someorg/Easy-Guacamole-Installer
1
0
Fork 0
mirror of https://github.com/itiligent/Easy-Guacamole-Installer.git synced 2025-12-14 02:12:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed for Debian 12 and Ubuntu 23.04

Browse source 
Debian 12 ready, Ubuntu 23.04 ready

code final review
normalized to uniform [[  ]] use, and shfmt to 4 space indents
Changes redirect variable name
fixed db installing server and client for client installs
small tidy ups
This commit is contained in:
itiligent 2023-09-10 22:39:54 +10:00
parent a7f8ee6439
commit d150332e63
20 changed files with 1355 additions and 1337 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

168
1-setup.sh
View file

@ -47,7 +47,7 @@ if [[ $EUID -eq 0 ]]; then
fi
# Make sure the user is a member of the sudo group
if ! [ $(id -nG "$USER" 2>/dev/null | egrep "sudo" | wc -l) -gt 0 ]; then
if ! [[ $(id -nG "$USER" 2>/dev/null | egrep "sudo" | wc -l) -gt 0 ]]; then
echo
echo -e "${LRED}The current user (${USER}) must be a member of the 'sudo' group, exiting..." 1>&2
echo -e ${NC}
@ -55,7 +55,7 @@ if ! [ $(id -nG "$USER" 2>/dev/null | egrep "sudo" | wc -l) -gt 0 ]; then
fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
if [[ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]]; then
echo
echo -e "${LRED}Possible previous install files detected in current build path. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
@ -63,7 +63,7 @@ if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*'
fi
#######################################################################################################################
# Core setup variables and mandatory inputs ###########################################################################
# Core setup variables and mandatory inputs - EDIT VARIABLE VALUES TO SUIT ############################################
#######################################################################################################################
# Setup download and temp directory paths
@ -87,32 +87,18 @@ GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guac
# See https://mariadb.org/mariadb/all-releases/ for available versions.
# Provide a specific MySQL version e.g. 11.1.2 or leave blank to use distro default MySQL packages.
MYSQL_VERSION=""
if [ -z "${MYSQL_VERSION}" ]; then
if [[ -z "${MYSQL_VERSION}" ]]; then
# Use Linux distro default version.
MYSQLS="default-mysql-server default-mysql-client mysql-common"
MYSQLC="default-mysql-client"
MYSQLSRV="default-mysql-server default-mysql-client mysql-common" # Server
MYSQLCLIENT="default-mysql-client" # Client
DB_CMD="mysql" # mysql command is depricated
else
# Use official mariadb.org repo
MYSQLS="mariadb-server mariadb-client mariadb-common"
MYSQLC="mariadb-client"
MYSQLSRV="mariadb-server mariadb-client mariadb-common" # Server
MYSQLCLIENT="mariadb-client" # Client
DB_CMD="mariadb" # mysql command is depricated on newer versions
fi
# Check for the latest version of Tomcat currently supported by the distro
if [[ $(apt-cache show tomcat10 2>/dev/null | egrep "Version: 10" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat10"
elif [[ $(apt-cache show tomcat9 2>/dev/null | egrep "Version: 9" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat9"
elif [[ $(apt-cache show tomcat8 2>/dev/null | egrep "Version: 8.[5-9]" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat8"
else
# Default to version
TOMCAT_VERSION="tomcat9"
fi
# Uncomment to force a specific Tomcat version here.
# TOMCAT_VERSION="tomcat9"
# Install log Location
INSTALL_LOG="${DOWNLOAD_DIR}/guacamole_${GUAC_VERSION}_setup.log"
@ -123,7 +109,8 @@ GUAC_URL=http://localhost:8080/guacamole/
# Here the variables for OS variant and library dependency names are initialised.
source /etc/os-release
OS_FLAVOUR=$ID
OS_VERSION=$VERSION
OS_VERSION=$VERSION_ID
OS_CODENAME=$VERSION_CODENAME
JPEGTURBO=""
LIBPNG=""
@ -137,20 +124,20 @@ get_domain_suffix() {
search_line=$(grep -E '^search[[:space:]]+' /etc/resolv.conf)
domain_line=$(grep -E '^domain[[:space:]]+' /etc/resolv.conf)
# Check if both "search" and "domain" lines exist
if [ -n "$search_line" ] && [ -n "$domain_line" ]; then
if [[ -n "$search_line" ]] && [[ -n "$domain_line" ]]; then
# Both "search" and "domain" lines exist, extract the domain suffix from both
search_suffix=$(get_domain_suffix "$search_line")
domain_suffix=$(get_domain_suffix "$domain_line")
# Print the domain suffix that appears first
if [ ${#search_suffix} -lt ${#domain_suffix} ]; then
if [[ ${#search_suffix} -lt ${#domain_suffix} ]]; then
DOMAIN_SUFFIX=$search_suffix
else
DOMAIN_SUFFIX=$domain_suffix
fi
elif [ -n "$search_line" ]; then
elif [[ -n "$search_line" ]]; then
# If only "search" line exists
DOMAIN_SUFFIX=$(get_domain_suffix "$search_line")
elif [ -n "$domain_line" ]; then
elif [[ -n "$domain_line" ]]; then
# If only "domain" line exists
DOMAIN_SUFFIX=$(get_domain_suffix "$domain_line")
else
@ -171,7 +158,7 @@ echo
echo
#######################################################################################################################
# Silent setup options - adding true/false or specific values below prevents prompt at install ########################
# Silent setup options - true/false or specific values below prevents prompt at install. EDIT TO SUIT #################
#######################################################################################################################
SERVER_NAME="" # Preferred server hostname
LOCAL_DOMAIN="" # Local DNS space in use
@ -190,7 +177,7 @@ INSTALL_LDAP="" # Add Active Directory extension (true/false)
INSTALL_QCONNECT="" # Add Guacamole console quick connect feature
INSTALL_HISTREC="" # Add Guacamole history recording storage feature
HISTREC_PATH="" # Path to save recorded sessions, default is /var/lib/guacamole/recordings
CHANGE_ROOT="" # Set default Guacamole URL to http root (remove extra "/guacamole" from the default URL)
GUAC_URL_REDIR="" # Redirect default Guacamole URL to http root (skip typing the extra "/guacamole" in the URL)
INSTALL_NGINX="" # Install and configure Guacamole behind Nginx reverse proxy (http port 80 only, true/false)
PROXY_SITE="" # Local DNS name for reverse proxy and/or self signed TLS certificates
SELF_SIGN="" # Add self signed TLS support to Nginx (Let's Encrypt not available with this option, true/false)
@ -210,7 +197,7 @@ RDP_SHARE_LABEL="RDP Share" # Custom Windows RDP share drive label (e.g. RDP
RDP_PRINTER_LABEL="RDP Printer" # Custom Windows RDP printer label
#######################################################################################################################
# Download GitHub setup scripts. To prevent overwrite, comment out lines of any scripts you have edited. ##############
# Download GitHub setup scripts. To prevent overwrite, COMMENT OUT LINES OF ANY SCRIPTS YOU HAVE EDITED. ##############
#######################################################################################################################
# Download the set of config scripts from GitHub
@ -255,13 +242,41 @@ echo
sudo chmod -R 770 $TMP_DIR
sudo chown -R $SUDO_USER:root $TMP_DIR
# Workaround for current Debian 12 & Tomcat 10 incompatibilities (Experimental in August 2023)
if [[ $OS_FLAVOUR = "debian" ]] && [[ $OS_VERSION = *"bookworm"* ]]; then
#######################################################################################################################
# Determine the correct version of Tomcat use #########################################################################
#######################################################################################################################
# Check for the latest version of Tomcat currently supported by the distro
if [[ $(apt-cache show tomcat10 2>/dev/null | egrep "Version: 10" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat10"
elif [[ $(apt-cache show tomcat9 2>/dev/null | egrep "Version: 9" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat9"
elif [[ $(apt-cache show tomcat8 2>/dev/null | egrep "Version: 8.[5-9]" | wc -l) -gt 0 ]]; then
TOMCAT_VERSION="tomcat8"
else
# Default to version
TOMCAT_VERSION="tomcat9"
fi
# Workaround for current Debian 12 & Tomcat 10 incompatibilities
if [[ ${OS_FLAVOUR,,} = "debian" ]] && [[ ${OS_CODENAME,,} = *"bookworm"* ]]; then #(checks for upper and lower case)
# Add the oldstable repo and downgrade tomcat version install
echo "deb http://deb.debian.org/debian/ bullseye main" | sudo tee /etc/apt/sources.list.d/bullseye.list >/dev/null
TOMCAT_VERSION="tomcat9"
fi
# Workaround for Ubuntu 23.x & Tomcat 10 incompatibilities
if [[ ${OS_FLAVOUR,,} = "ubuntu" ]] && [[ ${OS_CODENAME,,} = *"lunar"* ]]; then #(checks for upper and lower case)
TOMCAT_VERSION="tomcat9"
fi
# Uncomment to force a specific Tomcat version here.
# TOMCAT_VERSION="tomcat9"
#######################################################################################################################
# DO NOT EDIT PAST THIS POINT #########################################################################################
#######################################################################################################################
#######################################################################################################################
# Begin install menu prompts ##########################################################################################
#######################################################################################################################
@ -333,7 +348,7 @@ fi
# Now that $SERVER_NAME and $LOCAL_DOMAIN values are updated and refreshed:
# Values are merged to build a local FQDN value (used for the default reverse proxy site name.)
DEFAULT_FQDN=$SERVER_NAME.$LOCAL_DOMAIN
# The RDP share label default can now assume the updated $SERVER_NAME value if not manually specified in silent setup options.
# The RDP share label default can now assume the updated $SERVER_NAME value (if not manually specified in silent setup options).
if [[ -z ${RDP_SHARE_HOST} ]]; then
RDP_SHARE_HOST=$SERVER_NAME
fi
@ -360,7 +375,7 @@ if [[ -z ${INSTALL_MYSQL} ]]; then
fi
# Prompt the user to apply the Mysql secure installation locally
if [ -z ${SECURE_MYSQL} ] && [ "${INSTALL_MYSQL}" = true ]; then
if [[ -z ${SECURE_MYSQL} ]] && [[ "${INSTALL_MYSQL}" = true ]]; then
echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to LOCAL db? [Y/n] [default y]: ${GREY}"
read PROMPT
if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
@ -372,7 +387,7 @@ fi
