guacamole安装

centos7部署guacamole

系统环境

CentOS7.9 + Tomcat8.5 + JDK18 + guacamole-server1.3.0

一、环境准备

1、关闭防火墙

#关闭防火墙
systemctl stop firewalld.service
#开机禁用防火墙
systemctl disable firewalld.service

2、安装依赖

libguac使用Cairo进行图形渲染。如果没有安装Cairo，鳄梨酱就无法运作。

libguac使用libjpeg-turbo来提供JPEG支持

libgung使用libpng来编写PNG图像

libguac使用OSSP UUID为每个Guacamole连接分配唯一ID

#有些需要安装wget
yum install -y wget
#安装ffmpeg需要的源
yum install -y epel-release 
rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm

#安装依赖，有rdp、vnc、ssh等协议支持
#添加依赖库
yum update -y
yum install -y vim cairo-devel libjpeg-devel libpng-devel uuid-devel ffmpeg-devel freerdp-devel freerdp-plugins pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel libjpeg-turbo-devel libtool libwebsockets-devel

yum -y install java-1.8.0-openjdk*

yum install -y libjpeg-turbo-devel cairo-devel libjpeg-devel libpng-devel uuid-devel autoconf automake libtool xmvn

yum install wget configure make gcc gcc-c++ -y

二、安装服务端

1、编译安装guacamole-server（用的最新版1.3.0）

（官网下载版本地址：http://guacamole.apache.org/releases/）

#下载tar.gz压缩包
wget https://mirrors.tuna.tsinghua.edu.cn/apache/guacamole/1.3.0/source/guacamole-server-1.3.0.tar.gz
tar -zxvf guacamole-server-1.3.0.tar.gz
cd guacamole-server-1.3.0
./configure --with-init-dir=/etc/init.d
 make && make install

#让动态链接库为系统共享
ldconfig
service guacd start

2、配置guacd，在/etc/guacamole目录下新增配置文件

mkdir -p /etc/guacamole/
cd /etc/guacamole/
touch /etc/guacamole/guacd.conf
touch /etc/guacamole/guacamole.properties

###配置环境变量
vi /etc/bashrc

export GUACAMOLE_HOME=/etc/guacamole
source /etc/bashrc

###验证、直接执行，返回目录表示正确
echo $GUACAMOLE_HOME

###编辑配置文件/etc/guacamole/guacamole.properties

vi guacamole.properties

guacd-hostname: localhost
guacd-port: 4822
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
#和数据库创建的guacamole的用户名密码一致        
mysql-username: guacamole
mysql-password: guacamole

###编辑配置文件/etc/guacamole/guacd.conf，如果不配置，外网就telnet不通4822端口

vi /etc/guacamole/guacd.conf

[daemon]
pid_file = /var/run/guacd.pid
log_level = info
[server]
bind_host = 0.0.0.0
bind_port = 4822

#启动guacd服务和设置开机自启动，提示SUCCESS,表示安装成功。（分别是重启，开机自启）
service guacd start
/sbin/chkconfig guacd on

三、guacmole安装数据库扩展驱动(下面有数据库安装过程,如果分开部署，数据库扩展驱动放在client端)

mkdir -p /etc/guacamole/extensions
mkdir -p /etc/guacamole/lib
mkdir -p /etc/guacamole/sqlauth/
cd /etc/guacamole/sqlauth/

###下载guacamole-auth-jdbc-1.3.0.tar.gz（和前面的guacamole-server的版本必须一致，否则web会出现无法登录的情况）
wget https://mirrors.tuna.tsinghua.edu.cn/apache/guacamole/1.3.0/binary/guacamole-auth-jdbc-1.3.0.tar.gz

tar -zxvf guacamole-auth-jdbc-1.3.0.tar.gz 

cp /etc/guacamole/sqlauth/guacamole-auth-jdbc-1.3.0/mysql/guacamole-auth-jdbc-mysql-1.3.0.jar /etc/guacamole/extensions/

wget http://ftp.ntu.edu.tw/MySQL/Downloads/Connector-J/mysql-connector-java-5.1.49.tar.gz

tar -zxvf mysql-connector-java-5.1.49.tar.gz 

cp /etc/guacamole/sqlauth/mysql-connector-java-5.1.49/mysql-connector-java-5.1.49-bin.jar /etc/guacamole/lib/

• 创建数据库

mysql -u root -p

mysql> CREATE DATABASE guacamole_db;
mysql> CREATE USER 'guacamole'@'localhost' IDENTIFIED BY 'guacamole';
mysql> CREATE USER 'guacamole'@'127.0.0.1' IDENTIFIED BY 'guacamole';
mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole'@'localhost';
mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole'@'127.0.0.1';
mysql> FLUSH PRIVILEGES;
mysql> quit

cd /etc/guacamole/sqlauth/guacamole-auth-jdbc-1.3.0/mysql/
cat schema/*.sql | mysql -u root -p guacamole_db

四、guacamole web部署(客户端client)

