width="35"> **Before diving in, make sure you have:**
 
-- A compatible OS: Ubuntu 18.04 - 22.x, Debian 11 & 10, or Raspbian Buster/Bullseye (stick to stable releases for cloud images).
+- A compatible OS: Ubuntu 18.04 - 22.x, Debian 10 or 11, or Raspbian Buster/Bullseye (If using vendor cloud images stick to stable releases).
 - Minimum 8GB RAM and 40GB HDD.
-- DNS entries matching your default route interface IP (essential for TLS).
+- DNS entries matching your default appliance network interface IP (essential for TLS).
 - Open TCP ports: 22, 80, and 443.
 
 ## Installation Menu
 
 <img src="https://github.githubassets.com/images/icons/emoji/wrench.png" width="35"> **This script guides you through the installation process in the following steps:**
 
-1. Confirm system hostname and local DNS domain suffix.
+1. Confirm your system hostname and local DNS domain suffix. (Must be consistent for TLS proxy)
-2. Choose a MySQL instance type and set security preferences.
+2. Choose a locally installed or remote MySQL instance, set database security preferences.
-3. Pick an authentication extension (DUO, TOTP, LDAP, or none).
+3. Pick an authentication extension: DUO, TOTP, LDAP, or none.
-4. Select optional console features: Quick Connect and History Recorded Storage.
+4. Select optional console features: Quick Connect & History Recorded Storage UI integrations.
 5. Decide on the Guacamole front end: Nginx reverse proxy (http or https) or keep the native Guacamole interface
 
-**For the more security minded, there's several post-install hardening options available:**
+**For the more security minded, there's several post-install hardening script options available:**
 
 - `add-fail2ban.sh`: Adds a lockdown policy for Guacamole to guard against brute force attacks.
-- `add-tls-guac-daemon.sh`: Wraps internal server daemon to guac application traffic in TLS.
+- `add-tls-guac-daemon.sh`: Wraps internal server daemon <--> guac application traffic in TLS.
 - `add-auth-ldap.sh`: A template script for Active Directory integration.
-- `add-smtp-relay-o365.sh`: A template script for email alerts via MSO65 (BYO app password).
+- `add-smtp-relay-o365.sh`: A template script for email alerts integrated with MSO65 (BYO app password).
 
 ## Active Directory Integration
 
@@ -44,37 +44,37 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
 
 <img src="https://github.githubassets.com/images/icons/emoji/art.png" width="35"> **Want to give Guacamole your personal touch? Follow the theme and branding instructions** [here](https://github.com/itiligent/Guacamole-Install/tree/main/custom-theme-builder).
 
-## Installation Notes
+## Custom Installation Notes
 
 <img src="https://github.githubassets.com/images/icons/emoji/unicode/2699.png" width="35"> 
 
 1. Paste and run the wget autorun link in your home directory.
 2. Exit `1-setup.sh` at the first prompt. (At this point the scripts are downloaded only.)
 3. Customise the huge number of installation variables available in `1-setup.sh` as required. (Certain combinations of edits will produce a fully unattended install.)
-4. **Caution: If editing `1-setup.sh`, be aware that running the autorun link again re-downloads and overwrites all changes. You must run setup locally after editing.** (Also be sure to comment out the download links in the setup script to any other downloaded scripts that you may have edited. There should be little need to edit outside of the setup script's options.)
+4. **Caution: If editing `1-setup.sh`, be aware that running the autorun link again re-downloads and overwrites all changes. You must run setup locally after editing.** (Also be sure to comment out the download links in the setup script for any other edited scripts. (There should be little need to edit outside of the setup script's options.)
 5. The **upgrade-guac.sh, add-tls-guac-daemon.sh, refresh-tls-self-signed.sh & backup-guac.sh** scripts are automatically adjusted at installation to match your chosen installation settings. These can be run after install without any modification.
-6. If the self-signed TLS proxy option is selected, browser client TLS certificates will be automatically created and saved to `$DOWNLOAD_DIR/guac-setup`.
+6. If the self-signed TLS proxy option is selected, browser client TLS certificates will be automatically created and saved to `$HOME/guac-setup`.
-7. Nginx is automatically configured to use TLS 1.2 or above (so really old browser versions may not work.)
+7. Note that Nginx is automatically configured to use TLS 1.2 or above (so really old browser versions may not work.)
-8. A daily MySQL backup job will be automatically configured by the installer.
+8. A daily MySQL backup job will be automatically configured under the script owner's crontab.
 9. **Security info:** The Quick Connect and History Recorded Storage options bring a few security implications; so be aware of potential risks in your particular environment.
    
