linux

apache guacamole安裝筆記

2022-05-27 Comments are off

伺服器端guacd使用docker的模式運行
127.0.0.1表示只允許本機連線
restart=always表示重開機可自動啟動

apt install docker.io
docker run --name some-guacd -d -p 127.0.0.1:4822:4822 guacamole/guacd --restart=always

前端使用tomcat9

下載guacamole-1.4.0.war存放在/var/lib/tomcat9/webapps/guacamole.war

systemctl restart tomcat9

資料庫mysql使用docker的模式運行

設定檔位置(需手工建立此目錄)
/etc/guacamole
lib位置(需手工建立此目錄)
/etc/guacamole/lib

docker run --name some-mysql -p 127.0.0.1:3306:3306 -e MYSQL_ROOT_PASSWORD=password -d mysql

下載guacamole-auth-jdbc-1.4.0.tar.gz
1.將guacamole-auth-jdbc-mysql-1.4.0.jar放在/etc/guacamole/extensions位置
2.這包內有資料庫schema要導入

/etc/guacamole/extensions/guacamole-auth-jdbc-mysql-1.4.0.jar

下載mysql-connector-java-8.0.29.jar放在/etc/guacamole/lib

/etc/guacamole/lib/mysql-connector-java-8.0.29.jar

導入schema,將sql文件複製到docker
預設帳密:guacadmin

docker cp 001-create-schema.sql *********:/
docker cp 002-create-admin-user.sql *********:/
進入docker
docker exec -i -t some-mysql /bin/bash
mysql -p < 001-create-schema.sql
mysql -p < 002-create-admin-user.sql

安裝ldap,如下路徑
/etc/guacamole/extensions/guacamole-auth-ldap-1.4.0.jar

/etc/guacamole/guacamole.properties內容

ldap-hostname: 10.3.1.6
ldap-port: 389
ldap-encryption-method: none
ldap-user-base-dn: OU=TSCS,DC=tgenergy,DC=com,DC=tw
ldap-search-bind-dn: ldap@tgenergy.com.tw
ldap-search-bind-password: ***********
ldap-username-attribute: sAMAccountName
ldap-user-search-filter: (&(objectclass=person)(company=TSC)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

# MySQL properties
mysql-hostname: localhost
mysql-database: guacamole_db
mysql-username: root
mysql-password: ***********
mysql-user-required: true

nginx代理重點,因必須支援websocket代理,不然會很慢,如下
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;

server {
        listen 443;
        server_name ****.tscs.com.tw;
        location /guacamole {
                proxy_pass http://10.3.101.1:8080;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
}

使用ms sql 2008無法連線問題

mssql-jdbc-9.4.0.jre11.jar
vi /etc/java-11-openjdk/security/java.security
mark
jdk.tls.disabledAlgorithms

#totp by group
登入some-mysql容器

docker exec -i -t  some-mysql /bin/bash
mysql -p

新增觸發器

DELIMITER $$

CREATE TRIGGER member_totpdisabled_insert
AFTER INSERT
ON guacamole_user_group_member FOR EACH ROW
BEGIN
    IF new.user_group_id = 1 THEN
        INSERT INTO guacamole_db.guacamole_user_attribute (user_id,attribute_name,attribute_value)
        VALUES (new.member_entity_id,'guac-totp-key-confirmed','false')
              ,(new.member_entity_id,'guac-totp-key-secret','totpdisabled');
    END IF;
END$$

DELIMITER ;
DELIMITER $$

CREATE TRIGGER member_totpdisabled_delete
AFTER DELETE
ON guacamole_user_group_member FOR EACH ROW
BEGIN
    IF old.user_group_id = 1 THEN
        delete from guacamole_db.guacamole_user_attribute where attribute_name in ('guac-totp-key-confirmed','guac-totp-key-secret') and user_id=old.member_entity_id;
    END IF;
END$$

DELIMITER ;
josh
apache guacamole安裝筆記

Previous Post

vsftpd
apache guacamole安裝筆記

Next Post

ScriptManager

You might also like

EMUELEC記錄
EMUELEC記錄
rocket chat安裝
rocket chat安裝
vmdk壓縮
vmdk壓縮