Debian 12 testing

2025-12-14 02:12:31 +00:00 · 2023-09-10 00:38:31 +10:00 · 2023-09-10 00:38:31 +10:00 · aa4bd94799
commit aa4bd94799
parent 1f77c3c4ba
4 changed files with 631 additions and 573 deletions
--- a/1-setup.sh
+++ b/1-setup.sh
@ -6,7 +6,6 @@
 # April 2023
 #######################################################################################################################
 # To install latest code snapshot:
 # wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.sh && chmod +x 1-setup.sh && ./1-setup.sh
@ -22,7 +21,6 @@
 # Or for Guacamole debug mode & verbose logs in the console:
 #     sudo systemctl stop guacd && sudo /usr/local/sbin/guacd -L debug -f
 #######################################################################################################################
 # Script pre-flight checks and settings ###############################################################################
 #######################################################################################################################
@ -36,33 +34,34 @@ GREYB='\033[1;37m'
 LRED='\033[0;91m'
 LGREEN='\033[0;92m'
 LYELLOW='\033[0;93m'
 LMAGENTA='\033[0;95m'
 LCYAN='\033[0;96m'
 NC='\033[0m' #No Colour
 # Make sure the user is NOT running this script as root
 if [[ $EUID -eq 0 ]]; then
-    echo
+	echo
-    echo -e "${LRED}This script must NOT be run as root, exiting..." 1>&2
+	echo -e "${LRED}This script must NOT be run as root, exiting..." 1>&2
-    echo -e ${NC}
+	echo -e ${NC}
-    exit 1
+	exit 1
 fi
 # Make sure the user is a member of the sudo group
 if ! [ $(id -nG "$USER" 2>/dev/null | egrep "sudo" | wc -l) -gt 0 ]; then
-    echo
+	echo
-    echo -e "${LRED}The current user (${USER}) must be a member of the 'sudo' group, exiting..." 1>&2
+	echo -e "${LRED}The current user (${USER}) must be a member of the 'sudo' group, exiting..." 1>&2
-    echo -e ${NC}
+	echo -e ${NC}
-    exit 1
+	exit 1
 fi
 # Check to see if any previous version of build/install files exist, if so stop and check to be safe.
 if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
-    echo
+	echo
-    echo -e "${LRED}Possible previous install files detected in current build path. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
+	echo -e "${LRED}Possible previous install files detected in current build path. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
-    echo
+	echo
-    exit 1
+	exit 1
 fi
 #######################################################################################################################
 # Core setup variables and mandatory inputs ###########################################################################
 #######################################################################################################################
@ -85,28 +84,31 @@ MYSQLJCON="8.1.0"
 # Set preferred Apache CDN download link)
 GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GUAC_VERSION}"
-# Choose a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
+# See https://mariadb.org/mariadb/all-releases/ for available versions.
-MYSQL_VERSION="" # Blank "" forces distro default MySQL packages.
+# Provide a specific MySQL version e.g. 11.1.2 or leave blank to use distro default MySQL packages.
 MYSQL_VERSION=""
 if [ -z "${MYSQL_VERSION}" ]; then
-    # Use Linux distro default version.
+	# Use Linux distro default version.
-    MYSQLSRV="default-mysql-server default-mysql-client mysql-common"
+	MYSQLS="default-mysql-server default-mysql-client mysql-common"
-    MYSQLCLIENT="default-mysql-client"
+	MYSQLC="default-mysql-client"
-  else
+	DB_CMD="mysql" # mysql command is depricated
-    # Use official mariadb.org repo
+else
-    MYSQLSRV="mariadb-server mariadb-client mariadb-common"
+	# Use official mariadb.org repo
-    MYSQLCLIENT="mariadb-client"
+	MYSQLS="mariadb-server mariadb-client mariadb-common"
 	MYSQLC="mariadb-client"
 	DB_CMD="mariadb" # mysql command is depricated on newer versions
 fi
 # Check for the latest version of Tomcat currently supported by the distro
 if [[ $(apt-cache show tomcat10 2>/dev/null | egrep "Version: 10" | wc -l) -gt 0 ]]; then
-    TOMCAT_VERSION="tomcat10"
+	TOMCAT_VERSION="tomcat10"
-    elif [[ $(apt-cache show tomcat9 2>/dev/null | egrep "Version: 9" | wc -l) -gt 0 ]]; then
+elif [[ $(apt-cache show tomcat9 2>/dev/null | egrep "Version: 9" | wc -l) -gt 0 ]]; then
-        TOMCAT_VERSION="tomcat9"
+	TOMCAT_VERSION="tomcat9"
-    elif [[ $(apt-cache show tomcat8 2>/dev/null | egrep "Version: 8.[5-9]" | wc -l) -gt 0 ]]; then
+elif [[ $(apt-cache show tomcat8 2>/dev/null | egrep "Version: 8.[5-9]" | wc -l) -gt 0 ]]; then
-        TOMCAT_VERSION="tomcat8"
+	TOMCAT_VERSION="tomcat8"
-    else
+else
-    # Default to version
+	# Default to version
-    TOMCAT_VERSION="tomcat9"
+	TOMCAT_VERSION="tomcat9"
 fi
 # Uncomment to force a specific Tomcat version here.
 # TOMCAT_VERSION="tomcat9"
@ -129,31 +131,31 @@ LIBPNG=""
 # Get the default route interface IP
 DEFAULT_IP=$(ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1)
 get_domain_suffix() {
-    echo "$1" | awk '{print $2}'
+	echo "$1" | awk '{print $2}'
 }
 # Search for "search" and "domain" entries in /etc/resolv.conf
 search_line=$(grep -E '^search[[:space:]]+' /etc/resolv.conf)
 domain_line=$(grep -E '^domain[[:space:]]+' /etc/resolv.conf)
 # Check if both "search" and "domain" lines exist
 if [ -n "$search_line" ] && [ -n "$domain_line" ]; then
-    # Both "search" and "domain" lines exist, extract the domain suffix from both
+	# Both "search" and "domain" lines exist, extract the domain suffix from both
-    search_suffix=$(get_domain_suffix "$search_line")
+	search_suffix=$(get_domain_suffix "$search_line")
-    domain_suffix=$(get_domain_suffix "$domain_line")
+	domain_suffix=$(get_domain_suffix "$domain_line")
-    # Print the domain suffix that appears first
+	# Print the domain suffix that appears first
-    if [ ${#search_suffix} -lt ${#domain_suffix} ]; then
+	if [ ${#search_suffix} -lt ${#domain_suffix} ]; then
-        DOMAIN_SUFFIX=$search_suffix
+		DOMAIN_SUFFIX=$search_suffix
-    else
+	else
-        DOMAIN_SUFFIX=$domain_suffix
+		DOMAIN_SUFFIX=$domain_suffix
-    fi
+	fi
-    elif [ -n "$search_line" ]; then
+elif [ -n "$search_line" ]; then
-        # If only "search" line exists
+	# If only "search" line exists
-        DOMAIN_SUFFIX=$(get_domain_suffix "$search_line")
+	DOMAIN_SUFFIX=$(get_domain_suffix "$search_line")
-    elif [ -n "$domain_line" ]; then
+elif [ -n "$domain_line" ]; then
-        # If only "domain" line exists
+	# If only "domain" line exists
-        DOMAIN_SUFFIX=$(get_domain_suffix "$domain_line")
+	DOMAIN_SUFFIX=$(get_domain_suffix "$domain_line")
-    else
+else
-    # If no "search" or "domain" lines found
+	# If no "search" or "domain" lines found
-    DOMAIN_SUFFIX="local"
+	DOMAIN_SUFFIX="local"
 fi
 # Setup directory locations
@ -164,11 +166,10 @@ mkdir -p $TMP_DIR
 # Script branding header
 echo
 echo -e "${GREYB}Guacamole VDI & Jump Server Appliance Setup."
-echo -e "                         ${LGREEN}Powered by Itiligent"
+echo -e "              ${LGREEN}Powered by Itiligent"
 echo
 echo
 #######################################################################################################################
 # Silent setup options - adding true/false or specific values below prevents prompt at install ########################
 #######################################################################################################################
@ -180,8 +181,9 @@ MYSQL_HOST=""                   # Blank or localhost for a local MySQL install,
 MYSQL_PORT=""                   # If blank default is 3306
 GUAC_DB=""                      # If blank default is guacamole_db
 GUAC_USER=""                    # If blank default is guacamole_user
 GUAC_PWD=""                     # Requires an entry here or at at script prompt.
 MYSQL_ROOT_PWD=""               # Requires an entry here or at at script prompt.
 GUAC_PWD=""                     # Requires an entry here or at at script prompt.
 DB_TZ=$(cat /etc/timezone)      # MySQL timezone default=(cat /etc/timezone) or change to "UTC" if required.
 INSTALL_TOTP=""                 # Add TOTP MFA extension (true/false)
 INSTALL_DUO=""                  # Add DUO MFA extension (can't be installed simultaneously with TOTP, true/false)
 INSTALL_LDAP=""                 # Add Active Directory extension (true/false)
@ -207,7 +209,6 @@ RDP_SHARE_HOST=""               # Custom Windows RDP share host name. (e.g. RDP_
 RDP_SHARE_LABEL="RDP Share"     # Custom Windows RDP share drive label (e.g. RDP_SHARE_LABEL on RDP_SHARE_HOST)
 RDP_PRINTER_LABEL="RDP Printer" # Custom Windows RDP printer label
 #######################################################################################################################
 # Download GitHub setup scripts. To prevent overwrite, comment out lines of any scripts you have edited. ##############
 #######################################################################################################################
@ -240,7 +241,7 @@ clear
 # Script branding header
 echo
 echo -e "${GREYB}Guacamole VDI & Jump Server Appliance Setup."
