Install Guacamole 0.9.9 – Ubuntu and Debian

UPDATE (April 14,2016) : This script can also be used to install Guacamole on the Raspberry Pi – raspbian jessie distribution
UPDATE (Feb 3, 2016) : The updated version of the script runs on Ubuntu : trusty, wily and Debian : wheezy, jessie. Changes include user input of passwords. Copy and paste from below, or download directly from here.

Please read this notice regarding 0.9.9

UPDATE : This script has been modified to work on 14.04 and 15.10 (32 and 64 bit) installations.
Further to my post on How to install Guacamole 0.9.8, I decided to put together a shell script to automate the process. This script has been updated for Guacamole 0.9.9 and the MySQL connector has been updated to version 5.1.38

There is one specific optimization done for Virtual machines. /dev/random has been substituted with /dev/urandom for Java. An addition to the java.security file forces Java to use /dev/urandom instead. Read towards the end of the script for more details.

As always, this is a “use at your own risk” script. Avoid using it in anything other than a fresh install.
You should probably also delete this script once you’re done using it, to avoid exposing your MySQL passwords. If you want to use MariaDB instead of MySQL you’ll need to change the appropriate parts of the script.

#!/bin/bash
 
# Guacamole installation
# Supports Ubuntu 14.04,15.10 and Debian wheezy,jessie
# 32 and 64 bit
# Script to be run as sudo/root
# ver 1.5
# To be run on a FRESH OS install
# Do not install anything other than base OS
# Bharath Chari 2016
# http://chari.titanium.ee
# Updated 03-Feb-2016
 
 
#Variables for guacamole/mysql connector versionsare set here.
#Don't modify unless you know what you're doing
GUAC_VER=0.9.9
MYSQL_CONNECTOR_VERSION=5.1.38
 
# DO NOT MODIFY BELOW THIS LINE.
echo "Checking system.."
# Check if user is root or sudo
if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi
# Check if this script has already been run successfully.
test -f /var/lock/guac-installed.lock && { echo "Guacamole already installed. This script cannot be run"; exit 1; }
# install lsb-release to check Distro version. Also gives us an idea if it's an apt based system!
apt-get -qq install lsb-release -y || { echo "Unsupported distribution. Aborting installation."; exit 1; }
 
# fetch the codename of the distribution (eg: trusty,wily,wheezy,jessie)
DISTVER=$(lsb_release -c | cut -d':' -f 2 | sed 's/[[:space:]]//g')
 
# Set Tomcat version depending on which distribution version else exit script
case $DISTVER in
    trusty|wheezy)
        TOMCAT_VER=tomcat7
        ;;
    wily|jessie)
        TOMCAT_VER=tomcat8
        ;;
    *)
    echo "Unsupported distribution. Sorry. Installation aborted"
    echo "Script works on Ubuntu (trusty,wily) and Debian (wheezy,jessie)"
    exit 1;
esac
 
# Set environment to non-interactive
export DEBIAN_FRONTEND="noninteractive"
 
# Today's date
TODAY=$(date +"%m-%d-%Y")
 
# get architecture - 32 bit or 64 bit
if [ $(getconf LONG_BIT | grep 64) ]; then ARCH="x86_64";  else ARCH="i386"; fi
 
# Find hostname
MYHOST=$(hostname -f)
 
#Helper functions
# Generate random string for passwords and directory names
genrand () { cat /dev/urandom | tr -dc '0-9A-Za-z+=_' | fold -w $1 | head -n 1 ; }
 
