someorg/Easy-Guacamole-Installer
1
0
Fork 0
mirror of https://github.com/itiligent/Easy-Guacamole-Installer.git synced 2025-12-14 02:12:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed for Debian 12 and Ubuntu 23.04

Browse source 
Debian 12 ready, Ubuntu 23.04 ready

code final review
normalized to uniform [[  ]] use, and shfmt to 4 space indents
Changes redirect variable name
fixed db installing server and client for client installs
small tidy ups
This commit is contained in:
itiligent 2023-09-10 22:39:54 +10:00
parent a7f8ee6439
commit d150332e63
20 changed files with 1355 additions and 1337 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

168
1-setup.sh
View file

@ -47,7 +47,7 @@ if [[ $EUID -eq 0 ]]; then
fi fi
# Make sure the user is a member of the sudo group # Make sure the user is a member of the sudo group
if ! [ $(id -nG "$USER" 2>/dev/null | egrep "sudo" | wc -l) -gt 0 ]; then if ! [[ $(id -nG "$USER" 2>/dev/null | egrep "sudo" | wc -l) -gt 0 ]]; then
echo echo
echo -e "${LRED}The current user (${USER}) must be a member of the 'sudo' group, exiting..." 1>&2 echo -e "${LRED}The current user (${USER}) must be a member of the 'sudo' group, exiting..." 1>&2
echo -e ${NC} echo -e ${NC}
@ -55,7 +55,7 @@ if ! [ $(id -nG "$USER" 2>/dev/null | egrep "sudo" | wc -l) -gt 0 ]; then
fi fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe. # Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then if [[ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]]; then
echo echo
echo -e "${LRED}Possible previous install files detected in current build path. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2 echo -e "${LRED}Possible previous install files detected in current build path. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo echo
@ -63,7 +63,7 @@ if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*'
fi fi
####################################################################################################################### #######################################################################################################################
# Core setup variables and mandatory inputs ########################################################################### # Core setup variables and mandatory inputs - EDIT VARIABLE VALUES TO SUIT ############################################
####################################################################################################################### #######################################################################################################################
# Setup download and temp directory paths # Setup download and temp directory paths
@ -87,32 +87,18 @@ GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guac
# See https://mariadb.org/mariadb/all-releases/ for available versions. # See https://mariadb.org/mariadb/all-releases/ for available versions.
# Provide a specific MySQL version e.g. 11.1.2 or leave blank to use distro default MySQL packages. # Provide a specific MySQL version e.g. 11.1.2 or leave blank to use distro default MySQL packages.
MYSQL_VERSION="" MYSQL_VERSION=""
if [ -z "${MYSQL_VERSION}" ]; then if [[ -z "${MYSQL_VERSION}" ]]; then
# Use Linux distro default version. # Use Linux distro default version.
MYSQLS="default-mysql-server default-mysql-client mysql-common" MYSQLSRV="default-mysql-server default-mysql-client mysql-common" # Server
MYSQLC="default-mysql-client" MYSQLCLIENT="default-mysql-client" # Client
DB_CMD="mysql" # mysql command is depricated DB_CMD="mysql" # mysql command is depricated
else else
# Use official mariadb.org repo # Use official mariadb.org repo
MYSQLS="mariadb-server mariadb-client mariadb-common" MYSQLSRV="mariadb-server mariadb-client mariadb-common" # Server
MYSQLC="mariadb-client" MYSQLCLIENT="mariadb-client" # Client
DB_CMD="mariadb" # mysql command is depricated on newer versions DB_CMD="mariadb" # mysql command is depricated on newer versions
fi fi
# Check for the latest version of Tomcat currently supported by the distro
if [[ $(apt-cache show tomcat10 2>/dev/null | egrep "Version: 10" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat10"
elif [[ $(apt-cache show tomcat9 2>/dev/null | egrep "Version: 9" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat9"
elif [[ $(apt-cache show tomcat8 2>/dev/null | egrep "Version: 8.[5-9]" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat8"
else
# Default to version
TOMCAT_VERSION="tomcat9"
fi
# Uncomment to force a specific Tomcat version here.
# TOMCAT_VERSION="tomcat9"
# Install log Location # Install log Location
INSTALL_LOG="${DOWNLOAD_DIR}/guacamole_${GUAC_VERSION}_setup.log" INSTALL_LOG="${DOWNLOAD_DIR}/guacamole_${GUAC_VERSION}_setup.log"
@ -123,7 +109,8 @@ GUAC_URL=http://localhost:8080/guacamole/
# Here the variables for OS variant and library dependency names are initialised. # Here the variables for OS variant and library dependency names are initialised.
source /etc/os-release source /etc/os-release
OS_FLAVOUR=$ID OS_FLAVOUR=$ID
OS_VERSION=$VERSION OS_VERSION=$VERSION_ID
OS_CODENAME=$VERSION_CODENAME
JPEGTURBO="" JPEGTURBO=""
LIBPNG="" LIBPNG=""
@ -137,20 +124,20 @@ get_domain_suffix() {
search_line=$(grep -E '^search[[:space:]]+' /etc/resolv.conf) search_line=$(grep -E '^search[[:space:]]+' /etc/resolv.conf)
domain_line=$(grep -E '^domain[[:space:]]+' /etc/resolv.conf) domain_line=$(grep -E '^domain[[:space:]]+' /etc/resolv.conf)
# Check if both "search" and "domain" lines exist # Check if both "search" and "domain" lines exist
if [ -n "$search_line" ] && [ -n "$domain_line" ]; then if [[ -n "$search_line" ]] && [[ -n "$domain_line" ]]; then
# Both "search" and "domain" lines exist, extract the domain suffix from both # Both "search" and "domain" lines exist, extract the domain suffix from both
search_suffix=$(get_domain_suffix "$search_line") search_suffix=$(get_domain_suffix "$search_line")
domain_suffix=$(get_domain_suffix "$domain_line") domain_suffix=$(get_domain_suffix "$domain_line")
# Print the domain suffix that appears first # Print the domain suffix that appears first
if [ ${#search_suffix} -lt ${#domain_suffix} ]; then if [[ ${#search_suffix} -lt ${#domain_suffix} ]]; then
DOMAIN_SUFFIX=$search_suffix DOMAIN_SUFFIX=$search_suffix
else else
DOMAIN_SUFFIX=$domain_suffix DOMAIN_SUFFIX=$domain_suffix
fi fi
elif [ -n "$search_line" ]; then elif [[ -n "$search_line" ]]; then
# If only "search" line exists # If only "search" line exists
DOMAIN_SUFFIX=$(get_domain_suffix "$search_line") DOMAIN_SUFFIX=$(get_domain_suffix "$search_line")
elif [ -n "$domain_line" ]; then elif [[ -n "$domain_line" ]]; then
# If only "domain" line exists # If only "domain" line exists
DOMAIN_SUFFIX=$(get_domain_suffix "$domain_line") DOMAIN_SUFFIX=$(get_domain_suffix "$domain_line")
else else
@ -171,7 +158,7 @@ echo
echo echo
####################################################################################################################### #######################################################################################################################
# Silent setup options - adding true/false or specific values below prevents prompt at install ######################## # Silent setup options - true/false or specific values below prevents prompt at install. EDIT TO SUIT #################
####################################################################################################################### #######################################################################################################################
SERVER_NAME="" # Preferred server hostname SERVER_NAME="" # Preferred server hostname
LOCAL_DOMAIN="" # Local DNS space in use LOCAL_DOMAIN="" # Local DNS space in use
@ -190,7 +177,7 @@ INSTALL_LDAP="" # Add Active Directory extension (true/false)
INSTALL_QCONNECT="" # Add Guacamole console quick connect feature INSTALL_QCONNECT="" # Add Guacamole console quick connect feature
INSTALL_HISTREC="" # Add Guacamole history recording storage feature INSTALL_HISTREC="" # Add Guacamole history recording storage feature
HISTREC_PATH="" # Path to save recorded sessions, default is /var/lib/guacamole/recordings HISTREC_PATH="" # Path to save recorded sessions, default is /var/lib/guacamole/recordings
CHANGE_ROOT="" # Set default Guacamole URL to http root (remove extra "/guacamole" from the default URL) GUAC_URL_REDIR="" # Redirect default Guacamole URL to http root (skip typing the extra "/guacamole" in the URL)
INSTALL_NGINX="" # Install and configure Guacamole behind Nginx reverse proxy (http port 80 only, true/false) INSTALL_NGINX="" # Install and configure Guacamole behind Nginx reverse proxy (http port 80 only, true/false)
PROXY_SITE="" # Local DNS name for reverse proxy and/or self signed TLS certificates PROXY_SITE="" # Local DNS name for reverse proxy and/or self signed TLS certificates
SELF_SIGN="" # Add self signed TLS support to Nginx (Let's Encrypt not available with this option, true/false) SELF_SIGN="" # Add self signed TLS support to Nginx (Let's Encrypt not available with this option, true/false)
@ -210,7 +197,7 @@ RDP_SHARE_LABEL="RDP Share" # Custom Windows RDP share drive label (e.g. RDP
RDP_PRINTER_LABEL="RDP Printer" # Custom Windows RDP printer label RDP_PRINTER_LABEL="RDP Printer" # Custom Windows RDP printer label
####################################################################################################################### #######################################################################################################################
# Download GitHub setup scripts. To prevent overwrite, comment out lines of any scripts you have edited. ############## # Download GitHub setup scripts. To prevent overwrite, COMMENT OUT LINES OF ANY SCRIPTS YOU HAVE EDITED. ##############
####################################################################################################################### #######################################################################################################################
# Download the set of config scripts from GitHub # Download the set of config scripts from GitHub
@ -255,13 +242,41 @@ echo
sudo chmod -R 770 $TMP_DIR sudo chmod -R 770 $TMP_DIR
sudo chown -R $SUDO_USER:root $TMP_DIR sudo chown -R $SUDO_USER:root $TMP_DIR
# Workaround for current Debian 12 & Tomcat 10 incompatibilities (Experimental in August 2023) #######################################################################################################################
if [[ $OS_FLAVOUR = "debian" ]] && [[ $OS_VERSION = *"bookworm"* ]]; then # Determine the correct version of Tomcat use #########################################################################
#######################################################################################################################
# Check for the latest version of Tomcat currently supported by the distro
if [[ $(apt-cache show tomcat10 2>/dev/null | egrep "Version: 10" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat10"
elif [[ $(apt-cache show tomcat9 2>/dev/null | egrep "Version: 9" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat9"
elif [[ $(apt-cache show tomcat8 2>/dev/null | egrep "Version: 8.[5-9]" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat8"
else
# Default to version
TOMCAT_VERSION="tomcat9"
fi
# Workaround for current Debian 12 & Tomcat 10 incompatibilities
if [[ ${OS_FLAVOUR,,} = "debian" ]] && [[ ${OS_CODENAME,,} = *"bookworm"* ]]; then #(checks for upper and lower case)
# Add the oldstable repo and downgrade tomcat version install # Add the oldstable repo and downgrade tomcat version install
echo "deb http://deb.debian.org/debian/ bullseye main" | sudo tee /etc/apt/sources.list.d/bullseye.list >/dev/null echo "deb http://deb.debian.org/debian/ bullseye main" | sudo tee /etc/apt/sources.list.d/bullseye.list >/dev/null
TOMCAT_VERSION="tomcat9" TOMCAT_VERSION="tomcat9"
fi fi
# Workaround for Ubuntu 23.x & Tomcat 10 incompatibilities
if [[ ${OS_FLAVOUR,,} = "ubuntu" ]] && [[ ${OS_CODENAME,,} = *"lunar"* ]]; then #(checks for upper and lower case)
TOMCAT_VERSION="tomcat9"
fi
# Uncomment to force a specific Tomcat version here.
# TOMCAT_VERSION="tomcat9"
#######################################################################################################################
# DO NOT EDIT PAST THIS POINT #########################################################################################
#######################################################################################################################
####################################################################################################################### #######################################################################################################################
# Begin install menu prompts ########################################################################################## # Begin install menu prompts ##########################################################################################
####################################################################################################################### #######################################################################################################################
@ -333,7 +348,7 @@ fi
# Now that $SERVER_NAME and $LOCAL_DOMAIN values are updated and refreshed: # Now that $SERVER_NAME and $LOCAL_DOMAIN values are updated and refreshed:
# Values are merged to build a local FQDN value (used for the default reverse proxy site name.) # Values are merged to build a local FQDN value (used for the default reverse proxy site name.)
DEFAULT_FQDN=$SERVER_NAME.$LOCAL_DOMAIN DEFAULT_FQDN=$SERVER_NAME.$LOCAL_DOMAIN
# The RDP share label default can now assume the updated $SERVER_NAME value if not manually specified in silent setup options. # The RDP share label default can now assume the updated $SERVER_NAME value (if not manually specified in silent setup options).
if [[ -z ${RDP_SHARE_HOST} ]]; then if [[ -z ${RDP_SHARE_HOST} ]]; then
RDP_SHARE_HOST=$SERVER_NAME RDP_SHARE_HOST=$SERVER_NAME
fi fi
@ -360,7 +375,7 @@ if [[ -z ${INSTALL_MYSQL} ]]; then
fi fi
# Prompt the user to apply the Mysql secure installation locally # Prompt the user to apply the Mysql secure installation locally
if [ -z ${SECURE_MYSQL} ] && [ "${INSTALL_MYSQL}" = true ]; then if [[ -z ${SECURE_MYSQL} ]] && [[ "${INSTALL_MYSQL}" = true ]]; then
echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to LOCAL db? [Y/n] [default y]: ${GREY}" echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to LOCAL db? [Y/n] [default y]: ${GREY}"
read PROMPT read PROMPT
if [[ ${PROMPT} =~ ^[Nn]$ ]]; then if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
@ -372,7 +387,7 @@ fi
# Prompt the user to apply the Mysql secure installation to remote db # Prompt the user to apply the Mysql secure installation to remote db
# This may be problematic on remote databases (for one-script upgrades) as this addition removes remote root login access - a good thing. # This may be problematic on remote databases (for one-script upgrades) as this addition removes remote root login access - a good thing.
#if [ -z ${SECURE_MYSQL} ] && [ "${INSTALL_MYSQL}" = false ]; then #if [[ -z ${SECURE_MYSQL} ]] && [[ "${INSTALL_MYSQL}" = false ]]; then
# echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to REMOTE db? [y/N] [default n]: ${GREY}" # echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to REMOTE db? [y/N] [default n]: ${GREY}"
# read PROMPT # read PROMPT
# if [[ ${PROMPT} =~ ^[Yy]$ ]]; then # if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
@ -383,72 +398,72 @@ fi
#fi #fi
# Get additional MYSQL values # Get additional MYSQL values
if [ "${INSTALL_MYSQL}" = false ]; then if [[ "${INSTALL_MYSQL}" = false ]]; then
[ -z "${MYSQL_HOST}" ] && [[ -z "${MYSQL_HOST}" ]] &&