-echo -e "                         ${LGREEN}Powered by Itiligent"
+echo -e "              ${LGREEN}Powered by Itiligent"
 echo
 echo
@ -249,7 +250,6 @@ echo -e "${LYELLOW}Ctrl+Z now to exit now if you wish to customise 1-setup.sh op
 echo
 echo
 # Lets trigger a sudo prompt here for root credentials needed for the install - this keeps the install menu flow neat
 # Set permissions for sudo and non sudo access to tmp setup files
 sudo chmod -R 770 $TMP_DIR
@ -257,12 +257,11 @@ sudo chown -R $SUDO_USER:root $TMP_DIR
 # Workaround for current Debian 12 & Tomcat 10 incompatibilities (Experimental in August 2023)
 if [[ $OS_FLAVOUR = "debian" ]] && [[ $OS_VERSION = *"bookworm"* ]]; then
-    # Add the oldstable repo and downgrade tomcat version install
+	# Add the oldstable repo and downgrade tomcat version install
-    echo "deb http://deb.debian.org/debian/ bullseye main" | sudo tee /etc/apt/sources.list.d/bullseye.list >/dev/null
+	echo "deb http://deb.debian.org/debian/ bullseye main" | sudo tee /etc/apt/sources.list.d/bullseye.list >/dev/null
-    TOMCAT_VERSION="tomcat9"
+	TOMCAT_VERSION="tomcat9"
 fi
 #######################################################################################################################
 # Begin install menu prompts ##########################################################################################
 #######################################################################################################################
@ -273,105 +272,105 @@ fi
 # Ensure SERVER_NAME is consistent with local host entries
 if [[ -z ${SERVER_NAME} ]]; then
-    echo -e "${LYELLOW}Update Linux system HOSTNAME [Enter to keep: ${HOSTNAME}]${LGREEN}"
+	echo -e "${LYELLOW}Update Linux system HOSTNAME [Enter to keep: ${HOSTNAME}]${LGREEN}"
-    read -p "                        Enter new HOSTNAME : " SERVER_NAME
+	read -p "              Enter new HOSTNAME : " SERVER_NAME
-    # If hit enter making no SERVER_NAME change, assume the existing hostname as current
+	# If hit enter making no SERVER_NAME change, assume the existing hostname as current
-    if [[ "${SERVER_NAME}" = "" ]]; then
+	if [[ "${SERVER_NAME}" = "" ]]; then
-        SERVER_NAME=$HOSTNAME
+		SERVER_NAME=$HOSTNAME
-    fi
+	fi
-    echo
+	echo
-    # A SERVER_NAME was derived via the prompt
+	# A SERVER_NAME was derived via the prompt
-    # Apply the SERVER_NAME value & remove and update any old 127.0.1.1 local host references
+	# Apply the SERVER_NAME value & remove and update any old 127.0.1.1 local host references
-    sudo hostnamectl set-hostname $SERVER_NAME &>>${INSTALL_LOG}
+	sudo hostnamectl set-hostname $SERVER_NAME &>>${INSTALL_LOG}
-    sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${INSTALL_LOG}
+	sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${INSTALL_LOG}
-    echo '127.0.1.1       '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
+	echo '127.0.1.1       '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
-    sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
+	sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
 else
-    echo
+	echo
-    # A SERVER_NAME value was derived from a pre-set silent install option.
+	# A SERVER_NAME value was derived from a pre-set silent install option.
-    # Apply the SERVER_NAME value & remove and update any old 127.0.1.1 local host references
+	# Apply the SERVER_NAME value & remove and update any old 127.0.1.1 local host references
-    sudo hostnamectl set-hostname $SERVER_NAME &>>${INSTALL_LOG}
+	sudo hostnamectl set-hostname $SERVER_NAME &>>${INSTALL_LOG}
-    sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${INSTALL_LOG}
+	sudo sed -i '/127.0.1.1/d' /etc/hosts &>>${INSTALL_LOG}
-    echo '127.0.1.1       '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
+	echo '127.0.1.1       '${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
-    sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
+	sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
 fi
 # Ensure SERVER_NAME, LOCAL_DOMAIN suffix and host entries are all consistent
 if [[ -z ${LOCAL_DOMAIN} ]]; then
-    echo -e "${LYELLOW}Update Linux LOCAL DNS DOMAIN [Enter to keep: ${DOMAIN_SUFFIX}]${LGREEN}"
+	echo -e "${LYELLOW}Update Linux LOCAL DNS DOMAIN [Enter to keep: ${DOMAIN_SUFFIX}]${LGREEN}"
-    read -p "                        Enter FULL LOCAL DOMAIN NAME: " LOCAL_DOMAIN
+	read -p "              Enter FULL LOCAL DOMAIN NAME: " LOCAL_DOMAIN
-    # If hit enter making no LOCAL_DOMAIN name change, assume the existing domain suffix as current
+	# If hit enter making no LOCAL_DOMAIN name change, assume the existing domain suffix as current
-    if [[ "${LOCAL_DOMAIN}" = "" ]]; then
+	if [[ "${LOCAL_DOMAIN}" = "" ]]; then
-        LOCAL_DOMAIN=$DOMAIN_SUFFIX
+		LOCAL_DOMAIN=$DOMAIN_SUFFIX
-    fi
+	fi
-    echo
+	echo
-    # A LOCAL_DOMAIN value was derived via the prompt
+	# A LOCAL_DOMAIN value was derived via the prompt
-    # Remove any old hosts & resolv file values and update these with the new LOCAL_DOMAIN value
+	# Remove any old hosts & resolv file values and update these with the new LOCAL_DOMAIN value
-    sudo sed -i "/${DEFAULT_IP}/d" /etc/hosts
+	sudo sed -i "/${DEFAULT_IP}/d" /etc/hosts
-    sudo sed -i '/domain/d' /etc/resolv.conf
+	sudo sed -i '/domain/d' /etc/resolv.conf
-    sudo sed -i '/search/d' /etc/resolv.conf
+	sudo sed -i '/search/d' /etc/resolv.conf
-    # Refresh the /etc/hosts file with the server name and new local domain value
+	# Refresh the /etc/hosts file with the server name and new local domain value
-    echo ''${DEFAULT_IP}'	'${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
+	echo ''${DEFAULT_IP}'	'${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
-    # Refresh /etc/resolv.conf with new domain and search suffix values
+	# Refresh /etc/resolv.conf with new domain and search suffix values
-    echo 'domain	'${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
+	echo 'domain	'${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
-    echo 'search	'${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
+	echo 'search	'${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
-    sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
+	sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
 else
-    echo
+	echo
-    # A LOCAL_DOMIN value was derived from a pre-set silent install option.
+	# A LOCAL_DOMIN value was derived from a pre-set silent install option.
-    # Remove any old hosts & resolv file values and update these with the new LOCAL_DOMAIN value
+	# Remove any old hosts & resolv file values and update these with the new LOCAL_DOMAIN value
-    sudo sed -i "/${DEFAULT_IP}/d" /etc/hosts
+	sudo sed -i "/${DEFAULT_IP}/d" /etc/hosts
-    sudo sed -i '/domain/d' /etc/resolv.conf
+	sudo sed -i '/domain/d' /etc/resolv.conf
-    sudo sed -i '/search/d' /etc/resolv.conf
+	sudo sed -i '/search/d' /etc/resolv.conf
-    # Refresh the /etc/hosts file with the server name and new local domain value
+	# Refresh the /etc/hosts file with the server name and new local domain value
-    echo ''${DEFAULT_IP}'	'${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
+	echo ''${DEFAULT_IP}'	'${SERVER_NAME}.${LOCAL_DOMAIN} ${SERVER_NAME}'' | sudo tee -a /etc/hosts &>>${INSTALL_LOG}
-    # Refresh /etc/resolv.conf with new domain and search suffix values
+	# Refresh /etc/resolv.conf with new domain and search suffix values
-    echo 'domain	'${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
+	echo 'domain	'${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
-    echo 'search	'${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
+	echo 'search	'${LOCAL_DOMAIN}'' | sudo tee -a /etc/resolv.conf &>>${INSTALL_LOG}
-    sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
+	sudo systemctl restart systemd-hostnamed &>>${INSTALL_LOG}
 fi
-    # Now that $SERVER_NAME and $LOCAL_DOMAIN values are updated and refreshed:
+# Now that $SERVER_NAME and $LOCAL_DOMAIN values are updated and refreshed:
-    # Values are merged to build a local FQDN value (used for the default reverse proxy site name.)
+# Values are merged to build a local FQDN value (used for the default reverse proxy site name.)
-    DEFAULT_FQDN=$SERVER_NAME.$LOCAL_DOMAIN
+DEFAULT_FQDN=$SERVER_NAME.$LOCAL_DOMAIN
-    # The RDP share label default can now assume the updated $SERVER_NAME value if not manually specified in silent setup options.
+# The RDP share label default can now assume the updated $SERVER_NAME value if not manually specified in silent setup options.
-    if [[ -z ${RDP_SHARE_HOST} ]]; then
+if [[ -z ${RDP_SHARE_HOST} ]]; then
-        RDP_SHARE_HOST=$SERVER_NAME
+	RDP_SHARE_HOST=$SERVER_NAME
-    fi
+fi
 clear
 # Script branding header
 echo
 echo -e "${GREYB}Guacamole VDI & Jump Server Appliance Setup."
-echo -e "                         ${LGREEN}Powered by Itiligent"
+echo -e "              ${LGREEN}Powered by Itiligent"
 echo
 echo
 # Prompt the user to install MySQL
 echo -e "${LGREEN}MySQL setup options:${GREY}"
 if [[ -z ${INSTALL_MYSQL} ]]; then
-    echo -e -n "SQL: Install MySQL locally? (to use a remote MySQL Server select 'n') [Y/n] [default y]: ${GREY}"
+	echo -e -n "SQL: Install MySQL locally? (to use a remote MySQL Server select 'n') [Y/n] [default y]: ${GREY}"
-    read PROMPT
+	read PROMPT
-    if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
+	if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
-        INSTALL_MYSQL=false
+		INSTALL_MYSQL=false
-    else
+	else
-        INSTALL_MYSQL=true
+		INSTALL_MYSQL=true
-    fi
+	fi
 fi
 # Prompt the user to apply the Mysql secure installation locally
 if [ -z ${SECURE_MYSQL} ] && [ "${INSTALL_MYSQL}" = true ]; then
-    echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to LOCAL db? [Y/n] [default y]: ${GREY}"
+	echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to LOCAL db? [Y/n] [default y]: ${GREY}"
-    read PROMPT
+	read PROMPT
-    if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
+	if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
-        SECURE_MYSQL=false
+		SECURE_MYSQL=false
-    else
+	else
-        SECURE_MYSQL=true
+		SECURE_MYSQL=true
-    fi
+	fi
 fi
-# Prompt the user to apply the Mysql secure installation to remote db 
+# Prompt the user to apply the Mysql secure installation to remote db
 # This may be problematic on remote databases (for one-script upgrades) as this addition removes remote root login access - a good thing.
 #if [ -z ${SECURE_MYSQL} ] && [ "${INSTALL_MYSQL}" = false ]; then
 #    echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to REMOTE db? [y/N] [default n]: ${GREY}"
@ -385,201 +384,203 @@ fi
 # Get additional MYSQL values
 if [ "${INSTALL_MYSQL}" = false ]; then
-    [ -z "${MYSQL_HOST}" ] &&
+	[ -z "${MYSQL_HOST}" ] &&
-        read -p "SQL: Enter remote MySQL server hostname or IP: " MYSQL_HOST
+		read -p "SQL: Enter remote MySQL server hostname or IP: " MYSQL_HOST
-    [ -z "${MYSQL_PORT}" ] &&
+	[ -z "${MYSQL_PORT}" ] &&
-        read -p "SQL: Enter remote MySQL server port [3306]: " MYSQL_PORT
+		read -p "SQL: Enter remote MySQL server port [3306]: " MYSQL_PORT
-    [ -z "${GUAC_DB}" ] &&
+	[ -z "${GUAC_DB}" ] &&
-        read -p "SQL: Enter remote Guacamole database name [guacamole_db]: " GUAC_DB
+		read -p "SQL: Enter remote Guacamole database name [guacamole_db]: " GUAC_DB
-    [ -z "${GUAC_USER}" ] &&
+	[ -z "${GUAC_USER}" ] &&
-        read -p "SQL: Enter remote Guacamole user name [guacamole_user]: " GUAC_USER
+		read -p "SQL: Enter remote Guacamole user name [guacamole_user]: " GUAC_USER
-    fi
+fi
-    # Checking if a mysql host given, if not set a default
+# Checking if a mysql host given, if not set a default
-    if [ -z "${MYSQL_HOST}" ]; then
+if [ -z "${MYSQL_HOST}" ]; then
-        MYSQL_HOST="localhost"
+	MYSQL_HOST="localhost"
-    fi
+fi
-    # Checking if a mysql port given, if not set a default
+# Checking if a mysql port given, if not set a default
-    if [ -z "${MYSQL_PORT}" ]; then
+if [ -z "${MYSQL_PORT}" ]; then
-        MYSQL_PORT="3306"
+	MYSQL_PORT="3306"
-    fi
+fi
-    # Checking if a database name given, if not set a default
+# Checking if a database name given, if not set a default
-    if [ -z "${GUAC_DB}" ]; then
+if [ -z "${GUAC_DB}" ]; then
-        GUAC_DB="guacamole_db"
+	GUAC_DB="guacamole_db"
-    fi
+fi
-    # Checking if a mysql user given, if not set a default
+# Checking if a mysql user given, if not set a default
-    if [ -z "${GUAC_USER}" ]; then
+if [ -z "${GUAC_USER}" ]; then
-        GUAC_USER="guacamole_user"
+	GUAC_USER="guacamole_user"
 fi
 # Get Guacamole User password, confirm correct password entry and prevent blank passwords
 if [ -z "${GUAC_PWD}" ]; then
    while true; do
        read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " GUAC_PWD
        echo
        read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " PROMPT2
        echo
        [ "${GUAC_PWD}" = "${PROMPT2}" ] && [ "${GUAC_PWD}" != "" ] && [ "${PROMPT2}" != "" ] && break
        echo -e "${LRED}Passwords don't match or can't be null. Please try again.${GREY}" 1>&2
    done
 fi
 echo -e ${LMAGENTA}
 # Get MySQL root password, confirm correct password entry and prevent blank passwords. No root pw needed for remote instances.