 
# Create temp directory for downloads. Uses genrand() to create random string
tmpdir=$(genrand 32)
 
cd ~
mkdir $tmpdir && cd $tmpdir
 
# Get passwords from user
clear
echo "Set passwords for the system"
echo "Note: Passwords will NOT be displayed on screen!"
echo 
while true
do
    read -s -p "Set MySQL ROOT Password: " MYSQL_ROOT_PASSWD
    echo
    read -s -p "MySQL ROOT Password (again): " password2
    echo
    [ "$MYSQL_ROOT_PASSWD" = "$password2" ] && break
    echo "Passwords don't match. Please try again"
done
 
echo
 
while true
do
    read -s -p "Set Guacamole DATABASE Password: " GUAC_DB_PASSWD
    echo
    read -s -p "Guacamole DATABASE Password (again): " password2
    echo
    [ "$GUAC_DB_PASSWD" = "$password2" ] && break
    echo "Passwords don't match. Please try again"
done
 
echo
 
while true
do
    read -s -p "Set Guacamole (guacadmin) WEB ADMIN Password: " GUAC_ADMIN_PASSWORD
    echo
    read -s -p "Guacamole (guacadmin) WEB ADMIN Password (again): " password2
    echo
    [ "$GUAC_ADMIN_PASSWORD" = "$password2" ] && break
    echo "Passwords don't match. Please try again"
done
 
 
 
# End password input
 
 
# Upgrade all packages
apt-get update && apt-get upgrade -y
 
#Install required dependencies
echo "Installing packages"
# Tomcat version is determined by distro 
apt-get -qq install $TOMCAT_VER -y
apt-get -qq install $TOMCAT_VER-admin $TOMCAT_VER-docs -y
 
apt-get -qq install ntp -y
apt-get -qq install build-essential -y
apt-get -qq install libcairo2-dev libjpeg62* libpng12-dev libossp-uuid-dev -y
apt-get -qq install libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libvorbis-dev -y
apt-get -qq install default-jdk -y
apt-get -qq install debconf-utils fail2ban -y
 
#MySQL install with preset password stored in variable MYSQL_ROOT_PASSWD
echo mysql-server mysql-server/root_password password $MYSQL_ROOT_PASSWD | debconf-set-selections
echo mysql-server mysql-server/root_password_again password $MYSQL_ROOT_PASSWD | debconf-set-selections
apt-get -qq install mysql-server -y
 
# Fetch and install guacamole server and client
echo "Downloading and configuring guacamole.."
#Fetch/compile/install guacamole-server-version defined in variable GUAC_VER
wget -O guacamole-server-$GUAC_VER.tar.gz http://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-$GUAC_VER.tar.gz
tar -zxvf guacamole-server-$GUAC_VER.tar.gz
cd guacamole-server-$GUAC_VER/
./configure --with-init-dir=/etc/init.d
make
make install;
ldconfig
 
#Fetch / install client, JDBC-auth and mysql connectors 
mkdir -p /var/lib/guacamole && cd /var/lib/guacamole/
wget http://sourceforge.net/projects/guacamole/files/current/binary/guacamole-$GUAC_VER.war -O guacamole.war
ln -s /var/lib/guacamole/guacamole.war /var/lib/$TOMCAT_VER/webapps/guacamole.war
mkdir -p ~/$tmpdir/guacamole/sqlauth && cd ~/$tmpdir/guacamole/sqlauth
wget -O guacamole-auth-jdbc-$GUAC_VER.tar.gz http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-$GUAC_VER.tar.gz
tar -zxvf guacamole-auth-jdbc-$GUAC_VER.tar.gz
wget -O mysql-connector-java-$MYSQL_CONNECTOR_VERSION.tar.gz http://dev.mysql.com/get/Downloads/Connector/j/mysql-connector-java-$MYSQL_CONNECTOR_VERSION.tar.gz
tar -zxf mysql-connector-java-$MYSQL_CONNECTOR_VERSION.tar.gz
mkdir -p /usr/share/$TOMCAT_VER/.guacamole/{extensions,lib}
mv guacamole-auth-jdbc-$GUAC_VER/mysql/guacamole-auth-jdbc-mysql-$GUAC_VER.jar /usr/share/$TOMCAT_VER/.guacamole/extensions/
mv mysql-connector-java-$MYSQL_CONNECTOR_VERSION/mysql-connector-java-$MYSQL_CONNECTOR_VERSION-bin.jar /usr/share/$TOMCAT_VER/.guacamole/lib/
service mysql restart
 
