someorg/Easy-Guacamole-Installer
1
0
Fork 0
mirror of https://github.com/itiligent/Easy-Guacamole-Installer.git synced 2025-12-14 02:12:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

shfmt clean up

Browse source
This commit is contained in:
Itiligent 2023-09-10 16:44:33 +10:00 committed by itiligent
parent aa4bd94799
commit fbb5da4c30
17 changed files with 972 additions and 981 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

172
2-install-guacamole.sh
View file

@ -20,7 +20,7 @@ if [ -z "${MYSQL_VERSION}" ]; then
# Use Linux distro default version. # Use Linux distro default version.
MYSQLPKG="default-mysql-server default-mysql-client mysql-common" MYSQLPKG="default-mysql-server default-mysql-client mysql-common"
DB_CMD="mysql" # mysql command is depricated DB_CMD="mysql" # mysql command is depricated
else else
# Use official mariadb.org repo # Use official mariadb.org repo
MYSQLPKG="mariadb-server mariadb-client mariadb-common" MYSQLPKG="mariadb-server mariadb-client mariadb-common"
DB_CMD="mariadb" # mysql command is depricated on newer versions DB_CMD="mariadb" # mysql command is depricated on newer versions
@ -34,13 +34,13 @@ fi
# Update everything but don't do the annoying prompts during apt installs # Update everything but don't do the annoying prompts during apt installs
echo -e "${GREY}Updating base Linux OS..." echo -e "${GREY}Updating base Linux OS..."
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
apt-get update -qq &>>${INSTALL_LOG} apt-get update -qq &>>${INSTALL_LOG}
apt-get upgrade -qq -y &>>${INSTALL_LOG} apt-get upgrade -qq -y &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
@ -66,21 +66,21 @@ apt-get -qq -y install ${MYSQLPKG} ${TOMCAT_VERSION} ${JPEGTURBO} ${LIBPNG} ufw
build-essential libcairo2-dev libtool-bin uuid-dev libavcodec-dev libavformat-dev libavutil-dev \ build-essential libcairo2-dev libtool-bin uuid-dev libavcodec-dev libavformat-dev libavutil-dev \
libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev \ libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev \
libpulse-dev libssl-dev libvorbis-dev libwebp-dev ghostscript &>>${INSTALL_LOG} libpulse-dev libssl-dev libvorbis-dev libwebp-dev ghostscript &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
# Install Postfix with default settings for smtp email relay # Install Postfix with default settings for smtp email relay
echo -e "${GREY}Installing Postfix MTA for backup email notifications and alerts, see separate SMTP relay configuration script..." echo -e "${GREY}Installing Postfix MTA for backup email notifications and alerts, see separate SMTP relay configuration script..."
DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y &>>${INSTALL_LOG} DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
systemctl restart postfix systemctl restart postfix
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
@ -88,44 +88,44 @@ fi
# Download Guacamole Server # Download Guacamole Server
echo -e "${GREY}Downloading Guacamole source files..." echo -e "${GREY}Downloading Guacamole source files..."
wget -q --show-progress -O guacamole-server-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-server-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-server-${GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-server-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz${GREY}" echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz${GREY}"
exit 1 exit 1
else else
tar -xzf guacamole-server-${GUAC_VERSION}.tar.gz tar -xzf guacamole-server-${GUAC_VERSION}.tar.gz
echo -e "${LGREEN}Downloaded guacamole-server-${GUAC_VERSION}.tar.gz${GREY}" echo -e "${LGREEN}Downloaded guacamole-server-${GUAC_VERSION}.tar.gz${GREY}"
fi fi
# Download Guacamole Client # Download Guacamole Client
wget -q --show-progress -O guacamole-${GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war wget -q --show-progress -O guacamole-${GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-${GUAC_VERSION}.war" 1>&2 echo -e "${LRED}Failed to download guacamole-${GUAC_VERSION}.war" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war${GREY}" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war${GREY}"
