CentOS7安装guacamole

CentOS Linux release 7.9

安装依赖包

yum install cairo-devel libjpeg-turbo-devel libjpeg-devel libpng-devel libtool libuuid-devel uuid-devel

安装可选依赖包

yum -y install epel-release
yum install --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm
yum install ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel

编译安装guacamole server

wget https://dlcdn.apache.org/guacamole/1.4.0/source/guacamole-server-1.4.0.tar.gz --no-check-certificat
tar xf guacamole-server-1.4.0.tar.gz
cd guacamole-server-1.4.0/
./configure --prefix=/usr/local/guacamole --with-init-dir=/etc/init.d
make
make install
ldconfig
echo “export GUACAMOLE_HOME=/etc/guacamole” >> /etc/bashrc
source /etc/bashrc

安装guacamole client

yum install tomcat
wget https://dlcdn.apache.org/guacamole/1.4.0/binary/guacamole-1.4.0.war
cp guacamole-1.4.0.war /var/lib/tomcat/webapps/guacamole.war

默认认证(User-mapping.xml)

mkdir /etc/guacamole
vi /etc/guacamole/guacamole.properties

<user-mapping>
<authorize username="guacadmin" password="guacadmin" >
        <connection name="rdp1">
                <protocol>rdp</protocol>
                <param name="hostname">10.0.3.200</param>
                <param name="port">3389</param>
                <param name="username">test</param>
                <param name="password">test.1</param>
        </connection>

        <connection name="vnc1">
                <protocol>vnc</protocol>
                <param name="hostname">10.0.5.200</param>
                <param name="port">5901</param>
                <param name="password">test.1</param>
        </connection>

        <connection name="ssh1">
                <protocol>ssh</protocol>
                <param name="hostname">10.0.5.200</param>
                <param name="port">22</param>
                <param name="username">test</param>
                <param name="password">test.1</param>
                <param name="color-scheme">white-black</param>
                <param name="enable-sftp">true</param>
        </connection>
</authorize>
</user-mapping>

systemctl start tomcat
systemctl start guacd

数据库认证（mariadb）

yum -y install mariadb mariadb-devel mariadb-server
systemctl start mariadb
mkdir -p /etc/guacamole/extensions
mkdir -p /etc/guacamole/lib
wget https://apache.org/dyn/closer.lua/guacamole/1.4.0/binary/guacamole-auth-jdbc-1.4.0.tar.gz?action=download -O guacamole-auth-jdbc-1.4.0.tar.gz
tar xf guacamole-auth-jdbc-1.4.0.tar.gz
cp guacamole-auth-jdbc-1.4.0/mysql/guacamole-auth-jdbc-mysql-1.4.0.jar /etc/guacamole/extensions
wget http://ftp.ntu.edu.tw/MySQL/Downloads/Connector-J/mysql-connector-java-5.1.49.tar.gz
tar -zxvf mysql-connector-java-5.1.49.tar.gz
cp mysql-connector-java-5.1.49/mysql-connector-java-5.1.49-bin.jar /etc/guacamole/lib/
vi /etc/guacamole/guacamole.properties

# MySQL properties
mysql-hostname: localhost
mysql-database: guacamole_db
mysql-port: 3306
mysql-username: guacamole_user
mysql-password: some_password

mysql -u root

mysql> CREATE DATABASE guacamole_db;
mysql> CREATE USER 'guacamole_user'@'localhost' IDENTIFIED BY 'some_password';
mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';
mysql> FLUSH PRIVILEGES;
mysql> quit

cat guacamole-auth-jdbc-1.4.0/mysql/schema/*.sql | mysql -u root guacamole_db
mv /etc/guacamole/guacamole.properties /etc/guacamole/guacamole.properties.bak
systemctl restart tomcat

TOTP认证，授权码从软件“Authing令牌”获取

wget https://apache.org/dyn/closer.lua/guacamole/1.4.0/binary/guacamole-auth-totp-1.4.0.tar.gz?action=download -O guacamole-auth-totp-1.4.0.tar.gz
tar xf guacamole-auth-totp-1.4.0.tar.gz
cp guacamole-auth-totp-1.4.0/guacamole-auth-totp-1.4.0.jar /etc/guacamole/extensions/
systemctl restart tomcat

OIDC安装扩展步骤如下，配置后续补充

wget https://apache.org/dyn/closer.lua/guacamole/1.4.0/binary/guacamole-auth-sso-1.4.0.tar.gz?action=download -O guacamole-auth-sso-1.4.0.tar.gz
tar xf guacamole-auth-sso-1.4.0.tar.gz
cp guacamole-auth-sso-1.4.0/openid/guacamole-auth-sso-openid-1.4.0.jar /etc/guacamole/extensions/

测试中发现的问题

• 在外网可以远程登录，和内网中登录使用无明显差异感觉
• 内外网远程登录时偶有断开连接情况，但可快速的手动再次连接登录或15s后自动重连
• VNC分辨率固定为1024x768，可通过配置远程用户的~/.vnc/config文件中的geometry参数进行调整（需重起VNC服务）
• 剪贴板默认配置未修改时，远程向本地可直接拷贝文字，反向不行
• 使用剪贴板可在远程及本地间拷贝文字，但VNC远程时对中文不支持
• 剪贴板和SFTP使用时需按“ctrl+alt+shift”三键，SFTP使用时相对而言不太方便(不能直接拖拉文件，而是窗口中上传或下载)
• 使用ssh远程时，输入与执行命令时有卡顿，且字符“-”显示时极像“_”,VNC或RDP时无此现象
• VNC和RDP的色彩深度选择16色即可，满足基本的需求，并减少带宽使用
• 多用户同时登录使用场景暂未测试