# Create Guacamole mysql user and db
mysql --host=localhost --user=root --password=$MYSQL_ROOT_PASSWD << END
 
CREATE DATABASE IF NOT EXISTS guacdb;
CREATE USER 'guacuser'@'localhost' IDENTIFIED BY '$GUAC_DB_PASSWD';
grant select,insert,update,delete on guacdb.* to 'guacuser'@'localhost';
flush privileges;
 
END
 
cd ~/$tmpdir/guacamole/sqlauth/guacamole-auth-jdbc-$GUAC_VER/mysql/schema/
cat ./*.sql | mysql --host=localhost --user=root --password=$MYSQL_ROOT_PASSWD guacdb
 
# Create guacamole.properties file
mkdir -p /etc/guacamole/ 
cat > /etc/guacamole/guacamole.properties << EOG
 
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacdb
mysql-username: guacuser
mysql-password:$GUAC_DB_PASSWD
 
mysql-disallow-duplicate-connections: false
 
EOG
 
ln -s /etc/guacamole/guacamole.properties /usr/share/$TOMCAT_VER/.guacamole/
 
# Change default guacadmin password in guacdb
mysql --host=localhost --user=root --password=$MYSQL_ROOT_PASSWD << END
 
USE guacdb;
SET @salt = UNHEX(SHA2(UUID(), 256));
UPDATE guacamole_user
SET
    password_salt = @salt,
    password_hash = UNHEX(SHA2(CONCAT('$GUAC_ADMIN_PASSWORD', HEX(@salt)), 256))
WHERE
    username = 'guacadmin';
 
END
 
#Adding patch for entropy in virtual machines
sec_file=/jre/lib/security/java.security
java_path=$(dirname $(dirname $(readlink -f $(which javac))))
if grep -xq "urandom" $java_path$sec_file ; then
  echo "File already patched to use /dev/urandom"
else
 echo  "securerandom.source=file:/dev/./urandom">> $java_path$sec_file
fi  
 
# Add links for FreeRDP depending on architecture
mkdir -p /usr/lib/$ARCH-linux-gnu/freerdp/
ln -s /usr/local/lib/freerdp/guac*.so /usr/lib/$ARCH-linux-gnu/freerdp/
 
# Adding startup services
case $DISTVER in
    trusty|wheezy|wily)
        update-rc.d guacd defaults
        update-rc.d mysql defaults
        update-rc.d $TOMCAT_VER defaults 
        ;;
    jessie)
        systemctl enable $TOMCAT_VER
        systemctl enable mysql
        systemctl enable guacd
        ;;
    *)
esac
 
 
 
## Cleaning up
cd ~
rm -rf $tmpdir
 
touch /var/lock/guac-installed.lock
echo "Done"
echo
echo "#################################################################################"
echo "Guacamole install complete. Reboot server now - sudo shutdown -r now"
echo "After rebooting, you can access your installation at http://$MYHOST:8080/guacamole"
echo "#################################################################################"
exit 0;

55 comments

  1. Hi, thanks for your job. For enable redirect print to pdf i’ve enable manually this line:

    mkdir /usr/lib/x86_64-linux-gnu/freerdp/
    ln -s /usr/local/lib/freerdp/guac*.so /usr/lib/x86_64-linux-gnu/freerdp/

    1. Thanks for pointing it out. I’ll include it in the next version of the script.

  2. Hello,

    i have install the script on my new install ubuntu 15.10 Server.
    But on the login Site (http:ipadress:8080/guacamole) dont work the user “guacadmin” and “mypassword”

    The answere is only a wrong authentification.

    How can help me?