exit 1 exit 1
else else
echo -e "${LGREEN}Downloaded guacamole-${GUAC_VERSION}.war (Guacamole client)${GREY}" echo -e "${LGREEN}Downloaded guacamole-${GUAC_VERSION}.war (Guacamole client)${GREY}"
fi fi
# Download MySQL connector/j # Download MySQL connector/j
wget -q --show-progress -O mysql-connector-j-${MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}.tar.gz wget -q --show-progress -O mysql-connector-j-${MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}.tar.gz
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download mysql-connector-j-${MYSQLJCON}.tar.gz" 1>&2 echo -e "${LRED}Failed to download mysql-connector-j-${MYSQLJCON}.tar.gz" 1>&2
echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}}.tar.gz${GREY}" echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-${MYSQLJCON}}.tar.gz${GREY}"
exit 1 exit 1
else else
tar -xzf mysql-connector-j-${MYSQLJCON}.tar.gz tar -xzf mysql-connector-j-${MYSQLJCON}.tar.gz
echo -e "${LGREEN}Downloaded mysql-connector-j-${MYSQLJCON}.tar.gz${GREY}" echo -e "${LGREEN}Downloaded mysql-connector-j-${MYSQLJCON}.tar.gz${GREY}"
fi fi
# Download Guacamole authentication extensions # Download Guacamole authentication extensions
wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2 echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2
echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz"
exit 1 exit 1
else else
tar -xzf guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz tar -xzf guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
echo -e "${LGREEN}Downloaded guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz${GREY}" echo -e "${LGREEN}Downloaded guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz${GREY}"
fi fi
@ -242,27 +242,27 @@ if [ $? -ne 0 ]; then
echo "Failed to configure guacamole-server - again" echo "Failed to configure guacamole-server - again"
exit exit
fi fi
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
echo -e "${GREY}Running make and building the Guacamole-Server application..." echo -e "${GREY}Running make and building the Guacamole-Server application..."
make &>>${INSTALL_LOG} make &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
echo -e "${GREY}Installing Guacamole-Server..." echo -e "${GREY}Installing Guacamole-Server..."
make install &>>${INSTALL_LOG} make install &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
@ -273,37 +273,37 @@ ldconfig
# Move Guacamole client and authentication extensions to their correct install locations # Move Guacamole client and authentication extensions to their correct install locations
cd .. cd ..
echo -e "${GREY}Moving guacamole-${GUAC_VERSION}.war (/etc/guacamole/extensions/)..." echo -e "${GREY}Moving guacamole-${GUAC_VERSION}.war (/etc/guacamole/extensions/)..."
mv -f guacamole-${GUAC_VERSION}.war /etc/guacamole/guacamole.war mv -f guacamole-${GUAC_VERSION}.war /etc/guacamole/guacamole.war
chmod 664 /etc/guacamole/guacamole.war chmod 664 /etc/guacamole/guacamole.war
# Create a symbolic link for Tomcat # Create a symbolic link for Tomcat
ln -sf /etc/guacamole/guacamole.war /var/lib/${TOMCAT_VERSION}/webapps/ &>>${INSTALL_LOG} ln -sf /etc/guacamole/guacamole.war /var/lib/${TOMCAT_VERSION}/webapps/ &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
echo -e "${GREY}Moving guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..." echo -e "${GREY}Moving guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar (/etc/guacamole/extensions/)..."
mv -f guacamole-auth-jdbc-${GUAC_VERSION}/mysql/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar /etc/guacamole/extensions/ mv -f guacamole-auth-jdbc-${GUAC_VERSION}/mysql/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar /etc/guacamole/extensions/
chmod 664 /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar chmod 664 /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-${GUAC_VERSION}.jar