read -p "SQL: Enter remote MySQL server hostname or IP: " MYSQL_HOST read -p "SQL: Enter remote MySQL server hostname or IP: " MYSQL_HOST
[ -z "${MYSQL_PORT}" ] && [[ -z "${MYSQL_PORT}" ]] &&
read -p "SQL: Enter remote MySQL server port [3306]: " MYSQL_PORT read -p "SQL: Enter remote MySQL server port [3306]: " MYSQL_PORT
[ -z "${GUAC_DB}" ] && [[ -z "${GUAC_DB}" ]] &&
read -p "SQL: Enter remote Guacamole database name [guacamole_db]: " GUAC_DB read -p "SQL: Enter remote Guacamole database name [guacamole_db]: " GUAC_DB
[ -z "${GUAC_USER}" ] && [[-z "${GUAC_USER}" ]] &&
read -p "SQL: Enter remote Guacamole user name [guacamole_user]: " GUAC_USER read -p "SQL: Enter remote Guacamole user name [guacamole_user]: " GUAC_USER
fi fi
# Checking if a mysql host given, if not set a default # Checking if a mysql host given, if not set a default
if [ -z "${MYSQL_HOST}" ]; then if [[ -z "${MYSQL_HOST}" ]]; then
MYSQL_HOST="localhost" MYSQL_HOST="localhost"
fi fi
# Checking if a mysql port given, if not set a default # Checking if a mysql port given, if not set a default
if [ -z "${MYSQL_PORT}" ]; then if [[ -z "${MYSQL_PORT}" ]]; then
MYSQL_PORT="3306" MYSQL_PORT="3306"
fi fi
# Checking if a database name given, if not set a default # Checking if a database name given, if not set a default
if [ -z "${GUAC_DB}" ]; then if [[ -z "${GUAC_DB}" ]]; then
GUAC_DB="guacamole_db" GUAC_DB="guacamole_db"
fi fi
# Checking if a mysql user given, if not set a default # Checking if a mysql user given, if not set a default
if [ -z "${GUAC_USER}" ]; then if [[ -z "${GUAC_USER}" ]]; then
GUAC_USER="guacamole_user" GUAC_USER="guacamole_user"
fi fi
echo -e ${LMAGENTA} echo -e ${LMAGENTA}
# Get MySQL root password, confirm correct password entry and prevent blank passwords. No root pw needed for remote instances. # Get MySQL root password, confirm correct password entry and prevent blank passwords. No root pw needed for remote instances.
if [ -z "${MYSQL_ROOT_PWD}" ] && [ "${INSTALL_MYSQL}" = true ]; then if [[ -z "${MYSQL_ROOT_PWD}" ]] && [[ "${INSTALL_MYSQL}" = true ]]; then
while true; do while true; do
read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL ROOT password: " MYSQL_ROOT_PWD read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL ROOT password: " MYSQL_ROOT_PWD
echo echo
read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL ROOT password: " PROMPT2 read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL ROOT password: " PROMPT2
echo echo
[ "${MYSQL_ROOT_PWD}" = "${PROMPT2}" ] && [ "${MYSQL_ROOT_PWD}" != "" ] && [ "${PROMPT2}" != "" ] && break [[ "${MYSQL_ROOT_PWD}" = "${PROMPT2}" ]] && [[ "${MYSQL_ROOT_PWD}" != "" ]] && [[ "${PROMPT2}" != "" ]] && break
echo -e "${LRED}Passwords don't match or can't be null. Please try again.${LMAGENTA}" 1>&2 echo -e "${LRED}Passwords don't match or can't be null. Please try again.${LMAGENTA}" 1>&2
done done
fi fi
echo -e ${LCYAN} echo -e ${LCYAN}
# Get Guacamole User password, confirm correct password entry and prevent blank passwords # Get Guacamole User password, confirm correct password entry and prevent blank passwords
if [ -z "${GUAC_PWD}" ]; then if [[ -z "${GUAC_PWD}" ]]; then
while true; do while true; do
read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " GUAC_PWD read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " GUAC_PWD
echo echo
read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " PROMPT2 read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " PROMPT2
echo echo
[ "${GUAC_PWD}" = "${PROMPT2}" ] && [ "${GUAC_PWD}" != "" ] && [ "${PROMPT2}" != "" ] && break [[ "${GUAC_PWD}" = "${PROMPT2}" ]] && [[ "${GUAC_PWD}" != "" ]] && [[ "${PROMPT2}" != "" ]] && break
echo -e "${LRED}Passwords don't match or can't be null. Please try again.${LCYAN}" 1>&2 echo -e "${LRED}Passwords don't match or can't be null. Please try again.${LCYAN}" 1>&2
done done
fi fi
echo -e ${GREY} echo -e ${GREY}
# Prompt for preferred backup notification email address # Prompt for preferred backup notification email address
if [ -z ${BACKUP_EMAIL} ]; then if [[ -z ${BACKUP_EMAIL} ]]; then
while true; do while true; do
read -p "SQL: Enter email address for SQL backup messages [Enter to skip]: " BACKUP_EMAIL read -p "SQL: Enter email address for SQL backup messages [Enter to skip]: " BACKUP_EMAIL
[ "${BACKUP_EMAIL}" = "" ] || [ "${BACKUP_EMAIL}" != "" ] && break [[ "${BACKUP_EMAIL}" = "" ]] || [[ "${BACKUP_EMAIL}" != "" ]] && break
# Rather than allow a blank value, un-comment to alternately force user to enter an explicit value instead # Rather than allow a blank value, un-comment to alternately force user to enter an explicit value instead
# [ "${BACKUP_EMAIL}" != "" ] && break # [[ "${BACKUP_EMAIL}" != "" ]] && break
# echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2 # echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2
done done
fi fi
# If no backup notification email address is given, provide a default value # If no backup notification email address is given, provide a default value
if [ -z ${BACKUP_EMAIL} ]; then if [[ -z ${BACKUP_EMAIL} ]]; then
BACKUP_EMAIL="backup-email@yourdomain.com" BACKUP_EMAIL="backup-email@yourdomain.com"
fi fi
@ -522,11 +537,11 @@ HISTREC_PATH_DEFAULT=/var/lib/guacamole/recordings # Apache default
if [[ -z ${HISTREC_PATH} ]] && [[ "${INSTALL_HISTREC}" = true ]]; then if [[ -z ${HISTREC_PATH} ]] && [[ "${INSTALL_HISTREC}" = true ]]; then
while true; do while true; do
read -p "EXTRAS: Enter recorded storage path [Enter for default ${HISTREC_PATH_DEFAULT}]: " HISTREC_PATH read -p "EXTRAS: Enter recorded storage path [Enter for default ${HISTREC_PATH_DEFAULT}]: " HISTREC_PATH
[ "${HISTREC_PATH}" = "" ] || [ "${HISTREC_PATH}" != "" ] && break [[ "${HISTREC_PATH}" = "" ]] || [[ "${HISTREC_PATH}" != "" ]] && break
done done
fi fi
# If no custom path is given, lets assume the default path on hitting enter # If no custom path is given, lets assume the default path on hitting enter
if [ -z "${HISTREC_PATH}" ]; then if [[ -z "${HISTREC_PATH}" ]]; then
HISTREC_PATH="${HISTREC_PATH_DEFAULT}" HISTREC_PATH="${HISTREC_PATH_DEFAULT}"
fi fi
@ -538,20 +553,20 @@ if [[ -z ${INSTALL_NGINX} ]]; then
read PROMPT read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
INSTALL_NGINX=true INSTALL_NGINX=true
CHANGE_ROOT=false GUAC_URL_REDIR=false
else else
INSTALL_NGINX=false INSTALL_NGINX=false
fi fi
fi fi
# Prompt to remove the trailing /guacamole dir from the default front end url # Prompt to remove the trailing /guacamole dir from the default front end url
if [ "${INSTALL_NGINX}" = false ]; then if [[ "${INSTALL_NGINX}" = false ]]; then
echo -e -n "FRONT END: Shorten Guacamole root url to *:8080 (& redirect to /guacamole ) [Y/n]? [default y]: " echo -e -n "FRONT END: Shorten Guacamole root url to *:8080 (& redirect to /guacamole ) [Y/n]? [default y]: "
read PROMPT read PROMPT
if [[ ${PROMPT} =~ ^[Nn]$ ]]; then if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
CHANGE_ROOT=false GUAC_URL_REDIR=false
else else
CHANGE_ROOT=true GUAC_URL_REDIR=true
fi fi
fi fi
@ -559,15 +574,15 @@ fi
if [[ -z ${PROXY_SITE} ]] && [[ "${INSTALL_NGINX}" = true ]]; then if [[ -z ${PROXY_SITE} ]] && [[ "${INSTALL_NGINX}" = true ]]; then
while true; do while true; do
read -p "FRONT END: Enter proxy local DNS name? [Enter to use ${DEFAULT_FQDN}]: " PROXY_SITE read -p "FRONT END: Enter proxy local DNS name? [Enter to use ${DEFAULT_FQDN}]: " PROXY_SITE
[ "${PROXY_SITE}" = "" ] || [ "${PROXY_SITE}" != "" ] && break [[ "${PROXY_SITE}" = "" ]] || [[ "${PROXY_SITE}" != "" ]] && break
# Rather than allow the default value below, un-comment to alternately force user to enter an explicit name instead # Rather than allow the default value below, un-comment to alternately force user to enter an explicit name instead
# [ "${PROXY_SITE}" != "" ] && break # [[ "${PROXY_SITE}" != "" ]] && break
# echo -e "${LRED}You must enter a proxy site DNS name. Please try again.${GREY}" 1>&2 # echo -e "${LRED}You must enter a proxy site DNS name. Please try again.${GREY}" 1>&2
done done
fi fi
# If no proxy site dns name is given, lets assume the default FQDN is the proxy site name # If no proxy site dns name is given, lets assume the default FQDN is the proxy site name
if [ -z "${PROXY_SITE}" ]; then if [[ -z "${PROXY_SITE}" ]]; then
PROXY_SITE="${DEFAULT_FQDN}" PROXY_SITE="${DEFAULT_FQDN}"
fi fi
@ -584,12 +599,12 @@ if [[ -z ${SELF_SIGN} ]] && [[ "${INSTALL_NGINX}" = true ]]; then
fi fi
# Optional prompt to assign the self sign TLS certificate a custom expiry date, un-comment to force a manual entry # Optional prompt to assign the self sign TLS certificate a custom expiry date, un-comment to force a manual entry
#if [ "${SELF_SIGN}" = true ]; then #if [[ "${SELF_SIGN}" = true ]]; then
# read - p "PROXY: Enter number of days till TLS certificate expires [default 3650]: " CERT_DAYS # read - p "PROXY: Enter number of days till TLS certificate expires [default 3650]: " CERT_DAYS
#fi #fi
# If no self sign TLS certificate expiry given, lets assume a generous 10 year default certificate expiry # If no self sign TLS certificate expiry given, lets assume a generous 10 year default certificate expiry
if [ -z "${CERT_DAYS}" ]; then if [[ -z "${CERT_DAYS}" ]]; then
CERT_DAYS="3650" CERT_DAYS="3650"
fi fi
@ -608,7 +623,7 @@ fi
if [[ -z ${LE_DNS_NAME} ]] && [[ "${LETS_ENCRYPT}" = true ]]; then if [[ -z ${LE_DNS_NAME} ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
while true; do while true; do
read -p "FRONT END: Enter the FQDN for your public proxy site : " LE_DNS_NAME read -p "FRONT END: Enter the FQDN for your public proxy site : " LE_DNS_NAME
[ "${LE_DNS_NAME}" != "" ] && break [[ "${LE_DNS_NAME}" != "" ]] && break
echo -e "${LRED}You must enter a public DNS name. Please try again.${GREY}" 1>&2 echo -e "${LRED}You must enter a public DNS name. Please try again.${GREY}" 1>&2
done done
fi fi
@ -617,7 +632,7 @@ fi
if [[ -z ${LE_EMAIL} ]] && [[ "${LETS_ENCRYPT}" = true ]]; then if [[ -z ${LE_EMAIL} ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
while true; do while true; do
read -p "FRONT END: Enter the email address for Let's Encrypt notifications : " LE_EMAIL read -p "FRONT END: Enter the email address for Let's Encrypt notifications : " LE_EMAIL
[ "${LE_EMAIL}" != "" ] && break [[ "${LE_EMAIL}" != "" ]] && break
echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2 echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2
done done
fi fi
@ -648,7 +663,7 @@ elif [[ $OS_FLAVOUR == "debian" ]] || [[ $OS_FLAVOUR == "raspbian" ]]; then # ex
JPEGTURBO="libjpeg62-turbo-dev" JPEGTURBO="libjpeg62-turbo-dev"
LIBPNG="libpng-dev" LIBPNG="libpng-dev"
fi fi
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -697,8 +712,8 @@ export GUAC_VERSION=$GUAC_VERSION
export GUAC_SOURCE_LINK=$GUAC_SOURCE_LINK export GUAC_SOURCE_LINK=$GUAC_SOURCE_LINK
export MYSQLJCON=$MYSQLJCON export MYSQLJCON=$MYSQLJCON
export MYSQL_VERSION=$MYSQL_VERSION export MYSQL_VERSION=$MYSQL_VERSION
export MYSQLS=$MYSQLS export MYSQLSRV=$MYSQLSRV
export MYSQLC=$MYSQLC export MYSQLCLIENT=$MYSQLCLIENT
export DB_CMD=$DB_CMD export DB_CMD=$DB_CMD
export TOMCAT_VERSION=$TOMCAT_VERSION export TOMCAT_VERSION=$TOMCAT_VERSION
export INSTALL_LOG=$INSTALL_LOG export INSTALL_LOG=$INSTALL_LOG
@ -720,7 +735,7 @@ export INSTALL_LDAP=$INSTALL_LDAP
export INSTALL_QCONNECT=$INSTALL_QCONNECT export INSTALL_QCONNECT=$INSTALL_QCONNECT
export INSTALL_HISTREC=$INSTALL_HISTREC export INSTALL_HISTREC=$INSTALL_HISTREC
export HISTREC_PATH="${HISTREC_PATH}" export HISTREC_PATH="${HISTREC_PATH}"
export CHANGE_ROOT=$CHANGE_ROOT export GUAC_URL_REDIR=$GUAC_URL_REDIR
export INSTALL_NGINX=$INSTALL_NGINX export INSTALL_NGINX=$INSTALL_NGINX
export PROXY_SITE=$PROXY_SITE export PROXY_SITE=$PROXY_SITE
export CERT_COUNTRY=$CERT_COUNTRY export CERT_COUNTRY=$CERT_COUNTRY
@ -737,10 +752,10 @@ export RDP_PRINTER_LABEL="${RDP_PRINTER_LABEL}"
# Run the Guacamole install script # Run the Guacamole install script
sudo -E ./2-install-guacamole.sh sudo -E ./2-install-guacamole.sh
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}2-install-guacamole.sh FAILED. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}2-install-guacamole.sh FAILED. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
elif [ "${CHANGE_ROOT}" = true ]; then elif [[ "${GUAC_URL_REDIR}" = true ]]; then
echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080 - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}" echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080 - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
else else
echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080/guacamole - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}" echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080/guacamole - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
@ -762,7 +777,7 @@ rm cron_1
####################################################################################################################### #######################################################################################################################
# Install Nginx reverse proxy front end to Guacamole if option is selected # Install Nginx reverse proxy front end to Guacamole if option is selected
if [ "${INSTALL_NGINX}" = true ]; then if [[ "${INSTALL_NGINX}" = true ]]; then
sudo -E ./3-install-nginx.sh sudo -E ./3-install-nginx.sh
echo -e "${LGREEN}Nginx install complete\nhttp://${PROXY_SITE} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}" echo -e "${LGREEN}Nginx install complete\nhttp://${PROXY_SITE} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
fi fi
@ -780,26 +795,27 @@ if [[ "${INSTALL_NGINX}" = true ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
fi fi
# Duo Settings reminder - If Duo is selected you can't login to Guacamole until this extension is fully configured # Duo Settings reminder - If Duo is selected you can't login to Guacamole until this extension is fully configured
if [ $INSTALL_DUO == "true" ]; then if [[ $INSTALL_DUO == "true" ]]; then
echo echo
echo -e "${LYELLOW}Reminder: Duo requires extra account specific info configured in the\n/etc/guacamole/guacamole.properties file before you can log in to Guacamole." echo -e "${LYELLOW}Reminder: Duo requires extra account specific info configured in the\n/etc/guacamole/guacamole.properties file before you can log in to Guacamole."
echo -e "See https://guacamole.apache.org/doc/gug/duo-auth.html" echo -e "See https://guacamole.apache.org/doc/gug/duo-auth.html"
fi fi
# LDAP Settings reminder, LDAP auth is not functional until the config is complete # LDAP Settings reminder, LDAP auth is not functional until the config is complete
if [ $INSTALL_LDAP == "true" ]; then if [[ $INSTALL_LDAP == "true" ]]; then
echo echo
echo -e "${LYELLOW}Reminder: LDAP requires that your LDAP directory configuration match the exact format\nadded to the /etc/guacamole/guacamole.properties file before LDAP auth will be active." echo -e "${LYELLOW}Reminder: LDAP requires that your LDAP directory configuration match the exact format\nadded to the /etc/guacamole/guacamole.properties file before LDAP auth will be active."
echo -e "See https://guacamole.apache.org/doc/gug/ldap-auth.html" echo -e "See https://guacamole.apache.org/doc/gug/ldap-auth.html"
fi fi
# Tidy up. (Installer and Nginx scripts can't be run again or standalone without modification, so removing.) # Tidy up. (Installer and Nginx scripts can't be run again or standalone without modification, so removing.)
rm -f $USER_HOME_DIR/1-setup.sh rm -rf $USER_HOME_DIR/1-setup.sh
rm -f 2-install-guacamole.sh rm -f 2-install-guacamole.sh
rm -f 3-install-nginx.sh rm -f 3-install-nginx.sh
rm -f 4a-install-tls-self-signed-nginx.sh rm -f 4a-install-tls-self-signed-nginx.sh
rm -f 4b-install-tls-letsencrypt-nginx.sh rm -f 4b-install-tls-letsencrypt-nginx.sh
sudo rm -R $TMP_DIR sudo rm -rf $TMP_DIR
apt-get -y autoremove &>>${INSTALL_LOG}
# Done # Done
echo echo