    1. Hi Peter,
      First off can you please check if mysql is running? If yes, then:
      Did you change the password in the script of the variable “GUAC_ADMIN_PASSWORD”? Can you please try both your password, as well as the default password, which is ‘guacadmin’ ?
      If both don’t work for you, I suggest you manually reset the password from the command prompt:
      mysql -uroot -p
      Enter your root password. At the mysql command prompt do this. Please CHANGE THE value for ‘YOUR NEW PASSWORD’ to whatever you want.
      USE guacdb;
      SET @salt = UNHEX(SHA2(UUID(), 256));
      UPDATE guacamole_user
      SET
      password_salt = @salt,
      password_hash = UNHEX(SHA2(CONCAT(‘YOUR NEW PASSWORD’, HEX(@salt)), 256))
      WHERE
      username = ‘guacadmin’;
      quit
      Please let me know if this works.

    2. Also, did you reboot your system? I just reinstalled a fresh 64bit 15.10 and ran the script after changing all passwords. It works as expected, and I am able to login with the password.

      1. No it dosnt works on my new install os ubuntu 15.10.

        When i try the script how without change a password, than is the root password for the sql database “CHANGEME”
        and fpr the guacadmin is the password “guacadmin” ?

        1. You cannot run the script without changing the MySQL passwords. If you don’t change the password for guacadmin, then the default password is guacadmin.
          Can you confirm that MySQL is running and you can access the database from the command prompt?

          1. tomcat works (ipaddress:8080)
            mysql works
            but mysql don´t have a user named guacadmin?

            sorry but i´m an fresh ubuntu (linux) user….;(

          2. There should be a database called guacdb in mysql, Log in to mysql as your root user. Then run:
            use guacdb;
            select * from guacamole_user;

            You should get one record. If you either get an error or 0 records, then something is wrong with the installation.

            If you’ll wait a day, I’m writing a new script that will completely automate the process, so you won’t have to edit the script before installation.
            But that will mean you’ll have to start with a fresh installation of Ubuntu.

          3. in mysql is one user “guacadmin”
            but the password is dosnt work it.

          4. when i try this:

            USE guacdb;
            SET @salt = UNHEX(SHA2(UUID(), 256));
            UPDATE guacamole_user
            SET
            password_salt = @salt,
            password_hash = UNHEX(SHA2(CONCAT(‘YOUR NEW PASSWORD’, HEX(@salt)), 256))

            is generated error1054 unknown column “guacadmin”

          5. IT Works now, thank you Bharath.

            i forgot in the command prompt

            “#chmod +x guac_install.sh”

            to beginn the installation!

            THANK YOU for support me.

          6. Hey Peter am facing the same issue, please let me know what u did step by step as am week in linux 🙁

          7. Peter’s issue was entirely different. He’s also running 15.10 not 14.04.

  3. hey i am new to linux..i have ubuntu 14.04 and installed Guacamole through your script and it got installed, i reeboted the server, but i am unable to login through id guacadmin,
    then i tried to login in mysql manually and getting below error:
    root@ip-172-30-2-62:~# mysql -uroot -p
    Enter password:
    ERROR 2002 (HY000): Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock’ (2)

    1. That means that your MySQL isn’t running. Please see if it works after you do sudo service mysql restart

  4. Having issues, script has no errors until it reaches the mysql connector download with no problem and then has all errors at the end. Tried on an osboxes.org 15.10 and on a fresh install. Both attempts were in a virtual machine, in case that’s a factor.

    2016-01-25 00:28:51 (6.72 MB/s) – ‘mysql-connector-java-5.1.38.tar.gz’ saved [3938241/3938241]

    Failed to restart mysql.service: Unit mysql.service failed to load: No such file or directory.
    ./guac_install.sh: line 129: mysql: command not found
    ./guac_install.sh: line 139: mysql: command not found
    ./guac_install.sh: line 157: mysql: command not found
    readlink: missing operand
    Try ‘readlink –help’ for more information.
    dirname: missing operand
    Try ‘dirname –help’ for more information.
    dirname: missing operand
    Try ‘dirname –help’ for more information.
    grep: /jre/lib/security/java.security: No such file or directory
    ./guac_install.sh: line 176: /jre/lib/security/java.security: No such file or directory
    update-rc.d: error: initscript does not exist: /etc/init.d/guacd
    update-rc.d: error: initscript does not exist: /etc/init.d/mysql
    update-rc.d: error: initscript does not exist: /etc/init.d/tomcat7

    Thanks,
    NTMMFTS

    1. Hi,

      Did you run this script as sudo? eg : sudo ./guac_install.sh?

