Apache Guacamole is an open-source remote desktop gateway that enables users to access desktops and applications through a web browser without the need for any clients on the user side. Guacamole supports standard remote access protocols such as VNC, RDP, and SSH. This article focuses on the configuration and usage of Apache Guacamole on the CentOS operating system to provide remote desktops via a web browser.
Prerequisites
To successfully install and configure Guacamole on CentOS, you will need:
- A clean installation of CentOS (recommended CentOS 7 or 8)
- Sudo access or root account access
- Internet connectivity
Installing Dependencies
The first step is to install the necessary dependencies. Open a terminal and run the following commands:
sudo yum update
sudo yum install epel-release
sudo yum install wget curl java-1.8.0-openjdk Tomcat tomcat-admin-webapps
These commands will update your system base and install required packages including Java and Tomcat, which are essential for running Guacamole.
Installing Guacamole Server
The Guacamole server (guacd) is the cornerstone of the entire system. It is installed from source code:
wget https://downloads.apache.org/guacamole/1.3.0/source/guacamole-server-1.3.0.tar.gz
tar -xzf guacamole-server-1.3.0.tar.gz
cd guacamole-server-1.3.0
./configure --with-init-dir=/etc/init.d
make
sudo make install
sudo ldconfig
sudo systemctl enable guacd
sudo systemctl start guacd
These commands will download the latest version of the Guacamole server, compile it, and install it. Then, it will start the server and set it to automatically start on system boot.
Installing Guacamole Client
The Guacamole client operates as a web application running on Tomcat:
wget https://downloads.apache.org/guacamole/1.3.0/binary/guacamole-1.3.0.war
sudo mv guacamole-1.3.0.war /var/lib/tomcat/webapps/guacamole.war
This step will move the downloaded WAR file to Tomcat, triggering its automatic installation and launch.
Configuring Guacamole
Guacamole's configuration files must be located in /etc/guacamole. Create these directories and basic configuration files:
sudo mkdir /etc/guacamole
echo "guacd-hostname: localhost" | sudo tee /etc/guacamole/guacd.properties > /dev/null
echo "guacd-port: 4822" | sudo tee -a /etc/guacamole/guacd.properties > /dev/null
echo "user-mapping: /etc/guacamole/user-mapping.xml" | sudo tee -a /etc/guacamole/guacamole.properties > /dev/null
sudo ln -s /etc/guacamole /usr/share/tomcat/.guacamole
Then, create the user-mapping.xml file and configure user credentials and access paths to remote desktops or servers:
sudo nano /etc/guacamole/user-mapping.xml
In this file, define users and remote servers they can access. Here's an example configuration for accessing a server via RDP:
<user-mapping>
<authorize username="user" password="password">
<connection name="Windows Server">
<protocol>rdp</protocol>
<param name="hostname">192.168.1.100</param>
<param name="port">3389</param>
<param name="username">windows_user</param>
<param name="password">windows_password</param>
</connection>
</authorize>
</user-mapping>
Replace user, password, 192.168.1.100, windows_user, and windows_password with your own values. Once done, save the file and close the editor.
Restarting Services and Firewall Configuration
To make the changes effective, restart Tomcat and optionally configure the firewall:
sudo systemctl restart tomcat
sudo firewall-cmd --add-port=8080/tcp --permanent
sudo firewall-cmd --reload
This will open port 8080, which Tomcat uses, allowing access to Guacamole from a web browser.
Accessing Guacamole via Web Browser
You should now be able to access Guacamole via a web browser by entering your server's URL followed by port 8080 and the path /guacamole, for example, http://your-server:8080/guacamole. On the login screen, enter the username and password you defined in user-mapping.xml.
Modifications and Extensions
Apache Guacamole supports a wide range of configurations, including advanced authentication methods such as LDAP or OAuth, and environment customization through extensions. For these advanced configurations and extensions, it is recommended to consult the official Apache Guacamole documentation.
Security Recommendations
When deploying any system that allows remote access, it is crucial to prioritize security. Consider using strong passwords, secure connection via HTTPS, and regularly updating software to the latest versions to minimize security risks.
This article provided an overview of how to install and configure Apache Guacamole on CentOS for remote desktop access via a web browser. Guacamole represents an efficient and user-friendly alternative to traditional remote desktop solutions, allowing easy access to desktops and applications from any location and device.