 ## Upgrading Guacamole
 
-<img src="https://github.githubassets.com/images/icons/emoji/globe_with_meridians.png" width="35"> To upgrade Guacamole, edit `upgrade-guac.sh` to relfect the latest available versions of Guacamole and MySQL connector/J before running it. This script will also automatically update the DUO, LDAP, TOTP, Quick Connect & History Recorded Storage extension if they are present.
+<img src="https://github.githubassets.com/images/icons/emoji/globe_with_meridians.png" width="35"> To upgrade Guacamole, edit `upgrade-guac.sh` to relfect the latest versions of Guacamole and MySQL connector/J before running it. This script will also automatically update the DUO, LDAP, TOTP, Quick Connect & History Recorded Storage extension if they are found to be present.
 
 ## Enterprise Scale Out & High Availability 
 
-<img src="https://github.githubassets.com/images/icons/emoji/unicode/1f454.png" width="35"> For Enterprise deployments, did you know that Guacamole can be run in a load balanced farm? To achieve this, the database, application and front end components are usually **split into a 3 layers.** (VLANs & firewalls between the layers helps with security too.)
+<img src="https://github.githubassets.com/images/icons/emoji/unicode/1f454.png" width="35"> For Enterprise deployments, did you know that Guacamole can be run in a load balanced farm? To achieve this, the database, application and front end components are usually **split into 2 or 3 layers.** (VLANs & firewalls between the layers helps with security too.) See [here](https://github.com/itiligent/Guacamole-Install/tree/main/guac-enterprise-build) for useful related materials.
-- **For the DATABASE layer:** Find the included `install-mysql-backend-only.sh` to install just a standalone instance of the Guacamole MySQL database.
+- **For the DATABASE layer:** Find the included `install-mysql-backend-only.sh` to install just a standalone backend instance of the Guacamole MySQL database. 
-- **For the APPLICATION layer:** Simply use the main setup script on as many application servers as you like, just make sure to say no to both the Install MYSQL locally option and any Nginx front end options.
+- **For the APPLICATION layer:** Simply use the main setup script to build as many application servers as you like. For a true 3 layer load balanced system, make sure to **say no to both the "Install MySQL locally" option and all Nginx front end options.** 
-- **For the Front end**: You'll need to roll your own load balancer. **HA Proxy** provides superior session affinity under load balanced conditions when compared to Open source Nginx (Nginx Plus gives you all the good stuff.) There's too many possible ways to achieve this, and the target audience for this sort of setup likely knows how to run with whats already provided.
+- **For the Front end**: There are may choices here. You can slightly modify the Nginx scripts for a front end TLS layer, however **HA Proxy** provides far superior session affinity under load balanced conditions when compared to Open Source Nginx (The paid for Nginx Plus gives you all the good stuff!) There's so many possible ways to achieve this in hardware and software. For this target audience there's plenty of config detail here help you begin to roll your own HA solution.
 
 ## Auto Download Manifest
 
-<img src="https://github.githubassets.com/images/icons/emoji/package.png" width="35"> The autorun link downloads these repo files into `$DOWNLOAD_DIR/guac-setup`:
+<img src="https://github.githubassets.com/images/icons/emoji/package.png" width="35"> The autorun link downloads these repo files into `$HOME/guac-setup`:
 
 - `1-setup.sh`: The installation script.
-- `2-install-guacamole.sh`: Guacamole main installation script.
+- `2-install-guacamole.sh`: Guacamole main source build installation script.
 - `3-install-nginx.sh`: Installs Nginx for reverse proxy (optional).
 - `4a-install-tls-self-signed-nginx.sh`: Configures self-signed TLS for Nginx (optional).
 - `4b-install-tls-letsencrypt-nginx.sh`: Installs Let's Encrypt for Nginx (optional).

guac-enterprise-build/install-mysql-backend-only.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 #######################################################################################################################
-# Guacamole db build script. 
+# Guacamole MySQL backend install script. (For split DB and guacamole application layers.) 
 # For Ubuntu / Debian / Raspbian
 # David Harrop
 # September 2023
@@ -11,6 +11,13 @@
 # Layer 2 = GUAC SERVER & APPLICATION - use the main setup script, and select remote MYSQL DB option.
 # Layer 3 = FRONT END REV PROXY (Potentially load balanced & HA) - approach TBA
 