138
2-install-guacamole.sh
View file

@ -15,19 +15,17 @@ LGREEN='\033[0;92m'
LYELLOW='\033[0;93m' LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour NC='\033[0m' #No Colour
# Choose a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions. # Apply MySQL client or server packages, and don't clobber any pre-existing database installation accidentally
if [ -z "${MYSQL_VERSION}" ]; then if [[ "${INSTALL_MYSQL}" = true ]]; then
# Use Linux distro default version. MYSQLPKG="${MYSQLSRV}"
MYSQLPKG="default-mysql-server default-mysql-client mysql-common" elif [ -x "$(command -v mysql)" ]; then
DB_CMD="mysql" # mysql command is depricated MYSQLPKG=""
else else
# Use official mariadb.org repo MYSQLPKG="${MYSQLCLIENT}"
MYSQLPKG="mariadb-server mariadb-client mariadb-common"
DB_CMD="mariadb" # mysql command is depricated on newer versions
fi fi
# Pre-seed MySQL root password values for Linux Distro default packages only # Pre-seed MySQL root password values for Linux Distro default packages only
if [ "${INSTALL_MYSQL}" = true ] && [ -z "${MYSQL_VERSION}" ]; then if [[ "${INSTALL_MYSQL}" = true ]] && [[ -z "${MYSQL_VERSION}" ]]; then
debconf-set-selections <<<"mysql-server mysql-server/root_password password ${MYSQL_ROOT_PWD}" debconf-set-selections <<<"mysql-server mysql-server/root_password password ${MYSQL_ROOT_PWD}"
debconf-set-selections <<<"mysql-server mysql-server/root_password_again password ${MYSQL_ROOT_PWD}" debconf-set-selections <<<"mysql-server mysql-server/root_password_again password ${MYSQL_ROOT_PWD}"
fi fi
@ -37,7 +35,7 @@ echo -e "${GREY}Updating base Linux OS..."
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
apt-get update -qq &>>${INSTALL_LOG} apt-get update -qq &>>${INSTALL_LOG}
apt-get upgrade -qq -y &>>${INSTALL_LOG} apt-get upgrade -qq -y &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -46,13 +44,13 @@ else
fi fi
# Install Guacamole build dependencies. # Install Guacamole build dependencies.
if [ -n "${MYSQL_VERSION}" ]; then if [[ -n "${MYSQL_VERSION}" ]]; then
echo -e "${GREY}Adding the official MariaDB repository and installing version ${MYSQL_VERSION}..." echo -e "${GREY}Adding the official MariaDB repository and installing version ${MYSQL_VERSION}..."
# Add the Official MariaDB repo. # Add the Official MariaDB repo.
apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG} apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG}
curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG} curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG}
bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG} bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -66,7 +64,7 @@ apt-get -qq -y install ${MYSQLPKG} ${TOMCAT_VERSION} ${JPEGTURBO} ${LIBPNG} ufw
build-essential libcairo2-dev libtool-bin uuid-dev libavcodec-dev libavformat-dev libavutil-dev \ build-essential libcairo2-dev libtool-bin uuid-dev libavcodec-dev libavformat-dev libavutil-dev \
libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev \ libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev \
libpulse-dev libssl-dev libvorbis-dev libwebp-dev ghostscript &>>${INSTALL_LOG} libpulse-dev libssl-dev libvorbis-dev libwebp-dev ghostscript &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -77,7 +75,7 @@ fi
# Install Postfix with default settings for smtp email relay # Install Postfix with default settings for smtp email relay
echo -e "${GREY}Installing Postfix MTA for backup email notifications and alerts, see separate SMTP relay configuration script..." echo -e "${GREY}Installing Postfix MTA for backup email notifications and alerts, see separate SMTP relay configuration script..."
DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y &>>${INSTALL_LOG} DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -89,7 +87,7 @@ fi
# Download Guacamole Server # Download Guacamole Server
echo -e "${GREY}Downloading Guacamole source files..." echo -e "${GREY}Downloading Guacamole source files..."
wget -q --show-progress -O guacamole-server-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-server-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-server-${GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-server-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz${GREY}" echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz${GREY}"
exit 1 exit 1
@ -100,7 +98,7 @@ fi
# Download Guacamole Client # Download Guacamole Client
wget -q --show-progress -O guacamole-${GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war wget -q --show-progress -O guacamole-${GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-${GUAC_VERSION}.war" 1>&2 echo -e "${LRED}Failed to download guacamole-${GUAC_VERSION}.war" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war${GREY}" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war${GREY}"
exit 1 exit 1
@ -110,7 +108,7 @@ fi
# Download MySQL connector/j # Download MySQL connector/j
wget -q --show-progress -O mysql-connector-j-${MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}.tar.gz wget -q --show-progress -O mysql-connector-j-${MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download mysql-connector-j-${MYSQLJCON}.tar.gz" 1>&2 echo -e "${LRED}Failed to download mysql-connector-j-${MYSQLJCON}.tar.gz" 1>&2
echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}}.tar.gz${GREY}" echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}}.tar.gz${GREY}"
exit 1 exit 1
@ -121,7 +119,7 @@ fi
# Download Guacamole authentication extensions # Download Guacamole authentication extensions
wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz"
exit 1 exit 1
@ -131,9 +129,9 @@ else
fi fi
# Download TOTP extension # Download TOTP extension
if [ "${INSTALL_TOTP}" = true ]; then if [[ "${INSTALL_TOTP}" = true ]]; then
wget -q --show-progress -O guacamole-auth-totp-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-totp-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-totp-${GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-auth-totp-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz"
exit 1 exit 1
@ -145,9 +143,9 @@ if [ "${INSTALL_TOTP}" = true ]; then
fi fi
# Download DUO extension # Download DUO extension
if [ "${INSTALL_DUO}" = true ]; then if [[ "${INSTALL_DUO}" = true ]]; then
wget -q --show-progress -O guacamole-auth-duo-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-duo-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-duo-${GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-auth-duo-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz"
exit 1 exit 1
@ -159,9 +157,9 @@ if [ "${INSTALL_DUO}" = true ]; then
fi fi
# Download LDAP extension # Download LDAP extension
if [ "${INSTALL_LDAP}" = true ]; then if [[ "${INSTALL_LDAP}" = true ]]; then
wget -q --show-progress -O guacamole-auth-ldap-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-ldap-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-ldap-${GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-auth-ldap-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz"
exit 1 exit 1
@ -173,9 +171,9 @@ if [ "${INSTALL_LDAP}" = true ]; then
fi fi
# Download Guacamole quick-connect extension # Download Guacamole quick-connect extension
if [ "${INSTALL_QCONNECT}" = true ]; then if [[ "${INSTALL_QCONNECT}" = true ]]; then
wget -q --show-progress -O guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz"
exit 1 exit 1
@ -187,10 +185,10 @@ if [ "${INSTALL_QCONNECT}" = true ]; then
fi fi
# Download Guacamole history recording storage extension # Download Guacamole history recording storage extension
if [ "${INSTALL_HISTREC}" = true ]; then if [[ "${INSTALL_HISTREC}" = true ]]; then
wget -q --show-progress -O guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz"
exit 1 exit 1
@ -234,11 +232,11 @@ export CFLAGS="-Wno-error"
# Configure Guacamole Server source # Configure Guacamole Server source
./configure --with-systemd-dir=/etc/systemd/system &>>${INSTALL_LOG} ./configure --with-systemd-dir=/etc/systemd/system &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo "Failed to configure guacamole-server" echo "Failed to configure guacamole-server"
echo "Trying again with --enable-allow-freerdp-snapshots" echo "Trying again with --enable-allow-freerdp-snapshots"
./configure --with-systemd-dir=/etc/systemd/system --enable-allow-freerdp-snapshots ./configure --with-systemd-dir=/etc/systemd/system --enable-allow-freerdp-snapshots
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo "Failed to configure guacamole-server - again" echo "Failed to configure guacamole-server - again"
exit exit
fi fi
@ -249,7 +247,7 @@ fi
echo -e "${GREY}Running make and building the Guacamole-Server application..." echo -e "${GREY}Running make and building the Guacamole-Server application..."
make &>>${INSTALL_LOG} make &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -259,7 +257,7 @@ fi
echo -e "${GREY}Installing Guacamole-Server..." echo -e "${GREY}Installing Guacamole-Server..."
make install &>>${INSTALL_LOG} make install &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -277,7 +275,7 @@ mv -f guacamole-${GUAC_VERSION}.war /etc/guacamole/guacamole.war
chmod 664 /etc/guacamole/guacamole.war chmod 664 /etc/guacamole/guacamole.war
# Create a symbolic link for Tomcat # Create a symbolic link for Tomcat
ln -sf /etc/guacamole/guacamole.war /var/lib/${TOMCAT_VERSION}/webapps/ &>>${INSTALL_LOG} ln -sf /etc/guacamole/guacamole.war /var/lib/${TOMCAT_VERSION}/webapps/ &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -288,7 +286,7 @@ fi
echo -e "${GREY}Moving guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..." echo -e "${GREY}Moving guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-jdbc-${GUAC_VERSION}/mysql/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar /etc/guacamole/extensions/ mv -f guacamole-auth-jdbc-${GUAC_VERSION}/mysql/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar chmod 664 /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -300,7 +298,7 @@ fi
echo -e "${GREY}Moving mysql-connector-j-${MYSQLJCON}.jar (/etc/guacamole/lib/mysql-connector-java.jar)..." echo -e "${GREY}Moving mysql-connector-j-${MYSQLJCON}.jar (/etc/guacamole/lib/mysql-connector-java.jar)..."
mv -f mysql-connector-j-${MYSQLJCON}/mysql-connector-j-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar mv -f mysql-connector-j-${MYSQLJCON}/mysql-connector-j-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar
chmod 664 /etc/guacamole/lib/mysql-connector-java.jar chmod 664 /etc/guacamole/lib/mysql-connector-java.jar
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -318,11 +316,11 @@ echo "mysql-username: ${GUAC_USER}" >>/etc/guacamole/guacamole.properties
echo "mysql-password: ${GUAC_PWD}" >>/etc/guacamole/guacamole.properties echo "mysql-password: ${GUAC_PWD}" >>/etc/guacamole/guacamole.properties
# Move TOTP files # Move TOTP files
if [ "${INSTALL_TOTP}" = true ]; then if [[ "${INSTALL_TOTP}" = true ]]; then
echo -e "${GREY}Moving guacamole-auth-totp-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..." echo -e "${GREY}Moving guacamole-auth-totp-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-totp-${GUAC_VERSION}/guacamole-auth-totp-${GUAC_VERSION}.jar /etc/guacamole/extensions/ mv -f guacamole-auth-totp-${GUAC_VERSION}/guacamole-auth-totp-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-totp-${GUAC_VERSION}.jar chmod 664 /etc/guacamole/extensions/guacamole-auth-totp-${GUAC_VERSION}.jar
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -332,7 +330,7 @@ if [ "${INSTALL_TOTP}" = true ]; then
fi fi
# Move Duo files # Move Duo files
if [ "${INSTALL_DUO}" = true ]; then if [[ "${INSTALL_DUO}" = true ]]; then
echo -e "${GREY}Moving guacamole-auth-duo-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..." echo -e "${GREY}Moving guacamole-auth-duo-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-duo-${GUAC_VERSION}/guacamole-auth-duo-${GUAC_VERSION}.jar /etc/guacamole/extensions/ mv -f guacamole-auth-duo-${GUAC_VERSION}/guacamole-auth-duo-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-duo-${GUAC_VERSION}.jar chmod 664 /etc/guacamole/extensions/guacamole-auth-duo-${GUAC_VERSION}.jar
@ -341,7 +339,7 @@ if [ "${INSTALL_DUO}" = true ]; then
echo "#duo-secret-key: " >>/etc/guacamole/guacamole.properties echo "#duo-secret-key: " >>/etc/guacamole/guacamole.properties
echo "#duo-application-key: " >>/etc/guacamole/guacamole.properties echo "#duo-application-key: " >>/etc/guacamole/guacamole.properties
echo -e "Duo auth is installed, it will need to be configured via guacamole.properties" echo -e "Duo auth is installed, it will need to be configured via guacamole.properties"