      It MUST be run as a root user.
      UPDATE : That doesn\’t seem to be the issue. MySQL isn\’t installed at all according to the error messages. What kind of virtual machine are you running? Is it a KVM/Qemu based VM?

      1. Thanks for writing to help, and just so everyone knows what happened, I missed changing the UBUNTU_VER variable to wily for Ubuntu 15.10… my fault 😀 Thanks again!

  5. Hello again, i have a Problem with guacamole again.
    In Internet i can log on the guacamole server – done.
    But when i select an RDP Session, it will not be connectet to the workstation.

    1. 1) Are you able to connect to a server via SSH (to a Linux server)?
      2) What is the error message you receive?

      1. The connection was terminated due to an error in interen guacamole Server . If this problem persists inform your system administrator or check the logs .

        i will connect to a windows 7 workstation.
        Guacamole 0.9.6 is working!

          1. Can you try this if you\’re running 64 bit OS
            sudo mkdir /usr/lib/x86_64-linux-gnu/freerdp/
            sudo ln -s /usr/local/lib/freerdp/guac*.so /usr/lib/x86_64-linux-gnu/freerdp/

            or make the changes for 32 bit OS like this:

            sudo mkdir /usr/lib/i386-linux-gnu/freerdp/
            sudo ln -s /usr/local/lib/freerdp/guac*.so /usr/lib/i386-linux-gnu/freerdp/

            And restart guacd service.

  6. Bharath,

    Nice work on your script. I’ve a similar one that I’d been working on but am always looking for good tips from others that are working on guacamole install scripts for ubuntu.

    I have a couple ideas for you to try to see what you think.

    [First]
    This helps speed up the installation of all the apt-gets by installing a forked version of apt-get that does concurrent simultaneous downloads (kind of like a torrent does) but still uses apt-get:

    #===============================================
    # add PPA for apt-fast
    #
    # NOTE comment out if you want to use APT-GET and also make sure to change all references to apt-get from apt-fast

    sudo add-apt-repository ppa:saiarcot895/myppa -y
    sudo apt-get update
    sudo apt-get upgrade -y

    # install apt-fast
    sudo apt-get install apt-fast -y

    after adding the above you can use apt-fast instead of apt-get for much faster installation

    [Second]
    If installing your script onto an ubuntu server and you want to use that server for the “target” remote desktop you can install xrdp & x11rdp on that server as well as the Desktop Environment of your choice (ubuntu-mate, xubuntu etc) and have the entire remote desktop server setup on a single Ubuntu server.
    To build xrdp & x11rdp there are a couple choices. One of the easiest is to use the 2 great scripts by Scarygliders:

    http://scarygliders.net/x11rdp-o-matic-information/

    X11RDP-o-Matic.sh
    RDPsesconfig.sh

    The build takes quite a while (30-40 min).

    If you install guacamole/tomcat/mysql/xrdp/x11rdp etc all on the same server then you can use Guacamole as the front end proxy. Log into guacamole, create an RDP connection to “localhost” port 3389, 24bit graphics and assign that connection to the guac users.

    After that remote users can use their browser to connect to the x11rdp/xrdp on that server via that rdp connection and get a linux desktop!

    Scargygliders uses freerdp like NeutrinoLabs does and you can certainly use NeutrinoLabs to build xrdp as well.

    You end up with both x11rdp & xrdp .deb files that you can then use over & over to install both using gdebi or whatever .deb file installer you use.

    Note: with X11RDP-o-Matic.sh there are some switches you might want to use which will build xrdp & x11rdp with things like sound support (example: –withsound)

    For audio… Pulseaudio works great on the Guacamole Desktop server with a “little configuration” and the audio is passed via Guacamole & browser just fine.