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
# Move MySQL connector/j files # Move MySQL connector/j files
echo -e "${GREY}Moving mysql-connector-j-${MYSQLJCON}.jar (/etc/guacamole/lib/mysql-connector-java.jar)..." echo -e "${GREY}Moving mysql-connector-j-${MYSQLJCON}.jar (/etc/guacamole/lib/mysql-connector-java.jar)..."
mv -f mysql-connector-j-${MYSQLJCON}/mysql-connector-j-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar mv -f mysql-connector-j-${MYSQLJCON}/mysql-connector-j-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar
chmod 664 /etc/guacamole/lib/mysql-connector-java.jar chmod 664 /etc/guacamole/lib/mysql-connector-java.jar
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
@ -411,12 +411,12 @@ fi
# Apply a branded interface and dark theme. You may delete this file and restart guacd & tomcat for the default console # Apply a branded interface and dark theme. You may delete this file and restart guacd & tomcat for the default console
echo -e "${GREY}Setting the Guacamole console to a (customisable) dark mode themed template..." echo -e "${GREY}Setting the Guacamole console to a (customisable) dark mode themed template..."
mv branding.jar /etc/guacamole/extensions mv branding.jar /etc/guacamole/extensions
chmod 664 /etc/guacamole/extensions/branding.jar chmod 664 /etc/guacamole/extensions/branding.jar
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
@ -424,10 +424,10 @@ fi
# Restart Tomcat # Restart Tomcat
echo -e "${GREY}Restarting Tomcat service & enable at boot..." echo -e "${GREY}Restarting Tomcat service & enable at boot..."
systemctl restart ${TOMCAT_VERSION} systemctl restart ${TOMCAT_VERSION}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
@ -437,25 +437,25 @@ systemctl enable ${TOMCAT_VERSION}
echo echo
if [ "${INSTALL_MYSQL}" = true ]; then if [ "${INSTALL_MYSQL}" = true ]; then
# Set MySQL password # Set MySQL password
export MYSQL_PWD=${MYSQL_ROOT_PWD} export MYSQL_PWD=${MYSQL_ROOT_PWD}
# Set the root password without a reliance on debconf. # Set the root password without a reliance on debconf.
echo -e "${GREY}Setting MySQL root password..." echo -e "${GREY}Setting MySQL root password..."
SQLCODE=" SQLCODE="
FLUSH PRIVILEGES; FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';" ALTER USER 'root'@'localhost' IDENTIFIED BY '$MYSQL_ROOT_PWD';"
echo ${SQLCODE} | $DB_CMD -u root echo ${SQLCODE} | $DB_CMD -u root
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
# Find the location of the MySQL or MariaDB config files. (Add to this list for more potential candidates.) # Find the location of the MySQL or MariaDB config files. (Add to this list for more potential candidates.)
for x in /etc/mysql/mariadb.conf.d/50-server.cnf \ for x in /etc/mysql/mariadb.conf.d/50-server.cnf \
/etc/mysql/mysql.conf.d/mysqld.cnf \ /etc/mysql/mysql.conf.d/mysqld.cnf \
/etc/mysql/my.cnf; do /etc/mysql/my.cnf; do
# Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename. # Check inside each candidate to see if a [mysqld] or [mariadbd] section exists, assign $x the correct filename.
@ -467,12 +467,12 @@ for x in /etc/mysql/mariadb.conf.d/50-server.cnf \
break break
fi fi
fi fi
done done
# Set the MySQL Timezone # Set the MySQL Timezone
if [ -z "${mysqlconfig}" ]; then if [ -z "${mysqlconfig}" ]; then
echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings" echo -e "${GREY}Couldn't detect MySQL config file - you will need to manually configure database timezone settings"
else else
# Is there already a timzeone value configured? # Is there already a timzeone value configured?
if grep -q "^default_time_zone[[:space:]]=" "${mysqlconfig}"; then if grep -q "^default_time_zone[[:space:]]=" "${mysqlconfig}"; then
echo -e "MySQL database timezone defined in ${mysqlconfig}" echo -e "MySQL database timezone defined in ${mysqlconfig}"
@ -494,47 +494,47 @@ else
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