 if [ -z "${MYSQL_ROOT_PWD}" ] && [ "${INSTALL_MYSQL}" = true ]; then
-    while true; do
+	while true; do
-        read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL root password: " MYSQL_ROOT_PWD
+		read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL ROOT password: " MYSQL_ROOT_PWD
-        echo
+		echo
-        read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL root password: " PROMPT2
+		read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL ROOT password: " PROMPT2
-        echo
+		echo
-        [ "${MYSQL_ROOT_PWD}" = "${PROMPT2}" ] && [ "${MYSQL_ROOT_PWD}" != "" ] && [ "${PROMPT2}" != "" ] && break
+		[ "${MYSQL_ROOT_PWD}" = "${PROMPT2}" ] && [ "${MYSQL_ROOT_PWD}" != "" ] && [ "${PROMPT2}" != "" ] && break
-        echo -e "${LRED}Passwords don't match or can't be null. Please try again.${GREY}" 1>&2
+		echo -e "${LRED}Passwords don't match or can't be null. Please try again.${LMAGENTA}" 1>&2
-    done
+	done
 fi
 echo -e ${LCYAN}
 # Get Guacamole User password, confirm correct password entry and prevent blank passwords
 if [ -z "${GUAC_PWD}" ]; then
 	while true; do
 		read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " GUAC_PWD
 		echo
 		read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " PROMPT2
 		echo
 		[ "${GUAC_PWD}" = "${PROMPT2}" ] && [ "${GUAC_PWD}" != "" ] && [ "${PROMPT2}" != "" ] && break
 		echo -e "${LRED}Passwords don't match or can't be null. Please try again.${LCYAN}" 1>&2
 	done
 fi
 echo -e ${GREY}
 # Prompt for preferred backup notification email address
 if [[ -z ${BACKUP_EMAIL} ]]; then
-    while true; do
+	while true; do
-        read -p "SQL: Enter email address for SQL backup messages [Enter to skip]: " BACKUP_EMAIL
+		read -p "SQL: Enter email address for SQL backup messages [Enter to skip]: " BACKUP_EMAIL
-        [ "${BACKUP_EMAIL}" = "" ] || [ "${BACKUP_EMAIL}" != "" ] && break
+		[ "${BACKUP_EMAIL}" = "" ] || [ "${BACKUP_EMAIL}" != "" ] && break
-        # Rather than allow a blank value, un-comment to alternately force user to enter an explicit value instead
+		# Rather than allow a blank value, un-comment to alternately force user to enter an explicit value instead
-        # [ "${BACKUP_EMAIL}" != "" ] && break
+		# [ "${BACKUP_EMAIL}" != "" ] && break
-        # echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2
+		# echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2
-    done
+	done
-    fi
+fi
-    # If no backup notification email address is given, provide a default value
+# If no backup notification email address is given, provide a default value
-    if [ -z ${BACKUP_EMAIL} ]; then
+if [ -z ${BACKUP_EMAIL} ]; then
-        BACKUP_EMAIL="backup-email@yourdomain.com"
+	BACKUP_EMAIL="backup-email@yourdomain.com"
 fi
 echo
 # Prompt the user to install TOTP MFA
 echo -e "${LGREEN}Guacamole authentication extension options:${GREY}"
 if [[ -z "${INSTALL_TOTP}" ]] && [[ "${INSTALL_DUO}" != true ]]; then
-    echo -e -n "AUTH: Install TOTP? (choose 'n' if you want Duo) [y/N]? [default n]: "
+	echo -e -n "AUTH: Install TOTP? (choose 'n' if you want Duo) [y/N]? [default n]: "
-    read PROMPT
+	read PROMPT
-    if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
+	if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
-        INSTALL_TOTP=true
+		INSTALL_TOTP=true
-        INSTALL_DUO=false
+		INSTALL_DUO=false
-    else
+	else
-        INSTALL_TOTP=false
+		INSTALL_TOTP=false
-    fi
+	fi
 fi
 # Prompt the user to install Duo MFA
 if [[ -z "${INSTALL_DUO}" ]] && [[ "${INSTALL_TOTP}" != true ]]; then
-    echo -e -n "${GREY}AUTH: Install Duo? [y/N] [default n]: "
+	echo -e -n "${GREY}AUTH: Install Duo? [y/N] [default n]: "
-    read PROMPT
+	read PROMPT
-    if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
+	if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
-        INSTALL_DUO=true
+		INSTALL_DUO=true
-        INSTALL_TOTP=false
+		INSTALL_TOTP=false
-    else
+	else
-        INSTALL_DUO=false
+		INSTALL_DUO=false
-    fi
+	fi
 fi
 # We can't install TOTP and Duo at the same time (option not supported by Guacamole)
 if [[ "${INSTALL_TOTP}" = true ]] && [[ "${INSTALL_DUO}" = true ]]; then
-    echo -e "${LRED}GUAC MFA: TOTP and Duo cannot be installed at the same time.${GREY}" 1>&2
+	echo -e "${LRED}GUAC MFA: TOTP and Duo cannot be installed at the same time.${GREY}" 1>&2
-    exit 1
+	exit 1
 fi
 # Prompt the user to install Duo MFA
 if [[ -z "${INSTALL_LDAP}" ]]; then
-    echo -e -n "${GREY}AUTH: Install LDAP? [y/N] [default n]: "
+	echo -e -n "${GREY}AUTH: Install LDAP? [y/N] [default n]: "
-    read PROMPT
+	read PROMPT
-    if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
+	if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
-        INSTALL_LDAP=true
+		INSTALL_LDAP=true
-    else
+	else
-        INSTALL_LDAP=false
+		INSTALL_LDAP=false
-    fi
+	fi
 fi
 echo
 # Prompt the user to install the Quick Connect feature (some higher security use cases may not want this)
 echo -e "${LGREEN}Guacamole console optional extras:${GREY}"
 if [[ -z "${INSTALL_QCONNECT}" ]]; then
-    echo -e -n "${GREY}EXTRAS: Install Quick Connect feature? [y/N] [default n]: "
+	echo -e -n "${GREY}EXTRAS: Install Quick Connect feature? [y/N] [default n]: "
-    read PROMPT
+	read PROMPT
-    if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
+	if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
-        INSTALL_QCONNECT=true
+		INSTALL_QCONNECT=true
-    else
+	else
-        INSTALL_QCONNECT=false
+		INSTALL_QCONNECT=false
-    fi
+	fi
 fi
 # Prompt the user to install the History Recorded Storage feature
 if [[ -z "${INSTALL_HISTREC}" ]]; then
-    echo -e -n "${GREY}EXTRAS: Install History Recorded Storage (session replay console integration) [y/N] [default n]: "
+	echo -e -n "${GREY}EXTRAS: Install History Recorded Storage (session replay console integration) [y/N] [default n]: "
-    read PROMPT
+	read PROMPT
-    if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
+	if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
-        INSTALL_HISTREC=true
+		INSTALL_HISTREC=true
-    else
+	else
-        INSTALL_HISTREC=false
+		INSTALL_HISTREC=false
-    fi
+	fi
-    fi
+fi
-    HISTREC_PATH_DEFAULT=/var/lib/guacamole/recordings # Apache default
+HISTREC_PATH_DEFAULT=/var/lib/guacamole/recordings # Apache default
-    if [[ -z ${HISTREC_PATH} ]] && [[ "${INSTALL_HISTREC}" = true ]]; then
+if [[ -z ${HISTREC_PATH} ]] && [[ "${INSTALL_HISTREC}" = true ]]; then
-        while true; do
+	while true; do
-            read -p "EXTRAS: Enter recorded storage path [Enter for default ${HISTREC_PATH_DEFAULT}]: " HISTREC_PATH
+		read -p "EXTRAS: Enter recorded storage path [Enter for default ${HISTREC_PATH_DEFAULT}]: " HISTREC_PATH
-            [ "${HISTREC_PATH}" = "" ] || [ "${HISTREC_PATH}" != "" ] && break
+		[ "${HISTREC_PATH}" = "" ] || [ "${HISTREC_PATH}" != "" ] && break
-        done
+	done
-    fi
+fi
-    # If no custom path is given, lets assume the default path on hitting enter
+# If no custom path is given, lets assume the default path on hitting enter
-    if [ -z "${HISTREC_PATH}" ]; then
+if [ -z "${HISTREC_PATH}" ]; then
-    HISTREC_PATH="${HISTREC_PATH_DEFAULT}"
+	HISTREC_PATH="${HISTREC_PATH_DEFAULT}"
 fi
 echo
 # Prompt for Guacamole front end reverse proxy option
 echo -e "${LGREEN}Reverse Proxy & front end options:${GREY}"
 if [[ -z ${INSTALL_NGINX} ]]; then
-    echo -e -n "FRONT END: Protect Guacamole behind Nginx reverse proxy [y/N]? [default n]: "
+	echo -e -n "FRONT END: Protect Guacamole behind Nginx reverse proxy [y/N]? [default n]: "
-    read PROMPT
+	read PROMPT
-    if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
+	if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
-        INSTALL_NGINX=true
+		INSTALL_NGINX=true
-        CHANGE_ROOT=false
+		CHANGE_ROOT=false
-    else
+	else
-        INSTALL_NGINX=false
+		INSTALL_NGINX=false
-    fi
+	fi
 fi
 # Prompt to remove the trailing /guacamole dir from the default front end url
 if [ "${INSTALL_NGINX}" = false ]; then
-    echo -e -n "FRONT END: Shorten Guacamole root url to *:8080 (& redirect to /guacamole ) [Y/n]? [default y]: "
+	echo -e -n "FRONT END: Shorten Guacamole root url to *:8080 (& redirect to /guacamole ) [Y/n]? [default y]: "
-    read PROMPT
+	read PROMPT
-    if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
+	if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
-        CHANGE_ROOT=false
+		CHANGE_ROOT=false
-    else
+	else
-        CHANGE_ROOT=true
+		CHANGE_ROOT=true
-    fi
+	fi
 fi
 # We must assign a DNS name for the new proxy site
 if [[ -z ${PROXY_SITE} ]] && [[ "${INSTALL_NGINX}" = true ]]; then
-    while true; do
+	while true; do
-        read -p "FRONT END: Enter proxy local DNS name? [Enter to use ${DEFAULT_FQDN}]: " PROXY_SITE