+
+#######################################################################################################################
+# Script pre-flight checks and settings ###############################################################################
+#######################################################################################################################
+
+clear
+
 # Prepare text output colours
 GREY='\033[0;37m'
 DGREY='\033[0;90m'
@@ -20,14 +27,33 @@ LGREEN='\033[0;92m'
 LYELLOW='\033[0;93m'
 NC='\033[0m' #No Colour
 
-#  Setup download and temp directory paths
+# Check if user is root or sudo
+if ! [ $(id -u) = 0 ]; then
+    echo
+    echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
+    exit 1
+fi
+
+# Check to see if any previous version of build/install files exist, if so stop and check to be safe.
+if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
+    echo
+    echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
+    echo
+    exit 1
+fi
+
+
+#######################################################################################################################
+# Initial environment setup ###########################################################################################
+#######################################################################################################################
+
+#Setup download and temp directory paths
 USER_HOME_DIR=$(eval echo ~${SUDO_USER})
 DOWNLOAD_DIR=$USER_HOME_DIR/guac-setup
-mkdir -p $DOWNLOAD_DIR
-chown -R $SUDO_USER:root $DOWNLOAD_DIR
 
-# Install log Location
+# Setup directory locations
-INSTALL_LOG="${DOWNLOAD_DIR}/mysql_install.log"
+mkdir -p $DOWNLOAD_DIR
+sudo chown -R $SUDO_USER:root $DOWNLOAD_DIR
 
 # Version of Guacamole auth jdbc database schema to use
 GUAC_VERSION="1.5.3"
@@ -35,6 +61,9 @@ GUAC_VERSION="1.5.3"
 # Set preferred Apache CDN download link)
 GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GUAC_VERSION}"
 
+# Install log Location
+INSTALL_LOG="${DOWNLOAD_DIR}/guacamole_${GUAC_VERSION}_mysql_install.log"
+
 clear
 
 # Script branding header
@@ -44,30 +73,45 @@ echo -e "             ${LGREEN}Powered by Itiligent"
 echo
 echo
 
-#######################################################################################################################
-# Silent setup options - adding true/false or specific values below prevents prompt at install ########################
-#######################################################################################################################
-BACKEND_MYSQL="true"                # Separate the MySQL database and Guacamole application servers? (true/false)
-MYSQL_BIND_ADDR="0.0.0.0"           # Active when BACKEND_MYSQL="true". The the IP address to bind MySQL to.
-SECURE_MYSQL="true"                 # Apply the mysql secure configuration tool (true/false)
-MYSQL_PORT="3306"                   # Default is 3306
-GUAC_DB="guacamole_db"              # Default is guacamole_db
-GUAC_USER="guacamole_user"          # Default is guacamole_user
-GUAC_PWD="test"                     # Requires an entry
-MYSQL_ROOT_PWD="test"               # Requires an entry.
-DB_TZ=$(cat /etc/timezone)          # Database timezone defaults is system TZ. Change to "UTC" if appropriate
 