# This should stay as localhost in most local MySQL install situations. This setting determine from WHERE the new ${GUAC_USER} # This should stay as localhost in most local MySQL install situations. This setting determine from WHERE the new ${GUAC_USER}
# will be able to login to the database (either specific remote IPs or localhost only.) # will be able to login to the database (either specific remote IPs or localhost only.)
# However this setting can be quick and hacky way to build a backend guacamole database server for use behind another guac application server # However this setting can be quick and hacky way to build a backend guacamole database server for use behind another guac application server
# (albeit with the full application suite installed). To do this, set GUAC_USERHost="%" for login access from all IPs, or e.g. 192.168.1.% for an IP range. # (albeit with the full application suite installed). To do this, set GUAC_USERHost="%" for login access from all IPs, or e.g. 192.168.1.% for an IP range.
# You will also need to set the MySQL binding away from the default 127.0.0.1 to 0.0.0.0 or a specific external facing network interface to allow remote login. # You will also need to set the MySQL binding away from the default 127.0.0.1 to 0.0.0.0 or a specific external facing network interface to allow remote login.
if [ "${MYSQL_HOST}" != "localhost" ]; then if [ "${MYSQL_HOST}" != "localhost" ]; then
GUAC_USERHost="%" GUAC_USERHost="%"
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}" echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}"
else else
GUAC_USERHost="localhost" GUAC_USERHost="localhost"
fi fi
# Execute SQL code to create the Guacamole database # Execute SQL code to create the Guacamole database
echo -e "${GREY}Creating the Guacamole database..." echo -e "${GREY}Creating the Guacamole database..."
SQLCODE=" SQLCODE="
DROP DATABASE IF EXISTS ${GUAC_DB}; DROP DATABASE IF EXISTS ${GUAC_DB};
CREATE DATABASE IF NOT EXISTS ${GUAC_DB}; CREATE DATABASE IF NOT EXISTS ${GUAC_DB};
CREATE USER IF NOT EXISTS '${GUAC_USER}'@'${GUAC_USERHost}' IDENTIFIED BY \"${GUAC_PWD}\"; CREATE USER IF NOT EXISTS '${GUAC_USER}'@'${GUAC_USERHost}' IDENTIFIED BY \"${GUAC_PWD}\";
GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USERHost}'; GRANT SELECT,INSERT,UPDATE,DELETE ON ${GUAC_DB}.* TO '${GUAC_USER}'@'${GUAC_USERHost}';
FLUSH PRIVILEGES;" FLUSH PRIVILEGES;"
echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT} echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
# Add Guacamole schema to newly created database # Add Guacamole schema to newly created database
echo -e "${GREY}Adding database tables..." echo -e "${GREY}Adding database tables..."
cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD} cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | $DB_CMD -u root -D ${GUAC_DB} -p${MYSQL_ROOT_PWD}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed${GREY}" 1>&2 echo -e "${LRED}Failed${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
fi fi
# Apply Secure MySQL installation settings # Apply Secure MySQL installation settings
@ -560,7 +560,7 @@ send \"y\r\"
expect eof expect eof
") ")
echo "$SECURE_MYSQL" echo "$SECURE_MYSQL"
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
@ -587,14 +587,14 @@ fi
# Create guacd.conf and locahost IP binding. # Create guacd.conf and locahost IP binding.
echo -e "${GREY}Binding guacd to 127.0.0.1 port 4822..." echo -e "${GREY}Binding guacd to 127.0.0.1 port 4822..."
cat >/etc/guacamole/guacd.conf <<-"EOF" cat >/etc/guacamole/guacd.conf <<-"EOF"
[server] [server]
bind_host = 127.0.0.1 bind_host = 127.0.0.1
bind_port = 4822 bind_port = 4822
EOF EOF
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
@ -607,7 +607,7 @@ systemctl start guacd
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
@ -639,7 +639,7 @@ sudo ufw logging off >/dev/null 2>&1
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
@ -661,7 +661,7 @@ apt-get -y autoremove &>>${INSTALL_LOG}
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}Failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi

15
guac-enterprise-build/install-mysql-backend-only.sh
View file

@ -11,7 +11,6 @@
# Layer 2 = GUAC SERVER & APPLICATION - use the main setup script, and select remote MYSQL DB option. # Layer 2 = GUAC SERVER & APPLICATION - use the main setup script, and select remote MYSQL DB option.
# Layer 3 = FRONT END REV PROXY (Potentially load balanced & HA) - approach TBA # Layer 3 = FRONT END REV PROXY (Potentially load balanced & HA) - approach TBA
####################################################################################################################### #######################################################################################################################
# Script pre-flight checks and settings ############################################################################### # Script pre-flight checks and settings ###############################################################################
####################################################################################################################### #######################################################################################################################
@ -42,7 +41,6 @@ if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*'
exit 1 exit 1
fi fi
####################################################################################################################### #######################################################################################################################
# Initial environment setup ########################################################################################### # Initial environment setup ###########################################################################################
####################################################################################################################### #######################################################################################################################
@ -73,7 +71,6 @@ echo -e " ${LGREEN}Powered by Itiligent"
echo echo
echo echo
####################################################################################################################### #######################################################################################################################
# Setup options. ###################################################################################################### # Setup options. ######################################################################################################
####################################################################################################################### #######################################################################################################################
@ -97,7 +94,6 @@ DB_TZ=$(cat /etc/timezone) # Typically system default (cat /etc/timezone) or ch
# To install a new MySQL database on the same server as the Guacamole application, set BACKEND_MYSQL="false" & # To install a new MySQL database on the same server as the Guacamole application, set BACKEND_MYSQL="false" &
# MYSQL_BIND_ADDR="127.0.0.1". See bottom of this script for some remaining DB migration actions. # MYSQL_BIND_ADDR="127.0.0.1". See bottom of this script for some remaining DB migration actions.
####################################################################################################################### #######################################################################################################################
# Start install actions ############################################################################################## # Start install actions ##############################################################################################
####################################################################################################################### #######################################################################################################################
@ -108,7 +104,7 @@ if [ -z "${MYSQL_VERSION}" ]; then
# Use Linux distro default version. # Use Linux distro default version.
MYSQLPKG="default-mysql-server default-mysql-client mysql-common" MYSQLPKG="default-mysql-server default-mysql-client mysql-common"
DB_CMD="mysql" # mysql command is depricated DB_CMD="mysql" # mysql command is depricated
else else
# Use official mariadb.org repo # Use official mariadb.org repo
MYSQLPKG="mariadb-server mariadb-client mariadb-common" MYSQLPKG="mariadb-server mariadb-client mariadb-common"
DB_CMD="mariadb" # mysql command is depricated on newer versions DB_CMD="mariadb" # mysql command is depricated on newer versions
@ -232,13 +228,13 @@ if [ "${BACKEND_MYSQL}" = true ] && [ -z "${FRONTEND_NET}" ]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}" echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from any host, you may wish to limit this to specific IPs.${GREY}"
# e.g. RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';" # e.g. RENAME USER '${GUAC_USER}'@'%' TO '${GUAC_USER}'@'xx.xx.xx.%';"
GUAC_USERHost="%" # Allow all IPs GUAC_USERHost="%" # Allow all IPs
elif [ "${BACKEND_MYSQL}" = true ] && [ -n "${FRONTEND_NET}" ]; then elif [ "${BACKEND_MYSQL}" = true ] && [ -n "${FRONTEND_NET}" ]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from ${FRONTEND_NET}.${GREY}" echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from ${FRONTEND_NET}.${GREY}"
GUAC_USERHost="${FRONTEND_NET}" # Apply the given range GUAC_USERHost="${FRONTEND_NET}" # Apply the given range
elif [ "${BACKEND_MYSQL}" = false ] || [ -z "${BACKEND_MYSQL}" ]; then elif [ "${BACKEND_MYSQL}" = false ] || [ -z "${BACKEND_MYSQL}" ]; then
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}" echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}"
GUAC_USERHost=localhost # Assume a localhost only install GUAC_USERHost=localhost # Assume a localhost only install
else else
echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}" echo -e "${LYELLOW}${GUAC_USER} is set to accept db logins from localhost only.${GREY}"
GUAC_USERHost=localhost # Assume a localhost only install GUAC_USERHost=localhost # Assume a localhost only install
fi fi
@ -281,7 +277,7 @@ fi
# Apply Secure MySQL installation settings # Apply Secure MySQL installation settings
if [ "${SECURE_MYSQL}" = true ]; then if [ "${SECURE_MYSQL}" = true ]; then
apt-get -qq -y install expect &>>${INSTALL_LOG} apt-get -qq -y install expect &>>${INSTALL_LOG}
echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}" echo -e "${GREY}Applying mysql_secure_installation settings...${DGREY}"
SECURE_MYSQL=$(expect -c " SECURE_MYSQL=$(expect -c "
set timeout 10 set timeout 10
@ -342,7 +338,6 @@ echo
printf "${LGREEN}Guacamole ${GUAC_VERSION} MySQL backend install complete! \n${NC}" printf "${LGREEN}Guacamole ${GUAC_VERSION} MySQL backend install complete! \n${NC}"
echo -e ${NC} echo -e ${NC}
####################################################################################################################### #######################################################################################################################
# Additional migration steps for adding MySQL to an existing Guacamole application server # Additional migration steps for adding MySQL to an existing Guacamole application server
####################################################################################################################### #######################################################################################################################

1
guac-enterprise-build/upgrade-mysql-backend-only.sh
View file

@ -39,7 +39,6 @@ if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*'
exit 1 exit 1
fi fi
####################################################################################################################### #######################################################################################################################
# Initial environment setup ########################################################################################### # Initial environment setup ###########################################################################################
####################################################################################################################### #######################################################################################################################