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -351,7 +349,7 @@ if [ "${INSTALL_DUO}" = true ]; then
fi fi
# Move LDAP files # Move LDAP files
if [ "${INSTALL_LDAP}" = true ]; then if [[ "${INSTALL_LDAP}" = true ]]; then
echo -e "${GREY}Moving guacamole-auth-ldap-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..." echo -e "${GREY}Moving guacamole-auth-ldap-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-ldap-${GUAC_VERSION}/guacamole-auth-ldap-${GUAC_VERSION}.jar /etc/guacamole/extensions/ mv -f guacamole-auth-ldap-${GUAC_VERSION}/guacamole-auth-ldap-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-ldap-${GUAC_VERSION}.jar chmod 664 /etc/guacamole/extensions/guacamole-auth-ldap-${GUAC_VERSION}.jar
@ -367,7 +365,7 @@ if [ "${INSTALL_LDAP}" = true ]; then
echo "#ldap-user-base-dn: OU=SomeOU,DC=domain,DC=com" >>/etc/guacamole/guacamole.properties echo "#ldap-user-base-dn: OU=SomeOU,DC=domain,DC=com" >>/etc/guacamole/guacamole.properties
echo "#ldap-user-search-filter:(objectClass=user)(!(objectCategory=computer))" >>/etc/guacamole/guacamole.properties echo "#ldap-user-search-filter:(objectClass=user)(!(objectCategory=computer))" >>/etc/guacamole/guacamole.properties
echo "#ldap-max-search-results:200" >>/etc/guacamole/guacamole.properties echo "#ldap-max-search-results:200" >>/etc/guacamole/guacamole.properties
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -377,11 +375,11 @@ if [ "${INSTALL_LDAP}" = true ]; then
fi fi
# Move quick-connect extension files # Move quick-connect extension files
if [ "${INSTALL_QCONNECT}" = true ]; then if [[ "${INSTALL_QCONNECT}" = true ]]; then
echo -e "${GREY}Moving guacamole-auth-quickconnect-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..." echo -e "${GREY}Moving guacamole-auth-quickconnect-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-quickconnect-${GUAC_VERSION}/guacamole-auth-quickconnect-${GUAC_VERSION}.jar /etc/guacamole/extensions/ mv -f guacamole-auth-quickconnect-${GUAC_VERSION}/guacamole-auth-quickconnect-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-quickconnect-${GUAC_VERSION}.jar chmod 664 /etc/guacamole/extensions/guacamole-auth-quickconnect-${GUAC_VERSION}.jar
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -391,7 +389,7 @@ if [ "${INSTALL_QCONNECT}" = true ]; then
fi fi
# Move history recording storage extension files # Move history recording storage extension files
if [ "${INSTALL_HISTREC}" = true ]; then if [[ "${INSTALL_HISTREC}" = true ]]; then
echo -e "${GREY}Moving guacamole-history-recording-storage-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..." echo -e "${GREY}Moving guacamole-history-recording-storage-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-history-recording-storage-${GUAC_VERSION}/guacamole-history-recording-storage-${GUAC_VERSION}.jar /etc/guacamole/extensions/ mv -f guacamole-history-recording-storage-${GUAC_VERSION}/guacamole-history-recording-storage-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-history-recording-storage-${GUAC_VERSION}.jar chmod 664 /etc/guacamole/extensions/guacamole-history-recording-storage-${GUAC_VERSION}.jar
@ -400,7 +398,7 @@ if [ "${INSTALL_HISTREC}" = true ]; then
chown daemon:tomcat ${HISTREC_PATH} chown daemon:tomcat ${HISTREC_PATH}
chmod 2750 ${HISTREC_PATH} chmod 2750 ${HISTREC_PATH}
echo "recording-search-path: ${HISTREC_PATH}" >>/etc/guacamole/guacamole.properties echo "recording-search-path: ${HISTREC_PATH}" >>/etc/guacamole/guacamole.properties
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -413,7 +411,7 @@ fi
echo -e "${GREY}Setting the Guacamole console to a (customisable) dark mode themed template..." echo -e "${GREY}Setting the Guacamole console to a (customisable) dark mode themed template..."
mv branding.jar /etc/guacamole/extensions mv branding.jar /etc/guacamole/extensions
chmod 664 /etc/guacamole/extensions/branding.jar chmod 664 /etc/guacamole/extensions/branding.jar
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -424,7 +422,7 @@ fi
# Restart Tomcat # Restart Tomcat
echo -e "${GREY}Restarting Tomcat service & enable at boot..." echo -e "${GREY}Restarting Tomcat service & enable at boot..."
systemctl restart ${TOMCAT_VERSION} systemctl restart ${TOMCAT_VERSION}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -434,9 +432,8 @@ fi
# Set Tomcat to start at boot # Set Tomcat to start at boot
systemctl enable ${TOMCAT_VERSION} systemctl enable ${TOMCAT_VERSION}
echo
if [ "${INSTALL_MYSQL}" = true ]; then if [[ "${INSTALL_MYSQL}" = true ]]; then
# Set MySQL password # Set MySQL password
export MYSQL_PWD=${MYSQL_ROOT_PWD} export MYSQL_PWD=${MYSQL_ROOT_PWD}
@ -446,7 +443,7 @@ if [ "${INSTALL_MYSQL}" = true ]; then
FLUSH PRIVILEGES; FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';" ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
echo ${SQLCODE} | $DB_CMD -u root echo ${SQLCODE} | $DB_CMD -u root
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -459,7 +456,7 @@ ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
/etc/mysql/mysql.conf.d/mysqld.cnf \ /etc/mysql/mysql.conf.d/mysqld.cnf \
/etc/mysql/my.cnf; do /etc/mysql/my.cnf; do
# Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename. # Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename.
if [ -e "${x}" ]; then if [[ -e "${x}" ]]; then
if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then
mysqlconfig="${x}" mysqlconfig="${x}"
# Reduce any duplicated section names, then sanitise the [ ] special characters for sed below) # Reduce any duplicated section names, then sanitise the [ ] special characters for sed below)
@ -470,7 +467,7 @@ ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
done done
# Set the MySQL Timezone # Set the MySQL Timezone
if [ -z "${mysqlconfig}" ]; then if [[ -z "${mysqlconfig}" ]]; then
echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings" echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings"
else else
# Is there already a timzeone value configured? # Is there already a timzeone value configured?
@ -478,7 +475,7 @@ ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
echo -e "MySQL database timezone defined in ${mysqlconfig}" echo -e "MySQL database timezone defined in ${mysqlconfig}"
else else
timezone=${DB_TZ} timezone=${DB_TZ}
if [ -z "${DB_TZ}" ]; then if [[ -z "${DB_TZ}" ]]; then
echo -e "Couldn't find system timezone, using UTC$" echo -e "Couldn't find system timezone, using UTC$"
timezone="UTC" timezone="UTC"
fi fi
@ -488,7 +485,7 @@ ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
sed -i -e "/^\[${config_section}\]/a default_time_zone = ${timezone}" "${mysqlconfig}" sed -i -e "/^\[${config_section}\]/a default_time_zone = ${timezone}" "${mysqlconfig}"
fi fi
fi fi
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
else else
@ -501,7 +498,7 @@ ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
# However this setting can be quick and hacky way to build a backend guacamole database server for use behind another guac application server # However this setting can be quick and hacky way to build a backend guacamole database server for use behind another guac application server
# (albeit with the full application suite installed). To do this, set GUAC_USERHost="%" for login access from all IPs, or e.g. 192.168.1.% for an IP range. # (albeit with the full application suite installed). To do this, set GUAC_USERHost="%" for login access from all IPs, or e.g. 192.168.1.% for an IP range.
# You will also need to set the MySQL binding away from the default 127.0.0.1 to 0.0.0.0 or a specific external facing network interface to allow remote login. # You will also need to set the MySQL binding away from the default 127.0.0.1 to 0.0.0.0 or a specific external facing network interface to allow remote login.
if [ "${MYSQL_HOST}" != "localhost" ]; then if [[ "${MYSQL_HOST}" != "localhost" ]]; then
GUAC_USERHost="%" GUAC_USERHost="%"
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}" echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}"
else else
@ -517,7 +514,7 @@ CREATE USER IF NOT EXISTS '${GUAC_USER}'@'${GUAC_USERHost}' IDENTIFIED BY \"${GU
GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USERHost}'; GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USERHost}';
FLUSH PRIVILEGES;" FLUSH PRIVILEGES;"
echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT} echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
else else
@ -528,7 +525,7 @@ FLUSH PRIVILEGES;"
# Add Guacamole schema to newly created database # Add Guacamole schema to newly created database
echo -e "${GREY}Adding database tables..." echo -e "${GREY}Adding database tables..."
cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD} cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
else else
@ -538,7 +535,7 @@ FLUSH PRIVILEGES;"
fi fi
# Apply Secure MySQL installation settings # Apply Secure MySQL installation settings
if [ "${SECURE_MYSQL}" = true ] && [ "${INSTALL_MYSQL}" = true ]; then if [[ "${SECURE_MYSQL}" = true ]] && [[ "${INSTALL_MYSQL}" = true ]]; then
echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}" echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}"
SECURE_MYSQL=$(expect -c " SECURE_MYSQL=$(expect -c "
set timeout 10 set timeout 10
@ -560,7 +557,7 @@ send \"y\r\"
expect eof expect eof
") ")
echo "$SECURE_MYSQL" echo "$SECURE_MYSQL"
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -570,12 +567,12 @@ expect eof
fi fi
# Restart MySQL service # Restart MySQL service
if [ "${INSTALL_MYSQL}" = true ]; then if [[ "${INSTALL_MYSQL}" = true ]]; then
echo -e "${GREY}Restarting MySQL service & enable at boot..." echo -e "${GREY}Restarting MySQL service & enable at boot..."
# Set MySQl to start at boot # Set MySQl to start at boot
systemctl enable mysql systemctl enable mysql
systemctl restart mysql systemctl restart mysql
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
else else
@ -591,7 +588,7 @@ cat >/etc/guacamole/guacd.conf <<-"EOF"
bind_host = 127.0.0.1 bind_host = 127.0.0.1
bind_port = 4822 bind_port = 4822
EOF EOF
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -604,7 +601,7 @@ echo -e "${GREY}Starting guacd service & enable at boot..."
systemctl enable guacd systemctl enable guacd
systemctl stop guacd 2>/dev/null systemctl stop guacd 2>/dev/null
systemctl start guacd systemctl start guacd
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -612,14 +609,14 @@ else
echo echo
fi fi
if [ "${CHANGE_ROOT}" = true ]; then if [[ "${GUAC_URL_REDIR}" = true ]]; then
echo -e "${GREY}Shortening the Guacamole root url and setting up redirect...${DGREY}" echo -e "${GREY}Shortening the Guacamole root url and setting up redirect...${DGREY}"
systemctl stop ${TOMCAT_VERSION} systemctl stop ${TOMCAT_VERSION}
mv /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.html /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.html.old mv /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.html /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.html.old
touch /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp touch /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp
echo "<% response.sendRedirect(\"/guacamole\");%>" >>/var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp echo "<% response.sendRedirect(\"/guacamole\");%>" >>/var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp
systemctl start ${TOMCAT_VERSION} systemctl start ${TOMCAT_VERSION}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -636,7 +633,7 @@ sudo ufw allow 8080/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1 echo "y" | sudo ufw enable >/dev/null 2>&1
# Reduce firewall logging noise # Reduce firewall logging noise
sudo ufw logging off >/dev/null 2>&1 sudo ufw logging off >/dev/null 2>&1
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -649,16 +646,15 @@ echo -e "${GREY}Cleanup install files...${GREY}"
rm -rf guacamole-* rm -rf guacamole-*
rm -rf mysql-connector-j-* rm -rf mysql-connector-j-*
rm -rf mariadb_repo_setup rm -rf mariadb_repo_setup
if [ "${INSTALL_NGINX}" = false ]; then if [[ "${INSTALL_NGINX}" = false ]]; then
rm -rf 3-install-nginx.sh rm -f 3-install-nginx.sh
rm -f 4a-install-tls-self-signed-nginx.sh rm -f 4a-install-tls-self-signed-nginx.sh
rm -rf 4b-install-tls-letsencrypt-nginx.sh rm -f 4b-install-tls-letsencrypt-nginx.sh
rm -f refresh-tls-self-signed.sh rm -f refresh-tls-self-signed.sh
fi fi
unset MYSQL_PWD unset MYSQL_PWD
apt-get -y remove expect &>>${INSTALL_LOG} apt-get -y remove expect &>>${INSTALL_LOG}
apt-get -y autoremove &>>${INSTALL_LOG} if [[ $? -ne 0 ]]; then
if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else