-# Force a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
+#######################################################################################################################
-# If MYSQL_VERSION is left blank, script will default to the distro default MYSQL packages.
+# Setup options. ######################################################################################################
-MYSQL_VERSION=""
+#######################################################################################################################
+
+BACKEND_MYSQL="true"        # True: Allow $GUAC_USER remote login. False or "": Limits $GUAC_USER to localhost only login.
+FRONTEND_NET=""             # "" = allow login from any IP or wildcards e.g. 192.168.1.% (Needs BACKEND_SQL="true", else ignored)
+MYSQL_BIND_ADDR="0.0.0.0"   # Bind MySQL to this IP. (127.0.0.1, a specific IP or 0.0.0.0 for all interfaces)
+SECURE_MYSQL="true"         # Apply the mysql secure configuration tool (true/false)
+MYSQL_PORT="3306"           # Default is 3306
+GUAC_DB="guacamole_db"      # Default is guacamole_db
+GUAC_USER="guacamole_user"  # Default is guacamole_user
+GUAC_PWD="test"             # Requires an entry
+MYSQL_ROOT_PWD="test"       # Requires an entry.
+DB_TZ=$(cat /etc/timezone)  # Typically system default (cat /etc/timezone) or change to "UTC" if required.
+
+# For a remotely accessed back end DB instance, keep this script set to BACKEND_MYSQL="true".
+# Other options are fairly straight forward. For a typical back end server only the $FRONTEND_NET and $MYSQL_BIND_ADDR 
+# values may need closer attention.
+
+# This script can also accommodate DR or migration scenarios: E.g Migration away from XML user mappings, PostGres to MySQL etc). 
+# To install a new MySQL database on the same server as the Guacamole application, set BACKEND_MYSQL="false" & 
+# MYSQL_BIND_ADDR="127.0.0.1". See bottom of this script for some remaining DB migration actions.
+
+
+#######################################################################################################################
+# Start install actions  ##############################################################################################
+#######################################################################################################################
+
+# Choose a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
+MYSQL_VERSION="" # Blank "" forces distro default MySQL packages.
 if [ -z "${MYSQL_VERSION}" ]; then
     # Use Linux distro default version.
     MYSQLV="default-mysql-server default-mysql-client mysql-common"
-    DB_CMD="mysql"
+    DB_CMD="mysql" # mysql command is depricated
   else
     # Use official mariadb.org repo
     MYSQLV="mariadb-server mariadb-client mariadb-common"
-    DB_CMD="mariadb"
+    DB_CMD="mariadb" # mysql command is depricated on newer versions
 fi
 
 # Update everything but don't do the annoying prompts during apt installs
@@ -92,7 +136,7 @@ if [ -n "${MYSQL_VERSION}" ]; then
     bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
 fi
 
-# Download Guacamole mysql specific components
+# Download and extract the Guacamole SQL authentication extension containing the database schema
 echo -e "${GREY}Downloading Guacamole database source files..."
 wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
 if [ $? -ne 0 ]; then
@@ -115,6 +159,7 @@ else
     echo
 fi
 
+# Set the root password without a reliance on debconf.
 echo -e "${GREY}Setting MySQL root password..."
 SQLCODE="
 FLUSH PRIVILEGES;
@@ -128,21 +173,22 @@ else
     echo
 fi
 
-# Find the location of the MySQL or MariaDB config files. Add to this list for more candidates..
+# Find the location of the MySQL or MariaDB config files. (Add to this list for more potential candidates.)
 for x in /etc/mysql/mariadb.conf.d/50-server.cnf \
     /etc/mysql/mysql.conf.d/mysqld.cnf \
     /etc/mysql/my.cnf; do
-    # Check inside each to see if a [mysqld] or [mariadbd] section exists and assign x the correct filename.
+    # Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename.
     if [ -e "${x}" ]; then
            if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then
             mysqlconfig="${x}"
-            # Reduce any duplicated section names, then remove the [ ] special characters (for sed cmd below)
+            # Reduce any duplicated section names, then sanitise the [ ] special characters for sed below)
             config_section=$(grep -m 1 -E '^\[(mysqld|mariadbd)\]$' "${x}" | sed 's/\[\(.*\)\]/\1/') 
             break
         fi
     fi
 done
 
+# Set the MySQL Timezone
 if [ -z "${mysqlconfig}" ]; then
     echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings"
 else
@@ -169,10 +215,9 @@ else
     echo
 fi
 
-# Change the default localhost MySQL binding IP address for remote Guacamole server accessibility
+# Set the MySQL binding IP address to whatever the setup variable is set to.
-if [[ "${BACKEND_MYSQL}" = true ]]; then
+echo -e "${GREY}Setting MySQL IP address binding to ${MYSQL_BIND_ADDR}..."
-    echo -e "${GREY}Setting MySQL IP address binding to ${MYSQL_BIND_ADDR}..."
+sed -i "s/^bind-address[[:space:]]*=[[:space:]]*.*/bind-address = ${MYSQL_BIND_ADDR}/g" ${mysqlconfig}
-    sed -i "s/bind-address[[:space:]]*=[[:space:]]*127\.0\.0\.1/bind-address = ${MYSQL_BIND_ADDR}/g" ${mysqlconfig}
 if [ $? -ne 0 ]; then
     echo -e "${LRED}Failed${GREY}" 1>&2
     exit 1
@@ -180,17 +225,22 @@ else
     echo -e "${LGREEN}OK${GREY}"
     echo
 fi
-fi
 