1、安装tomcat8(记得安装jdk，在”安装依赖“部分)

wget http://archive.apache.org/dist/tomcat/tomcat-8/v8.5.9/bin/apache-tomcat-8.5.9.tar.gz
tar -zxvf apache-tomcat-8.5.9.tar.gz -C /usr/local/
cd /usr/local/
mv apache-tomcat-8.5.9 tomcat

2、配置 systemctl 文件（可以用使用systemctl启动tomcat）

vi /lib/systemd/system/tomcat.service

[Unit]
Description=tomcat
After=network.target
 
[Service]
Type=oneshot
ExecStart=/usr/local/tomcat/bin/startup.sh
ExecStop=/usr/local/tomcat/bin/shutdown.sh
ExecReload=/bin/kill -s HUP $MAINPID
RemainAfterExit=yes
 
[Install]
WantedBy=multi-user.target


chmod 754 /lib/systemd/system/tomcat.service 

3、tomcat服务启动设置

#启动服务 
systemctl start tomcat.service   
#关闭服务   
systemctl stop tomcat.service   
#开机启动   
systemctl enable tomcat.service

4、直接使用编译包安装guacamole-client（直接下载guacamole的war包）

#下载guacamole.war
wget https://mirrors.tuna.tsinghua.edu.cn/apache/guacamole/1.3.0/binary/guacamole-1.3.0.war
#将war包放进tomcat的webapps里，这里改了包的名字，web页面访问时就是包的名字(例：http://192.168.0.150:8080/guacamole-1.3.0)。
cp guacamole-1.3.0.war /usr/local/tomcat/webapps/guacamole.war
#重启tomcat
systemctl restart tomcat.service

五、访问web

http://ip:8080/guacamole/

用户名： guacadmin

密码 ： guacadmin

六、屏幕录制

1、创建一个存放录像的目录

mkdir /etc/guacamole/recording 

2、登录web

3、然后操作远程

4、进入server存放录屏的目录，转成普通视频，比如以下命令转成.m4v

###guacenc -s 1280x720 -r 20000000 -f 文件名称  （可以调高清晰度）
cd /etc/guacamole/recording
guacenc -s 1280x720 -r 20000000 -f test

5、下载到本地播放

七、其他操作：

1、在/etc/guacamole/目录下创建user-mapping.xml文件（这是手动创建的方式，是数据库认证连接不需要此文件）

#建立受权文件(修改这里时不用重启guacd,自动加载)
cd /etc/guacamole/
vi user-mapping.xml

<user-mapping>
###user是web登录的用户名，password：123456是web登录的密码
        <authorize username="user" password="123456">
                <connection name="ssh">
                        <protocol>ssh</protocol>
                        <param name="hostname">192.168.204.130</param>
                        <param name="port">22</param>
			<param name="ignore-cert">true</param>
                </connection>
连接方式ssh/rdp/vnc
                <connection name="rdp">
                        <protocol>rdp</protocol>
                        <param name="hostname">192.168.204.130</param>
###远程端口：ssh:22、rdp/win：3389、vnc:5901(改了的写修改后的端口)
                        <param name="port">3389</param>
###必须添加忽略认证：ignore-cert
                        <param name="ignore-cert">true</param>
                </connection>
                <connection name="vnc">
                        <protocol>vnc</protocol>
                        <param name="hostname">192.168.204.130</param>
                        <param name="port">5901</param>
                        <param name="ignore-cert">true</param>
                </connection>
        </authorize>
</user-mapping>

重启tomcat
systemctl restart tomcat.service 

2、数据库安装5.7

wget \
https://cdn.mysql.com/archives/mysql-5.7/mysql-community-client-5.7.32-1.el7.x86_64.rpm \
https://cdn.mysql.com/archives/mysql-5.7/mysql-community-common-5.7.32-1.el7.x86_64.rpm \
https://cdn.mysql.com/archives/mysql-5.7/mysql-community-libs-5.7.32-1.el7.x86_64.rpm \
https://cdn.mysql.com/archives/mysql-5.7/mysql-community-libs-compat-5.7.32-1.el7.x86_64.rpm \
https://cdn.mysql.com/archives/mysql-5.7/mysql-community-server-5.7.32-1.el7.x86_64.rpm

yum install -y mysql-community-*-5.7.32-1.el7.x86_64.rpm

# 开启MySQL服务器
systemctl start mysqld
# 查看默认生成的密码
cat /var/log/mysqld.log | grep password

mysql -uroot -h127.0.0.1 -p

# 设置密码等级
set global validate_password_length=4;
set global validate_password_policy=LOW;
# 修改默认密码，注意替换后面的密码
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '您的密码';
# 设置 root 账户远程登陆
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '您的密码' WITH GRANT OPTION;
FLUSH PRIVILEGES;

# 修改字符，没有的模块就创建
vim /etc/my.cnf
[client]
default-character-set=utf8

[mysql]
default-character-set=utf8

[mysqld]
character-set-server=utf8

3、乱码问题解决

https://www.linuxidc.com/Linux/2016-09/135548.htm