10
3-install-nginx.sh
View file

@ -43,7 +43,7 @@ server {
} }
} }
EOF EOF
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -64,7 +64,7 @@ unlink /etc/nginx/sites-enabled/default
# Do mandatory Nginx tweaks for logging actual client IPs through a proxy IP of 127.0.0.1 - DO NOT CHANGE COMMAND FORMATING! # Do mandatory Nginx tweaks for logging actual client IPs through a proxy IP of 127.0.0.1 - DO NOT CHANGE COMMAND FORMATING!
echo -e "${GREY}Configuring Apache Tomcat valve for pass through of client IPs to Guacamole logs...${GREY}" echo -e "${GREY}Configuring Apache Tomcat valve for pass through of client IPs to Guacamole logs...${GREY}"
sudo sed -i '/pattern="%h %l %u %t &quot;%r&quot; %s %b"/a \ <!-- Allow host IP to pass through to guacamole.-->\n <Valve className="org.apache.catalina.valves.RemoteIpValve"\n internalProxies="127\.0\.0\.1|0:0:0:0:0:0:0:1"\n remoteIpHeader="x-forwarded-for"\n remoteIpProxiesHeader="x-forwarded-by"\n protocolHeader="x-forwarded-proto" />' /etc/$TOMCAT_VERSION/server.xml sudo sed -i '/pattern="%h %l %u %t &quot;%r&quot; %s %b"/a \ <!-- Allow host IP to pass through to guacamole.-->\n <Valve className="org.apache.catalina.valves.RemoteIpValve"\n internalProxies="127\.0\.0\.1|0:0:0:0:0:0:0:1"\n remoteIpHeader="x-forwarded-for"\n remoteIpProxiesHeader="x-forwarded-by"\n protocolHeader="x-forwarded-proto" />' /etc/$TOMCAT_VERSION/server.xml
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -76,7 +76,7 @@ fi
sudo sed -i '/client_max_body_size/d' /etc/nginx/nginx.conf # remove this line if it already exists to prevent duplicates sudo sed -i '/client_max_body_size/d' /etc/nginx/nginx.conf # remove this line if it already exists to prevent duplicates
sudo sed -i "/Basic Settings/a \ client_max_body_size 100000000M;" /etc/nginx/nginx.conf # Add the larger file transfer size sudo sed -i "/Basic Settings/a \ client_max_body_size 100000000M;" /etc/nginx/nginx.conf # Add the larger file transfer size
echo -e "${GREY}Boosting Nginx's 'maximum body size' parameter to allow large file transfers...${GREY}" echo -e "${GREY}Boosting Nginx's 'maximum body size' parameter to allow large file transfers...${GREY}"
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -92,7 +92,7 @@ sudo ufw allow OpenSSH >/dev/null 2>&1
sudo ufw allow 80/tcp >/dev/null 2>&1 sudo ufw allow 80/tcp >/dev/null 2>&1
sudo ufw delete allow 8080/tcp >/dev/null 2>&1 sudo ufw delete allow 8080/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1 echo "y" | sudo ufw enable >/dev/null 2>&1
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -105,7 +105,7 @@ echo -e "${GREY}Restaring Guacamole & Ngnix..."
sudo systemctl restart $TOMCAT_VERSION sudo systemctl restart $TOMCAT_VERSION
sudo systemctl restart guacd sudo systemctl restart guacd
sudo systemctl restart nginx sudo systemctl restart nginx
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else

12
4a-install-tls-self-signed-nginx.sh
View file

@ -71,7 +71,7 @@ EOF
echo echo
echo "{$GREY}Creating a new Nginx TLS Certificate..." echo "{$GREY}Creating a new Nginx TLS Certificate..."
openssl req -x509 -nodes -newkey rsa:2048 -keyout $TLSNAME.key -out $TLSNAME.crt -days $TLSDAYS -config $TMP_DIR/cert_attributes.txt openssl req -x509 -nodes -newkey rsa:2048 -keyout $TLSNAME.key -out $TLSNAME.crt -days $TLSDAYS -config $TMP_DIR/cert_attributes.txt
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -86,7 +86,7 @@ sudo cp $TLSNAME.crt $DIR_SSL_CERT/$TLSNAME.crt
# Create a PFX formatted key for easier import to Windows hosts and change permissions to enable copying elsewhere # Create a PFX formatted key for easier import to Windows hosts and change permissions to enable copying elsewhere
echo -e "${GREY}Converting client certificates for Windows & Linux...${GREY}" echo -e "${GREY}Converting client certificates for Windows & Linux...${GREY}"
sudo openssl pkcs12 -export -out $TLSNAME.pfx -inkey $TLSNAME.key -in $TLSNAME.crt -password pass:1234 sudo openssl pkcs12 -export -out $TLSNAME.pfx -inkey $TLSNAME.key -in $TLSNAME.crt -password pass:1234
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -102,7 +102,7 @@ sudo chown $SUDO_USER:root $TLSNAME.key
# Backup the current Nginx config before update # Backup the current Nginx config before update
echo -e "${GREY}Backing up previous Nginx proxy to $DOWNLOAD_DIR/$TLSNAME-nginx.bak" echo -e "${GREY}Backing up previous Nginx proxy to $DOWNLOAD_DIR/$TLSNAME-nginx.bak"
cp /etc/nginx/sites-enabled/${TLSNAME} $DOWNLOAD_DIR/${TLSNAME}-nginx.bak cp /etc/nginx/sites-enabled/${TLSNAME} $DOWNLOAD_DIR/${TLSNAME}-nginx.bak
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -150,7 +150,7 @@ server {
} }
} }
EOF EOF
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -166,7 +166,7 @@ sudo ufw allow OpenSSH >/dev/null 2>&1
sudo ufw allow 80/tcp >/dev/null 2>&1 sudo ufw allow 80/tcp >/dev/null 2>&1
sudo ufw allow 443/tcp >/dev/null 2>&1 sudo ufw allow 443/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1 echo "y" | sudo ufw enable >/dev/null 2>&1
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -179,7 +179,7 @@ echo -e "${GREY}Restaring Guacamole & Ngnix..."
sudo systemctl restart $TOMCAT_VERSION sudo systemctl restart $TOMCAT_VERSION
sudo systemctl restart guacd sudo systemctl restart guacd
sudo systemctl restart nginx sudo systemctl restart nginx
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else