-# Create ${GUAC_DB} and grant ${GUAC_USER} permissions to it
+# Establish the appropriate form of Guacamole user account access (remote or localhost login permissions) 
 echo -e "${GREY}Setting up database access parameters for the Guacamole user ..."
-if [[ "${BACKEND_MYSQL}" = true ]]; then
+if [ "${BACKEND_MYSQL}" = true ] && [ -z "${FRONTEND_NET}" ]; then
-    GUAC_USERHost="%"
+    echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}"
-    echo -e "${YELLOW} MySQL ${GUAC_USER} is set to accept db login from any host, you may wish to limit this to specific IPs.${GREY}"
+    # e.g. RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';"
-#   e.g. RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';"
+    GUAC_USERHost="%" # Allow all IPs
-else
+        elif [ "${BACKEND_MYSQL}" = true ] && [ -n "${FRONTEND_NET}" ]; then
-    GUAC_USERHost=localhost
+            echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from ${FRONTEND_NET}.${GREY}"
-    echo -e "${YELLOW}MySQL Guacamole user is set to only allow login from localhost.${GREY}"
+            GUAC_USERHost="${FRONTEND_NET}" # Apply the given range
+        elif  [ "${BACKEND_MYSQL}" = false ] || [ -z "${BACKEND_MYSQL}" ]; then
+           echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}"
+           GUAC_USERHost=localhost # Assume a localhost only install
+        else
+    echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}"
+    GUAC_USERHost=localhost # Assume a localhost only install
 fi
 if [ $? -ne 0 ]; then
     echo -e "${LRED}Failed${GREY}" 1>&2
@@ -218,7 +268,7 @@ else
     echo
 fi
 
-# Add Guacamole schema to newly created database
+# Add Guacamole's schema code to newly created database
 echo -e "${GREY}Adding the Guacamole database schema..."
 cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD}
 if [ $? -ne 0 ]; then
@@ -262,9 +312,8 @@ expect eof
     fi
 fi
 
-# Restart MySQL service
+# Restart & enable MySQL service at boot
 echo -e "${GREY}Restarting MySQL service & enable at boot..."
-# Set MySQl to start at boot
 systemctl enable mysql
 systemctl restart mysql
 if [ $? -ne 0 ]; then
@@ -292,3 +341,31 @@ fi
 echo
 printf "${LGREEN}Guacamole ${GUAC_VERSION} MySQL backend install complete! \n${NC}"
 echo -e ${NC}
+
+
+#######################################################################################################################
+# Additional migration steps for adding MySQL to an existing Guacamole application server
+#######################################################################################################################
+
+# Download and upgrade Guacamole SQL authentication extension
+#wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
+#tar -xzf guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
+#rm /etc/guacamole/extensions/guacamole-auth-jdbc-*.jar
+#mv -f guacamole-auth-jdbc-${GUAC_VERSION}/mysql/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar /etc/guacamole/extensions/
+#chmod 664 /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar
+
+# Download MySQL connector/j
+# MYSQLJCON="8.1.0"
+#wget -q --show-progress -O mysql-connector-j-${MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}.tar.gz
+#tar -xzf mysql-connector-j-${MYSQLJCON}.tar.gz
+#rm /etc/guacamole/lib/mysql-connector-java.jar
+#mv -f mysql-connector-j-${MYSQLJCON}/mysql-connector-j-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar
+
+# Configure guacamole.properties file
+#rm -f /etc/guacamole/guacamole.properties
+#touch /etc/guacamole/guacamole.properties
+#echo "mysql-hostname: ${MYSQL_HOST}" >>/etc/guacamole/guacamole.properties
+#echo "mysql-port: ${MYSQL_PORT}" >>/etc/guacamole/guacamole.properties
+#echo "mysql-database: ${GUAC_DB}" >>/etc/guacamole/guacamole.properties
+#echo "mysql-username: ${GUAC_USER}" >>/etc/guacamole/guacamole.properties
+#echo "mysql-password: ${GUAC_PWD}" >>/etc/guacamole/guacamole.properties

guac-management/upgrade-guac.sh

@@ -24,34 +24,30 @@ NC='\033[0m' #No Colour
 # Check if user is root or sudo
 if ! [ $(id -u) = 0 ]; then
     echo
-    echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
+    echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
     exit 1
 fi
 
