简介

Apache Guacamole是一个使用Web(H5)做为前端的远程桌面网关,支持对使用VNC、RDP、Telnet和SSH协议服务器的远程访问。

官网地址:http://guacamole.apache.org/

Web浏览器

用户通过浏览器连接和管理后端的服务器,既可以是 Linux 服务器,也可以是 Windows 服务器。因为是 H5 页面,实际上,甚至可以在移动设备,如手机上进行访问。

guacamole

guacamole 是用户与 guacd 交互的中转站,主要功能是权限管理、配置管理和协议转换,实际上是一个 Web 服务器,通常是 Tomcat,用户登录到 guacamole 上之后,鉴权通过后,会请求后端的 guacd

guacd

guacd 实现与后端真实服务器的通信,支持 VNC、RDP、Telnet 和 SSH 协议

安装环境基于 CentOS 7

组件配置

配置操作系统组件

增加必要的系统组件,已经安装了 MySQL  数据库环境的无需再次安装

yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
yum install -y cairo-devel libjpeg-turbo-devel libwebsockets-devel libpng-devel uuid-devel ffmpeg-devel freerdp-devel pango-devel libssh2-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel libtool libtelnet-devel freerdp mariadb-server wget tomcat

下载安装包

wget https://downloads.apache.org/guacamole/1.3.0/source/guacamole-server-1.3.0.tar.gz
tar -xzf guacamole-server-1.3.0.tar.gz
wget https://downloads.apache.org/guacamole/1.3.0/binary/guacamole-1.3.0.war

编译安装

./configure --perfix=/usr/local/guacamole-server --with-systemd-dir=/etc/systemd/system/
make
make install

启用相关服务

systemctl enable tomcat && systemctl enable mariadb && systemctl enable guacd
cp ~/guacamole-1.1.0.war /var/lib/tomcat/webapps/guacamole.war
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --reload

配置数据库组件

mkdir -p /usr/share/tomcat/.guacamole/{extensions,lib}
wget https://cdn.mysql.com//Downloads/Connector-J/mysql-connector-java-8.0.26.tar.gz
tar -xzf mysql-connector-java-8.0.26.tar.gz
cp mysql-connector-java-8.0.26/mysql-connector-java-8.0.26.jar /usr/share/tomcat/.guacamole/lib/
wget https://downloads.apache.org/guacamole/1.3.0/binary/guacamole-auth-jdbc-1.3.0.tar.gz
tar -xzf guacamole-auth-jdbc-1.3.0.tar.gz
cp guacamole-auth-jdbc-1.3.0/mysql/guacamole-auth-jdbc-mysql-1.3.0.jar /usr/share/tomcat/.guacamole/extensions/
systemctl start mariadb  && systemctl start tomcat

数据库配置

mysql -u root -p

CREATE DATABASE IF NOT EXISTS guacdb DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
create user 'guacuser'@'localhost' identified with mysql_native_password by 'xxxxxxxxxxx';
grant all privileges on guacdb.* to 'guacuser'@'localhost';
flush privileges;
quit

wget https://downloads.apache.org/guacamole/1.3.0/source/guacamole-client-1.3.0.tar.gz
tar -xzf guacamole-client-1.3.0.tar.gz
cat guacamole-client-1.3.0/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/*.sql | mysql -u root -p guacdb

配置 guacamole 

创建必须的文件

mkdir -p /etc/guacamole/ && vi /etc/guacamole/guacamole.properties


----------------------------------Inset Into VI---------------------------------------
hostname: 192.168.111.243
guacd-port: 4822
enable-clipboard-integration:true
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacdb
mysql-username: guacuser
mysql-password: guacpass
#Additional settings
mysql-default-max-connections-per-user: 0
mysql-default-max-group-connections-per-user: 0
# TOTP settings
totp-issuer: Remote Desktop
totp-digits: 6
#----------------------------------End Inset Into VI---------------

配置对应的权限

chmod 0400 /etc/guacamole/guacamole.properties
chown tomcat:tomcat /etc/guacamole/guacamole.properties
ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat/.guacamole/
chown tomcat:tomcat /var/lib/tomcat/webapps/guacamole.war

增加 totp 2次验证

wget https://apache.org/dyn/closer.lua/guacamole/1.3.0/binary/guacamole-auth-totp-1.3.0.tar.gz
cp guacamole-auth-totp-1.3.0/guacamole-auth-totp-1.3.0.jar /usr/share/tomcat/.guacamole/extensions/
systemctl restart tomcat

配置域名访问

通过 apisix 网关的方式实现基于域名的 http 访问。技术上主要的难点在于 URI 的改写。

1、通过 IP 地址的登录访问为: http://192.168.111.243:8080/guacamole ,如果只输入 IP 地址加端口会提示 404 错误。

2、在 apisix 的 GUI 配置管理界面中需要将默认的域名访问自动增加 /guacamole 的前缀

  • 无标签
写评论...