8
guac-management/refresh-tls-self-signed.sh
View file

@ -61,10 +61,10 @@ CERT_DAYS=
DEFAULT_IP= DEFAULT_IP=
# Assume the values used by the guacamole installer if the script is run without any command line options # Assume the values used by the guacamole installer if the script is run without any command line options
if [ -z "$1" ] | [ -z "$2" ] | [ -z "$3" ] ; then if [ -z "$1" ] | [ -z "$2" ] | [ -z "$3" ]; then
TLSNAME=$PROXY_SITE TLSNAME=$PROXY_SITE
TLSDAYS=$CERT_DAYS TLSDAYS=$CERT_DAYS
TLSIP=$DEFAULT_IP TLSIP=$DEFAULT_IP
fi fi
# Make directories to place TLS Certificate if they don't exist # Make directories to place TLS Certificate if they don't exist

20
guac-management/upgrade-guac.sh
View file

@ -36,7 +36,6 @@ if [ "$(find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-j-*'
exit 1 exit 1
fi fi
####################################################################################################################### #######################################################################################################################
# Initial environment setup ########################################################################################### # Initial environment setup ###########################################################################################
####################################################################################################################### #######################################################################################################################
@ -82,7 +81,6 @@ echo -e "${GREYB}Guacamole VDI & Jump Server Appliance UPGRADE."
echo -e " ${LGREEN}Powered by Itiligent" echo -e " ${LGREEN}Powered by Itiligent"
echo echo
####################################################################################################################### #######################################################################################################################
# Start upgrade actions ############################################################################################## # Start upgrade actions ##############################################################################################
####################################################################################################################### #######################################################################################################################
@ -193,25 +191,25 @@ cd ..
# Don't run the SQL upgrade commands if original setup option was set to remote MySQL instance. - Use separate DB update script. # Don't run the SQL upgrade commands if original setup option was set to remote MySQL instance. - Use separate DB update script.
if [ "${INSTALL_MYSQL}" = true ]; then if [ "${INSTALL_MYSQL}" = true ]; then
# Get list of SQL Upgrade Files # Get list of SQL Upgrade Files
echo -e "${GREY}Upgrading MySQL Schema..." echo -e "${GREY}Upgrading MySQL Schema..."
UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/ | sort -V)) UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/ | sort -V))
# Compare SQL Upgrage Files against old version, apply upgrades as needed # Compare SQL Upgrage Files against old version, apply upgrades as needed
for FILE in ${UPGRADEFILES[@]}; do for FILE in ${UPGRADEFILES[@]}; do
FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)') FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)')
if [[ $(echo -e "${FILEVERSION}\n${OLD_GUAC_VERSION}" | sort -V | head -n1) == ${OLD_GUAC_VERSION} && ${FILEVERSION} != ${OLD_GUAC_VERSION} ]]; then if [[ $(echo -e "${FILEVERSION}\n${OLD_GUAC_VERSION}" | sort -V | head -n1) == ${OLD_GUAC_VERSION} && ${FILEVERSION} != ${OLD_GUAC_VERSION} ]]; then
echo "Patching ${GUAC_DB} with ${FILE}" echo "Patching ${GUAC_DB} with ${FILE}"
mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG} mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT} <guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>>${INSTALL_LOG}
fi fi
done done
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2 echo -e "${LRED}SQL upgrade failed. See ${INSTALL_LOG}${GREY}" 1>&2
exit 1 exit 1
else else
echo -e "${LGREEN}OK${GREY}" echo -e "${LGREEN}OK${GREY}"
echo echo
fi fi
fi fi
# Check for TOTP extension and upgrade if found # Check for TOTP extension and upgrade if found