12
4b-install-tls-letsencrypt-nginx.sh
View file

@ -29,7 +29,7 @@ apt-get install nginx certbot python3-certbot-nginx -qq -y &>>${INSTALL_LOG}
echo echo
echo -e "${GREY}Backing up previous Nginx proxy to $DOWNLOAD_DIR/$PROXY_SITE-nginx.bak" echo -e "${GREY}Backing up previous Nginx proxy to $DOWNLOAD_DIR/$PROXY_SITE-nginx.bak"
cp /etc/nginx/sites-enabled/${PROXY_SITE} $DOWNLOAD_DIR/${PROXY_SITE}-nginx.bak cp /etc/nginx/sites-enabled/${PROXY_SITE} $DOWNLOAD_DIR/${PROXY_SITE}-nginx.bak
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -57,7 +57,7 @@ server {
} }
} }
EOL EOL
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -73,7 +73,7 @@ sudo ufw allow OpenSSH >/dev/null 2>&1
sudo ufw allow 80/tcp >/dev/null 2>&1 sudo ufw allow 80/tcp >/dev/null 2>&1
sudo ufw allow 443/tcp >/dev/null 2>&1 sudo ufw allow 443/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1 echo "y" | sudo ufw enable >/dev/null 2>&1
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -88,7 +88,7 @@ systemctl restart nginx
certbot --nginx -n -d $LE_DNS_NAME --email $LE_EMAIL --agree-tos --redirect --hsts certbot --nginx -n -d $LE_DNS_NAME --email $LE_EMAIL --agree-tos --redirect --hsts
echo -e echo -e
echo -e "${GREY}Let's Encrypt successfully installed, but check for any errors above (DNS & firewall are the usual culprits).${GREY}" echo -e "${GREY}Let's Encrypt successfully installed, but check for any errors above (DNS & firewall are the usual culprits).${GREY}"
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -110,7 +110,7 @@ echo "${MINUTE} ${HOUR} * * * /usr/bin/certbot renew --quiet --pre-hook 'systemc
# Overwrite old cron settings and cleanup # Overwrite old cron settings and cleanup
crontab cron_1 crontab cron_1
rm cron_1 rm cron_1
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -123,7 +123,7 @@ echo -e "${GREY}Restaring Guacamole & Ngnix..."
sudo systemctl restart $TOMCAT_VERSION sudo systemctl restart $TOMCAT_VERSION
sudo systemctl restart guacd sudo systemctl restart guacd
sudo systemctl restart nginx sudo systemctl restart nginx
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else

14
README.md
View file

@ -1,6 +1,6 @@
# Guacamole 1.5.3 VDI/Jump Server Appliance Build Script # Guacamole 1.5.3 VDI/Jump Server Appliance Build Script
<img src="https://github.githubassets.com/images/icons/emoji/sparkles.png" width="35"> This repo makes setting up a Guacamole a breeze. Its got installer support for TLS reverse proxy, Active Directory integration, multi-factor authentication, Quick Connect & History Recording Storage UI enhancements, dark mode and custom UI templates, auto database backup, O365 email alerts and even fail2ban and internal daemon security hardening options. There's also code in here to get you up and running with Guacamole in an enterprise or high availability deployment too! <img src="https://github.githubassets.com/images/icons/emoji/sparkles.png" width="35"> This repo makes setting up a Guacamole a breeze. Its got installer support for TLS reverse proxy, Active Directory integration, multi-factor authentication, Quick Connect & History Recording Storage UI enhancements, dark mode and custom UI templates, auto database backup, O365 email alerts and even fail2ban and internal daemon security hardening options. There's also code in here to get you up and running with an enterprise high availability deployment too!
## Automatic Installation ## Automatic Installation
@ -10,15 +10,21 @@
wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.sh && chmod +x 1-setup.sh && ./1-setup.sh wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.sh && chmod +x 1-setup.sh && ./1-setup.sh
``` ```
## Prerequisites (Debian 12 now working!) ## Prerequisites (Yes! Debian 12 is now supported!)
<img src="https://github.githubassets.com/images/icons/emoji/lock.png" width="35"> **Before diving in, make sure you have:** <img src="https://github.githubassets.com/images/icons/emoji/lock.png" width="35"> **Before diving in, make sure you have:**
- A compatible OS: Ubuntu 18.04 - 22.x, Debian 10, 11 or 12, or Raspbian Buster/Bullseye (If using vendor cloud images stick to stable releases). - **A compatible OS:**
- **Debian 12, 11 or 10**
- **Ubuntu 23.04, 22.04, 20.04 & 18.04**
- **Raspbian Buster & Bullseye**
- **Official vendor cloud images equivalent to the above.**
- Minimum 8GB RAM and 40GB HDD. - Minimum 8GB RAM and 40GB HDD.
- DNS entries matching your default appliance network interface IP (essential for TLS). - DNS entries matching your default appliance network interface IP (essential for TLS).
- Open TCP ports: 22, 80, and 443. - Open TCP ports: 22, 80, and 443.
23.04, 22.04, 20.04 & 18.04
## Installation Menu ## Installation Menu
<img src="https://github.githubassets.com/images/icons/emoji/wrench.png" width="35"> **The main script guides you through the installation process in the following steps:** <img src="https://github.githubassets.com/images/icons/emoji/wrench.png" width="35"> **The main script guides you through the installation process in the following steps:**
@ -50,7 +56,7 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
1. Paste and run the wget autorun link in your home directory. 1. Paste and run the wget autorun link in your home directory.
2. Exit `1-setup.sh` at the first prompt. (At this point the scripts are downloaded only.) 2. Exit `1-setup.sh` at the first prompt. (At this point the scripts are downloaded only.)
3. Customise the huge number of installation variables available in `1-setup.sh` as required. (Certain combinations of edits will produce a fully unattended install.) 3. Customise the huge number of installation variables available in `1-setup.sh` as required. All options for customisation are found in the top sections of this script only. (Certain combinations of edits will even produce a fully unattended install!)
4. **Caution: If editing `1-setup.sh`, be aware that running the autorun link again re-downloads and overwrites all changes. You must run setup locally after editing.** (Also be sure to comment out the download links in the setup script for any other edited scripts. There should be little need to edit outside of the setup script's options.) 4. **Caution: If editing `1-setup.sh`, be aware that running the autorun link again re-downloads and overwrites all changes. You must run setup locally after editing.** (Also be sure to comment out the download links in the setup script for any other edited scripts. There should be little need to edit outside of the setup script's options.)
5. The **upgrade-guac.sh, add-tls-guac-daemon.sh, refresh-tls-self-signed.sh & backup-guac.sh** scripts are automatically adjusted at installation to match your chosen installation settings. These can be run after install without any modification. 5. The **upgrade-guac.sh, add-tls-guac-daemon.sh, refresh-tls-self-signed.sh & backup-guac.sh** scripts are automatically adjusted at installation to match your chosen installation settings. These can be run after install without any modification.
6. If the self-signed TLS proxy option is selected, browser client TLS certificates will be automatically created and saved to `$HOME/guac-setup`. 6. If the self-signed TLS proxy option is selected, browser client TLS certificates will be automatically created and saved to `$HOME/guac-setup`.

2
guac-custom-theme-builder/README.MD
View file

@ -1,7 +1,7 @@
## Custom branding & theme instructions ## ## Custom branding & theme instructions ##
1. Install Java JDK: `sudo apt update && sudo apt -y install default-jdk` 1. Install the Java JDK: `sudo apt update && sudo apt -y install default-jdk`
3. Modify `custom-theme.css` ,`guac-manifest.json`, `en.json` & `META-INF` as desired & add your logo .png files to the images directory. 3. Modify `custom-theme.css` ,`guac-manifest.json`, `en.json` & `META-INF` as desired & add your logo .png files to the images directory.
4. To commit your changes, run the below commands from within the custom-theme-builder directory, then refresh your browser to re-login to Guacamole: 4. To commit your changes, run the below commands from within the custom-theme-builder directory, then refresh your browser to re-login to Guacamole:
``` ```