    You have to find or build the 2 xrdp pulseaudio sink/source .so modules:
    module-xrdp-sink.so
    module-xrdp-source.so

    and copy those custom built pulseaudio drivers for xrdp/freerdp to the correct directory:

    # for wily its pulseaudio 6 but for ubuntu 16.04 it will be pulseaudio 8
    sudo cp ./module-xrdp*.so /usr/lib/pulse-6.0/modules

    With all of the above sound works without even setting the Guacamole “sound” configuration setting.

    Please email me if you’d like to collaborate on this a little as you gave me a good tip also with the info about setting up the PDF printer in one of the comments in your blog. I’d been using Google Cloud Print linux CUPS support (https://support.google.com/a/answer/2906017?hl=en). That lets you get away from using Guacamole’s PDF print method but it is dependent on user’s use of Chrome as their browser.

    I’ve got some other things working that I can tell you about via email that you might be interested in.

    Anyway … thanks for your great script work.

    Brian

    1. Great pointers. Honestly I\’ll need some time to digest it. Would love to add more functionality.

  7. Bharath…

    Just noticed this in your script but shouldn’t WILY be in the “case” with jessie not with trusty/wheezy? Wily is using systemd.

    your script is…

    # Adding startup services
    case $DISTVER in
    trusty|wheezy|wily)
    update-rc.d guacd defaults
    update-rc.d mysql defaults
    update-rc.d $TOMCAT_VER defaults
    ;;
    jessie)
    systemctl enable $TOMCAT_VER
    systemctl enable mysql
    systemctl enable guacd
    ;;
    *)
    esac

    but shouldn’t it be…

    # Adding startup services
    case $DISTVER in
    trusty|wheezy)
    update-rc.d guacd defaults
    update-rc.d mysql defaults
    update-rc.d $TOMCAT_VER defaults
    ;;
    jessie|wily)
    systemctl enable $TOMCAT_VER
    systemctl enable mysql
    systemctl enable guacd
    ;;
    *)
    esac

    1. Yes, that’s the correct way. But update-rc.d works too for wily. However, I must say I didn’t spend too much time on Wily, since it isn’t an LTS and has an EOL in July 2016 🙂

      1. Bharath… by the way… the following script (I name it setup-nginx.sh) will if run after your script … enable HTTPS/SSL for Guacamole. This innstalls on Ubuntu 15.10:

        #!/bin/bash

        # NOTE: Execute this Script as SUDO or ROOT .. NOT as a normal UserID

        # Check if user is root or sudo … if NOT then exit and tell user.

        if ! [ $(id -u) = 0 ]; then echo “Please run this script as either SUDO or ROOT !”; exit 1 ; fi

        # Harden the Guacamole setup using Nginx (i.e. reverse proxy with SSL)
        # install nginx

        sudo apt install nginx -y

        # remove access via 8080 (tomcat old default)
        sudo ufw delete allow 8080

        # make a directory to hold SSL certs
        sudo mkdir /etc/nginx/ssl

        # Define variables

        ssl_country=US
        ssl_state=NC
        ssl_city=Raleigh
        ssl_org=IT
        ssl_certname=guacamole.desktop.local

        # Create a self-signed certificate

        sudo openssl req -x509 -subj “/C=$ssl_country/ST=$ssl_state/L=$ssl_city/O=$ssl_org/CN=$ssl_certname” -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/guacamole.key -out /etc/nginx/ssl/guacamole.crt -extensions v3_ca

        # stop nginx
        sudo service nginx stop

        # save current nginx config so we can add ours
        sudo mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bkp

        sudo rm /etc/nginx/sites-enabled/default

        #================================================
        # Add proxy settings to nginx config file (note the occasional backslash)

        sudo cat < /etc/nginx/sites-available/guacamole
        # Accept requests via HTTP (TCP/80), but obligate all clients to use HTTPS (TCP/443)
        server {
        listen 80;
        return 302 https://\$host\$request_uri; ## You may want a 301 after testing is complete?
        }