34
guac-optional-features/add-fail2ban.sh
View file

@ -210,8 +210,8 @@ fi
if [ "${FAIL2BAN_GUAC}" = true ]; then if [ "${FAIL2BAN_GUAC}" = true ]; then
# Create the Guacamole jail.local policy template # Create the Guacamole jail.local policy template
cat >/tmp/fail2ban.conf <<EOF cat >/tmp/fail2ban.conf <<EOF
[guacamole] [guacamole]
enabled = true enabled = true
port = http,https port = http,https
@ -221,26 +221,26 @@ findtime = 60m
maxretry = 5 maxretry = 5
EOF EOF
# Apply the new Guacamole jail config keeping any pre-existing settings # Apply the new Guacamole jail config keeping any pre-existing settings
sudo bash -c 'cat /tmp/fail2ban.conf /etc/fail2ban/jail.local | unique /tmp/fail2ban.update ; cat /tmp/fail2ban.update > /etc/fail2ban/jail.local' sudo bash -c 'cat /tmp/fail2ban.conf /etc/fail2ban/jail.local | unique /tmp/fail2ban.update ; cat /tmp/fail2ban.update > /etc/fail2ban/jail.local'
# Backup the default Fail2ban Guacamole filter # Backup the default Fail2ban Guacamole filter
cp /etc/fail2ban/filter.d/guacamole.conf /etc/fail2ban/filter.d/guacamole.conf.bak cp /etc/fail2ban/filter.d/guacamole.conf /etc/fail2ban/filter.d/guacamole.conf.bak
# Remove the default log search regex # Remove the default log search regex
sudo bash -c 'sed -e "/Authentication attempt from/ s/^#*/#/" -i /etc/fail2ban/filter.d/guacamole.conf' sudo bash -c 'sed -e "/Authentication attempt from/ s/^#*/#/" -i /etc/fail2ban/filter.d/guacamole.conf'
# Create a new log search regex specific for tomcat logs (as a variable due to complexity of characters for sed syntax) # Create a new log search regex specific for tomcat logs (as a variable due to complexity of characters for sed syntax)
REGEX='failregex = ^.*WARN o\.a\.g\.r\.auth\.AuthenticationService - Authentication attempt from <HOST> for user "[^"]*" failed\.$' REGEX='failregex = ^.*WARN o\.a\.g\.r\.auth\.AuthenticationService - Authentication attempt from <HOST> for user "[^"]*" failed\.$'
#Insert the new regex #Insert the new regex
sed -i -e "/Authentication attempt from/a ${REGEX}" /etc/fail2ban/filter.d/guacamole.conf sed -i -e "/Authentication attempt from/a ${REGEX}" /etc/fail2ban/filter.d/guacamole.conf
# Done # Done
echo -e "${LGREEN}Guacamole security policy applied${GREY}\n- ${SED_NETADDR}are whitelisted from all IP bans.\n- To alter this whitelist, edit /etc/fail2ban/jail.local & sudo systemctl restart fail2ban \n \n This script may take a while to complete on first run..." echo -e "${LGREEN}Guacamole security policy applied${GREY}\n- ${SED_NETADDR}are whitelisted from all IP bans.\n- To alter this whitelist, edit /etc/fail2ban/jail.local & sudo systemctl restart fail2ban \n \n This script may take a while to complete on first run..."
# Bounce the service to reload the new config # Bounce the service to reload the new config
sudo systemctl restart fail2ban sudo systemctl restart fail2ban
echo echo
fi fi
# Clean up # Clean up

1
guac-optional-features/add-tls-guac-daemon.sh
View file

@ -97,7 +97,6 @@ chmod 644 /etc/guacamole/ssl/guacd.key
cd /etc/guacamole/ssl cd /etc/guacamole/ssl
keytool -importcert -alias guacd -noprompt -cacerts -storepass changeit -file guacd.crt keytool -importcert -alias guacd -noprompt -cacerts -storepass changeit -file guacd.crt
systemctl restart guacd systemctl restart guacd
systemctl restart ${TOMCAT_VERSION} systemctl restart ${TOMCAT_VERSION}

6
guac-optional-features/add-xtra-histrecstor.sh
View file

@ -33,9 +33,9 @@ while true; do
echo echo
read -p "Enter recorded storage path [Enter for default ${HISTREC_PATH_DEFAULT}]: " HISTREC_PATH read -p "Enter recorded storage path [Enter for default ${HISTREC_PATH_DEFAULT}]: " HISTREC_PATH
[ "${HISTREC_PATH}" = "" ] || [ "${HISTREC_PATH}" != "" ] && break [ "${HISTREC_PATH}" = "" ] || [ "${HISTREC_PATH}" != "" ] && break
done done
# If no custom path is given, lets assume the default path on hitting enter # If no custom path is given, lets assume the default path on hitting enter
if [ -z "${HISTREC_PATH}" ]; then if [ -z "${HISTREC_PATH}" ]; then
HISTREC_PATH="${HISTREC_PATH_DEFAULT}" HISTREC_PATH="${HISTREC_PATH_DEFAULT}"
fi fi
echo echo