46
guac-enterprise-build/install-mysql-backend-only.sh
View file

@ -27,14 +27,14 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour NC='\033[0m' #No Colour
# Check if user is root or sudo # Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then if ! [[ $(id -u) = 0 ]]; then
echo echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2 echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1 exit 1
fi fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe. # Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then if [[ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]]; then
echo echo
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2 echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo echo
@ -100,7 +100,7 @@ DB_TZ=$(cat /etc/timezone) # Typically system default (cat /etc/timezone) or cha
# Choose a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions. # Choose a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
MYSQL_VERSION="" # Blank "" forces distro default MySQL packages. MYSQL_VERSION="" # Blank "" forces distro default MySQL packages.
if [ -z "${MYSQL_VERSION}" ]; then if [[ -z "${MYSQL_VERSION}" ]]; then
# Use Linux distro default version. # Use Linux distro default version.
MYSQLPKG="default-mysql-server default-mysql-client mysql-common" MYSQLPKG="default-mysql-server default-mysql-client mysql-common"
DB_CMD="mysql" # mysql command is depricated DB_CMD="mysql" # mysql command is depricated
@ -115,7 +115,7 @@ echo -e "${GREY}Updating base Linux OS..."
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
apt-get update -qq &>>${INSTALL_LOG} apt-get update -qq &>>${INSTALL_LOG}
apt-get upgrade -qq -y &>>${INSTALL_LOG} apt-get upgrade -qq -y &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -126,7 +126,7 @@ fi
cd $DOWNLOAD_DIR cd $DOWNLOAD_DIR
# Add the official MariaDB repo # Add the official MariaDB repo
if [ -n "${MYSQL_VERSION}" ]; then if [[ -n "${MYSQL_VERSION}" ]]; then
apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG} apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG}
curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG} curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG}
bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG} bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
@ -135,7 +135,7 @@ fi
# Download and extract the Guacamole SQL authentication extension containing the database schema # Download and extract the Guacamole SQL authentication extension containing the database schema
echo -e "${GREY}Downloading Guacamole database source files..." echo -e "${GREY}Downloading Guacamole database source files..."
wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz"
exit 1 exit 1
@ -147,7 +147,7 @@ echo -e "${LGREEN}Downloaded guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz${GREY}"
echo echo
echo -e "${GREY}Installing MySQL packages..." echo -e "${GREY}Installing MySQL packages..."
apt-get -qq -y install ${MYSQLPKG} &>>${INSTALL_LOG} apt-get -qq -y install ${MYSQLPKG} &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -161,7 +161,7 @@ SQLCODE="
FLUSH PRIVILEGES; FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';" ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
echo ${SQLCODE} | $DB_CMD -u root echo ${SQLCODE} | $DB_CMD -u root
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -174,7 +174,7 @@ for x in /etc/mysql/mariadb.conf.d/50-server.cnf \
/etc/mysql/mysql.conf.d/mysqld.cnf \ /etc/mysql/mysql.conf.d/mysqld.cnf \
/etc/mysql/my.cnf; do /etc/mysql/my.cnf; do
# Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename. # Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename.
if [ -e "${x}" ]; then if [[ -e "${x}" ]]; then
if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then
mysqlconfig="${x}" mysqlconfig="${x}"
# Reduce any duplicated section names, then sanitise the [ ] special characters for sed below) # Reduce any duplicated section names, then sanitise the [ ] special characters for sed below)
@ -185,7 +185,7 @@ for x in /etc/mysql/mariadb.conf.d/50-server.cnf \
done done
# Set the MySQL Timezone # Set the MySQL Timezone
if [ -z "${mysqlconfig}" ]; then if [[ -z "${mysqlconfig}" ]]; then
echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings" echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings"
else else
# Is there already a timzeone value configured? # Is there already a timzeone value configured?
@ -193,7 +193,7 @@ else
echo -e "MySQL database timezone defined in ${mysqlconfig}" echo -e "MySQL database timezone defined in ${mysqlconfig}"
else else
timezone=${DB_TZ} timezone=${DB_TZ}
if [ -z "${DB_TZ}" ]; then if [[ -z "${DB_TZ}" ]]; then
echo -e "Couldn't find system timezone, using UTC$" echo -e "Couldn't find system timezone, using UTC$"
timezone="UTC" timezone="UTC"
fi fi
@ -203,7 +203,7 @@ else
sed -i -e "/^\[${config_section}\]/a default_time_zone = ${timezone}" "${mysqlconfig}" sed -i -e "/^\[${config_section}\]/a default_time_zone = ${timezone}" "${mysqlconfig}"
fi fi
fi fi
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
else else
@ -214,7 +214,7 @@ fi
# Set the MySQL binding IP address to whatever the setup variable is set to. # Set the MySQL binding IP address to whatever the setup variable is set to.
echo -e "${GREY}Setting MySQL IP address binding to ${MYSQL_BIND_ADDR}..." echo -e "${GREY}Setting MySQL IP address binding to ${MYSQL_BIND_ADDR}..."
sed -i "s/^bind-address[[:space:]]*=[[:space:]]*.*/bind-address = ${MYSQL_BIND_ADDR}/g" ${mysqlconfig} sed -i "s/^bind-address[[:space:]]*=[[:space:]]*.*/bind-address = ${MYSQL_BIND_ADDR}/g" ${mysqlconfig}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
else else
@ -224,21 +224,21 @@ fi
# Establish the appropriate form of Guacamole user account access (remote or localhost login permissions) # Establish the appropriate form of Guacamole user account access (remote or localhost login permissions)
echo -e "${GREY}Setting up database access parameters for the Guacamole user ..." echo -e "${GREY}Setting up database access parameters for the Guacamole user ..."
if [ "${BACKEND_MYSQL}" = true ] && [ -z "${FRONTEND_NET}" ]; then if [[ "${BACKEND_MYSQL}" = true ]] && [[ -z "${FRONTEND_NET}" ]]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}" echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}"
# e.g. RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';" # e.g. RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';"
GUAC_USERHost="%" # Allow all IPs GUAC_USERHost="%" # Allow all IPs
elif [ "${BACKEND_MYSQL}" = true ] && [ -n "${FRONTEND_NET}" ]; then elif [[ "${BACKEND_MYSQL}" = true ]] && [[ -n "${FRONTEND_NET}" ]]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from ${FRONTEND_NET}.${GREY}" echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from ${FRONTEND_NET}.${GREY}"
GUAC_USERHost="${FRONTEND_NET}" # Apply the given range GUAC_USERHost="${FRONTEND_NET}" # Apply the given range
elif [ "${BACKEND_MYSQL}" = false ] || [ -z "${BACKEND_MYSQL}" ]; then elif [[ "${BACKEND_MYSQL}" = false ]] || [[ -z "${BACKEND_MYSQL}" ]]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}" echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}"
GUAC_USERHost=localhost # Assume a localhost only install GUAC_USERHost=localhost # Assume a localhost only install
else else
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}" echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}"
GUAC_USERHost=localhost # Assume a localhost only install GUAC_USERHost=localhost # Assume a localhost only install
fi fi
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
else else
@ -256,7 +256,7 @@ GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USER
FLUSH PRIVILEGES;" FLUSH PRIVILEGES;"
# Execute SQL code # Execute SQL code
echo ${SQLCODE} | $DB_CMD -u root -D mysql -p${MYSQL_ROOT_PWD} echo ${SQLCODE} | $DB_CMD -u root -D mysql -p${MYSQL_ROOT_PWD}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
else else
@ -267,7 +267,7 @@ fi
# Add Guacamole's schema code to newly created database # Add Guacamole's schema code to newly created database
echo -e "${GREY}Adding the Guacamole database schema..." echo -e "${GREY}Adding the Guacamole database schema..."
cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD} cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
else else
@ -276,7 +276,7 @@ else
fi fi
# Apply Secure MySQL installation settings # Apply Secure MySQL installation settings
if [ "${SECURE_MYSQL}" = true ]; then if [[ "${SECURE_MYSQL}" = true ]]; then
apt-get -qq -y install expect &>>${INSTALL_LOG} apt-get -qq -y install expect &>>${INSTALL_LOG}
echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}" echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}"
SECURE_MYSQL=$(expect -c " SECURE_MYSQL=$(expect -c "
@ -299,7 +299,7 @@ send \"y\r\"
expect eof expect eof
") ")
echo "$SECURE_MYSQL" echo "$SECURE_MYSQL"
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -312,7 +312,7 @@ fi
echo -e "${GREY}Restarting MySQL service & enable at boot..." echo -e "${GREY}Restarting MySQL service & enable at boot..."
systemctl enable mysql systemctl enable mysql
systemctl restart mysql systemctl restart mysql
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
else else
@ -325,7 +325,7 @@ echo -e "${GREY}Cleaning up install files...${GREY}"
apt-get -y remove expect &>>${INSTALL_LOG} apt-get -y remove expect &>>${INSTALL_LOG}
apt-get -y autoremove &>>${INSTALL_LOG} apt-get -y autoremove &>>${INSTALL_LOG}
rm -rf guacamole-* rm -rf guacamole-*
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
exit 1 exit 1
else else

12
guac-enterprise-build/upgrade-mysql-backend-only.sh
View file

@ -25,14 +25,14 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour NC='\033[0m' #No Colour
# Check if user is root or sudo # Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then if ! [[ $(id -u) = 0 ]]; then
echo echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2 echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1 exit 1
fi fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe. # Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then if [[ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]]; then
echo echo
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2 echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo echo
@ -82,7 +82,7 @@ echo
# Download and extract the Guacamole SQL authentication extension containing the database schema # Download and extract the Guacamole SQL authentication extension containing the database schema
wget -q --show-progress -O guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz"
exit 1 exit 1
@ -103,7 +103,7 @@ for FILE in ${UPGRADEFILES[@]}; do
mariadb -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG} mariadb -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG}
fi fi
done done
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -114,7 +114,7 @@ fi
# Restart MySQL service # Restart MySQL service
echo -e "${GREY}Restarting MySQL service..." echo -e "${GREY}Restarting MySQL service..."
systemctl restart mysql systemctl restart mysql
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
else else
@ -125,7 +125,7 @@ fi
# Cleanup # Cleanup
echo -e "${GREY}Clean up install files...${GREY}" echo -e "${GREY}Clean up install files...${GREY}"
rm -rf guacamole-* rm -rf guacamole-*
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else

4
guac-management/backup-guac.sh
View file

@ -45,7 +45,7 @@ mysqldump -h ${MYSQL_HOST} \
${GUAC_DB} \ ${GUAC_DB} \
--single-transaction --quick --lock-tables=false >${DB_BACKUP_DIR}${GUAC_DB}-${TODAY}.sql --single-transaction --quick --lock-tables=false >${DB_BACKUP_DIR}${GUAC_DB}-${TODAY}.sql
SQLFILE=${DB_BACKUP_DIR}${GUAC_DB}-${TODAY}.sql SQLFILE=${DB_BACKUP_DIR}${GUAC_DB}-${TODAY}.sql
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Backup failed.${GREY}" 1>&2 echo -e "${LRED}Backup failed.${GREY}" 1>&2
exit 1 exit 1
else else
@ -54,7 +54,7 @@ else
fi fi
gzip -f ${SQLFILE} gzip -f ${SQLFILE}
# Error check and email alerts # Error check and email alerts
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Backup failed.${GREY}" 1>&2 echo -e "${LRED}Backup failed.${GREY}" 1>&2
exit 1 exit 1
else else

10
guac-management/refresh-tls-self-signed.sh
View file

@ -23,7 +23,7 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour NC='\033[0m' #No Colour
# Check if user is root or sudo # Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then if ! [[ $(id -u) = 0 ]]; then
echo echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2 echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
echo echo
@ -61,7 +61,7 @@ CERT_DAYS=
DEFAULT_IP= DEFAULT_IP=
# Assume the values used by the guacamole installer if the script is run without any command line options # Assume the values used by the guacamole installer if the script is run without any command line options
if [ -z "$1" ] | [ -z "$2" ] | [ -z "$3" ]; then if [[ -z "$1" ]] | [[ -z "$2" ]] | [[ -z "$3" ]]; then
TLSNAME=$PROXY_SITE TLSNAME=$PROXY_SITE
TLSDAYS=$CERT_DAYS TLSDAYS=$CERT_DAYS
TLSIP=$DEFAULT_IP TLSIP=$DEFAULT_IP
@ -107,7 +107,7 @@ echo
# Create the new certificates # Create the new certificates
echo "{$GREY}Creating a new TLS Certificate..." echo "{$GREY}Creating a new TLS Certificate..."
openssl req -x509 -nodes -newkey rsa:2048 -keyout $TLSNAME.key -out $TLSNAME.crt -days $TLSDAYS -config cert_attributes.txt openssl req -x509 -nodes -newkey rsa:2048 -keyout $TLSNAME.key -out $TLSNAME.crt -days $TLSDAYS -config cert_attributes.txt
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed.${GREY}" 1>&2 echo -e "${LRED}Failed.${GREY}" 1>&2
exit 1 exit 1
else else
@ -122,7 +122,7 @@ cp $TLSNAME.crt $DIR_SSL_CERT/$TLSNAME.crt
# Create a PFX formatted key for easier import to Windows hosts and change permissions to enable copying elsewhere # Create a PFX formatted key for easier import to Windows hosts and change permissions to enable copying elsewhere
echo -e "${GREY}Converting client certificates for Windows & Linux...${GREY}" echo -e "${GREY}Converting client certificates for Windows & Linux...${GREY}"
openssl pkcs12 -export -out $TLSNAME.pfx -inkey $TLSNAME.key -in $TLSNAME.crt -password pass:1234 openssl pkcs12 -export -out $TLSNAME.pfx -inkey $TLSNAME.key -in $TLSNAME.crt -password pass:1234
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed.${GREY}" 1>&2 echo -e "${LRED}Failed.${GREY}" 1>&2
exit 1 exit 1
else else
@ -139,7 +139,7 @@ TOMCAT=$(ls /etc/ | grep tomcat)
systemctl restart $TOMCAT systemctl restart $TOMCAT
systemctl restart guacd systemctl restart guacd
systemctl restart nginx systemctl restart nginx
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed.${GREY}" 1>&2 echo -e "${LRED}Failed.${GREY}" 1>&2
exit 1 exit 1
else else