+		read -p "FRONT END: Enter proxy local DNS name? [Enter to use ${DEFAULT_FQDN}]: " PROXY_SITE
-        [ "${PROXY_SITE}" = "" ] || [ "${PROXY_SITE}" != "" ] && break
+		[ "${PROXY_SITE}" = "" ] || [ "${PROXY_SITE}" != "" ] && break
-        # Rather than allow the default value below, un-comment to alternately force user to enter an explicit name instead
+		# Rather than allow the default value below, un-comment to alternately force user to enter an explicit name instead
-        # [ "${PROXY_SITE}" != "" ] && break
+		# [ "${PROXY_SITE}" != "" ] && break
-        # echo -e "${LRED}You must enter a proxy site DNS name. Please try again.${GREY}" 1>&2
+		# echo -e "${LRED}You must enter a proxy site DNS name. Please try again.${GREY}" 1>&2
-    done
+	done
-    fi
+fi
-    # If no proxy site dns name is given, lets assume the default FQDN is the proxy site name
+# If no proxy site dns name is given, lets assume the default FQDN is the proxy site name
-    if [ -z "${PROXY_SITE}" ]; then
+if [ -z "${PROXY_SITE}" ]; then
-        PROXY_SITE="${DEFAULT_FQDN}"
+	PROXY_SITE="${DEFAULT_FQDN}"
 fi
 # Prompt for self signed TLS reverse proxy option
 if [[ -z ${SELF_SIGN} ]] && [[ "${INSTALL_NGINX}" = true ]]; then
-    # Prompt the user to see if they would like to install self signed TLS support for Nginx, default of no
+	# Prompt the user to see if they would like to install self signed TLS support for Nginx, default of no
-    echo -e -n "FRONT END: Add self signed TLS support to Nginx? [y/N]? (choose 'n' for Let's Encrypt)[default n]: "
+	echo -e -n "FRONT END: Add self signed TLS support to Nginx? [y/N]? (choose 'n' for Let's Encrypt)[default n]: "
-    read PROMPT
+	read PROMPT
-    if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
+	if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
-        SELF_SIGN=true
+		SELF_SIGN=true
-    else
+	else
-        SELF_SIGN=false
+		SELF_SIGN=false
-    fi
+	fi
 fi
 # Optional prompt to assign the self sign TLS certificate a custom expiry date, un-comment to force a manual entry
@ -589,39 +590,38 @@ fi
 # If no self sign TLS certificate expiry given, lets assume a generous 10 year default certificate expiry
 if [ -z "${CERT_DAYS}" ]; then
-    CERT_DAYS="3650"
+	CERT_DAYS="3650"
 fi
 # Prompt for Let's Encrypt TLS reverse proxy configuration option
 if [[ -z ${LETS_ENCRYPT} ]] && [[ "${INSTALL_NGINX}" = true ]] && [[ "${SELF_SIGN}" = "false" ]]; then
-    echo -e -n "FRONT END: Add Let's Encrypt TLS support to Nginx reverse proxy [y/N] [default n]: ${GREY}"
+	echo -e -n "FRONT END: Add Let's Encrypt TLS support to Nginx reverse proxy [y/N] [default n]: ${GREY}"
-    read PROMPT
+	read PROMPT
-    if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
+	if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
-        LETS_ENCRYPT=true
+		LETS_ENCRYPT=true
-    else
+	else
-        LETS_ENCRYPT=false
+		LETS_ENCRYPT=false
-    fi
+	fi
 fi
 # Prompt for Let's Encrypt public dns name
 if [[ -z ${LE_DNS_NAME} ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
-    while true; do
+	while true; do
-        read -p "FRONT END: Enter the FQDN for your public proxy site : " LE_DNS_NAME
+		read -p "FRONT END: Enter the FQDN for your public proxy site : " LE_DNS_NAME
-        [ "${LE_DNS_NAME}" != "" ] && break
+		[ "${LE_DNS_NAME}" != "" ] && break
-        echo -e "${LRED}You must enter a public DNS name. Please try again.${GREY}" 1>&2
+		echo -e "${LRED}You must enter a public DNS name. Please try again.${GREY}" 1>&2
-    done
+	done
 fi
 # Prompt for Let's Encrypt admin email
 if [[ -z ${LE_EMAIL} ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
-    while true; do
+	while true; do
-        read -p "FRONT END: Enter the email address for Let's Encrypt notifications : " LE_EMAIL
+		read -p "FRONT END: Enter the email address for Let's Encrypt notifications : " LE_EMAIL
-        [ "${LE_EMAIL}" != "" ] && break
+		[ "${LE_EMAIL}" != "" ] && break
-        echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2
+		echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2
-    done
+	done
 fi
 #######################################################################################################################
 # Start global setup actions  #########################################################################################
 #######################################################################################################################
@ -632,7 +632,7 @@ fi
 clear
 echo
 echo -e "${GREYB}Guacamole VDI & Jump Server Appliance Setup."
-echo -e "                         ${LGREEN}Powered by Itiligent"
+echo -e "              ${LGREEN}Powered by Itiligent"
 echo
 echo
@ -640,23 +640,23 @@ echo -e "${LGREEN}Beginning Guacamole setup...${GREY}"
 echo
 echo -e "${GREY}Checking Linux distro specific dependencies..."
 if [[ $OS_FLAVOUR == "ubuntu" ]] || [[ $OS_FLAVOUR == *"ubuntu"* ]]; then # potentially expand out distro choices here
-    JPEGTURBO="libjpeg-turbo8-dev"
+	JPEGTURBO="libjpeg-turbo8-dev"
-    LIBPNG="libpng-dev"
+	LIBPNG="libpng-dev"
-    # Just in case this repo is not added by default in the distro
+	# Just in case this repo is not added by default in the distro
-    sudo add-apt-repository -y universe &>>${INSTALL_LOG}
+	sudo add-apt-repository -y universe &>>${INSTALL_LOG}
 elif [[ $OS_FLAVOUR == "debian" ]] || [[ $OS_FLAVOUR == "raspbian" ]]; then # expand distro choices here if required
-    JPEGTURBO="libjpeg62-turbo-dev"
+	JPEGTURBO="libjpeg62-turbo-dev"
-    LIBPNG="libpng-dev"
+	LIBPNG="libpng-dev"
 fi
 if [ $? -ne 0 ]; then
-    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-    exit 1
+	exit 1
 else
-    echo -e "${LGREEN}OK${GREY}"
+	echo -e "${LGREEN}OK${GREY}"
-    echo
+	echo
 fi
-# Sync the various manual config scripts with the relevant variables selected at install 
+# Sync the various manual config scripts with the relevant variables selected at install
 sed -i "s|MYSQL_HOST=|MYSQL_HOST='${MYSQL_HOST}'|g" $DOWNLOAD_DIR/backup-guac.sh
 sed -i "s|MYSQL_PORT=|MYSQL_PORT='${MYSQL_PORT}'|g" $DOWNLOAD_DIR/backup-guac.sh
 sed -i "s|GUAC_USER=|GUAC_USER='${GUAC_USER}'|g" $DOWNLOAD_DIR/backup-guac.sh
@ -676,10 +676,10 @@ sed -i "s|CERT_DAYS=|CERT_DAYS='${CERT_DAYS}'|g" $DOWNLOAD_DIR/add-tls-guac-daem
 sed -i "s|INSTALL_MYSQL=|INSTALL_MYSQL='${INSTALL_MYSQL}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
 sed -i "s|MYSQL_HOST=|MYSQL_HOST='${MYSQL_HOST}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
 sed -i "s|MYSQL_PORT=|MYSQL_PORT='${MYSQL_PORT}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
 sed -i "s|GUAC_USER=|GUAC_USER='${GUAC_USER}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
 sed -i "s|GUAC_PWD=|GUAC_PWD='${GUAC_PWD}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
 sed -i "s|GUAC_DB=|GUAC_DB='${GUAC_DB}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
 sed -i "s|MYSQL_ROOT_PWD=|MYSQL_ROOT_PWD='${MYSQL_ROOT_PWD}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
 sed -i "s|GUAC_USER=|GUAC_USER='${GUAC_USER}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
 sed -i "s|GUAC_PWD=|GUAC_PWD='${GUAC_PWD}'|g" $DOWNLOAD_DIR/upgrade-guac.sh
 sed -i "s|CERT_COUNTRY=|CERT_COUNTRY='${CERT_COUNTRY}'|g" $DOWNLOAD_DIR/refresh-tls-self-signed.sh
 sed -i "s|CERT_STATE=|CERT_STATE='${CERT_STATE}'|g" $DOWNLOAD_DIR/refresh-tls-self-signed.sh
@ -697,8 +697,9 @@ export GUAC_VERSION=$GUAC_VERSION
 export GUAC_SOURCE_LINK=$GUAC_SOURCE_LINK
 export MYSQLJCON=$MYSQLJCON
 export MYSQL_VERSION=$MYSQL_VERSION
-export MYSQLSRV="${MYSQLSRV}"
+export MYSQLS=$MYSQLS
-export MYSQLCLIENT="${MYSQLCLIENT}"
+export MYSQLC=$MYSQLC
 export DB_CMD=$DB_CMD
 export TOMCAT_VERSION=$TOMCAT_VERSION
 export INSTALL_LOG=$INSTALL_LOG
 export GUAC_URL=$GUAC_URL
@ -710,8 +711,9 @@ export MYSQL_HOST=$MYSQL_HOST
 export MYSQL_PORT=$MYSQL_PORT
 export GUAC_DB=$GUAC_DB
 export GUAC_USER=$GUAC_USER
 export GUAC_PWD="${GUAC_PWD}"
 export MYSQL_ROOT_PWD="${MYSQL_ROOT_PWD}"
 export GUAC_PWD="${GUAC_PWD}"
 export DB_TZ="${DB_TZ}"
 export INSTALL_TOTP=$INSTALL_TOTP
 export INSTALL_DUO=$INSTALL_DUO
 export INSTALL_LDAP=$INSTALL_LDAP
@ -719,6 +721,7 @@ export INSTALL_QCONNECT=$INSTALL_QCONNECT
 export INSTALL_HISTREC=$INSTALL_HISTREC
 export HISTREC_PATH="${HISTREC_PATH}"
 export CHANGE_ROOT=$CHANGE_ROOT
 export INSTALL_NGINX=$INSTALL_NGINX
 export PROXY_SITE=$PROXY_SITE
 export CERT_COUNTRY=$CERT_COUNTRY
 export CERT_STATE="${CERT_STATE}"
@ -735,12 +738,12 @@ export RDP_PRINTER_LABEL="${RDP_PRINTER_LABEL}"
 # Run the Guacamole install script
 sudo -E ./2-install-guacamole.sh
 if [ $? -ne 0 ]; then
-    echo -e "${LRED}2-install-guacamole.sh FAILED. See ${INSTALL_LOG}${GREY}" 1>&2
+	echo -e "${LRED}2-install-guacamole.sh FAILED. See ${INSTALL_LOG}${GREY}" 1>&2
-    exit 1
+	exit 1
 elif [ "${CHANGE_ROOT}" = true ]; then
-    echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080 - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
