someorg/Easy-Guacamole-Installer
1
0
Fork 0
mirror of https://github.com/itiligent/Easy-Guacamole-Installer.git synced 2025-12-13 18:02:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

added notes for tls between distributed systems

Browse source
This commit is contained in:
Itiligent 2024-05-17 04:30:23 +10:00
parent ce7fe28b06
commit f57d64c080
1 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
guac-optional-features/add-tls-guac-daemon.sh
View file

@ -65,11 +65,13 @@ DNS.1 = localhost
IP.1 = 127.0.0.1 IP.1 = 127.0.0.1
EOF EOF
# Create the self signing request, certificate & key # Create the self signing request, certificate & key.
# If splitting guacd (backend) and guacamole (front end) across separate systems, run this command on guacd and then copy certs to the same location on guacamole server.
# Also consider omitting the setting -config cert_attributes.txt or IP.1 = 0.0.0.0 for future ip address changes if splitting.
openssl req -x509 -nodes -days $CERT_DAYS -newkey rsa:$RSA_KEY_LENGTH -keyout /etc/guacamole/ssl/guacd.key -out /etc/guacamole/ssl/guacd.crt -config cert_attributes.txt openssl req -x509 -nodes -days $CERT_DAYS -newkey rsa:$RSA_KEY_LENGTH -keyout /etc/guacamole/ssl/guacd.key -out /etc/guacamole/ssl/guacd.crt -config cert_attributes.txt
rm -f cert_attributes.txt rm -f cert_attributes.txt
# Point Guacamole config file to certificate and key # Point Guacamole config file to certificate and key. (If splitting, run this on guacd after changing bind_ host to 0.0.0.0 ).
cp /etc/guacamole/guacd.conf /etc/guacamole/guacd.conf.bak cp /etc/guacamole/guacd.conf /etc/guacamole/guacd.conf.bak
cat <<EOF | sudo tee /etc/guacamole/guacd.conf cat <<EOF | sudo tee /etc/guacamole/guacd.conf
[server] [server]
@ -80,19 +82,19 @@ server_certificate = /etc/guacamole/ssl/guacd.crt
server_key = /etc/guacamole/ssl/guacd.key server_key = /etc/guacamole/ssl/guacd.key
EOF EOF
# Enable TLS backend # Enable TLS backend (Add this to guacamole server front end if splitting)
cat <<EOF | sudo tee -a /etc/guacamole/guacamole.properties cat <<EOF | sudo tee -a /etc/guacamole/guacamole.properties
guacd-ssl: true guacd-ssl: true
EOF EOF
# Fix required permissions as guacd only runs as daemon # Fix required permissions as guacd only runs as daemon (Run on both systems if splitting)
chown daemon:daemon /etc/guacamole/ssl chown daemon:daemon /etc/guacamole/ssl
chown daemon:daemon /etc/guacamole/ssl/guacd.key chown daemon:daemon /etc/guacamole/ssl/guacd.key
chown daemon:daemon /etc/guacamole/ssl/guacd.crt chown daemon:daemon /etc/guacamole/ssl/guacd.crt
chmod 644 /etc/guacamole/ssl/guacd.crt chmod 644 /etc/guacamole/ssl/guacd.crt
chmod 644 /etc/guacamole/ssl/guacd.key chmod 644 /etc/guacamole/ssl/guacd.key
# Add the new certificate into the Java Runtime certificate store and set JRE to trust it. # Add the new certificate into the Java Runtime certificate store and set JRE to trust it. (Run on guacamole server front end if splitting)
cd /etc/guacamole/ssl cd /etc/guacamole/ssl
keytool -importcert -alias guacd -noprompt -cacerts -storepass changeit -file guacd.crt keytool -importcert -alias guacd -noprompt -cacerts -storepass changeit -file guacd.crt