38
guac-management/upgrade-guac.sh
View file

@ -22,14 +22,14 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour NC='\033[0m' #No Colour
# Check if user is root or sudo # Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then if ! [[ $(id -u) = 0 ]]; then
echo echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2 echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1 exit 1
fi fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe. # Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then if [[ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]]; then
echo echo
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2 echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo echo
@ -96,7 +96,7 @@ cd $DOWNLOAD_DIR
echo echo
echo -e "${GREY}Downloading updated Guacamole source files and beginning Guacamole ${OLD_GUAC_VERSION} to ${NEW_GUAC_VERSION} upgrade..." echo -e "${GREY}Downloading updated Guacamole source files and beginning Guacamole ${OLD_GUAC_VERSION} to ${NEW_GUAC_VERSION} upgrade..."
wget -q --show-progress -O guacamole-${NEW_GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${NEW_GUAC_VERSION}.war wget -q --show-progress -O guacamole-${NEW_GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${NEW_GUAC_VERSION}.war
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-${NEW_GUAC_VERSION}.war" 1>&2 echo -e "${LRED}Failed to download guacamole-${NEW_GUAC_VERSION}.war" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${NEW_GUAC_VERSION}.war${GREY}" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${NEW_GUAC_VERSION}.war${GREY}"
exit 1 exit 1
@ -109,7 +109,7 @@ echo -e "${LGREEN}Upgraded Guacamole client to version ${NEW_GUAC_VERSION}${GREY
# Download and upgrade Guacamole SQL authentication extension # Download and upgrade Guacamole SQL authentication extension
wget -q --show-progress -O guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz"
exit 1 exit 1
@ -123,7 +123,7 @@ echo -e "${LGREEN}Upgraded Guacamole SQL jdbc to version ${NEW_GUAC_VERSION}${GR
# Download MySQL connector/j # Download MySQL connector/j
wget -q --show-progress -O mysql-connector-j-${NEW_MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${NEW_MYSQLJCON}.tar.gz wget -q --show-progress -O mysql-connector-j-${NEW_MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${NEW_MYSQLJCON}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download mysql-connector-j-${NEW_MYSQLJCON}.tar.gz" 1>&2 echo -e "${LRED}Failed to download mysql-connector-j-${NEW_MYSQLJCON}.tar.gz" 1>&2
echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${NEW_MYSQLJCON}}.tar.gz${GREY}" echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${NEW_MYSQLJCON}}.tar.gz${GREY}"
exit 1 exit 1
@ -136,7 +136,7 @@ echo -e "${LGREEN}Upgraded MySQL connector/j to ${NEW_MYSQLJCON}${GREY}"
# Download Guacamole Server # Download Guacamole Server
wget -q --show-progress -O guacamole-server-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${NEW_GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-server-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-server-${NEW_GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-server-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${NEW_GUAC_VERSION}.tar.gz${GREY}" echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${NEW_GUAC_VERSION}.tar.gz${GREY}"
exit 1 exit 1
@ -153,11 +153,11 @@ echo -e "${GREY}Compiling Guacamole-Server ${NEW_GUAC_VERSION} from source with
export CFLAGS="-Wno-error" export CFLAGS="-Wno-error"
# Configure Guacamole Server source # Configure Guacamole Server source
./configure --with-systemd-dir=/etc/systemd/system &>>${INSTALL_LOG} ./configure --with-systemd-dir=/etc/systemd/system &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo "Failed to configure guacamole-server" echo "Failed to configure guacamole-server"
echo "Trying again with --enable-allow-freerdp-snapshots" echo "Trying again with --enable-allow-freerdp-snapshots"
./configure --with-systemd-dir=/etc/systemd/system --enable-allow-freerdp-snapshots ./configure --with-systemd-dir=/etc/systemd/system --enable-allow-freerdp-snapshots
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo "Failed to configure guacamole-server - again" echo "Failed to configure guacamole-server - again"
exit exit
fi fi
@ -168,7 +168,7 @@ fi
echo -e "${GREY}Running make and building the upgraded Guacamole-Server application..." echo -e "${GREY}Running make and building the upgraded Guacamole-Server application..."
make &>>${INSTALL_LOG} make &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -179,7 +179,7 @@ fi
echo -e "${GREY}Installing the upgraded Guacamole-Server..." echo -e "${GREY}Installing the upgraded Guacamole-Server..."
make install &>>${INSTALL_LOG} make install &>>${INSTALL_LOG}
ldconfig ldconfig
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -190,7 +190,7 @@ fi
cd .. cd ..
# Don't run the SQL upgrade commands if original setup option was set to remote MySQL instance. - Use separate DB update script. # Don't run the SQL upgrade commands if original setup option was set to remote MySQL instance. - Use separate DB update script.
if [ "${INSTALL_MYSQL}" = true ]; then if [[ "${INSTALL_MYSQL}" = true ]]; then
# Get list of SQL Upgrade Files # Get list of SQL Upgrade Files
echo -e "${GREY}Upgrading MySQL Schema..." echo -e "${GREY}Upgrading MySQL Schema..."
UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/ | sort -V)) UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/ | sort -V))
@ -203,7 +203,7 @@ if [ "${INSTALL_MYSQL}" = true ]; then
mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG} mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG}
fi fi
done done
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -218,7 +218,7 @@ for file in /etc/guacamole/extensions/guacamole-auth-totp*.jar; do
echo -e "${LGREEN}TOTP authentication extension was found, upgrading...${GREY}" echo -e "${LGREEN}TOTP authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-totp*.jar &>>${INSTALL_LOG} rm /etc/guacamole/extensions/guacamole-auth-totp*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz"
exit 1 exit 1
@ -238,7 +238,7 @@ for file in /etc/guacamole/extensions/guacamole-auth-duo*.jar; do
echo -e "${LGREEN}DUO authentication extension was found, upgrading...${GREY}" echo -e "${LGREEN}DUO authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-duo*.jar &>>${INSTALL_LOG} rm /etc/guacamole/extensions/guacamole-auth-duo*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz"
exit 1 exit 1
@ -258,7 +258,7 @@ for file in /etc/guacamole/extensions/guacamole-auth-ldap*.jar; do
echo -e "${LGREEN}LDAP authentication extension was found, upgrading...${GREY}" echo -e "${LGREEN}LDAP authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-ldap*.jar &>>${INSTALL_LOG} rm /etc/guacamole/extensions/guacamole-auth-ldap*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz"
exit 1 exit 1
@ -278,7 +278,7 @@ for file in /etc/guacamole/extensions/guacamole-auth-quickconnect*.jar; do
echo -e "${LGREEN}Quick Connect extension was found, upgrading...${GREY}" echo -e "${LGREEN}Quick Connect extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-quickconnect*.jar &>>${INSTALL_LOG} rm /etc/guacamole/extensions/guacamole-auth-quickconnect*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz"
exit 1 exit 1
@ -298,7 +298,7 @@ for file in /etc/guacamole/extensions/guacamole-history-recording-storage*.jar;
echo -e "${LGREEN}History Recording Storage extension was found, upgrading...${GREY}" echo -e "${LGREEN}History Recording Storage extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-history-recording-storage*.jar &>>${INSTALL_LOG} rm /etc/guacamole/extensions/guacamole-history-recording-storage*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz"
exit 1 exit 1
@ -325,7 +325,7 @@ echo -e "${GREY}Starting guacd and Tomcat services..."
systemctl enable guacd systemctl enable guacd
systemctl start guacd systemctl start guacd
systemctl start ${TOMCAT_VERSION} systemctl start ${TOMCAT_VERSION}
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -337,7 +337,7 @@ fi
echo -e "${GREY}Clean up install files...${GREY}" echo -e "${GREY}Clean up install files...${GREY}"
rm -rf guacamole-* rm -rf guacamole-*
rm -rf mysql-connector-j-* rm -rf mysql-connector-j-*
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else

2
guac-optional-features/add-auth-duo.sh
View file

@ -17,7 +17,7 @@ NC='\033[0m' #No Colour
clear clear
if ! [ $(id -u) = 0 ]; then if ! [[ $(id -u) = 0 ]]; then
echo echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2 echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1 exit 1

2
guac-optional-features/add-auth-ldap.sh
View file

@ -18,7 +18,7 @@ NC='\033[0m' #No Colour
clear clear
# Check if user is root or sudo # Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then if ! [[ $(id -u) = 0 ]]; then
echo echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2 echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1 exit 1

2
guac-optional-features/add-auth-totp.sh
View file

@ -18,7 +18,7 @@ NC='\033[0m' #No Colour
clear clear
# Check if user is root or sudo # Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then if ! [[ $(id -u) = 0 ]]; then
echo echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2 echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1 exit 1

12
guac-optional-features/add-fail2ban.sh
View file

@ -18,7 +18,7 @@ NC='\033[0m' #No Colour
clear clear
# Check if user is root or sudo # Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then if ! [[ $(id -u) = 0 ]]; then
echo echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2 echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1 exit 1
@ -91,7 +91,7 @@ fi
####################################################################################################################### #######################################################################################################################
# Install base fail2ban base application, and whitelist the local subnet as the starting baseline (no policy defined yet) # Install base fail2ban base application, and whitelist the local subnet as the starting baseline (no policy defined yet)
if [ "${FAIL2BAN_BASE}" = true ]; then if [[ "${FAIL2BAN_BASE}" = true ]]; then
#Update and install fail2ban (and john for management of config file updates, and not overwrite any existing settings) #Update and install fail2ban (and john for management of config file updates, and not overwrite any existing settings)
sudo apt-get update -qq >/dev/null 2>&1 sudo apt-get update -qq >/dev/null 2>&1
@ -170,7 +170,7 @@ EOF
fi fi
if [ "${FAIL2BAN_BASE}" = true ]; then if [[ "${FAIL2BAN_BASE}" = true ]]; then
# Now the above loop is done, append the single loopback address to all the discovered the subnet IDs in a single line # Now the above loop is done, append the single loopback address to all the discovered the subnet IDs in a single line
sed -i 's/^/127.0.0.1\/24 /' /tmp/netaddr.txt sed -i 's/^/127.0.0.1\/24 /' /tmp/netaddr.txt
@ -208,7 +208,7 @@ fi
# Fail2ban optional policy setup items ################################################################################ # Fail2ban optional policy setup items ################################################################################
####################################################################################################################### #######################################################################################################################
if [ "${FAIL2BAN_GUAC}" = true ]; then if [[ "${FAIL2BAN_GUAC}" = true ]]; then
# Create the Guacamole jail.local policy template # Create the Guacamole jail.local policy template
cat >/tmp/fail2ban.conf <<EOF cat >/tmp/fail2ban.conf <<EOF
@ -250,13 +250,13 @@ rm -f /tmp/netaddr.txt
rm -f /tmp/fail2ban.update rm -f /tmp/fail2ban.update
############## Start Fail2ban NGINX security policy option ############### ############## Start Fail2ban NGINX security policy option ###############
#if [ "${FAIL2BAN_NGINX}" = true ]; then #if [[ "${FAIL2BAN_NGINX}" = true ]]; then
# echo -e "${LGREEN}Nginx Fail2ban policy not implemented yet.${GREY}" # echo -e "${LGREEN}Nginx Fail2ban policy not implemented yet.${GREY}"
# echo # echo
#fi #fi
############### Start Fail2ban SSH security policy option ################ ############### Start Fail2ban SSH security policy option ################
#if [ "${FAIL2BAN_SSH}" = true ]; then #if [[ "${FAIL2BAN_SSH}" = true ]]; then
# echo -e "${LGREEN}SSH Fail2ban policy not implemented yet..${GREY}" # echo -e "${LGREEN}SSH Fail2ban policy not implemented yet..${GREY}"
# echo # echo
#fi #fi

8
guac-optional-features/add-smtp-relay-o365.sh
View file

@ -27,7 +27,7 @@ SERVER=$(uname -n)
DOMAIN_SEARCH_SUFFIX=$(grep search /etc/resolv.conf | grep -v "#" | sed 's/'search[[:space:]]'//') DOMAIN_SEARCH_SUFFIX=$(grep search /etc/resolv.conf | grep -v "#" | sed 's/'search[[:space:]]'//')
# Check if user is root or sudo # Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then if ! [[ $(id -u) = 0 ]]; then
echo echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2 echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1 exit 1
@ -41,7 +41,7 @@ echo
echo -e "${GREY}Installing Postfix with non-interactive defaults..." echo -e "${GREY}Installing Postfix with non-interactive defaults..."
sudo apt update -qq >/dev/null 2>&1 sudo apt update -qq >/dev/null 2>&1
DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y >/dev/null 2>&1 DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y >/dev/null 2>&1
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Postfix install failed. ${GREY}" 1>&2 echo -e "${LRED}Postfix install failed. ${GREY}" 1>&2
exit 1 exit 1
else else
@ -79,7 +79,7 @@ smtp_tls_security_level = encrypt
smtp_generic_maps = hash:/etc/postfix/generic smtp_generic_maps = hash:/etc/postfix/generic
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
EOF EOF
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Postfix restart failed. ${GREY}" 1>&2 echo -e "${LRED}Postfix restart failed. ${GREY}" 1>&2
exit 1 exit 1
else else
@ -110,7 +110,7 @@ sudo postmap /etc/postfix/generic
# Restart and test # Restart and test
echo -e "${GREY}Restarting Postfix..." echo -e "${GREY}Restarting Postfix..."
sudo systemctl restart postfix sudo systemctl restart postfix
if [ $? -ne 0 ]; then if [[ $? -ne 0 ]]; then
echo -e "${LRED}Postfix restart failed. ${GREY}" 1>&2 echo -e "${LRED}Postfix restart failed. ${GREY}" 1>&2
exit 1 exit 1
else else

2
guac-optional-features/add-tls-guac-daemon.sh
View file

@ -19,7 +19,7 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour NC='\033[0m' #No Colour
# Check if user is root or sudo # Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then if ! [[ $(id -u) = 0 ]]; then
echo echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2 echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1 exit 1

6
guac-optional-features/add-xtra-histrecstor.sh
View file

@ -18,7 +18,7 @@ NC='\033[0m' #No Colour
clear clear
# Check if user is root or sudo # Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then if ! [[ $(id -u) = 0 ]]; then
echo echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2 echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1 exit 1
@ -32,10 +32,10 @@ HISTREC_PATH_DEFAULT=/var/lib/guacamole/recordings # Apache default
while true; do while true; do
echo echo
read -p "Enter recorded storage path [Enter for default ${HISTREC_PATH_DEFAULT}]: " HISTREC_PATH read -p "Enter recorded storage path [Enter for default ${HISTREC_PATH_DEFAULT}]: " HISTREC_PATH
[ "${HISTREC_PATH}" = "" ] || [ "${HISTREC_PATH}" != "" ] && break [[ "${HISTREC_PATH}" = "" ]] || [[ "${HISTREC_PATH}" != "" ]] && break
done done
# If no custom path is given, lets assume the default path on hitting enter # If no custom path is given, lets assume the default path on hitting enter
if [ -z "${HISTREC_PATH}" ]; then if [[ -z "${HISTREC_PATH}" ]]; then
HISTREC_PATH="${HISTREC_PATH_DEFAULT}" HISTREC_PATH="${HISTREC_PATH_DEFAULT}"
fi fi
echo echo

2
guac-optional-features/add-xtra-quickconnect.sh
View file

@ -18,7 +18,7 @@ NC='\033[0m' #No Colour
clear clear
# Check if user is root or sudo # Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then if ! [[ $(id -u) = 0 ]]; then
echo echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2 echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1 exit 1