        # Accept requests via HTTPS (TCP/443) then reverse-proxy to Guacamole via Tomcat (TCP/8080)
        server {
        listen 443 ssl;
        server_name localhost;

        access_log /var/log/nginx/guacamole.access.log ;
        error_log /var/log/nginx/guacamole.error.log info ;

        ssl_certificate /etc/nginx/ssl/guacamole.crt;
        ssl_certificate_key /etc/nginx/ssl/guacamole.key;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!MD5;

        location / {
        proxy_buffering off;
        proxy_pass http://127.0.0.1:8080;

        # This is required to get WebSocket working
        proxy_http_version 1.1;

        # note:
        # the “\” in the next line is an escape character which should not appear in the installed /etc/nginx/sites-enabled/default file
        # but is placed here in the script to insure that the text “$http_upgrade” DOES get included in the final “default” file

        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection “upgrade”;

        # Logging access to Guacamole ‘doesn’t make sense’ (but may be useful for debugging)
        access_log off;
        }
        }
        EOF1

        sudo ln -s /etc/nginx/sites-available/guacamole /etc/nginx/sites-enabled/guacamole

        # restart nginx
        sudo service nginx restart

          1. writing new private key to ‘/etc/nginx/ssl/guacamole.key’
            —–
            Subject does not start with ‘/’.
            problems making Certificate Request
            ./nginx-install.sh: line 43: /etc/nginx/sites-available/guacamole: No such file or directory
            ./nginx-install.sh: line 45: server: command not found
            ./nginx-install.sh: line 46: listen: command not found
            ./nginx-install.sh: line 47: return: too many arguments
            ./nginx-install.sh: line 48: syntax error near unexpected token }'
            ./nginx-install.sh: line 48:
            }’

          2. The nginx part has not been created by me. It is a user generated comment. I haven’t tried it out yet.

  8. Hi – Just installed using your script. (Ubuntu 14.04) No hiccups. The following is my syslog output for a connection attempt. I must not be setting up “Edit Connection” correctly or maybe my target isn’t listening correctly. I am trying to connect to a Windows 10 box.

    Mar 28 14:45:20 redtruck-Ubuntu guacd[11894]: Protocol “rdp” selected
    Mar 28 14:45:20 redtruck-Ubuntu guacd[11894]: Connection ID is “$8f3a8197-18ce-40b5-ba1a-7a29dae23850”
    Mar 28 14:45:20 redtruck-Ubuntu guacd[11894]: No security mode specified. Defaulting to RDP.
    Mar 28 14:45:20 redtruck-Ubuntu guacd[11894]: Installed version of FreeRDP lacks support for the preconnection PDU. The specified preconnection BLOB and/or ID will be ignored.
    Mar 28 14:45:20 redtruck-Ubuntu guacd[11894]: Loading keymap “base”
    Mar 28 14:45:20 redtruck-Ubuntu guacd[11894]: Loading keymap “en-us-qwerty”
    Mar 28 14:45:20 redtruck-Ubuntu guacd[11894]: Error connecting to RDP server
    Mar 28 14:45:20 redtruck-Ubuntu guacd[11894]: Connection did not succeed

    1. Hi Mark,

      If you don’t supply credentials in the connection settings, does the connection take place? From the logs it doesn’t seem to be able to connect to the RDP server at all. Is there a firewall that’s preventing the connection at the Windows end? Unfortunately I don’t really use RDP, or have a Windows machine handy to try and replicate your issue.

      I’ll do some digging, and post back here if I find something that helps.

  9. Hi I ran the script on my debian 7 and it seems everything is fine, but after restarting my server the login web is not shown. Tomcat, guacd and mysql is running, do you know how can I fix it? PD: After rebooting my server when the script was finished, I tried to log in, and the login web page was shown, but I couldn’t log in because the user was not accepted.