# Prompt the user to apply the Mysql secure installation to remote db
# This may be problematic on remote databases (for one-script upgrades) as this addition removes remote root login access - a good thing.
#if [ -z ${SECURE_MYSQL} ] && [ "${INSTALL_MYSQL}" = false ]; then
#if [[ -z ${SECURE_MYSQL} ]] && [[ "${INSTALL_MYSQL}" = false ]]; then
# echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to REMOTE db? [y/N] [default n]: ${GREY}"
# read PROMPT
# if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
@ -383,72 +398,72 @@ fi
#fi
# Get additional MYSQL values
if [ "${INSTALL_MYSQL}" = false ]; then
[ -z "${MYSQL_HOST}" ] &&
if [[ "${INSTALL_MYSQL}" = false ]]; then
[[ -z "${MYSQL_HOST}" ]] &&
read -p "SQL: Enter remote MySQL server hostname or IP: " MYSQL_HOST
[ -z "${MYSQL_PORT}" ] &&
[[ -z "${MYSQL_PORT}" ]] &&
read -p "SQL: Enter remote MySQL server port [3306]: " MYSQL_PORT
[ -z "${GUAC_DB}" ] &&
[[ -z "${GUAC_DB}" ]] &&
read -p "SQL: Enter remote Guacamole database name [guacamole_db]: " GUAC_DB
[ -z "${GUAC_USER}" ] &&
[[-z "${GUAC_USER}" ]] &&
read -p "SQL: Enter remote Guacamole user name [guacamole_user]: " GUAC_USER
fi
# Checking if a mysql host given, if not set a default
if [ -z "${MYSQL_HOST}" ]; then
if [[ -z "${MYSQL_HOST}" ]]; then
MYSQL_HOST="localhost"
fi
# Checking if a mysql port given, if not set a default
if [ -z "${MYSQL_PORT}" ]; then
if [[ -z "${MYSQL_PORT}" ]]; then
MYSQL_PORT="3306"
fi
# Checking if a database name given, if not set a default
if [ -z "${GUAC_DB}" ]; then
if [[ -z "${GUAC_DB}" ]]; then
GUAC_DB="guacamole_db"
fi
# Checking if a mysql user given, if not set a default
if [ -z "${GUAC_USER}" ]; then
if [[ -z "${GUAC_USER}" ]]; then
GUAC_USER="guacamole_user"
fi
echo -e ${LMAGENTA}
# Get MySQL root password, confirm correct password entry and prevent blank passwords. No root pw needed for remote instances.
if [ -z "${MYSQL_ROOT_PWD}" ] && [ "${INSTALL_MYSQL}" = true ]; then
if [[ -z "${MYSQL_ROOT_PWD}" ]] && [[ "${INSTALL_MYSQL}" = true ]]; then
while true; do
read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL ROOT password: " MYSQL_ROOT_PWD
echo
read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL ROOT password: " PROMPT2
echo
[ "${MYSQL_ROOT_PWD}" = "${PROMPT2}" ] && [ "${MYSQL_ROOT_PWD}" != "" ] && [ "${PROMPT2}" != "" ] && break
[[ "${MYSQL_ROOT_PWD}" = "${PROMPT2}" ]] && [[ "${MYSQL_ROOT_PWD}" != "" ]] && [[ "${PROMPT2}" != "" ]] && break
echo -e "${LRED}Passwords don't match or can't be null. Please try again.${LMAGENTA}" 1>&2
done
fi
echo -e ${LCYAN}
# Get Guacamole User password, confirm correct password entry and prevent blank passwords
if [ -z "${GUAC_PWD}" ]; then
if [[ -z "${GUAC_PWD}" ]]; then
while true; do
read -s -p "SQL: Enter ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " GUAC_PWD
echo
read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " PROMPT2
echo
[ "${GUAC_PWD}" = "${PROMPT2}" ] && [ "${GUAC_PWD}" != "" ] && [ "${PROMPT2}" != "" ] && break
[[ "${GUAC_PWD}" = "${PROMPT2}" ]] && [[ "${GUAC_PWD}" != "" ]] && [[ "${PROMPT2}" != "" ]] && break
echo -e "${LRED}Passwords don't match or can't be null. Please try again.${LCYAN}" 1>&2
done
fi
echo -e ${GREY}
# Prompt for preferred backup notification email address
if [ -z ${BACKUP_EMAIL} ]; then
if [[ -z ${BACKUP_EMAIL} ]]; then
while true; do
read -p "SQL: Enter email address for SQL backup messages [Enter to skip]: " BACKUP_EMAIL
[ "${BACKUP_EMAIL}" = "" ] || [ "${BACKUP_EMAIL}" != "" ] && break
[[ "${BACKUP_EMAIL}" = "" ]] || [[ "${BACKUP_EMAIL}" != "" ]] && break
# Rather than allow a blank value, un-comment to alternately force user to enter an explicit value instead
# [ "${BACKUP_EMAIL}" != "" ] && break
# [[ "${BACKUP_EMAIL}" != "" ]] && break
# echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2
done
fi
# If no backup notification email address is given, provide a default value
if [ -z ${BACKUP_EMAIL} ]; then
if [[ -z ${BACKUP_EMAIL} ]]; then
BACKUP_EMAIL="backup-email@yourdomain.com"
fi
@ -522,11 +537,11 @@ HISTREC_PATH_DEFAULT=/var/lib/guacamole/recordings # Apache default
if [[ -z ${HISTREC_PATH} ]] && [[ "${INSTALL_HISTREC}" = true ]]; then
while true; do
read -p "EXTRAS: Enter recorded storage path [Enter for default ${HISTREC_PATH_DEFAULT}]: " HISTREC_PATH
[ "${HISTREC_PATH}" = "" ] || [ "${HISTREC_PATH}" != "" ] && break
[[ "${HISTREC_PATH}" = "" ]] || [[ "${HISTREC_PATH}" != "" ]] && break
done
fi
# If no custom path is given, lets assume the default path on hitting enter
if [ -z "${HISTREC_PATH}" ]; then
if [[ -z "${HISTREC_PATH}" ]]; then
HISTREC_PATH="${HISTREC_PATH_DEFAULT}"
fi
@ -538,20 +553,20 @@ if [[ -z ${INSTALL_NGINX} ]]; then
read PROMPT
if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
INSTALL_NGINX=true
CHANGE_ROOT=false
GUAC_URL_REDIR=false
else
INSTALL_NGINX=false
fi
fi
# Prompt to remove the trailing /guacamole dir from the default front end url
if [ "${INSTALL_NGINX}" = false ]; then
if [[ "${INSTALL_NGINX}" = false ]]; then
echo -e -n "FRONT END: Shorten Guacamole root url to *:8080 (& redirect to /guacamole ) [Y/n]? [default y]: "
read PROMPT
if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
CHANGE_ROOT=false
GUAC_URL_REDIR=false
else
CHANGE_ROOT=true
GUAC_URL_REDIR=true
fi
fi
@ -559,15 +574,15 @@ fi
if [[ -z ${PROXY_SITE} ]] && [[ "${INSTALL_NGINX}" = true ]]; then
while true; do
read -p "FRONT END: Enter proxy local DNS name? [Enter to use ${DEFAULT_FQDN}]: " PROXY_SITE
[ "${PROXY_SITE}" = "" ] || [ "${PROXY_SITE}" != "" ] && break
[[ "${PROXY_SITE}" = "" ]] || [[ "${PROXY_SITE}" != "" ]] && break
# Rather than allow the default value below, un-comment to alternately force user to enter an explicit name instead
# [ "${PROXY_SITE}" != "" ] && break
# [[ "${PROXY_SITE}" != "" ]] && break
# echo -e "${LRED}You must enter a proxy site DNS name. Please try again.${GREY}" 1>&2
done
fi
# If no proxy site dns name is given, lets assume the default FQDN is the proxy site name
if [ -z "${PROXY_SITE}" ]; then
if [[ -z "${PROXY_SITE}" ]]; then
PROXY_SITE="${DEFAULT_FQDN}"
fi
@ -584,12 +599,12 @@ if [[ -z ${SELF_SIGN} ]] && [[ "${INSTALL_NGINX}" = true ]]; then
fi
# Optional prompt to assign the self sign TLS certificate a custom expiry date, un-comment to force a manual entry
#if [ "${SELF_SIGN}" = true ]; then
#if [[ "${SELF_SIGN}" = true ]]; then
# read - p "PROXY: Enter number of days till TLS certificate expires [default 3650]: " CERT_DAYS
#fi
# If no self sign TLS certificate expiry given, lets assume a generous 10 year default certificate expiry
if [ -z "${CERT_DAYS}" ]; then
if [[ -z "${CERT_DAYS}" ]]; then
CERT_DAYS="3650"
fi
@ -608,7 +623,7 @@ fi
if [[ -z ${LE_DNS_NAME} ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
while true; do
read -p "FRONT END: Enter the FQDN for your public proxy site : " LE_DNS_NAME
[ "${LE_DNS_NAME}" != "" ] && break
[[ "${LE_DNS_NAME}" != "" ]] && break
echo -e "${LRED}You must enter a public DNS name. Please try again.${GREY}" 1>&2
done
fi
@ -617,7 +632,7 @@ fi
if [[ -z ${LE_EMAIL} ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
while true; do
read -p "FRONT END: Enter the email address for Let's Encrypt notifications : " LE_EMAIL
[ "${LE_EMAIL}" != "" ] && break
[[ "${LE_EMAIL}" != "" ]] && break
echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2
done
fi
@ -648,7 +663,7 @@ elif [[ $OS_FLAVOUR == "debian" ]] || [[ $OS_FLAVOUR == "raspbian" ]]; then # ex
JPEGTURBO="libjpeg62-turbo-dev"
LIBPNG="libpng-dev"
fi
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -697,8 +712,8 @@ export GUAC_VERSION=$GUAC_VERSION
export GUAC_SOURCE_LINK=$GUAC_SOURCE_LINK
export MYSQLJCON=$MYSQLJCON
export MYSQL_VERSION=$MYSQL_VERSION
export MYSQLS=$MYSQLS
export MYSQLC=$MYSQLC
export MYSQLSRV=$MYSQLSRV
export MYSQLCLIENT=$MYSQLCLIENT
export DB_CMD=$DB_CMD
export TOMCAT_VERSION=$TOMCAT_VERSION
export INSTALL_LOG=$INSTALL_LOG
@ -720,7 +735,7 @@ export INSTALL_LDAP=$INSTALL_LDAP
export INSTALL_QCONNECT=$INSTALL_QCONNECT
export INSTALL_HISTREC=$INSTALL_HISTREC
export HISTREC_PATH="${HISTREC_PATH}"
export CHANGE_ROOT=$CHANGE_ROOT
export GUAC_URL_REDIR=$GUAC_URL_REDIR
export INSTALL_NGINX=$INSTALL_NGINX
export PROXY_SITE=$PROXY_SITE
export CERT_COUNTRY=$CERT_COUNTRY
@ -737,10 +752,10 @@ export RDP_PRINTER_LABEL="${RDP_PRINTER_LABEL}"
# Run the Guacamole install script
sudo -E ./2-install-guacamole.sh
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}2-install-guacamole.sh FAILED. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
elif [ "${CHANGE_ROOT}" = true ]; then
elif [[ "${GUAC_URL_REDIR}" = true ]]; then
echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080 - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
else
echo -e "${LGREEN}Guacamole install complete\nhttp://${PROXY_SITE}:8080/guacamole - login user/pass: guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
@ -762,7 +777,7 @@ rm cron_1
#######################################################################################################################
# Install Nginx reverse proxy front end to Guacamole if option is selected
if [ "${INSTALL_NGINX}" = true ]; then
if [[ "${INSTALL_NGINX}" = true ]]; then
sudo -E ./3-install-nginx.sh
echo -e "${LGREEN}Nginx install complete\nhttp://${PROXY_SITE} - admin login: guacadmin pass: guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
fi
@ -780,26 +795,27 @@ if [[ "${INSTALL_NGINX}" = true ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
fi
# Duo Settings reminder - If Duo is selected you can't login to Guacamole until this extension is fully configured
if [ $INSTALL_DUO == "true" ]; then
if [[ $INSTALL_DUO == "true" ]]; then
echo
echo -e "${LYELLOW}Reminder: Duo requires extra account specific info configured in the\n/etc/guacamole/guacamole.properties file before you can log in to Guacamole."
echo -e "See https://guacamole.apache.org/doc/gug/duo-auth.html"
fi
# LDAP Settings reminder, LDAP auth is not functional until the config is complete
if [ $INSTALL_LDAP == "true" ]; then
if [[ $INSTALL_LDAP == "true" ]]; then
echo
echo -e "${LYELLOW}Reminder: LDAP requires that your LDAP directory configuration match the exact format\nadded to the /etc/guacamole/guacamole.properties file before LDAP auth will be active."
echo -e "See https://guacamole.apache.org/doc/gug/ldap-auth.html"
fi
# Tidy up. (Installer and Nginx scripts can't be run again or standalone without modification, so removing.)
rm -f $USER_HOME_DIR/1-setup.sh
rm -rf $USER_HOME_DIR/1-setup.sh
rm -f 2-install-guacamole.sh
rm -f 3-install-nginx.sh
rm -f 4a-install-tls-self-signed-nginx.sh
rm -f 4b-install-tls-letsencrypt-nginx.sh
sudo rm -R $TMP_DIR
sudo rm -rf $TMP_DIR
apt-get -y autoremove &>>${INSTALL_LOG}
# Done
echo

