Guacamole with MySQL on Ubuntu

DOCKER VERSION HERE

UPGRADE INSTRUCTIONS FROM 0.9.x HERE

GITHUB HERE

The following will install Guacamole 0.9.14, Tomcat 7, and MySQL on Ubuntu 16.04 for you. All you have to do is pick a MySQL Root Password and guacamole_user password. (two variables at the top of the script).

NOTE: The GitHub versions will install on multiple versions of Ubuntu and Debian, but this guide will focus only on Ubuntu 16.04 for simplicity

NOTE: Ubuntu 17+ uses gcc-7 by default and 0.9.14 does not compile with gcc-7 – the workaround is to install gcc-6 via apt-get then prefix the configure and make commands with CC="gcc-6" E.G. CC="gcc-6" ./configure --with-init-dir=/etc/init.d

If you would like you can download the “fully scripted” version (which is maintained a bit more than this text version) of this like so:

wget https://raw.githubusercontent.com/MysticRyuujin/guac-install/master/guac-install.sh
chmod +x guac-install.sh
./guac-install.sh

Additional Credits to Emilio and Alex for the RDP fix(s) in comments section.

#!/bin/bash
# WORKING ON UBUNTU 16.04 WITH GUAC 0.9.14 AND TOMCAT7

# Set these passwords!
mysqlrootpassword=""
guacdbuserpassword = ""

# Version numbers of Guacamole and MySQL Connector/J to download
GUACVERSION="0.9.14"
MCJVERSION="5.1.45"

# Tomcat Version
TOMCAT="tomcat7"

# Set MySQL root password as defined above for apt installer
debconf-set-selections <<< "mysql-server mysql-server/root_password password $mysqlrootpassword"
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $mysqlrootpassword" #Install Stuff apt-get -y install build-essential libcairo2-dev libjpeg-turbo8-dev libpng12-dev libossp-uuid-dev libavcodec-dev libavutil-dev libswscale-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev mysql-server mysql-client mysql-common mysql-utilities ${TOMCAT} freerdp-x11 ghostscript wget dpkg-dev # Set SERVER to be the preferred download server from the Apache CDN SERVER="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GUACVERSION}" # Download Guacamole Server wget -O guacamole-server-${GUACVERSION}.tar.gz ${SERVER}/source/guacamole-server-${GUACVERSION}.tar.gz # Download Guacamole Client wget -O guacamole-${GUACVERSION}.war ${SERVER}/binary/guacamole-${GUACVERSION}.war # Download Guacamole authentication extensions wget -O guacamole-auth-jdbc-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-jdbc-${GUACVERSION}.tar.gz # Download MySQL Connector-J wget -O mysql-connector-java-${MCJVERSION}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-${MCJVERSION}.tar.gz # Extract Guacamole files tar -xzf guacamole-server-${GUACVERSION}.tar.gz tar -xzf guacamole-auth-jdbc-${GUACVERSION}.tar.gz tar -xzf mysql-connector-java-${MCJVERSION}.tar.gz # MAKE DIRECTORIES mkdir -p /etc/guacamole/lib mkdir /etc/guacamole/extensions # Install GUACD cd guacamole-server-${GUACVERSION} ./configure --with-init-dir=/etc/init.d make make install ldconfig systemctl enable guacd cd .. # Get build-folder BUILD_FOLDER=$(dpkg-architecture -qDEB_BUILD_GNU_TYPE) # Move files to correct locations mv guacamole-${GUACVERSION}.war /etc/guacamole/guacamole.war ln -s /etc/guacamole/guacamole.war /var/lib/${TOMCAT}/webapps/ ln -s /usr/local/lib/freerdp/guac*.so /usr/lib/${BUILD_FOLDER}/freerdp/ cp mysql-connector-java-${MCJVERSION}/mysql-connector-java-${MCJVERSION}-bin.jar /etc/guacamole/lib/ cp guacamole-auth-jdbc-${GUACVERSION}/mysql/guacamole-auth-jdbc-mysql-${GUACVERSION}.jar /etc/guacamole/extensions/ # Configure guacamole.properties echo "mysql-hostname: localhost" >> /etc/guacamole/guacamole.properties
echo "mysql-port: 3306" >> /etc/guacamole/guacamole.properties
echo "mysql-database: guacamole_db" >> /etc/guacamole/guacamole.properties
echo "mysql-username: guacamole_user" >> /etc/guacamole/guacamole.properties
echo "mysql-password: $guacdbuserpassword" >> /etc/guacamole/guacamole.properties

