If you haven’t checked out Guacamole, you seriously need to, but if you’ve been homelabbing for awhile then you’ve probably at least heard of it. Guacamole is an open-source HTML5-based clientless remote desktop gateway, allowing you to remotely connect to your devices via a simple webpage. It works with RDP, SSH, Telnet (but please use SSH instead if you can, guys), and VNC, and it is one of my absolute favorite tools.
I will admit that it’s not uncommon for me to create a new Linux server VM, install something pretty cool, say “This is pretty cool!”, and then never use that VM ever again. But Guacamole is the one that I show off to everyone because of how convenient it is and how well it works. Even if who I’m showing it off to isn’t into homelabs, system administration, or Linux, they always seem to think Guacamole is great. But the one thing that stops a lot of people from using it is the install process (though you can now easily deploy it in Docker).
Well thanks to this handy script, that’s no longer the case. I’ve installed Guacamole on Ubuntu and CentOS but I figured some people that might be reading this aren’t familiar with any Linux distro or Docker, so I wanted to find the simplest way possible to install Guacamole for someone that might be new to both.
What I found was this awesome script written by Hernan that was posted on his Sourceforge page. Here’s a description of the script according to his page:
“The script installs dependencies and configure the OS automatically for you in order to obtain the best Remote Desktop Gateway!
This Install Script works in a clean CentOS 6/7 installation and install Guacamole 0.9.9 version for a local users authentication.
Task of this script:
- Install Packages Dependencies
- Download Guacamole and MySQL Connector packages
- Install Guacamole Server
- Install Guacamole Client
- Install MySQL Connector
- Configure MariaDB or MySQL
- Configure FirewallD or iptables
- Setting Tomcat Server
- Generates a Java KeyStore for SSL Support.”
I’ve tested out his script and it works perfectly. It makes it extremely easy for even the biggest Linux noobs to get Guacamole working on CentOS 7 or 6. If you want to use Guacamole in your homelab environment, here are the steps to get it going using Hernan’s script (assuming you have a fresh minimal install of CentOS ready to go).
I updated this tutorial to use Hernan’s latest script. This adds the option to install Nginx as a proxy for Guacamole during the wizard.
How to install Guacamole on CentOS 7/6 the super easy way
1. (Assuming you’re logged in as root), type in the following to install Wget:
yum install -y wget
2. Let’s download the script using wget:
3. Now let’s make sure we can execute the script:
chmod +x guacamole-install-script.sh
5. The script is going to take awhile to run while it downloads and installs everything that needs to download and install. Once it’s done, you’ll see the below screenshot asking you to create a root password for MariaDB, the Guac DB name, username, and password, then finally the Java KeyStore password. Don’t use the ones I used and don’t forget what they are.
6. Once at the wizard for the Java KeyStore, go ahead and fill out your information.
7. Once you see the screenshot below, you’ve officially installed Guacamole! All that’s left is to go to the page at http://IP-of-your-CentOS-VM:8080/guacamole/ or https://IP-of-your-CentOS-VM:8443/guacamole/ and start adding some remote connections. Default username and password is guacadmin.
Adding your first connections in Guacamole
Adding remote connections is pretty self-explanatory, but you can follow my instructions below if you’d like some guidance. The examples I’ve added below are a Windows 10 workstation using RDP and an HP Procurve (err I mean Aruba or whatever HP is calling their product this week) switch of mine using SSH.
1. Once you go to your Guacamole web UI, you’ll see the screenshot below. Go ahead and login with the default username and password guacadmin (don’t forget to change the default password).
2. (Optional) I suggest creating your own user account outside of guacadmin (after changing the default password). Click on the guacadmin dropdown menu in the upper right and then Settings. Go to Users, New User, and fill out the Username & Password fields. For my account, I also checked all the permissions except “Administer system” and “Create new users” (I leave that up for the guacadmin account). Now log out of guacadmin and log into your new account.
3. Click on the username dropdown menu in the upper right and then Settings. Under the Connections tab, click New Connection.
4. For a Windows machine, let’s create an RDP connection. The screenshot below is a working configuration for my Windows 10 workstation. Under Authentication, you might have to experiment with different “Security modes” and maybe check “Ignore server certificate to get it properly connecting.
NOTE: If you’re having trouble getting it to connect after experimenting with the Security modes, you can try unchecking “Allow connections only from computers running Remote Desktop with Network Level Authentication” in Windows’s System Properties (shown below), then clearing “Security mode” and “Ignore server certificate” in the Connection settings in Guacamole.
5. Let’s add a remote connection using SSH (like a Linux machine, networking device, etc.). Below is the working Connection settings for my main switch.
6. Once you’ve got an RDP and an SSH connection saved, let’s go to the homepage (username dropdown menu then Home). Now click on any of the connections you just created. Below are screenshots of both my Windows workstation and main switch remoted into.
Congrats! You now have a fully functional Guacamole server! If you followed the steps on adding some remote connections, you should now be able to see how well remoting into your devices works in any browser using HTML5. Using that script, even the noobiest(?) of Linux noobs can get a Guacamole server up and running in no time and with minimal effort.
I just wanted to thank Hernan for letting me post his script. If you’d like to check out his blog, you can do so by clicking here.