- 由 虚拟的现实创建于10月 11, 2023 需要 2 分钟阅读时间
简介
Apache Guacamole是一个使用Web(H5)做为前端的远程桌面网关,支持对使用VNC、RDP、Telnet和SSH协议服务器的远程访问。
官网地址:http://guacamole.apache.org/
Web浏览器
用户通过浏览器连接和管理后端的服务器,既可以是 Linux 服务器,也可以是 Windows 服务器。因为是 H5 页面,实际上,甚至可以在移动设备,如手机上进行访问。
guacamole
guacamole 是用户与 guacd 交互的中转站,主要功能是权限管理、配置管理和协议转换,实际上是一个 Web 服务器,通常是 Tomcat,用户登录到 guacamole 上之后,鉴权通过后,会请求后端的 guacd
guacd
guacd 实现与后端真实服务器的通信,支持 VNC、RDP、Telnet 和 SSH 协议
安装环境基于 CentOS 7
组件配置
配置操作系统组件
增加必要的系统组件,已经安装了 MySQL 数据库环境的无需再次安装
yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm yum install -y cairo-devel libjpeg-turbo-devel libwebsockets-devel libpng-devel uuid-devel ffmpeg-devel freerdp-devel pango-devel libssh2-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel libtool libtelnet-devel freerdp mariadb-server wget tomcat
下载安装包
wget https://downloads.apache.org/guacamole/1.3.0/source/guacamole-server-1.3.0.tar.gz tar -xzf guacamole-server-1.3.0.tar.gz wget https://downloads.apache.org/guacamole/1.3.0/binary/guacamole-1.3.0.war
编译安装
./configure --perfix=/usr/local/guacamole-server --with-systemd-dir=/etc/systemd/system/ make make install
启用相关服务
systemctl enable tomcat && systemctl enable mariadb && systemctl enable guacd cp ~/guacamole-1.1.0.war /var/lib/tomcat/webapps/guacamole.war firewall-cmd --permanent --add-port=8080/tcp firewall-cmd --reload
配置数据库组件
mkdir -p /usr/share/tomcat/.guacamole/{extensions,lib} wget https://cdn.mysql.com//Downloads/Connector-J/mysql-connector-java-8.0.26.tar.gz tar -xzf mysql-connector-java-8.0.26.tar.gz cp mysql-connector-java-8.0.26/mysql-connector-java-8.0.26.jar /usr/share/tomcat/.guacamole/lib/ wget https://downloads.apache.org/guacamole/1.3.0/binary/guacamole-auth-jdbc-1.3.0.tar.gz tar -xzf guacamole-auth-jdbc-1.3.0.tar.gz cp guacamole-auth-jdbc-1.3.0/mysql/guacamole-auth-jdbc-mysql-1.3.0.jar /usr/share/tomcat/.guacamole/extensions/ systemctl start mariadb && systemctl start tomcat
数据库配置
mysql -u root -p CREATE DATABASE IF NOT EXISTS guacdb DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; create user 'guacuser'@'localhost' identified with mysql_native_password by 'xxxxxxxxxxx'; grant all privileges on guacdb.* to 'guacuser'@'localhost'; flush privileges; quit wget https://downloads.apache.org/guacamole/1.3.0/source/guacamole-client-1.3.0.tar.gz tar -xzf guacamole-client-1.3.0.tar.gz cat guacamole-client-1.3.0/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/*.sql | mysql -u root -p guacdb
配置 guacamole
创建必须的文件
mkdir -p /etc/guacamole/ && vi /etc/guacamole/guacamole.properties
----------------------------------Inset Into VI--------------------------------------- hostname: 192.168.111.243 guacd-port: 4822 enable-clipboard-integration:true # MySQL properties mysql-hostname: localhost mysql-port: 3306 mysql-database: guacdb mysql-username: guacuser mysql-password: guacpass #Additional settings mysql-default-max-connections-per-user: 0 mysql-default-max-group-connections-per-user: 0 # TOTP settings totp-issuer: Remote Desktop totp-digits: 6 #----------------------------------End Inset Into VI---------------
配置对应的权限
chmod 0400 /etc/guacamole/guacamole.properties chown tomcat:tomcat /etc/guacamole/guacamole.properties ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat/.guacamole/ chown tomcat:tomcat /var/lib/tomcat/webapps/guacamole.war
增加 totp 2次验证
wget https://apache.org/dyn/closer.lua/guacamole/1.3.0/binary/guacamole-auth-totp-1.3.0.tar.gz cp guacamole-auth-totp-1.3.0/guacamole-auth-totp-1.3.0.jar /usr/share/tomcat/.guacamole/extensions/ systemctl restart tomcat
配置域名访问
通过 apisix 网关的方式实现基于域名的 http 访问。技术上主要的难点在于 URI 的改写。
1、通过 IP 地址的登录访问为: http://192.168.111.243:8080/guacamole ,如果只输入 IP 地址加端口会提示 404 错误。
2、在 apisix 的 GUI 配置管理界面中需要将默认的域名访问自动增加 /guacamole 的前缀
- 无标签
添加评论