# Restart Tomcat Service
service ${TOMCAT} restart

# Create guacamole_db and grant guacamole_user permissions to it #

# SQL code
SQLCODE="
create database guacamole_db;
create user 'guacamole_user'@'localhost' identified by "$guacdbuserpassword";
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';
flush privileges;"

# Execute SQL code
echo $SQLCODE | mysql -u root -p$mysqlrootpassword

# Add Guacamole schema to newly created database
cat guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/*.sql | mysql -u root -p$mysqlrootpassword guacamole_db

# Ensure guacd is started
service guacd start

# Cleanup
rm -rf guacamole-*
rm -rf mysql-connector-java-${MCJVERSION}*
echo -e "Installation Completenhttp://localhost:8080/guacamole/nDefault login guacadmin:guacadminnBe sure to change the password."

I recommend that you restart now to make sure everything sticks and works after reboot.

203 thoughts on “Guacamole with MySQL on Ubuntu

  1. Hello Chase, this is awesome easy to follow and did not get any errors during the install however I just get a blank whit screen when I go to http://localhost:8080/guacamole, I do see it is getting there as in the browser I see the guacamole icon but just get a white screen, I have installed this several times to make sure I did not miss something,. Any help would be greatly appreciated?

    1. Check the /etc/default/tomcat8 file and make sure you have this line at the bottom:
      GUACAMOLE_HOME=/etc/guacamole

      1. Hey Chase, running into the same problem. Did check Tomcat and the last line is indeed:

        GUACAMOLE_HOME=/etc/guacamole

        Any other suggestions?

        Thanks for this guide by the way, very easy to follow for a non-linux user.

    2. did you ever get a reply?

      I have the same problem using this script & instructions (white screen).

      Previously I’ve installed guacamole okay using the website instructions but this didn’t work.

      I see several people have this white screen issue and was hoping to avoid duplicating troubleshooting work if someone can post their solution I’d appreciate it.

      Brian

    3. I had the same problem. I fixed it by editing the file /etc/guacamole/guacamole.properties and changed the “mysql-password” to the password I had selected earlier. I then restarted the guacd server with “sudo service guacd restart” and the problem was fixed.

  2. Have you try make a VNC connection? in 0.9.7 version i’ve never succeed, do you have any solutions?
    In this version is no problem with SSH, Telnet and RDP buat always failed in VNC

    1. No, I have not tried VNC, I would try getting help on the guacamole forms. The dependencies were installed in this script. Can you VNC directly to the machine using a VNC Client?

      1. If i using guacamole 0.9.4 there is no problem to connect to my VNC server, and i also can connect using VNC client to that server, but if i use guacamole 0.9.7 the connaction always failed, thank you

  3. Just wanted to say: Thanks! These are the most straightforward, clear, no-nonsense instructions I’ve seen yet for installing Guacamole on Ubuntu. It works! I’ve been banging away for hours trying to get the guacamole docker images to play nice and finally gave up. Your instructions had me up and running in minutes. Now looking to get SSL/TLS setup on Tomcat8…

    1. Well… it worked briefly. Now I have the same issue as James: blank white page. The browser spins for a couple minutes then settles on the blank white page with the guacamole icon in the browser tab. GUACAMOLE_HOME=/etc/guacamole is indeed at the bottom of /etc/default/tomcat8 . I tried reinstalling on new Ubuntu server 15.04 instances several times and now can never get past the blank white page. This is actually the same issue I was having with the Guacamole Docker images.

  4. Hello James, Thanks a lot for this very easy Tuto. No error during install, but I am having the same issue than James and Nate : the blank white page with the guacamole icon in the browser tab. GUACAMOLE_HOME=/etc/guacamole is indeed at the bottom of /etc/default/tomcat8 . I tried reinstalling several times on Ubuntu 15.04 instances and can never get past the blank white page. Your help will be appreciated.

    1. make sure all the correct services are running, mysql, tomcat8, guacd

      Double check the permissions of your files and folders.

      Check the passwords and configurations for the MySQL database.