138
2-install-guacamole.sh
View file

@ -15,19 +15,17 @@ LGREEN='\033[0;92m'
LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour
# Choose a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
if [ -z "${MYSQL_VERSION}" ]; then
# Use Linux distro default version.
MYSQLPKG="default-mysql-server default-mysql-client mysql-common"
DB_CMD="mysql" # mysql command is depricated
# Apply MySQL client or server packages, and don't clobber any pre-existing database installation accidentally
if [[ "${INSTALL_MYSQL}" = true ]]; then
MYSQLPKG="${MYSQLSRV}"
elif [ -x "$(command -v mysql)" ]; then
MYSQLPKG=""
else
# Use official mariadb.org repo
MYSQLPKG="mariadb-server mariadb-client mariadb-common"
DB_CMD="mariadb" # mysql command is depricated on newer versions
MYSQLPKG="${MYSQLCLIENT}"
fi
# Pre-seed MySQL root password values for Linux Distro default packages only
if [ "${INSTALL_MYSQL}" = true ] && [ -z "${MYSQL_VERSION}" ]; then
if [[ "${INSTALL_MYSQL}" = true ]] && [[ -z "${MYSQL_VERSION}" ]]; then
debconf-set-selections <<<"mysql-server mysql-server/root_password password ${MYSQL_ROOT_PWD}"
debconf-set-selections <<<"mysql-server mysql-server/root_password_again password ${MYSQL_ROOT_PWD}"
fi
@ -37,7 +35,7 @@ echo -e "${GREY}Updating base Linux OS..."
export DEBIAN_FRONTEND=noninteractive
apt-get update -qq &>>${INSTALL_LOG}
apt-get upgrade -qq -y &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -46,13 +44,13 @@ else
fi
# Install Guacamole build dependencies.
if [ -n "${MYSQL_VERSION}" ]; then
if [[ -n "${MYSQL_VERSION}" ]]; then
echo -e "${GREY}Adding the official MariaDB repository and installing version ${MYSQL_VERSION}..."
# Add the Official MariaDB repo.
apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG}
curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG}
bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -66,7 +64,7 @@ apt-get -qq -y install ${MYSQLPKG} ${TOMCAT_VERSION} ${JPEGTURBO} ${LIBPNG} ufw
build-essential libcairo2-dev libtool-bin uuid-dev libavcodec-dev libavformat-dev libavutil-dev \
libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev \
libpulse-dev libssl-dev libvorbis-dev libwebp-dev ghostscript &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -77,7 +75,7 @@ fi
# Install Postfix with default settings for smtp email relay
echo -e "${GREY}Installing Postfix MTA for backup email notifications and alerts, see separate SMTP relay configuration script..."
DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -89,7 +87,7 @@ fi
# Download Guacamole Server
echo -e "${GREY}Downloading Guacamole source files..."
wget -q --show-progress -O guacamole-server-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-server-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz${GREY}"
exit 1
@ -100,7 +98,7 @@ fi
# Download Guacamole Client
wget -q --show-progress -O guacamole-${GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-${GUAC_VERSION}.war" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war${GREY}"
exit 1
@ -110,7 +108,7 @@ fi
# Download MySQL connector/j
wget -q --show-progress -O mysql-connector-j-${MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download mysql-connector-j-${MYSQLJCON}.tar.gz" 1>&2
echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}}.tar.gz${GREY}"
exit 1
@ -121,7 +119,7 @@ fi
# Download Guacamole authentication extensions
wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz"
exit 1
@ -131,9 +129,9 @@ else
fi
# Download TOTP extension
if [ "${INSTALL_TOTP}" = true ]; then
if [[ "${INSTALL_TOTP}" = true ]]; then
wget -q --show-progress -O guacamole-auth-totp-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-totp-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz"
exit 1
@ -145,9 +143,9 @@ if [ "${INSTALL_TOTP}" = true ]; then
fi
# Download DUO extension
if [ "${INSTALL_DUO}" = true ]; then
if [[ "${INSTALL_DUO}" = true ]]; then
wget -q --show-progress -O guacamole-auth-duo-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-duo-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz"
exit 1
@ -159,9 +157,9 @@ if [ "${INSTALL_DUO}" = true ]; then
fi
# Download LDAP extension
if [ "${INSTALL_LDAP}" = true ]; then
if [[ "${INSTALL_LDAP}" = true ]]; then
wget -q --show-progress -O guacamole-auth-ldap-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-ldap-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz"
exit 1
@ -173,9 +171,9 @@ if [ "${INSTALL_LDAP}" = true ]; then
fi
# Download Guacamole quick-connect extension
if [ "${INSTALL_QCONNECT}" = true ]; then
if [[ "${INSTALL_QCONNECT}" = true ]]; then
wget -q --show-progress -O guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${GUAC_VERSION}.tar.gz"
exit 1
@ -187,10 +185,10 @@ if [ "${INSTALL_QCONNECT}" = true ]; then
fi
# Download Guacamole history recording storage extension
if [ "${INSTALL_HISTREC}" = true ]; then
if [[ "${INSTALL_HISTREC}" = true ]]; then
wget -q --show-progress -O guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${GUAC_VERSION}.tar.gz"
exit 1
@ -234,11 +232,11 @@ export CFLAGS="-Wno-error"
# Configure Guacamole Server source
./configure --with-systemd-dir=/etc/systemd/system &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo "Failed to configure guacamole-server"
echo "Trying again with --enable-allow-freerdp-snapshots"
./configure --with-systemd-dir=/etc/systemd/system --enable-allow-freerdp-snapshots
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo "Failed to configure guacamole-server - again"
exit
fi
@ -249,7 +247,7 @@ fi
echo -e "${GREY}Running make and building the Guacamole-Server application..."
make &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -259,7 +257,7 @@ fi
echo -e "${GREY}Installing Guacamole-Server..."
make install &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -277,7 +275,7 @@ mv -f guacamole-${GUAC_VERSION}.war /etc/guacamole/guacamole.war
chmod 664 /etc/guacamole/guacamole.war
# Create a symbolic link for Tomcat
ln -sf /etc/guacamole/guacamole.war /var/lib/${TOMCAT_VERSION}/webapps/ &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -288,7 +286,7 @@ fi
echo -e "${GREY}Moving guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-jdbc-${GUAC_VERSION}/mysql/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -300,7 +298,7 @@ fi
echo -e "${GREY}Moving mysql-connector-j-${MYSQLJCON}.jar (/etc/guacamole/lib/mysql-connector-java.jar)..."
mv -f mysql-connector-j-${MYSQLJCON}/mysql-connector-j-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar
chmod 664 /etc/guacamole/lib/mysql-connector-java.jar
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -318,11 +316,11 @@ echo "mysql-username: ${GUAC_USER}" >>/etc/guacamole/guacamole.properties
echo "mysql-password: ${GUAC_PWD}" >>/etc/guacamole/guacamole.properties
# Move TOTP files
if [ "${INSTALL_TOTP}" = true ]; then
if [[ "${INSTALL_TOTP}" = true ]]; then
echo -e "${GREY}Moving guacamole-auth-totp-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-totp-${GUAC_VERSION}/guacamole-auth-totp-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-totp-${GUAC_VERSION}.jar
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -332,7 +330,7 @@ if [ "${INSTALL_TOTP}" = true ]; then
fi
# Move Duo files
if [ "${INSTALL_DUO}" = true ]; then
if [[ "${INSTALL_DUO}" = true ]]; then
echo -e "${GREY}Moving guacamole-auth-duo-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-duo-${GUAC_VERSION}/guacamole-auth-duo-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-duo-${GUAC_VERSION}.jar
@ -341,7 +339,7 @@ if [ "${INSTALL_DUO}" = true ]; then
echo "#duo-secret-key: " >>/etc/guacamole/guacamole.properties
echo "#duo-application-key: " >>/etc/guacamole/guacamole.properties
echo -e "Duo auth is installed, it will need to be configured via guacamole.properties"
