From Andywiki
Jump to: navigation, search


Guacamole is remote desktop software, which allows any client to connect to it with only a HTML5 browser. No plugins, client software or any other headaches required!

Set up a webinar demo machine[edit]

These brief instructions show how to set up Guacamole on a remote server, so that it can be used as a demo machine, controllable and viewable by anyone with a web browser. I use this to perform remote demonstrations of web-based software. The instructions assume that a Debian Jessie system is used, with Apache already installed.

  • Install required packages:
   apt-get install xfce4 chromium guacamole-tomcat x11vnc xrdp libguac-client-rdp0
  • Configure Apache as a proxy to Tomcat (and Guacamole)
<VirtualHost _default_:443>
    ProxyPass       /  http://localhost:8080/guacamole/ flushpackets=on
    ProxyPassReverse / http://localhost:8080/guacamole/
    ProxyPassReverseCookiePath /guacamole/ /
    SSLEngine on
    SSLCertificateFile  /etc/ssl/certs/mycert.pem
    SSLCertificateKeyFile /etc/ssl/private/mykey.key
  • Add an RDP user to the Guacamole user config (/etc/guacamole/user-mapping.xml)
<authorize username="myuser" password="mypass">
    <param name="hostname">localhost</param>
    <param name="port">3389</param>
    <param name="password">rdp_pass</param>

Edit a connection to /etc/xrdp/xrdp.ini

name=My connection
password=vnc_pass # or "ask"
systemctl restart xrdp.service

Add a normal user to run X as:

useradd -m -g users -s /bin/bash andrew

Reconfigure X to allow any user to start it:

dpkg-reconfigure x11-common

Change to the normal user and start the required X services:

su andrew
x11vnc -storepasswd # As configured in /etc/xrdp/xrdp.ini
startx &
x11vnc -noncache -usepw -display :0 -rfbport 5900 -shared

It should now be possible to browse to the site configured in Apache, login to Guacamole, and see a standard XFCE desktop. Chromium (or Iceweasal/Firefox) can be launched from the applications menu.

Enabling Apache Portable Runtime (APR)[edit]

I don't know how much difference it makes (or whether it makes any difference in this environment), but APR is recommended for Tomcat to "provide superior scalability, performance, and better integration with native server technologies". It can be enabled by uncommenting the following section in /etc/tomcat8/server.xml:

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

And installing libtcnative-1:

apt-get install libtcnative-1