    1. Can you please check if you can log in to mysql from the command line, using guacuser and the password you set during installation time?

      1. Hi Bharath, thank you very much for your help. Your script works perfectly but the problem was I had another mysql instace and the port for guacamole was different. As you know I had problems with guacd service and for the moment I haven’t been able to resolve it.

        Thank you again

  10. Hello! Is it possible to make the script work for the ready-made Raspberry Pi images? (Debian Jessie)

    1. The script won’t work in it’s current form, because it isn’t made for an Arm based processor. But it’s an interesting thought. Let me see if I can get guacamole to install on a Pi, and if there are any different steps to be followed. I have a Raspberry Pi 2, and will try it on that.
      You could also change the x86 specific parts and try.

      1. Unfortunately I don’t know which modifications I have to make to the script 🙁

        Probably there must be some differences between Rpi 1 and Rpi2-3. I am not sure if Rpi1 will have adequate CPU to support a good guacamole experience, but I would like to try it!

        Please post if you have anything new with your pi!

        Thank you very much!

        1. I would like also to intergrate guacamole to the openmediavault. That way, openmediavault will be a complete Nas/RemoteDesktop/Guacamole/VPN everyrthing!

          1. Can you add packages to openmediavault via apt? I don’t know if it will be able to run all the dependencies for guacamole

        2. I’m going to try it on a Raspberry Pi 2 B. I will update the post, if the build is successful

          1. Openmediavault is basically Debian, it supports apt and as far I know for raspberry pi it uses the same sources as the stock Raspbian, so there should no dependency problem.

          2. I installed Guacamole successfully on a Raspberry Pi 2.
            Things to note:
            1) Installation and compiling takes quite a while – approx 15 minutes with a decent Internet connection in my case.
            2) Tomcat start-up is slow – took almost 1 minute to start up, but once the guacamole web interface displayed, performance was excellent.
            3) It is not possible to install openmediavault using their apt sources. There are too many broken dependencies. You could try in the reverse order – install the openmediavault distro for the RPi and then run my script. Please re-download the script, there is a minor change in it.

          3. I know this is old now, but I had a lot of trouble getting the script to work on my Rpi 3. I kept running into an issue where it wouldn’t wget from sourceforge.net, it kept giving a certificate error about it not being trusted.
            After some digging into the error I was able to get it to mostly complete the script by adding the ‘–no-check-certificate’ flag on to each instance of wget.

  11. Hi ,
    Thanks for the script installation went through without any glitches ..but is thr any way i could update UI home page like removing Recent connection window (Requiremnts..u knw) ..Sorry not very good at the UI thng but tried my best to make changes on backend but tomcat would not update the modified code inspite of restarting services..
    Please let me know abt some suggestions..
    THANKS

  12. Hello ! I installed Guacamole on Ubuntu 15.10. RDP connections are ok but not vnc ones. I’m used to vnc connections on other solutions (adito) but here are my config for a vnc connection:
    Nom : mamachine
    Lieu : ROOT
    Protocole : VNC

    Max number of connections : 3
    Max number of connection per user : 1

    Nom d’hôte : 192.168.1.15 OR mamachine
    Port : 5901

    Mot de Passe : mypassword

    lecture seule : no
    Swap red/blue : no
    curseur : local
    qualité couleurs : true colors 24-bits

    Presse papier:
    encoding : /

    vnc repeater :
    hôte distant : /
    port distant : /

    SFTP : no

    Sound : no

    Do I have something wrong ?

    thank a lot for your help 🙂

  13. Works perfectly excet for ssh connection with passphrase.Would be great if someone could assist me.

    Here are the concerned log entries

    Starting client
    Aug 6 18:58:47 loktby.me guacd[30491]: Auth key import failed: (null)
    Aug 6 18:58:47 loktby.me kernel: [11331.487624] guacd[30492]: segfault at 0 ip 00007fd607212fb5 sp 00007fd603f3c420 error 4 in libguac-client-ssh.so.0.0.0[7fd607206000+18000]

Comments are closed.