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -351,7 +349,7 @@ if [ "${INSTALL_DUO}" = true ]; then
fi
# Move LDAP files
if [ "${INSTALL_LDAP}" = true ]; then
if [[ "${INSTALL_LDAP}" = true ]]; then
echo -e "${GREY}Moving guacamole-auth-ldap-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-ldap-${GUAC_VERSION}/guacamole-auth-ldap-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-ldap-${GUAC_VERSION}.jar
@ -367,7 +365,7 @@ if [ "${INSTALL_LDAP}" = true ]; then
echo "#ldap-user-base-dn: OU=SomeOU,DC=domain,DC=com" >>/etc/guacamole/guacamole.properties
echo "#ldap-user-search-filter:(objectClass=user)(!(objectCategory=computer))" >>/etc/guacamole/guacamole.properties
echo "#ldap-max-search-results:200" >>/etc/guacamole/guacamole.properties
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -377,11 +375,11 @@ if [ "${INSTALL_LDAP}" = true ]; then
fi
# Move quick-connect extension files
if [ "${INSTALL_QCONNECT}" = true ]; then
if [[ "${INSTALL_QCONNECT}" = true ]]; then
echo -e "${GREY}Moving guacamole-auth-quickconnect-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-quickconnect-${GUAC_VERSION}/guacamole-auth-quickconnect-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-quickconnect-${GUAC_VERSION}.jar
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -391,7 +389,7 @@ if [ "${INSTALL_QCONNECT}" = true ]; then
fi
# Move history recording storage extension files
if [ "${INSTALL_HISTREC}" = true ]; then
if [[ "${INSTALL_HISTREC}" = true ]]; then
echo -e "${GREY}Moving guacamole-history-recording-storage-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-history-recording-storage-${GUAC_VERSION}/guacamole-history-recording-storage-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-history-recording-storage-${GUAC_VERSION}.jar
@ -400,7 +398,7 @@ if [ "${INSTALL_HISTREC}" = true ]; then
chown daemon:tomcat ${HISTREC_PATH}
chmod 2750 ${HISTREC_PATH}
echo "recording-search-path: ${HISTREC_PATH}" >>/etc/guacamole/guacamole.properties
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -413,7 +411,7 @@ fi
echo -e "${GREY}Setting the Guacamole console to a (customisable) dark mode themed template..."
mv branding.jar /etc/guacamole/extensions
chmod 664 /etc/guacamole/extensions/branding.jar
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -424,7 +422,7 @@ fi
# Restart Tomcat
echo -e "${GREY}Restarting Tomcat service & enable at boot..."
systemctl restart ${TOMCAT_VERSION}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -434,9 +432,8 @@ fi
# Set Tomcat to start at boot
systemctl enable ${TOMCAT_VERSION}
echo
if [ "${INSTALL_MYSQL}" = true ]; then
if [[ "${INSTALL_MYSQL}" = true ]]; then
# Set MySQL password
export MYSQL_PWD=${MYSQL_ROOT_PWD}
@ -446,7 +443,7 @@ if [ "${INSTALL_MYSQL}" = true ]; then
FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
echo ${SQLCODE} | $DB_CMD -u root
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -459,7 +456,7 @@ ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
/etc/mysql/mysql.conf.d/mysqld.cnf \
/etc/mysql/my.cnf; do
# Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename.
if [ -e "${x}" ]; then
if [[ -e "${x}" ]]; then
if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then
mysqlconfig="${x}"
# Reduce any duplicated section names, then sanitise the [ ] special characters for sed below)
@ -470,7 +467,7 @@ ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
done
# Set the MySQL Timezone
if [ -z "${mysqlconfig}" ]; then
if [[ -z "${mysqlconfig}" ]]; then
echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings"
else
# Is there already a timzeone value configured?
@ -478,7 +475,7 @@ ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
echo -e "MySQL database timezone defined in ${mysqlconfig}"
else
timezone=${DB_TZ}
if [ -z "${DB_TZ}" ]; then
if [[ -z "${DB_TZ}" ]]; then
echo -e "Couldn't find system timezone, using UTC$"
timezone="UTC"
fi
@ -488,7 +485,7 @@ ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
sed -i -e "/^\[${config_section}\]/a default_time_zone = ${timezone}" "${mysqlconfig}"
fi
fi
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
@ -501,7 +498,7 @@ ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
# However this setting can be quick and hacky way to build a backend guacamole database server for use behind another guac application server
# (albeit with the full application suite installed). To do this, set GUAC_USERHost="%" for login access from all IPs, or e.g. 192.168.1.% for an IP range.
# You will also need to set the MySQL binding away from the default 127.0.0.1 to 0.0.0.0 or a specific external facing network interface to allow remote login.
if [ "${MYSQL_HOST}" != "localhost" ]; then
if [[ "${MYSQL_HOST}" != "localhost" ]]; then
GUAC_USERHost="%"
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}"
else
@ -517,7 +514,7 @@ CREATE USER IF NOT EXISTS '${GUAC_USER}'@'${GUAC_USERHost}' IDENTIFIED BY \"${GU
GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USERHost}';
FLUSH PRIVILEGES;"
echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
@ -528,7 +525,7 @@ FLUSH PRIVILEGES;"
# Add Guacamole schema to newly created database
echo -e "${GREY}Adding database tables..."
cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
@ -538,7 +535,7 @@ FLUSH PRIVILEGES;"
fi
# Apply Secure MySQL installation settings
if [ "${SECURE_MYSQL}" = true ] && [ "${INSTALL_MYSQL}" = true ]; then
if [[ "${SECURE_MYSQL}" = true ]] && [[ "${INSTALL_MYSQL}" = true ]]; then
echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}"
SECURE_MYSQL=$(expect -c "
set timeout 10
@ -560,7 +557,7 @@ send \"y\r\"
expect eof
")
echo "$SECURE_MYSQL"
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -570,12 +567,12 @@ expect eof
fi
# Restart MySQL service
if [ "${INSTALL_MYSQL}" = true ]; then
if [[ "${INSTALL_MYSQL}" = true ]]; then
echo -e "${GREY}Restarting MySQL service & enable at boot..."
# Set MySQl to start at boot
systemctl enable mysql
systemctl restart mysql
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
@ -591,7 +588,7 @@ cat >/etc/guacamole/guacd.conf <<-"EOF"
bind_host = 127.0.0.1
bind_port = 4822
EOF
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -604,7 +601,7 @@ echo -e "${GREY}Starting guacd service & enable at boot..."
systemctl enable guacd
systemctl stop guacd 2>/dev/null
systemctl start guacd
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -612,14 +609,14 @@ else
echo
fi
if [ "${CHANGE_ROOT}" = true ]; then
if [[ "${GUAC_URL_REDIR}" = true ]]; then
echo -e "${GREY}Shortening the Guacamole root url and setting up redirect...${DGREY}"
systemctl stop ${TOMCAT_VERSION}
mv /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.html /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.html.old
touch /var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp
echo "<% response.sendRedirect(\"/guacamole\");%>" >>/var/lib/${TOMCAT_VERSION}/webapps/ROOT/index.jsp
systemctl start ${TOMCAT_VERSION}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -636,7 +633,7 @@ sudo ufw allow 8080/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1
# Reduce firewall logging noise
sudo ufw logging off >/dev/null 2>&1
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -649,16 +646,15 @@ echo -e "${GREY}Cleanup install files...${GREY}"
rm -rf guacamole-*
rm -rf mysql-connector-j-*
rm -rf mariadb_repo_setup
if [ "${INSTALL_NGINX}" = false ]; then
rm -rf 3-install-nginx.sh
if [[ "${INSTALL_NGINX}" = false ]]; then
rm -f 3-install-nginx.sh
rm -f 4a-install-tls-self-signed-nginx.sh
rm -rf 4b-install-tls-letsencrypt-nginx.sh
rm -f 4b-install-tls-letsencrypt-nginx.sh
rm -f refresh-tls-self-signed.sh
fi
unset MYSQL_PWD
apt-get -y remove expect &>>${INSTALL_LOG}
apt-get -y autoremove &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else