+	echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080 - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
-    else
+else
-    echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080/guacamole - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
+	echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080/guacamole - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
 fi
 # Add a Guacamole database backup (mon-fri 12:00am) into cron
@ -754,48 +757,47 @@ echo "0 0 * * 1-5 ${DB_BACKUP_DIR}/backup-guac.sh # backup guacamole" >>cron_1
 crontab cron_1
 rm cron_1
 #######################################################################################################################
 # Start optional setup actions   ######################################################################################
 #######################################################################################################################
 # Install Nginx reverse proxy front end to Guacamole if option is selected
 if [ "${INSTALL_NGINX}" = true ]; then
-    sudo -E ./3-install-nginx.sh
+	sudo -E ./3-install-nginx.sh
-    echo -e "${LGREEN}Nginx install complete\nhttp://${PROXY_SITE} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
+	echo -e "${LGREEN}Nginx install complete\nhttp://${PROXY_SITE} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
 fi
 # Apply self signed TLS certificates to Nginx reverse proxy if option is selected
 if [[ "${INSTALL_NGINX}" = true ]] && [[ "${SELF_SIGN}" = true ]]; then
-    sudo -E ./4a-install-tls-self-signed-nginx.sh ${PROXY_SITE} ${CERT_DAYS} | tee -a ${INSTALL_LOG}
+	sudo -E ./4a-install-tls-self-signed-nginx.sh ${PROXY_SITE} ${CERT_DAYS} | tee -a ${INSTALL_LOG}
-    echo -e "${LGREEN}Self signed certificate configured for Nginx \n${LYELLOW}https:${LGREEN}//${PROXY_SITE} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
+	echo -e "${LGREEN}Self signed certificate configured for Nginx \n${LYELLOW}https:${LGREEN}//${PROXY_SITE} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
 fi
 # Apply Let's Encrypt TLS certificates to Nginx reverse proxy if option is selected
 if [[ "${INSTALL_NGINX}" = true ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
-    sudo -E ./4b-install-tls-letsencrypt-nginx.sh
+	sudo -E ./4b-install-tls-letsencrypt-nginx.sh
-    echo -e "${LGREEN}Let's Encrypt TLS configured for Nginx \n${LYELLOW}https:${LGREEN}//${LE_DNS_NAME} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
+	echo -e "${LGREEN}Let's Encrypt TLS configured for Nginx \n${LYELLOW}https:${LGREEN}//${LE_DNS_NAME} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
 fi
 # Duo Settings reminder - If Duo is selected you can't login to Guacamole until this extension is fully configured
 if [ $INSTALL_DUO == "true" ]; then
-    echo
+	echo
-    echo -e "${LYELLOW}Reminder: Duo requires extra account specific info configured in the\n/etc/guacamole/guacamole.properties file before you can log in to Guacamole."
+	echo -e "${LYELLOW}Reminder: Duo requires extra account specific info configured in the\n/etc/guacamole/guacamole.properties file before you can log in to Guacamole."
-    echo -e "See https://guacamole.apache.org/doc/gug/duo-auth.html"
+	echo -e "See https://guacamole.apache.org/doc/gug/duo-auth.html"
 fi
 # LDAP Settings reminder, LDAP auth is not functional until the config is complete
 if [ $INSTALL_LDAP == "true" ]; then
-    echo
+	echo
-    echo -e "${LYELLOW}Reminder: LDAP requires that your LDAP directory configuration match the exact format\nadded to the /etc/guacamole/guacamole.properties file before LDAP auth will be active."
+	echo -e "${LYELLOW}Reminder: LDAP requires that your LDAP directory configuration match the exact format\nadded to the /etc/guacamole/guacamole.properties file before LDAP auth will be active."
-    echo -e "See https://guacamole.apache.org/doc/gug/ldap-auth.html"
+	echo -e "See https://guacamole.apache.org/doc/gug/ldap-auth.html"
 fi
 # Tidy up. (Installer and Nginx scripts can't be run again or standalone without modification, so removing.)
 rm -f $USER_HOME_DIR/1-setup.sh
 rm -f 2-install-guacamole.sh
-rm -f 3-install-nginx.sh 
+rm -f 3-install-nginx.sh
-rm -f 4a-install-tls-self-signed-nginx.sh 
+rm -f 4a-install-tls-self-signed-nginx.sh
 rm -f 4b-install-tls-letsencrypt-nginx.sh
 sudo rm -R $TMP_DIR
--- a/2-install-guacamole.sh
+++ b/2-install-guacamole.sh
@ -15,185 +15,195 @@ LGREEN='\033[0;92m'
 LYELLOW='\033[0;93m'
 NC='\033[0m' #No Colour
 # Choose a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
 if [ -z "${MYSQL_VERSION}" ]; then
    # Use Linux distro default version.
    MYSQLPKG="default-mysql-server default-mysql-client mysql-common"
    DB_CMD="mysql" # mysql command is depricated
  else
    # Use official mariadb.org repo
    MYSQLPKG="mariadb-server mariadb-client mariadb-common"
    DB_CMD="mariadb" # mysql command is depricated on newer versions
 fi
 # Pre-seed MySQL root password values for Linux Distro default packages only
 if [ "${INSTALL_MYSQL}" = true ] && [ -z "${MYSQL_VERSION}" ]; then
    debconf-set-selections <<<"mysql-server mysql-server/root_password password ${MYSQL_ROOT_PWD}"
    debconf-set-selections <<<"mysql-server mysql-server/root_password_again password ${MYSQL_ROOT_PWD}"
 fi
 # Checking if (any kind of) mysql-client or compatible command installed. This is useful for existing mariadb server
 if [ "${INSTALL_MYSQL}" = true ]; then
    MYSQL="${MYSQLSRV}"
 elif [ -x "$(command -v mysql)" ]; then
    MYSQL=""
 else
    MYSQL="${MYSQLCLIENT}"
 fi
 # Update everything but don't do the annoying prompts during apt installs
 echo -e "${GREY}Updating base Linux OS..."
-export DEBIAN_FRONTEND=noninteractive
+    export DEBIAN_FRONTEND=noninteractive
-apt-get update -qq &>>${INSTALL_LOG}
+    apt-get update -qq &>>${INSTALL_LOG}
-apt-get upgrade -qq -y &>>${INSTALL_LOG}
+    apt-get upgrade -qq -y &>>${INSTALL_LOG}
-if [ $? -ne 0 ]; then
+    if [ $? -ne 0 ]; then
-    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
+      echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-    exit 1
+      exit 1
-else
+    else
-    echo -e "${LGREEN}OK${GREY}"
+      echo -e "${LGREEN}OK${GREY}"
    echo
 fi
 # Install Guacamole build dependencies.
 echo -e "${GREY}Installing dependencies required for building Guacamole, this might take a few minutes..."
 if [ -n "${MYSQL_VERSION}" ]; then
    echo -e "${GREY}Adding the official MariaDB repository and installing version ${MYSQL_VERSION}..."
    # Add the Official MariaDB repo.
    apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG}
    curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG}
    bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
    if [ $? -ne 0 ]; then
      echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
      exit 1
    else
      echo -e "${LGREEN}OK${GREY}"
      echo
    fi
 fi
-apt-get -qq -y install ${JPEGTURBO} ${LIBPNG} ufw htop pwgen wget crudini expect build-essential libcairo2-dev libtool-bin uuid-dev libavcodec-dev libavformat-dev libavutil-dev \
+echo -e "${GREY}Installing dependencies required for building Guacamole, this might take a few minutes..."
-    libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev libpulse-dev libssl-dev \
+apt-get -qq -y install ${MYSQLPKG} ${TOMCAT_VERSION} ${JPEGTURBO} ${LIBPNG} ufw pwgen wget expect \
-    libvorbis-dev libwebp-dev ghostscript ${MYSQL} ${TOMCAT_VERSION} &>>${INSTALL_LOG}
+    build-essential libcairo2-dev libtool-bin uuid-dev libavcodec-dev libavformat-dev libavutil-dev \
-if [ $? -ne 0 ]; then
+    libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev \
-    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
+    libpulse-dev libssl-dev libvorbis-dev libwebp-dev ghostscript &>>${INSTALL_LOG}
-    exit 1
+    if [ $? -ne 0 ]; then
-else
+      echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-    echo -e "${LGREEN}OK${GREY}"
+      exit 1
    else
      echo -e "${LGREEN}OK${GREY}"
    echo 
 fi
 # Install Postfix with default settings for smtp email relay
 echo
 echo -e "${GREY}Installing Postfix MTA for backup email notifications and alerts, see separate SMTP relay configuration script..."
-DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y &>>${INSTALL_LOG}
+    DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y &>>${INSTALL_LOG}
-if [ $? -ne 0 ]; then
+    if [ $? -ne 0 ]; then
-    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
+      echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-    exit 1
+      exit 1
-else
+    else
-    echo -e "${LGREEN}OK${GREY}"
+      systemctl restart postfix
      echo -e "${LGREEN}OK${GREY}"
    echo
 fi
 systemctl restart postfix
 # Download Guacamole Server
 echo
 echo -e "${GREY}Downloading Guacamole source files..."