 # Check to see if any previous version of build/install files exist, if so stop and check to be safe.
-if [ "$(find . -maxdepth 2 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
+if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
     echo
-    echo -e "${LRED}Possible previous upgrade files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
+    echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
     echo
     exit 1
 fi
 
+
 #######################################################################################################################
 # Initial environment setup ###########################################################################################
 #######################################################################################################################
 
-# Script branding header
-echo
-echo -e "${GREYB}Itiligent VDI & Jump Server Appliance UPGRADE."
-echo -e "                    ${LGREEN}Powered by Guacamole"
-echo
-
 #Setup download and temp directory paths
 USER_HOME_DIR=$(eval echo ~${SUDO_USER})
 DOWNLOAD_DIR=$USER_HOME_DIR/guac-setup
 
 # Setup directory locations
 mkdir -p $DOWNLOAD_DIR
+sudo chown -R $SUDO_USER:root $DOWNLOAD_DIR
 
 # Version of Guacamole to upgrade to. See https://guacamole.apache.org/releases/ for latest version info.
 NEW_GUAC_VERSION="1.5.3"
@@ -67,12 +63,12 @@ OLD_GUAC_VERSION=$(grep -oP 'Guacamole.API_VERSION = "\K[0-9\.]+' /var/lib/${TOM
 
 # Set preferred Apache CDN download link
 GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${NEW_GUAC_VERSION}"
-# Set preferred Apache CDN download link
 
 # Install log Location
-LOG_LOCATION="${DOWNLOAD_DIR}/guacamole_${NEW_GUAC_VERSION}_upgrade.log"
+INSTALL_LOG="${DOWNLOAD_DIR}/guacamole_${NEW_GUAC_VERSION}_upgrade.log"
 
 # Auto updated values from main installer (manually update if blank)
+INSTALL_MYSQL=
 MYSQL_HOST=
 MYSQL_PORT=
 GUAC_USER=
@@ -80,6 +76,13 @@ GUAC_PWD=
 GUAC_DB=
 MYSQL_ROOT_PWD=
 
+# Script branding header
+echo
+echo -e "${GREYB}Guacamole VDI & Jump Server Appliance UPGRADE."
+echo -e "                             ${LGREEN}Powered by Itiligent"
+echo
+
+
 #######################################################################################################################
 # Start upgrade actions  ##############################################################################################
 #######################################################################################################################
@@ -151,7 +154,7 @@ echo -e "${GREY}Compiling Guacamole-Server ${NEW_GUAC_VERSION} from source with
 # Fix for warnings see #222 https://github.com/MysticRyuujin/guac-install/issues/222
 export CFLAGS="-Wno-error"
 # Configure Guacamole Server source
-./configure --with-systemd-dir=/etc/systemd/system &>>${LOG_LOCATION}
+./configure --with-systemd-dir=/etc/systemd/system &>>${INSTALL_LOG}
 if [ $? -ne 0 ]; then
     echo "Failed to configure guacamole-server"
     echo "Trying again with --enable-allow-freerdp-snapshots"
@@ -166,9 +169,9 @@ else
 fi
 
 echo -e "${GREY}Running make and building the upgraded Guacamole-Server application..."
-make &>>${LOG_LOCATION}
+make &>>${INSTALL_LOG}
 if [ $? -ne 0 ]; then
-    echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
     exit 1
 else
     echo -e "${LGREEN}OK${GREY}"
@@ -176,18 +179,20 @@ else
 fi
 
 echo -e "${GREY}Installing the upgraded Guacamole-Server..."
-make install &>>${LOG_LOCATION}
+make install &>>${INSTALL_LOG}
+ldconfig
 if [ $? -ne 0 ]; then
-    echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
     exit 1
 else
     echo -e "${LGREEN}OK${GREY}"
     echo
 fi
-ldconfig
 
 cd ..
 