10
3-install-nginx.sh
View file

@ -43,7 +43,7 @@ server {
}
}
EOF
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -64,7 +64,7 @@ unlink /etc/nginx/sites-enabled/default
# Do mandatory Nginx tweaks for logging actual client IPs through a proxy IP of 127.0.0.1 - DO NOT CHANGE COMMAND FORMATING!
echo -e "${GREY}Configuring Apache Tomcat valve for pass through of client IPs to Guacamole logs...${GREY}"
sudo sed -i '/pattern="%h %l %u %t &quot;%r&quot; %s %b"/a \ <!-- Allow host IP to pass through to guacamole.-->\n <Valve className="org.apache.catalina.valves.RemoteIpValve"\n internalProxies="127\.0\.0\.1|0:0:0:0:0:0:0:1"\n remoteIpHeader="x-forwarded-for"\n remoteIpProxiesHeader="x-forwarded-by"\n protocolHeader="x-forwarded-proto" />' /etc/$TOMCAT_VERSION/server.xml
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -76,7 +76,7 @@ fi
sudo sed -i '/client_max_body_size/d' /etc/nginx/nginx.conf # remove this line if it already exists to prevent duplicates
sudo sed -i "/Basic Settings/a \ client_max_body_size 100000000M;" /etc/nginx/nginx.conf # Add the larger file transfer size
echo -e "${GREY}Boosting Nginx's 'maximum body size' parameter to allow large file transfers...${GREY}"
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -92,7 +92,7 @@ sudo ufw allow OpenSSH >/dev/null 2>&1
sudo ufw allow 80/tcp >/dev/null 2>&1
sudo ufw delete allow 8080/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -105,7 +105,7 @@ echo -e "${GREY}Restaring Guacamole & Ngnix..."
sudo systemctl restart $TOMCAT_VERSION
sudo systemctl restart guacd
sudo systemctl restart nginx
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else

12
4a-install-tls-self-signed-nginx.sh
View file

@ -71,7 +71,7 @@ EOF
echo
echo "{$GREY}Creating a new Nginx TLS Certificate..."
openssl req -x509 -nodes -newkey rsa:2048 -keyout $TLSNAME.key -out $TLSNAME.crt -days $TLSDAYS -config $TMP_DIR/cert_attributes.txt
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -86,7 +86,7 @@ sudo cp $TLSNAME.crt $DIR_SSL_CERT/$TLSNAME.crt
# Create a PFX formatted key for easier import to Windows hosts and change permissions to enable copying elsewhere
echo -e "${GREY}Converting client certificates for Windows & Linux...${GREY}"
sudo openssl pkcs12 -export -out $TLSNAME.pfx -inkey $TLSNAME.key -in $TLSNAME.crt -password pass:1234
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -102,7 +102,7 @@ sudo chown $SUDO_USER:root $TLSNAME.key
# Backup the current Nginx config before update
echo -e "${GREY}Backing up previous Nginx proxy to $DOWNLOAD_DIR/$TLSNAME-nginx.bak"
cp /etc/nginx/sites-enabled/${TLSNAME} $DOWNLOAD_DIR/${TLSNAME}-nginx.bak
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -150,7 +150,7 @@ server {
}
}
EOF
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -166,7 +166,7 @@ sudo ufw allow OpenSSH >/dev/null 2>&1
sudo ufw allow 80/tcp >/dev/null 2>&1
sudo ufw allow 443/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -179,7 +179,7 @@ echo -e "${GREY}Restaring Guacamole & Ngnix..."
sudo systemctl restart $TOMCAT_VERSION
sudo systemctl restart guacd
sudo systemctl restart nginx
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else