-wget -q --show-progress -O guacamole-server-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz
+    wget -q --show-progress -O guacamole-server-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz
-if [ $? -ne 0 ]; then
+    if [ $? -ne 0 ]; then
    echo -e "${LRED}Failed to download guacamole-server-${GUAC_VERSION}.tar.gz" 1>&2
-    echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz${GREY}"
+      echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz${GREY}"
-    exit 1
+      exit 1
-else
+    else
-    tar -xzf guacamole-server-${GUAC_VERSION}.tar.gz
+      tar -xzf guacamole-server-${GUAC_VERSION}.tar.gz
    echo -e "${LGREEN}Downloaded guacamole-server-${GUAC_VERSION}.tar.gz${GREY}"
 fi
 echo -e "${LGREEN}Downloaded guacamole-server-${GUAC_VERSION}.tar.gz${GREY}"
 # Download Guacamole Client
 wget -q --show-progress -O guacamole-${GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war
-if [ $? -ne 0 ]; then
+    if [ $? -ne 0 ]; then
-    echo -e "${LRED}Failed to download guacamole-${GUAC_VERSION}.war" 1>&2
+      echo -e "${LRED}Failed to download guacamole-${GUAC_VERSION}.war" 1>&2
-    echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war${GREY}"
+      echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war${GREY}"
-    exit 1
+        exit 1
      else 
    echo -e "${LGREEN}Downloaded guacamole-${GUAC_VERSION}.war (Guacamole client)${GREY}"
 fi
 echo -e "${LGREEN}Downloaded guacamole-${GUAC_VERSION}.war (Guacamole client)${GREY}"
 # Download MySQL connector/j
 wget -q --show-progress -O mysql-connector-j-${MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}.tar.gz
-if [ $? -ne 0 ]; then
+    if [ $? -ne 0 ]; then
-    echo -e "${LRED}Failed to download mysql-connector-j-${MYSQLJCON}.tar.gz" 1>&2
+      echo -e "${LRED}Failed to download mysql-connector-j-${MYSQLJCON}.tar.gz" 1>&2
-    echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}}.tar.gz${GREY}"
+      echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}}.tar.gz${GREY}"
-    exit 1
+        exit 1
-else
+      else
    tar -xzf mysql-connector-j-${MYSQLJCON}.tar.gz
    echo -e "${LGREEN}Downloaded mysql-connector-j-${MYSQLJCON}.tar.gz${GREY}"
 fi
 echo -e "${LGREEN}Downloaded mysql-connector-j-${MYSQLJCON}.tar.gz${GREY}"
 # Download Guacamole authentication extensions
 wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
-if [ $? -ne 0 ]; then
+    if [ $? -ne 0 ]; then
-    echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2
+      echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2
-    echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz"
+      echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz"
-    exit 1
+        exit 1
-else
+      else
    tar -xzf guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
    echo -e "${LGREEN}Downloaded guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz${GREY}"
 fi
 echo -e "${LGREEN}Downloaded guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz${GREY}"
 # Download TOTP extension
 if [ "${INSTALL_TOTP}" = true ]; then
    wget -q --show-progress -O guacamole-auth-totp-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz
    rm -f add-auth-totp.sh 
    if [ $? -ne 0 ]; then
-        echo -e "${LRED}Failed to download guacamole-auth-totp-${GUAC_VERSION}.tar.gz" 1>&2
+      echo -e "${LRED}Failed to download guacamole-auth-totp-${GUAC_VERSION}.tar.gz" 1>&2
-        echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz"
+      echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz"
        exit 1
    else
-        tar -xzf guacamole-auth-totp-${GUAC_VERSION}.tar.gz
+      tar -xzf guacamole-auth-totp-${GUAC_VERSION}.tar.gz
      rm -f add-auth-totp.sh
      echo -e "${LGREEN}Downloaded guacamole-auth-totp-${GUAC_VERSION}.tar.gz${GREY}"
    fi
    echo -e "${LGREEN}Downloaded guacamole-auth-totp-${GUAC_VERSION}.tar.gz${GREY}"
 fi
 # Download DUO extension
 if [ "${INSTALL_DUO}" = true ]; then
    wget -q --show-progress -O guacamole-auth-duo-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz
    rm -f add-auth-duo.sh
    if [ $? -ne 0 ]; then
-        echo -e "${LRED}Failed to download guacamole-auth-duo-${GUAC_VERSION}.tar.gz" 1>&2
+      echo -e "${LRED}Failed to download guacamole-auth-duo-${GUAC_VERSION}.tar.gz" 1>&2
-        echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz"
+      echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz"
-        exit 1
+      exit 1
    else
-        tar -xzf guacamole-auth-duo-${GUAC_VERSION}.tar.gz
+      tar -xzf guacamole-auth-duo-${GUAC_VERSION}.tar.gz
      rm -f add-auth-duo.sh
      echo -e "${LGREEN}Downloaded guacamole-auth-duo-${GUAC_VERSION}.tar.gz${GREY}"
    fi
    echo -e "${LGREEN}Downloaded guacamole-auth-duo-${GUAC_VERSION}.tar.gz${GREY}"
 fi
 # Download LDAP extension
 if [ "${INSTALL_LDAP}" = true ]; then
    wget -q --show-progress -O guacamole-auth-ldap-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz
    rm -f add-auth-ldap.sh  
    if [ $? -ne 0 ]; then
-        echo -e "${LRED}Failed to download guacamole-auth-ldap-${GUAC_VERSION}.tar.gz" 1>&2
+      echo -e "${LRED}Failed to download guacamole-auth-ldap-${GUAC_VERSION}.tar.gz" 1>&2
-        echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz"
+      echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz"
-        exit 1
+      exit 1
    else
-        tar -xzf guacamole-auth-ldap-${GUAC_VERSION}.tar.gz
+      tar -xzf guacamole-auth-ldap-${GUAC_VERSION}.tar.gz
      rm -f add-auth-ldap.sh  
      echo -e "${LGREEN}Downloaded guacamole-auth-ldap-${GUAC_VERSION}.tar.gz${GREY}"
    fi
    echo -e "${LGREEN}Downloaded guacamole-auth-ldap-${GUAC_VERSION}.tar.gz${GREY}"
 fi
 # Download Guacamole quick-connect extension
 if [ "${INSTALL_QCONNECT}" = true ]; then
    wget -q --show-progress -O guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz
    rm -f add-xtra-quickconnect.sh 
    if [ $? -ne 0 ]; then
-        echo -e "${LRED}Failed to download guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz" 1>&2
+      echo -e "${LRED}Failed to download guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz" 1>&2
-        echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz"
+      echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz"
-        exit 1
+      exit 1
    else
-        tar -xzf guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz
+      tar -xzf guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz
      rm -f add-xtra-quickconnect.sh 
      echo -e "${LGREEN}Downloaded guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz${GREY}"
    fi
 echo -e "${LGREEN}Downloaded guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz${GREY}"
 fi
 # Download Guacamole history recording storage extension
 if [ "${INSTALL_HISTREC}" = true ]; then
    wget -q --show-progress -O guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz
-    rm -f add-xtra-histrecstor.sh 
+
    if [ $? -ne 0 ]; then
-        echo -e "${LRED}Failed to download guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz" 1>&2
+      echo -e "${LRED}Failed to download guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz" 1>&2
-        echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz"
+      echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz"
-        exit 1
+      exit 1
    else
-        tar -xzf guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz
+      tar -xzf guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz
      rm -f add-xtra-histrecstor.sh
      echo -e "${LGREEN}Downloaded guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz${GREY}"
    fi
    echo -e "${LGREEN}Downloaded guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz${GREY}"
 fi
 echo -e "Source download complete.${GREY}"
-# Option to pause script here as we might want to make final tweaks to source code just before compiling
+# Place a pause in script here if you wish to make final tweaks to source code before compiling
-#echo -e "${LYELLOW}"
+#read -p $'Script paused for editing source before building. Enter to begin the build...\n'
 #read -p $'Script paused for (optional) tweaking of source before building. Enter to Continue...\n'
 #echo -e "${GREY}"
 # Add customised RDP share names and printer labels, remove Guacamole default labelling
 sed -i -e 's/IDX_CLIENT_NAME, "Guacamole RDP"/IDX_CLIENT_NAME, "'"${RDP_SHARE_HOST}"'"/' ${DOWNLOAD_DIR}/guacamole-server-${GUAC_VERSION}/src/protocols/rdp/settings.c
@ -232,51 +242,69 @@ if [ $? -ne 0 ]; then
        echo "Failed to configure guacamole-server - again"
        exit
    fi
-else
+     else
    echo -e "${LGREEN}OK${GREY}"
-    echo
+  echo
 fi
 echo -e "${GREY}Running make and building the Guacamole-Server application..."
 make &>>${INSTALL_LOG}
-if [ $? -ne 0 ]; then
+    if [ $? -ne 0 ]; then
-    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
+      echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-    exit 1
+      exit 1
-else
+    else
-    echo -e "${LGREEN}OK${GREY}"
+      echo -e "${LGREEN}OK${GREY}"
    echo
 fi
 echo -e "${GREY}Installing Guacamole-Server..."
 make install &>>${INSTALL_LOG}
-ldconfig
+    if [ $? -ne 0 ]; then
-if [ $? -ne 0 ]; then
+      echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
+      exit 1
-    exit 1
+    else
-else
+      echo -e "${LGREEN}OK${GREY}"
    echo -e "${LGREEN}OK${GREY}"
    echo
 fi
-# Move files to correct install locations (guacamole-client & Guacamole authentication extensions)
+# Update the shared library cache
-cd ..
+ldconfig
 mv -f guacamole-${GUAC_VERSION}.war /etc/guacamole/guacamole.war
 chmod 664 /etc/guacamole/guacamole.war
 mv -f guacamole-auth-jdbc-${GUAC_VERSION}/mysql/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar /etc/guacamole/extensions/
 chmod 664 /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar
-# Create a symbolic link for Tomcat
+# Move Guacamole client and authentication extensions to their correct install locations
-ln -sf /etc/guacamole/guacamole.war /var/lib/${TOMCAT_VERSION}/webapps/
+cd ..
 echo -e "${GREY}Moving guacamole-${GUAC_VERSION}.war (/etc/guacamole/extensions/)..."
    mv -f guacamole-${GUAC_VERSION}.war /etc/guacamole/guacamole.war
    chmod 664 /etc/guacamole/guacamole.war
    # Create a symbolic link for Tomcat
    ln -sf /etc/guacamole/guacamole.war /var/lib/${TOMCAT_VERSION}/webapps/ &>>${INSTALL_LOG}
    if [ $? -ne 0 ]; then
        echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
        exit 1
    else
        echo -e "${LGREEN}OK${GREY}"
    echo
 fi
 echo -e "${GREY}Moving guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
    mv -f guacamole-auth-jdbc-${GUAC_VERSION}/mysql/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar /etc/guacamole/extensions/
    chmod 664 /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar
    if [ $? -ne 0 ]; then
        echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
        exit 1
    else
        echo -e "${LGREEN}OK${GREY}"
    echo
 fi
 # Move MySQL connector/j files
 echo -e "${GREY}Moving mysql-connector-j-${MYSQLJCON}.jar (/etc/guacamole/lib/mysql-connector-java.jar)..."