+# Don't run the SQL upgrade commands if original setup option was set to remote MySQL instance. - Use separate DB update script.
+if [ "${INSTALL_MYSQL}" = true ]; then
 # Get list of SQL Upgrade Files
 echo -e "${GREY}Upgrading MySQL Schema..."
 UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/ | sort -V))
@@ -197,30 +202,31 @@ for FILE in ${UPGRADEFILES[@]}; do
     FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)')
     if [[ $(echo -e "${FILEVERSION}\n${OLD_GUAC_VERSION}" | sort -V | head -n1) == ${OLD_GUAC_VERSION} && ${FILEVERSION} != ${OLD_GUAC_VERSION} ]]; then
         echo "Patching ${GUAC_DB} with ${FILE}"
-        mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${LOG_LOCATION}
+        mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG}
     fi
 done
 if [ $? -ne 0 ]; then
-    echo -e "${LRED}SQL upgrade failed. See ${LOG_LOCATION}${GREY}" 1>&2
+    echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2
     exit 1
 else
     echo -e "${LGREEN}OK${GREY}"
     echo
 fi
+fi
 
 # Check for TOTP extension and upgrade if found
 for file in /etc/guacamole/extensions/guacamole-auth-totp*.jar; do
     if [[ -f $file ]]; then
         echo -e "${LGREEN}TOTP authentication extension was found, upgrading...${GREY}"
-        rm /etc/guacamole/extensions/guacamole-auth-totp*.jar &>>${LOG_LOCATION}
+        rm /etc/guacamole/extensions/guacamole-auth-totp*.jar &>>${INSTALL_LOG}
         wget -q --show-progress -O guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz
         if [ $? -ne 0 ]; then
             echo -e "${LRED}Failed to download guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz" 1>&2
             echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz"
             exit 1
         fi
-        tar -xzf guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz &>>${LOG_LOCATION}
+        tar -xzf guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
-        mv -f guacamole-auth-totp-${NEW_GUAC_VERSION}/guacamole-auth-totp-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${LOG_LOCATION}
+        mv -f guacamole-auth-totp-${NEW_GUAC_VERSION}/guacamole-auth-totp-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
         chmod 664 /etc/guacamole/extensions/guacamole-auth-totp-${NEW_GUAC_VERSION}.jar
         echo -e "${LGREEN}Upgraded TOTP extension to version ${NEW_GUAC_VERSION}${GREY}"
         echo
@@ -232,15 +238,15 @@ done
 for file in /etc/guacamole/extensions/guacamole-auth-duo*.jar; do
     if [[ -f $file ]]; then
         echo -e "${LGREEN}DUO authentication extension was found, upgrading...${GREY}"
-        rm /etc/guacamole/extensions/guacamole-auth-duo*.jar &>>${LOG_LOCATION}
+        rm /etc/guacamole/extensions/guacamole-auth-duo*.jar &>>${INSTALL_LOG}
         wget -q --show-progress -O guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz
         if [ $? -ne 0 ]; then
             echo -e "${LRED}Failed to download guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz" 1>&2
             echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz"
             exit 1
         fi
-        tar -xzf guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz &>>${LOG_LOCATION}
+        tar -xzf guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
-        mv -f guacamole-auth-duo-${NEW_GUAC_VERSION}/guacamole-auth-duo-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${LOG_LOCATION}
+        mv -f guacamole-auth-duo-${NEW_GUAC_VERSION}/guacamole-auth-duo-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
         chmod 664 /etc/guacamole/extensions/guacamole-auth-duo-${NEW_GUAC_VERSION}.jar
         echo -e "${LGREEN}Upgraded DUO extension to version ${NEW_GUAC_VERSION}${GREY}"
         echo
@@ -252,15 +258,15 @@ done
 for file in /etc/guacamole/extensions/guacamole-auth-ldap*.jar; do
     if [[ -f $file ]]; then
         echo -e "${LGREEN}LDAP authentication extension was found, upgrading...${GREY}"
-        rm /etc/guacamole/extensions/guacamole-auth-ldap*.jar &>>${LOG_LOCATION}
+        rm /etc/guacamole/extensions/guacamole-auth-ldap*.jar &>>${INSTALL_LOG}
         wget -q --show-progress -O guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz
         if [ $? -ne 0 ]; then
             echo -e "${LRED}Failed to download guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz" 1>&2
             echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz"
             exit 1
         fi
-        tar -xzf guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz &>>${LOG_LOCATION}
+        tar -xzf guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
-        mv -f guacamole-auth-ldap-${NEW_GUAC_VERSION}/guacamole-auth-ldap-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${LOG_LOCATION}
+        mv -f guacamole-auth-ldap-${NEW_GUAC_VERSION}/guacamole-auth-ldap-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
         chmod 664 /etc/guacamole/extensions/guacamole-auth-ldap-${NEW_GUAC_VERSION}.jar
         echo -e "${LGREEN}Upgraded LDAP extension to version ${NEW_GUAC_VERSION}${GREY}"
         echo
@@ -272,15 +278,15 @@ done
 for file in /etc/guacamole/extensions/guacamole-auth-quickconnect*.jar; do
     if [[ -f $file ]]; then
         echo -e "${LGREEN}Quick Connect extension was found, upgrading...${GREY}"
-        rm /etc/guacamole/extensions/guacamole-auth-quickconnect*.jar &>>${LOG_LOCATION}
+        rm /etc/guacamole/extensions/guacamole-auth-quickconnect*.jar &>>${INSTALL_LOG}
         wget -q --show-progress -O guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz
         if [ $? -ne 0 ]; then
             echo -e "${LRED}Failed to download guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz" 1>&2
             echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz"
             exit 1
         fi
-        tar -xzf guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz &>>${LOG_LOCATION}
+        tar -xzf guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
-        mv -f guacamole-auth-quickconnect-${NEW_GUAC_VERSION}/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${LOG_LOCATION}
+        mv -f guacamole-auth-quickconnect-${NEW_GUAC_VERSION}/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
         chmod 664 /etc/guacamole/extensions/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.jar
         echo -e "${LGREEN}Upgraded Quick Connect extension to version ${NEW_GUAC_VERSION}${GREY}"
         echo
@@ -292,15 +298,15 @@ done
 for file in /etc/guacamole/extensions/guacamole-history-recording-storage*.jar; do
     if [[ -f $file ]]; then
         echo -e "${LGREEN}History Recording Storage extension was found, upgrading...${GREY}"
-        rm /etc/guacamole/extensions/guacamole-history-recording-storage*.jar &>>${LOG_LOCATION}
+        rm /etc/guacamole/extensions/guacamole-history-recording-storage*.jar &>>${INSTALL_LOG}
         wget -q --show-progress -O guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz
         if [ $? -ne 0 ]; then
             echo -e "${LRED}Failed to download guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz" 1>&2
             echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz"
             exit 1
         fi
-        tar -xzf guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz &>>${LOG_LOCATION}
+        tar -xzf guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz &>>${INSTALL_LOG}
-        mv -f guacamole-history-recording-storage-${NEW_GUAC_VERSION}/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${LOG_LOCATION}
+        mv -f guacamole-history-recording-storage-${NEW_GUAC_VERSION}/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>>${INSTALL_LOG}
         chmod 664 /etc/guacamole/extensions/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.jar
         echo -e "${LGREEN}Upgraded History Recording Storage extension to version ${NEW_GUAC_VERSION}${GREY}"
         echo
@@ -316,14 +322,13 @@ chown daemon:daemon /usr/sbin/.config/freerdp
 mkdir -p /var/guacamole
 chown daemon:daemon /var/guacamole
 