12
4b-install-tls-letsencrypt-nginx.sh
View file

@ -29,7 +29,7 @@ apt-get install nginx certbot python3-certbot-nginx -qq -y &>>${INSTALL_LOG}
echo
echo -e "${GREY}Backing up previous Nginx proxy to $DOWNLOAD_DIR/$PROXY_SITE-nginx.bak"
cp /etc/nginx/sites-enabled/${PROXY_SITE} $DOWNLOAD_DIR/${PROXY_SITE}-nginx.bak
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -57,7 +57,7 @@ server {
}
}
EOL
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -73,7 +73,7 @@ sudo ufw allow OpenSSH >/dev/null 2>&1
sudo ufw allow 80/tcp >/dev/null 2>&1
sudo ufw allow 443/tcp >/dev/null 2>&1
echo "y" | sudo ufw enable >/dev/null 2>&1
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -88,7 +88,7 @@ systemctl restart nginx
certbot --nginx -n -d $LE_DNS_NAME --email $LE_EMAIL --agree-tos --redirect --hsts
echo -e
echo -e "${GREY}Let's Encrypt successfully installed, but check for any errors above (DNS & firewall are the usual culprits).${GREY}"
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -110,7 +110,7 @@ echo "${MINUTE} ${HOUR} * * * /usr/bin/certbot renew --quiet --pre-hook 'systemc
# Overwrite old cron settings and cleanup
crontab cron_1
rm cron_1
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -123,7 +123,7 @@ echo -e "${GREY}Restaring Guacamole & Ngnix..."
sudo systemctl restart $TOMCAT_VERSION
sudo systemctl restart guacd
sudo systemctl restart nginx
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else

14
README.md
View file

@ -1,6 +1,6 @@
# Guacamole 1.5.3 VDI/Jump Server Appliance Build Script
<img src="https://github.githubassets.com/images/icons/emoji/sparkles.png" width="35"> This repo makes setting up a Guacamole a breeze. Its got installer support for TLS reverse proxy, Active Directory integration, multi-factor authentication, Quick Connect & History Recording Storage UI enhancements, dark mode and custom UI templates, auto database backup, O365 email alerts and even fail2ban and internal daemon security hardening options. There's also code in here to get you up and running with Guacamole in an enterprise or high availability deployment too!
<img src="https://github.githubassets.com/images/icons/emoji/sparkles.png" width="35"> This repo makes setting up a Guacamole a breeze. Its got installer support for TLS reverse proxy, Active Directory integration, multi-factor authentication, Quick Connect & History Recording Storage UI enhancements, dark mode and custom UI templates, auto database backup, O365 email alerts and even fail2ban and internal daemon security hardening options. There's also code in here to get you up and running with an enterprise high availability deployment too!
## Automatic Installation
@ -10,15 +10,21 @@
wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.sh && chmod +x 1-setup.sh && ./1-setup.sh
```
## Prerequisites (Debian 12 now working!)
## Prerequisites (Yes! Debian 12 is now supported!)
<img src="https://github.githubassets.com/images/icons/emoji/lock.png" width="35"> **Before diving in, make sure you have:**
- A compatible OS: Ubuntu 18.04 - 22.x, Debian 10, 11 or 12, or Raspbian Buster/Bullseye (If using vendor cloud images stick to stable releases).
- **A compatible OS:**
- **Debian 12, 11 or 10**
- **Ubuntu 23.04, 22.04, 20.04 & 18.04**
- **Raspbian Buster & Bullseye**
- **Official vendor cloud images equivalent to the above.**
- Minimum 8GB RAM and 40GB HDD.
- DNS entries matching your default appliance network interface IP (essential for TLS).
- Open TCP ports: 22, 80, and 443.
23.04, 22.04, 20.04 & 18.04
## Installation Menu
<img src="https://github.githubassets.com/images/icons/emoji/wrench.png" width="35"> **The main script guides you through the installation process in the following steps:**
@ -50,7 +56,7 @@ wget https://raw.githubusercontent.com/itiligent/Guacamole-Install/main/1-setup.
1. Paste and run the wget autorun link in your home directory.
2. Exit `1-setup.sh` at the first prompt. (At this point the scripts are downloaded only.)
3. Customise the huge number of installation variables available in `1-setup.sh` as required. (Certain combinations of edits will produce a fully unattended install.)
3. Customise the huge number of installation variables available in `1-setup.sh` as required. All options for customisation are found in the top sections of this script only. (Certain combinations of edits will even produce a fully unattended install!)
4. **Caution: If editing `1-setup.sh`, be aware that running the autorun link again re-downloads and overwrites all changes. You must run setup locally after editing.** (Also be sure to comment out the download links in the setup script for any other edited scripts. There should be little need to edit outside of the setup script's options.)
5. The **upgrade-guac.sh, add-tls-guac-daemon.sh, refresh-tls-self-signed.sh & backup-guac.sh** scripts are automatically adjusted at installation to match your chosen installation settings. These can be run after install without any modification.
6. If the self-signed TLS proxy option is selected, browser client TLS certificates will be automatically created and saved to `$HOME/guac-setup`.

2
guac-custom-theme-builder/README.MD
View file

@ -1,7 +1,7 @@
## Custom branding & theme instructions ##
1. Install Java JDK: `sudo apt update && sudo apt -y install default-jdk`
1. Install the Java JDK: `sudo apt update && sudo apt -y install default-jdk`
3. Modify `custom-theme.css` ,`guac-manifest.json`, `en.json` & `META-INF` as desired & add your logo .png files to the images directory.
4. To commit your changes, run the below commands from within the custom-theme-builder directory, then refresh your browser to re-login to Guacamole:
```