-mv -f mysql-connector-j-${MYSQLJCON}/mysql-connector-j-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar
+    mv -f mysql-connector-j-${MYSQLJCON}/mysql-connector-j-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar
-chmod 664 /etc/guacamole/lib/mysql-connector-java.jar
+    chmod 664 /etc/guacamole/lib/mysql-connector-java.jar
-if [ $? -ne 0 ]; then
+    if [ $? -ne 0 ]; then
-    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
+        echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-    exit 1
+        exit 1
-else
+    else
-    echo -e "${LGREEN}OK${GREY}"
+       echo -e "${LGREEN}OK${GREY}"
    echo
 fi
@ -314,11 +342,11 @@ if [ "${INSTALL_DUO}" = true ]; then
    echo "#duo-application-key: " >>/etc/guacamole/guacamole.properties
    echo -e "Duo auth is installed, it will need to be configured via guacamole.properties"
    if [ $? -ne 0 ]; then
-        echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
+      echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-        exit 1
+      exit 1
    else
-        echo -e "${LGREEN}OK${GREY}"
+      echo -e "${LGREEN}OK${GREY}"
-        echo
+      echo
    fi
 fi
@ -340,11 +368,11 @@ if [ "${INSTALL_LDAP}" = true ]; then
    echo "#ldap-user-search-filter:(objectClass=user)(!(objectCategory=computer))" >>/etc/guacamole/guacamole.properties
    echo "#ldap-max-search-results:200" >>/etc/guacamole/guacamole.properties
    if [ $? -ne 0 ]; then
-        echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
+      echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-        exit 1
+      exit 1
    else
-        echo -e "${LGREEN}OK${GREY}"
+      echo -e "${LGREEN}OK${GREY}"
-        echo
+      echo
    fi
 fi
@ -355,10 +383,10 @@ if [ "${INSTALL_QCONNECT}" = true ]; then
    chmod 664 /etc/guacamole/extensions/guacamole-auth-quickconnect-${GUAC_VERSION}.jar
    if [ $? -ne 0 ]; then
        echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-        exit 1
+      exit 1
    else
-        echo -e "${LGREEN}OK${GREY}"
+      echo -e "${LGREEN}OK${GREY}"
-        echo
+      echo
    fi
 fi
@ -373,35 +401,37 @@ if [ "${INSTALL_HISTREC}" = true ]; then
    chmod 2750 ${HISTREC_PATH}
    echo "recording-search-path: ${HISTREC_PATH}" >>/etc/guacamole/guacamole.properties
    if [ $? -ne 0 ]; then
-        echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
+      echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-        exit 1
+      exit 1
    else
-        echo -e "${LGREEN}OK${GREY}"
+      echo -e "${LGREEN}OK${GREY}"
-        echo
+      echo
    fi
 fi
 # Apply a branded interface and dark theme. You may delete this file and restart guacd & tomcat for the default console
 echo -e "${GREY}Setting the Guacamole console to a (customisable) dark mode themed template..."
-mv branding.jar /etc/guacamole/extensions
+    mv branding.jar /etc/guacamole/extensions
-chmod 664 /etc/guacamole/extensions/branding.jar
+    chmod 664 /etc/guacamole/extensions/branding.jar
-if [ $? -ne 0 ]; then
+    if [ $? -ne 0 ]; then
-    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
+      echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-    exit 1
+      exit 1
-else
+    else
-    echo -e "${LGREEN}OK${GREY}"
+      echo -e "${LGREEN}OK${GREY}"
    echo
 fi
 # Restart Tomcat
 echo -e "${GREY}Restarting Tomcat service & enable at boot..."
 systemctl restart ${TOMCAT_VERSION}
-if [ $? -ne 0 ]; then
+    if [ $? -ne 0 ]; then
-    echo -e "${LRED}Failed${GREY}" 1>&2
+      echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-    exit 1
+      exit 1
-else
+    else
-    echo -e "${LGREEN}OK${GREY}"
+      echo -e "${LGREEN}OK${GREY}"
    echo
 fi
 # Set Tomcat to start at boot
 systemctl enable ${TOMCAT_VERSION}
 echo
@ -410,56 +440,75 @@ if [ "${INSTALL_MYSQL}" = true ]; then
 # Set MySQL password
 export MYSQL_PWD=${MYSQL_ROOT_PWD}
-# Find the location of the MySQL config files
+# Set the root password without a reliance on debconf.
 echo -e "${GREY}Setting MySQL root password..."
 SQLCODE="
 FLUSH PRIVILEGES;
 ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
 echo ${SQLCODE} | $DB_CMD -u root
 if [ $? -ne 0 ]; then
    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
    exit 1
      else
    echo -e "${LGREEN}OK${GREY}"
   echo
 fi
 # Find the location of the MySQL or MariaDB config files. (Add to this list for more potential candidates.)
 for x in /etc/mysql/mariadb.conf.d/50-server.cnf \
    /etc/mysql/mysql.conf.d/mysqld.cnf \
    /etc/mysql/my.cnf; do
-    # Check the path exists
+    # Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename.
    if [ -e "${x}" ]; then
-        # Does it have the necessary section?
+         if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then
-        if grep -q '^\[mysqld\]$' "${x}"; then
+          mysqlconfig="${x}"
-            mysqlconfig="${x}"
+          # Reduce any duplicated section names, then sanitise the [ ] special characters for sed below)
-            break
+          config_section=$(grep -m 1 -E '^\[(mysqld|mariadbd)\]$' "${x}" | sed 's/\[\(.*\)\]/\1/') 
          break
        fi
    fi
 done
 # Set the MySQL Timezone
 if [ -z "${mysqlconfig}" ]; then
-    echo -e "${GREY}Couldn't detect MySQL config file - you may need to manually enter timezone settings"
+    echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings"
 else
    # Is there already a timzeone value configured?
    if grep -q "^default_time_zone[[:space:]]=" "${mysqlconfig}"; then
-        echo -e "MySQL database timezone already defined in ${mysqlconfig}"
+        echo -e "MySQL database timezone defined in ${mysqlconfig}"
    else
-        timezone="$(cat /etc/timezone)"
+        timezone=${DB_TZ}
-        if [ -z "${timezone}" ]; then
+        if [ -z "${DB_TZ}" ]; then
            echo -e "Couldn't find system timezone, using UTC$"
            timezone="UTC"
        fi
        echo -e "Setting MySQL database timezone as ${timezone}${GREY}"
-        # Fix for https://issues.apache.org/jira/browse/GUACAMOLE-760
+        mysql_tzinfo_to_sql /usr/share/zoneinfo 2>/dev/null | ${DB_CMD} -u root -D mysql -p${MYSQL_ROOT_PWD}
-        mysql_tzinfo_to_sql /usr/share/zoneinfo 2>/dev/null | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT}
+        # Add the timzone value to the sanitsed server file section name.
-        crudini --set ${mysqlconfig} mysqld default_time_zone "${timezone}"
+        sed -i -e "/^\[${config_section}\]/a default_time_zone = ${timezone}" "${mysqlconfig}"
-        # Restart to apply
+      fi
        systemctl restart mysql
    fi
-fi
+    if [ $? -ne 0 ]; then
 if [ $? -ne 0 ]; then
    echo -e "${LRED}Failed${GREY}" 1>&2
    exit 1
-else
+  else
-    echo -e "${LGREEN}OK${GREY}"
+  echo -e "${LGREEN}OK${GREY}"
-    echo
+  echo
 fi
-# Create ${GUAC_DB} and grant ${GUAC_USER} permissions to it
+# This should stay as localhost in most local MySQL install situations. This setting determine from WHERE the new ${GUAC_USER} 
-GUAC_USERHost="localhost"
+# will be able to login to the database (either specific remote IPs or localhost only.)
-if [[ "${MYSQL_HOST}" != "localhost" ]]; then
+#  However this setting can be quick and hacky way to build a backend guacamole database server for use behind another guac application server
 # (albeit with the full application suite installed). To do this, set GUAC_USERHost="%" for login access from all IPs, or e.g. 192.168.1.% for an IP range. 
 # You will also need to set the MySQL binding away from the default 127.0.0.1 to 0.0.0.0 or a specific external facing network interface to allow remote login.
 if [ "${MYSQL_HOST}" != "localhost" ]; then
    GUAC_USERHost="%"
-    echo -e "${YELLOW}MySQL Guacamole user is set to accept login from any host, please change this for security reasons if possible.${GREY}"
+    echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}"
   else 
    GUAC_USERHost="localhost"
 fi
-# Execute SQL code
+# Execute SQL code to create the Guacamole database
 echo -e "${GREY}Creating the Guacamole database..."
 SQLCODE="
 DROP DATABASE IF EXISTS ${GUAC_DB};
@ -471,60 +520,31 @@ echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT}
 if [ $? -ne 0 ]; then
    echo -e "${LRED}Failed${GREY}" 1>&2
    exit 1
-else
+     else
    echo -e "${LGREEN}OK${GREY}"
    echo
 fi
 # Add Guacamole schema to newly created database
 echo -e "${GREY}Adding database tables..."
-cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT}
+cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD}
 if [ $? -ne 0 ]; then
    echo -e "${LRED}Failed${GREY}" 1>&2
    exit 1
-else
+     else
    echo -e "${LGREEN}OK${GREY}"
    echo
 fi
 fi
 # Create guacd.conf and locahost IP binding.
 echo -e "${GREY}Binding guacd to 127.0.0.1 port 4822..."
 cat >/etc/guacamole/guacd.conf <<-"EOF"
 [server]
 bind_host = 127.0.0.1
 bind_port = 4822
 EOF
 if [ $? -ne 0 ]; then
    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
    exit 1
 else
    echo -e "${LGREEN}OK${GREY}"
    echo
 fi
 # Ensure guacd is started
 echo -e "${GREY}Starting guacd service & enable at boot..."
 systemctl enable guacd
 systemctl stop guacd 2>/dev/null
 systemctl start guacd
 if [ $? -ne 0 ]; then
    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
    exit 1
 else
    echo -e "${LGREEN}OK${GREY}"
    echo
 fi
 # Apply Secure MySQL installation settings
-if [ "${SECURE_MYSQL}" = true ]; then
+if [ "${SECURE_MYSQL}" = true ] && [ "${INSTALL_MYSQL}" = true ]; then
    echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}"
    MYSQLPW=${MYSQL_ROOT_PWD}
    SECURE_MYSQL=$(expect -c "
 set timeout 10
 spawn mysql_secure_installation
 expect \"Enter current password for root (enter for none):\"
-send \"$MYSQLPW\r\"
+send \"$MYSQL_ROOT_PWD\r\"
 expect \"Switch to unix_socket authentication\"
 send \"n\r\"
 expect \"Change the root password?\"
@ -540,14 +560,13 @@ send \"y\r\"
 expect eof
 ")
    echo "$SECURE_MYSQL"
-    systemctl restart mysql
+if [ $? -ne 0 ]; then
-    if [ $? -ne 0 ]; then
+     echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-        echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
+      exit 1
        exit 1
    else
-        echo -e "${LGREEN}OK${GREY}"
+      echo -e "${LGREEN}OK${GREY}"
-        echo
+      echo
-    fi
+   fi
 fi
 # Restart MySQL service
@ -557,27 +576,55 @@ if [ "${INSTALL_MYSQL}" = true ]; then
    systemctl enable mysql
    systemctl restart mysql
    if [ $? -ne 0 ]; then
-        echo -e "${LRED}Failed${GREY}" 1>&2
+      echo -e "${LRED}Failed${GREY}" 1>&2
-        exit 1
+      exit 1
    else
-        echo -e "${LGREEN}OK${GREY}"
+      echo -e "${LGREEN}OK${GREY}"
-        echo
+      echo
    fi
 fi
 # Create guacd.conf and locahost IP binding.
 echo -e "${GREY}Binding guacd to 127.0.0.1 port 4822..."
 cat >/etc/guacamole/guacd.conf <<-"EOF"
 [server]
 bind_host = 127.0.0.1
 bind_port = 4822
 EOF
 if [ $? -ne 0 ]; then
    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
    exit 1
      else
    echo -e "${LGREEN}OK${GREY}"
    echo
 fi
 # Ensure guacd is started
 echo -e "${GREY}Starting guacd service & enable at boot..."