-
 # Bring guacd and Tomcat back up
 echo -e "${GREY}Starting guacd and Tomcat services..."
 systemctl enable guacd
 systemctl start guacd
 systemctl start ${TOMCAT_VERSION}
 if [ $? -ne 0 ]; then
-    echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
     exit 1
 else
     echo -e "${LGREEN}OK${GREY}"
@@ -334,9 +339,8 @@ fi
 echo -e "${GREY}Clean up install files...${GREY}"
 rm -rf guacamole-*
 rm -rf mysql-connector-j-*
-unset MYSQL_PWD
 if [ $? -ne 0 ]; then
-    echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
     exit 1
 else
     echo -e "${LGREEN}OK${GREY}"

useful-config-info.txt

@@ -67,6 +67,23 @@ UPDATE guacamole_user_attribute SET attribute_value='false' WHERE attribute_name
 quit;
 
 
+###############################################
+# Quick troubleshoot SQL commands
+###############################################
+# Login
+sudo mysql -u root -p
+
+# Check time zone
+SELECT @@time_zone;
+
+# Rename user from local to remove access
+use guacamole_db;
+RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';
+
+# Check user access
+SELECT user,host FROM mysql.user;
+SHOW GRANTS FOR guacamole_user;
+
 #########################
 Nginx load / DoS testing 
 #########################