46
guac-enterprise-build/install-mysql-backend-only.sh
View file

@ -27,14 +27,14 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
if [[ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]]; then
echo
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
@ -100,7 +100,7 @@ DB_TZ=$(cat /etc/timezone) # Typically system default (cat /etc/timezone) or cha
# Choose a specific MySQL version e.g. 11.1.2 See https://mariadb.org/mariadb/all-releases/ for available versions.
MYSQL_VERSION="" # Blank "" forces distro default MySQL packages.
if [ -z "${MYSQL_VERSION}" ]; then
if [[ -z "${MYSQL_VERSION}" ]]; then
# Use Linux distro default version.
MYSQLPKG="default-mysql-server default-mysql-client mysql-common"
DB_CMD="mysql" # mysql command is depricated
@ -115,7 +115,7 @@ echo -e "${GREY}Updating base Linux OS..."
export DEBIAN_FRONTEND=noninteractive
apt-get update -qq &>>${INSTALL_LOG}
apt-get upgrade -qq -y &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -126,7 +126,7 @@ fi
cd $DOWNLOAD_DIR
# Add the official MariaDB repo
if [ -n "${MYSQL_VERSION}" ]; then
if [[ -n "${MYSQL_VERSION}" ]]; then
apt-get -qq -y install curl gnupg2 &>>${INSTALL_LOG}
curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup &>>${INSTALL_LOG}
bash mariadb_repo_setup --mariadb-server-version=$MYSQL_VERSION &>>${INSTALL_LOG}
@ -135,7 +135,7 @@ fi
# Download and extract the Guacamole SQL authentication extension containing the database schema
echo -e "${GREY}Downloading Guacamole database source files..."
wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz"
exit 1
@ -147,7 +147,7 @@ echo -e "${LGREEN}Downloaded guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz${GREY}"
echo
echo -e "${GREY}Installing MySQL packages..."
apt-get -qq -y install ${MYSQLPKG} &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -161,7 +161,7 @@ SQLCODE="
FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
echo ${SQLCODE} | $DB_CMD -u root
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -174,7 +174,7 @@ for x in /etc/mysql/mariadb.conf.d/50-server.cnf \
/etc/mysql/mysql.conf.d/mysqld.cnf \
/etc/mysql/my.cnf; do
# Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename.
if [ -e "${x}" ]; then
if [[ -e "${x}" ]]; then
if grep -qE '^\[(mysqld|mariadbd)\]$' "${x}"; then
mysqlconfig="${x}"
# Reduce any duplicated section names, then sanitise the [ ] special characters for sed below)
@ -185,7 +185,7 @@ for x in /etc/mysql/mariadb.conf.d/50-server.cnf \
done
# Set the MySQL Timezone
if [ -z "${mysqlconfig}" ]; then
if [[ -z "${mysqlconfig}" ]]; then
echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings"
else
# Is there already a timzeone value configured?
@ -193,7 +193,7 @@ else
echo -e "MySQL database timezone defined in ${mysqlconfig}"
else
timezone=${DB_TZ}
if [ -z "${DB_TZ}" ]; then
if [[ -z "${DB_TZ}" ]]; then
echo -e "Couldn't find system timezone, using UTC$"
timezone="UTC"
fi
@ -203,7 +203,7 @@ else
sed -i -e "/^\[${config_section}\]/a default_time_zone = ${timezone}" "${mysqlconfig}"
fi
fi
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
@ -214,7 +214,7 @@ fi
# Set the MySQL binding IP address to whatever the setup variable is set to.
echo -e "${GREY}Setting MySQL IP address binding to ${MYSQL_BIND_ADDR}..."
sed -i "s/^bind-address[[:space:]]*=[[:space:]]*.*/bind-address = ${MYSQL_BIND_ADDR}/g" ${mysqlconfig}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
@ -224,21 +224,21 @@ fi
# Establish the appropriate form of Guacamole user account access (remote or localhost login permissions)
echo -e "${GREY}Setting up database access parameters for the Guacamole user ..."
if [ "${BACKEND_MYSQL}" = true ] && [ -z "${FRONTEND_NET}" ]; then
if [[ "${BACKEND_MYSQL}" = true ]] && [[ -z "${FRONTEND_NET}" ]]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}"
# e.g. RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';"
GUAC_USERHost="%" # Allow all IPs
elif [ "${BACKEND_MYSQL}" = true ] && [ -n "${FRONTEND_NET}" ]; then
elif [[ "${BACKEND_MYSQL}" = true ]] && [[ -n "${FRONTEND_NET}" ]]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from ${FRONTEND_NET}.${GREY}"
GUAC_USERHost="${FRONTEND_NET}" # Apply the given range
elif [ "${BACKEND_MYSQL}" = false ] || [ -z "${BACKEND_MYSQL}" ]; then
elif [[ "${BACKEND_MYSQL}" = false ]] || [[ -z "${BACKEND_MYSQL}" ]]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}"
GUAC_USERHost=localhost # Assume a localhost only install
else
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}"
GUAC_USERHost=localhost # Assume a localhost only install
fi
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
@ -256,7 +256,7 @@ GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USER
FLUSH PRIVILEGES;"
# Execute SQL code
echo ${SQLCODE} | $DB_CMD -u root -D mysql -p${MYSQL_ROOT_PWD}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
@ -267,7 +267,7 @@ fi
# Add Guacamole's schema code to newly created database
echo -e "${GREY}Adding the Guacamole database schema..."
cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
@ -276,7 +276,7 @@ else
fi
# Apply Secure MySQL installation settings
if [ "${SECURE_MYSQL}" = true ]; then
if [[ "${SECURE_MYSQL}" = true ]]; then
apt-get -qq -y install expect &>>${INSTALL_LOG}
echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}"
SECURE_MYSQL=$(expect -c "
@ -299,7 +299,7 @@ send \"y\r\"
expect eof
")
echo "$SECURE_MYSQL"
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -312,7 +312,7 @@ fi
echo -e "${GREY}Restarting MySQL service & enable at boot..."
systemctl enable mysql
systemctl restart mysql
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
@ -325,7 +325,7 @@ echo -e "${GREY}Cleaning up install files...${GREY}"
apt-get -y remove expect &>>${INSTALL_LOG}
apt-get -y autoremove &>>${INSTALL_LOG}
rm -rf guacamole-*
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
exit 1
else

12
guac-enterprise-build/upgrade-mysql-backend-only.sh
View file

@ -25,14 +25,14 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
if [[ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]]; then
echo
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
@ -82,7 +82,7 @@ echo
# Download and extract the Guacamole SQL authentication extension containing the database schema
wget -q --show-progress -O guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz"
exit 1
@ -103,7 +103,7 @@ for FILE in ${UPGRADEFILES[@]}; do
mariadb -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG}
fi
done
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -114,7 +114,7 @@ fi
# Restart MySQL service
echo -e "${GREY}Restarting MySQL service..."
systemctl restart mysql
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed${GREY}" 1>&2
exit 1
else
@ -125,7 +125,7 @@ fi
# Cleanup
echo -e "${GREY}Clean up install files...${GREY}"
rm -rf guacamole-*
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else

4
guac-management/backup-guac.sh
View file

@ -45,7 +45,7 @@ mysqldump -h ${MYSQL_HOST} \
${GUAC_DB} \
--single-transaction --quick --lock-tables=false >${DB_BACKUP_DIR}${GUAC_DB}-${TODAY}.sql
SQLFILE=${DB_BACKUP_DIR}${GUAC_DB}-${TODAY}.sql
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Backup failed.${GREY}" 1>&2
exit 1
else
@ -54,7 +54,7 @@ else
fi
gzip -f ${SQLFILE}
# Error check and email alerts
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Backup failed.${GREY}" 1>&2
exit 1
else

10
guac-management/refresh-tls-self-signed.sh
View file

@ -23,7 +23,7 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
echo
@ -61,7 +61,7 @@ CERT_DAYS=
DEFAULT_IP=
# Assume the values used by the guacamole installer if the script is run without any command line options
if [ -z "$1" ] | [ -z "$2" ] | [ -z "$3" ]; then
if [[ -z "$1" ]] | [[ -z "$2" ]] | [[ -z "$3" ]]; then
TLSNAME=$PROXY_SITE
TLSDAYS=$CERT_DAYS
TLSIP=$DEFAULT_IP
@ -107,7 +107,7 @@ echo
# Create the new certificates
echo "{$GREY}Creating a new TLS Certificate..."
openssl req -x509 -nodes -newkey rsa:2048 -keyout $TLSNAME.key -out $TLSNAME.crt -days $TLSDAYS -config cert_attributes.txt
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed.${GREY}" 1>&2
exit 1
else
@ -122,7 +122,7 @@ cp $TLSNAME.crt $DIR_SSL_CERT/$TLSNAME.crt
# Create a PFX formatted key for easier import to Windows hosts and change permissions to enable copying elsewhere
echo -e "${GREY}Converting client certificates for Windows & Linux...${GREY}"
openssl pkcs12 -export -out $TLSNAME.pfx -inkey $TLSNAME.key -in $TLSNAME.crt -password pass:1234
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed.${GREY}" 1>&2
exit 1
else
@ -139,7 +139,7 @@ TOMCAT=$(ls /etc/ | grep tomcat)
systemctl restart $TOMCAT
systemctl restart guacd
systemctl restart nginx
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed.${GREY}" 1>&2
exit 1
else