 systemctl enable guacd
 systemctl stop guacd 2>/dev/null
 systemctl start guacd
 if [ $? -ne 0 ]; then
    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
    exit 1
      else
    echo -e "${LGREEN}OK${GREY}"
    echo
 fi
 if [ "${CHANGE_ROOT}" = true ]; then
    echo -e "${GREY}Shortening the Guacamole root url and setting up redirect...${DGREY}"
    systemctl stop ${TOMCAT_VERSION}
    mv /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.html index.html.old
    touch /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp
-    echo "<% response.sendRedirect(\"/guacamole\");%>" >>/var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp
+      echo "<% response.sendRedirect(\"/guacamole\");%>" >>/var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp
-    systemctl start ${TOMCAT_VERSION}
+      systemctl start ${TOMCAT_VERSION}
-    if [ $? -ne 0 ]; then
+      if [ $? -ne 0 ]; then
        echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
-        exit 1
+      exit 1
    else
-        echo -e "${LGREEN}OK${GREY}"
+      echo -e "${LGREEN}OK${GREY}"
-        echo
+      echo
    fi
 fi
@ -592,8 +639,9 @@ sudo ufw logging off >/dev/null 2>&1
 if [ $? -ne 0 ]; then
    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
    exit 1
-else
+      else
    echo -e "${LGREEN}OK${GREY}"
    echo
 fi
 # Cleanup
@ -601,11 +649,19 @@ echo -e "${GREY}Cleanup install files...${GREY}"
 rm -rf guacamole-*
 rm -rf mysql-connector-j-*
 rm -rf mariadb_repo_setup
 if [ "${INSTALL_NGINX}" = false ]; then
    rm -rf 3-install-nginx.sh
    rm -f 4a-install-tls-self-signed-nginx.sh
    rm -rf 4b-install-tls-letsencrypt-nginx.sh
    rm -f refresh-tls-self-signed.sh
 fi
 unset MYSQL_PWD
 apt-get -y remove expect &>>${INSTALL_LOG}
 apt-get -y autoremove &>>${INSTALL_LOG}
 if [ $? -ne 0 ]; then
    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
    exit 1
-else
+      else
    echo -e "${LGREEN}OK${GREY}"
    echo
 fi
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # Guacamole 1.5.3 VDI/Jump Server Appliance Build Script
-<img src="https://github.githubassets.com/images/icons/emoji/sparkles.png" width="35"> This repo makes setting up Guacamole 1.5.3 a breeze, with added features like TLS reverse proxy, Active Directory integration, multi-factor authentication, Quick Connect, History Recording Storage, dark mode and custom UI templates, auto database backup, O365 email alerts, and enhanced security options. See below for enterprise and high availability deployments too.
+<img src="https://github.githubassets.com/images/icons/emoji/sparkles.png" width="35"> This repo makes setting up a Guacamole a breeze. Its got installer support for TLS reverse proxy, Active Directory integration, multi-factor authentication, Quick Connect & History Recording Storage UI enhancements, dark mode and custom UI templates, auto database backup, O365 email alerts and even fail2ban and internal daemon security hardening options. There's also code in here to get you up and running with Guacamole in an enterprise or high availability deployment too!
 ## Automatic Installation
@ -21,7 +21,7 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
 ## Installation Menu
-<img src="https://github.githubassets.com/images/icons/emoji/wrench.png" width="35"> **This script guides you through the installation process in the following steps:**
+<img src="https://github.githubassets.com/images/icons/emoji/wrench.png" width="35"> **The main script guides you through the installation process in the following steps:**
 1. Confirm your system hostname and local DNS domain suffix. (Must be consistent for TLS proxy)
 2. Choose a locally installed or remote MySQL instance, set database security preferences.
@ -40,7 +40,7 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
 <img src="https://github.githubassets.com/images/icons/emoji/key.png" width="35"> **Need help with Active Directory authentication?** Check [here](https://github.com/itiligent/Guacamole-Install/blob/main/ACTIVE-DIRECTORY-HOW-TO.md).
-## Customise and Brand Your Guacamole Theme
+## Customise & Brand Your Guacamole Theme
 <img src="https://github.githubassets.com/images/icons/emoji/art.png" width="35"> **Want to give Guacamole your personal touch? Follow the theme and branding instructions** [here](https://github.com/itiligent/Guacamole-Install/tree/main/custom-theme-builder).
@ -51,7 +51,7 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
 1. Paste and run the wget autorun link in your home directory.
 2. Exit `1-setup.sh` at the first prompt. (At this point the scripts are downloaded only.)
 3. Customise the huge number of installation variables available in `1-setup.sh` as required. (Certain combinations of edits will produce a fully unattended install.)
-4. **Caution: If editing `1-setup.sh`, be aware that running the autorun link again re-downloads and overwrites all changes. You must run setup locally after editing.** (Also be sure to comment out the download links in the setup script for any other edited scripts. (There should be little need to edit outside of the setup script's options.)
+4. **Caution: If editing `1-setup.sh`, be aware that running the autorun link again re-downloads and overwrites all changes. You must run setup locally after editing.** (Also be sure to comment out the download links in the setup script for any other edited scripts. There should be little need to edit outside of the setup script's options.)
 5. The **upgrade-guac.sh, add-tls-guac-daemon.sh, refresh-tls-self-signed.sh & backup-guac.sh** scripts are automatically adjusted at installation to match your chosen installation settings. These can be run after install without any modification.
 6. If the self-signed TLS proxy option is selected, browser client TLS certificates will be automatically created and saved to `$HOME/guac-setup`.
 7. Note that Nginx is automatically configured to use TLS 1.2 or above (so really old browser versions may not work.)
@ -64,10 +64,10 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
 ## Enterprise Scale Out & High Availability 
-<img src="https://github.githubassets.com/images/icons/emoji/unicode/1f454.png" width="35"> For Enterprise deployments, did you know that Guacamole can be run in a load balanced farm? To achieve this, the database, application and front end components are usually **split into 2 or 3 layers.** (VLANs & firewalls between the layers helps with security too.) See [here](https://github.com/itiligent/Guacamole-Install/tree/main/guac-enterprise-build) for useful related materials.
+<img src="https://github.githubassets.com/images/icons/emoji/unicode/1f454.png" width="35"> For Enterprise deployments, did you know that Guacamole can be run in a load balanced farm? To achieve this, the database, application and front end components are usually **split into 2 or 3 layers.** (VLANs & firewalls between the layers helps with security too.) See [here](https://github.com/itiligent/Guacamole-Install/tree/main/guac-enterprise-build) for how to get started.
- **For the DATABASE layer:** Find the included `install-mysql-backend-only.sh` to install just a standalone backend instance of the Guacamole MySQL database. 
+- **For the DATABASE layer:** Find the included `install-mysql-backend-only.sh` to install a standalone instance of the Guacamole MySQL database for your backend.
- **For the APPLICATION layer:** Simply use the main setup script to build as many application servers as you like. For a true 3 layer load balanced system, make sure to **say no to both the "Install MySQL locally" option and all Nginx front end options.** 
+- **For the APPLICATION layer:** Simply use the main setup script to build as many application servers as you like. For a true 3 layer load balanced system, make sure to **say no to both the "Install MySQL locally" option and all Nginx front end options** so as only the Guacamole server and Apache Tomcat services are installed.
- **For the Front end**: There are may choices here. You can slightly modify the Nginx scripts for a front end TLS layer, however **HA Proxy** provides far superior session affinity under load balanced conditions when compared to Open Source Nginx (The paid for Nginx Plus gives you all the good stuff!) There's so many possible ways to achieve this in hardware and software. For this target audience there's plenty of config detail here help you begin to roll your own HA solution.
+- **For the Front end**: There are may choices here. You can slightly modify the Nginx scripts for a separate front end TLS layer, however **HA Proxy** provides far superior session affinity under load balanced conditions when compared to Open Source Nginx, but an Nginx Plus subscription gets you all the good stuff! There's so many possible ways to achieve this in hardware and software. There's plenty of config details in here to help you begin to roll your own HA solution.
 ## Auto Download Manifest
--- a/guac-enterprise-build/install-mysql-backend-only.sh
+++ b/guac-enterprise-build/install-mysql-backend-only.sh
@ -1,6 +1,6 @@
 #!/bin/bash
 #######################################################################################################################
-# Guacamole MySQL backend install script. (For split DB and guacamole application layers.) 
+# Guacamole MySQL backend install script. (For split DB and guacamole application layers.)
 # For Ubuntu / Debian / Raspbian
 # David Harrop
 # September 2023
@ -90,11 +90,11 @@ MYSQL_ROOT_PWD="test"       # Requires an entry.
 DB_TZ=$(cat /etc/timezone)  # Typically system default (cat /etc/timezone) or change to "UTC" if required.
 # For a remotely accessed back end DB instance, keep this script set to BACKEND_MYSQL="true".
-# Other options are fairly straight forward. For a typical back end server only the $FRONTEND_NET and $MYSQL_BIND_ADDR 
+# Other options are fairly straight forward. For a typical back end server only the $FRONTEND_NET and $MYSQL_BIND_ADDR
 # values may need closer attention.
-# This script can also accommodate DR or migration scenarios: E.g Migration away from XML user mappings, PostGres to MySQL etc). 
+# This script can also accommodate DR or migration scenarios: E.g Migration away from XML user mappings, PostGres to MySQL etc).
-# To install a new MySQL database on the same server as the Guacamole application, set BACKEND_MYSQL="false" & 
+# To install a new MySQL database on the same server as the Guacamole application, set BACKEND_MYSQL="false" &
 # MYSQL_BIND_ADDR="127.0.0.1". See bottom of this script for some remaining DB migration actions.
@ -106,11 +106,11 @@ DB_TZ=$(cat /etc/timezone)  # Typically system default (cat /etc/timezone) or ch
 MYSQL_VERSION="" # Blank "" forces distro default MySQL packages.
 if [ -z "${MYSQL_VERSION}" ]; then
    # Use Linux distro default version.
-    MYSQLV="default-mysql-server default-mysql-client mysql-common"
+    MYSQLPKG="default-mysql-server default-mysql-client mysql-common"
    DB_CMD="mysql" # mysql command is depricated
  else
    # Use official mariadb.org repo
-    MYSQLV="mariadb-server mariadb-client mariadb-common"
+    MYSQLPKG="mariadb-server mariadb-client mariadb-common"
    DB_CMD="mariadb" # mysql command is depricated on newer versions
 fi
@ -129,8 +129,8 @@ fi
 cd $DOWNLOAD_DIR
 # Add the official MariaDB repo
 if [ -n "${MYSQL_VERSION}" ]; then
    # Add the Official MariaDB repo.
    apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG}
    curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG}
    bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
@ -150,7 +150,7 @@ echo -e "${LGREEN}Downloaded guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz${GREY}"
 echo
 echo -e "${GREY}Installing MySQL packages..."
-apt-get -qq -y install ${MYSQLV} &>>${INSTALL_LOG}
+apt-get -qq -y install ${MYSQLPKG} &>>${INSTALL_LOG}
 if [ $? -ne 0 ]; then
    echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
    exit 1
@ -226,7 +226,7 @@ else
    echo
 fi
-# Establish the appropriate form of Guacamole user account access (remote or localhost login permissions) 
+# Establish the appropriate form of Guacamole user account access (remote or localhost login permissions)
 echo -e "${GREY}Setting up database access parameters for the Guacamole user ..."
 if [ "${BACKEND_MYSQL}" = true ] && [ -z "${FRONTEND_NET}" ]; then
    echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}"