38
guac-management/upgrade-guac.sh
View file

@ -22,14 +22,14 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LRED}Please run this script as sudo or root${NC}" 1>&2
exit 1
fi
# Check to see if any previous version of build/install files exist, if so stop and check to be safe.
if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]; then
if [[ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*' \))" != "" ]]; then
echo
echo -e "${LRED}Possible previous install files detected. Please review and remove old guacamole install files before proceeding.${GREY}" 1>&2
echo
@ -96,7 +96,7 @@ cd $DOWNLOAD_DIR
echo
echo -e "${GREY}Downloading updated Guacamole source files and beginning Guacamole ${OLD_GUAC_VERSION} to ${NEW_GUAC_VERSION} upgrade..."
wget -q --show-progress -O guacamole-${NEW_GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${NEW_GUAC_VERSION}.war
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-${NEW_GUAC_VERSION}.war" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${NEW_GUAC_VERSION}.war${GREY}"
exit 1
@ -109,7 +109,7 @@ echo -e "${LGREEN}Upgraded Guacamole client to version ${NEW_GUAC_VERSION}${GREY
# Download and upgrade Guacamole SQL authentication extension
wget -q --show-progress -O guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz"
exit 1
@ -123,7 +123,7 @@ echo -e "${LGREEN}Upgraded Guacamole SQL jdbc to version ${NEW_GUAC_VERSION}${GR
# Download MySQL connector/j
wget -q --show-progress -O mysql-connector-j-${NEW_MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${NEW_MYSQLJCON}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download mysql-connector-j-${NEW_MYSQLJCON}.tar.gz" 1>&2
echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${NEW_MYSQLJCON}}.tar.gz${GREY}"
exit 1
@ -136,7 +136,7 @@ echo -e "${LGREEN}Upgraded MySQL connector/j to ${NEW_MYSQLJCON}${GREY}"
# Download Guacamole Server
wget -q --show-progress -O guacamole-server-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-server-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${NEW_GUAC_VERSION}.tar.gz${GREY}"
exit 1
@ -153,11 +153,11 @@ echo -e "${GREY}Compiling Guacamole-Server ${NEW_GUAC_VERSION} from source with
export CFLAGS="-Wno-error"
# Configure Guacamole Server source
./configure --with-systemd-dir=/etc/systemd/system &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo "Failed to configure guacamole-server"
echo "Trying again with --enable-allow-freerdp-snapshots"
./configure --with-systemd-dir=/etc/systemd/system --enable-allow-freerdp-snapshots
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo "Failed to configure guacamole-server - again"
exit
fi
@ -168,7 +168,7 @@ fi
echo -e "${GREY}Running make and building the upgraded Guacamole-Server application..."
make &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -179,7 +179,7 @@ fi
echo -e "${GREY}Installing the upgraded Guacamole-Server..."
make install &>>${INSTALL_LOG}
ldconfig
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -190,7 +190,7 @@ fi
cd ..
# Don't run the SQL upgrade commands if original setup option was set to remote MySQL instance. - Use separate DB update script.
if [ "${INSTALL_MYSQL}" = true ]; then
if [[ "${INSTALL_MYSQL}" = true ]]; then
# Get list of SQL Upgrade Files
echo -e "${GREY}Upgrading MySQL Schema..."
UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/ | sort -V))
@ -203,7 +203,7 @@ if [ "${INSTALL_MYSQL}" = true ]; then
mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG}
fi
done
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -218,7 +218,7 @@ for file in /etc/guacamole/extensions/guacamole-auth-totp*.jar; do
echo -e "${LGREEN}TOTP authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-totp*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz"
exit 1
@ -238,7 +238,7 @@ for file in /etc/guacamole/extensions/guacamole-auth-duo*.jar; do
echo -e "${LGREEN}DUO authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-duo*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz"
exit 1
@ -258,7 +258,7 @@ for file in /etc/guacamole/extensions/guacamole-auth-ldap*.jar; do
echo -e "${LGREEN}LDAP authentication extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-ldap*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz"
exit 1
@ -278,7 +278,7 @@ for file in /etc/guacamole/extensions/guacamole-auth-quickconnect*.jar; do
echo -e "${LGREEN}Quick Connect extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-auth-quickconnect*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-quickconnect-${NEW_GUAC_VERSION}.tar.gz"
exit 1
@ -298,7 +298,7 @@ for file in /etc/guacamole/extensions/guacamole-history-recording-storage*.jar;
echo -e "${LGREEN}History Recording Storage extension was found, upgrading...${GREY}"
rm /etc/guacamole/extensions/guacamole-history-recording-storage*.jar &>>${INSTALL_LOG}
wget -q --show-progress -O guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed to download guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-history-recording-storage-${NEW_GUAC_VERSION}.tar.gz"
exit 1
@ -325,7 +325,7 @@ echo -e "${GREY}Starting guacd and Tomcat services..."
systemctl enable guacd
systemctl start guacd
systemctl start ${TOMCAT_VERSION}
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else
@ -337,7 +337,7 @@ fi
echo -e "${GREY}Clean up install files...${GREY}"
rm -rf guacamole-*
rm -rf mysql-connector-j-*
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1
else

2
guac-optional-features/add-auth-duo.sh
View file

@ -17,7 +17,7 @@ NC='\033[0m' #No Colour
clear
if ! [ $(id -u) = 0 ]; then
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1

2
guac-optional-features/add-auth-ldap.sh
View file

@ -18,7 +18,7 @@ NC='\033[0m' #No Colour
clear
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1

2
guac-optional-features/add-auth-totp.sh
View file

@ -18,7 +18,7 @@ NC='\033[0m' #No Colour
clear
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1

12
guac-optional-features/add-fail2ban.sh
View file

@ -18,7 +18,7 @@ NC='\033[0m' #No Colour
clear
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
@ -91,7 +91,7 @@ fi
#######################################################################################################################
# Install base fail2ban base application, and whitelist the local subnet as the starting baseline (no policy defined yet)
if [ "${FAIL2BAN_BASE}" = true ]; then
if [[ "${FAIL2BAN_BASE}" = true ]]; then
#Update and install fail2ban (and john for management of config file updates, and not overwrite any existing settings)
sudo apt-get update -qq >/dev/null 2>&1
@ -170,7 +170,7 @@ EOF
fi
if [ "${FAIL2BAN_BASE}" = true ]; then
if [[ "${FAIL2BAN_BASE}" = true ]]; then
# Now the above loop is done, append the single loopback address to all the discovered the subnet IDs in a single line
sed -i 's/^/127.0.0.1\/24 /' /tmp/netaddr.txt
@ -208,7 +208,7 @@ fi
# Fail2ban optional policy setup items ################################################################################
#######################################################################################################################
if [ "${FAIL2BAN_GUAC}" = true ]; then
if [[ "${FAIL2BAN_GUAC}" = true ]]; then
# Create the Guacamole jail.local policy template
cat >/tmp/fail2ban.conf <<EOF
@ -250,13 +250,13 @@ rm -f /tmp/netaddr.txt
rm -f /tmp/fail2ban.update
############## Start Fail2ban NGINX security policy option ###############
#if [ "${FAIL2BAN_NGINX}" = true ]; then
#if [[ "${FAIL2BAN_NGINX}" = true ]]; then
# echo -e "${LGREEN}Nginx Fail2ban policy not implemented yet.${GREY}"
# echo
#fi
############### Start Fail2ban SSH security policy option ################
#if [ "${FAIL2BAN_SSH}" = true ]; then
#if [[ "${FAIL2BAN_SSH}" = true ]]; then
# echo -e "${LGREEN}SSH Fail2ban policy not implemented yet..${GREY}"
# echo
#fi

8
guac-optional-features/add-smtp-relay-o365.sh
View file

@ -27,7 +27,7 @@ SERVER=$(uname -n)
DOMAIN_SEARCH_SUFFIX=$(grep search /etc/resolv.conf | grep -v "#" | sed 's/'search[[:space:]]'//')
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
@ -41,7 +41,7 @@ echo
echo -e "${GREY}Installing Postfix with non-interactive defaults..."
sudo apt update -qq >/dev/null 2>&1
DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y >/dev/null 2>&1
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Postfix install failed. ${GREY}" 1>&2
exit 1
else
@ -79,7 +79,7 @@ smtp_tls_security_level = encrypt
smtp_generic_maps = hash:/etc/postfix/generic
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
EOF
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Postfix restart failed. ${GREY}" 1>&2
exit 1
else
@ -110,7 +110,7 @@ sudo postmap /etc/postfix/generic
# Restart and test
echo -e "${GREY}Restarting Postfix..."
sudo systemctl restart postfix
if [ $? -ne 0 ]; then
if [[ $? -ne 0 ]]; then
echo -e "${LRED}Postfix restart failed. ${GREY}" 1>&2
exit 1
else

2
guac-optional-features/add-tls-guac-daemon.sh
View file

@ -19,7 +19,7 @@ LYELLOW='\033[0;93m'
NC='\033[0m' #No Colour
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1

6
guac-optional-features/add-xtra-histrecstor.sh
View file

@ -18,7 +18,7 @@ NC='\033[0m' #No Colour
clear
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1
@ -32,10 +32,10 @@ HISTREC_PATH_DEFAULT=/var/lib/guacamole/recordings # Apache default
while true; do
echo
read -p "Enter recorded storage path [Enter for default ${HISTREC_PATH_DEFAULT}]: " HISTREC_PATH
[ "${HISTREC_PATH}" = "" ] || [ "${HISTREC_PATH}" != "" ] && break
[[ "${HISTREC_PATH}" = "" ]] || [[ "${HISTREC_PATH}" != "" ]] && break
done
# If no custom path is given, lets assume the default path on hitting enter
if [ -z "${HISTREC_PATH}" ]; then
if [[ -z "${HISTREC_PATH}" ]]; then
HISTREC_PATH="${HISTREC_PATH_DEFAULT}"
fi
echo

2
guac-optional-features/add-xtra-quickconnect.sh
View file

@ -18,7 +18,7 @@ NC='\033[0m' #No Colour
clear
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then
if ! [[ $(id -u) = 0 ]]; then
echo
echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
exit 1