  5. I just wanted to say thanks! Everything worked like a charm! I’ve looked for the past couple of days for a proper tutorial and yours just worked right off the bat. I had a speed-bump with mysql but checked the tomcat8 logs to find I had misconfigured the user account! Helps when I don’t forget the ; at the end of statements, LoL.

  6. Thanks for the great tutorial. Everything seems to be working fine except file transfer.

    I cannot see a virtual drive on the remote RDP machine. I am able to upload the files on Guacamole by drag/drop but that’s it. I cannot locate the files on the remote machine. I see the following in my logs:

    guacd[1435]: INFO: Guacamole proxy daemon (guacd) version 0.9.7 started
    guacd[1435]: DEBUG: Unable to bind socket to host ::1, port 4822: Address family not supported by protocol
    guacd[1435]: DEBUG: Unable to bind socket to host 127.0.0.1, port 4822: Address already in use
    guacd[1435]: ERROR: Unable to bind socket to any addresses.

    Is this actually supposed to be working if we follow the instructions above? Or maybe some additional steps are required? Please advise.

    1. You might want to try the new guac 0.9.8 it seems to have a few RDP and file fixes. I’ve never tried file transfer…

      1. No luck..I just installed 0.9.8 following your instructions. Everything works except file transfer. Any other ideas?

  7. Nice! Just replace 0.9.7 with 0.9.8 to be up to date with Guacamole. I’ll make my setup connected with the AD now …

  8. That’s one amazing run through, got it working 1st time. Would love you to do one on how to get LDAP auth working for Active directory, cant figure it out for the life of me.

  9. Great article Chase, however I have one issue.

    I didnt want to use the default guacadmin account so I created a new Guac user in the web-app itself. I gave the user full permissions and then tried using the connection I originally setup with Guacadmin, I get a “you do not have permission to access this connection” error.
    So the next thing I tried was creating a connection under the new account (which I was able to just fine) but I get the same connection permission error. It almost seems like I have full permission to administer the application but not to use any of the connections…

    Any ideas?

    Thanks in advance…

  10. I guess I’ll add my name those that have installed using the above and ended up with a white screen when I try to get to the guacamole server with my browser.

    Any ideas?

    1. Thanks for the great tutorial.
      I had the same problem, but found out that I forgot this:
      root@debian:~# cat guacamole-auth-jdbc-0.9.7/mysql/schema/*.sql | mysql -u root -pMYSQLROOTPASSWORD guacamole_db
      Remember to replace ‘MYSQLROOTPASSWORD’ by the actual password you created for the root user.

  11. BTW, if after restart tomcat you have a loooooong wait time with “awaiting connection…” and white empty screen, that can be caused by entropy pool low watermark issues (google “tomcat entropy”) so tomcat will be blocked until entropy pool will be ready (in non-user-interactive systems that can take up to tens of minutes!) HAVEGED can help as one of workarounds (and no, I do not know is there security flaws or entropy quality worse or better with that):

    $~ sudo apt-get install haveged

    1. Instead of installing haveged you can get Java to use /dev/urandom instead, but adding this line to java.security (usually found in a path similar to this : /usr/lib/jvm/java-7-openjdk-i386/jre/lib/security/java.security).
      securerandom.source=file:/dev/./urandom

  12. I followed the instructions and I am also having the same issue with the white screen and the FAVICON loading.

    What I did notice is that if I comment out GUACAMOLE_HOME in the /etc/default/tomcat8 file then I get the proper login prompt but I can’t log into the site.

    So this seems to be the issue.

    I checked the permissions and they are working properly as is MySQL. GuacD is running properly also.

    Thanks.

  13. Hi there!

    For some reason, apt can’t find tomcat 8.

    What sources do you have defined for ubuntu?

    Cheers!

    1. I have not modified anything for apt… This should work from a fresh install of Ubuntu. There is no space in the package name. “apt-get -y install tomcat8”

    2. @Pete

      What Tomcat your distro has depends on Distro & on what release of the Distro.

      In older Ubuntu it was Tomcat7
      In newer Ubuntu it is now Tomcat8

      Check your distro to see which it has as its default in its repositories.

      1. Just spotted on google that this article used to say Ubuntu 15.10 in the title?

        That explains it. I was on 14.04.

        I got it working with tomcat7, however had some other issues with Ubuntu.

        I’ve flattened the lot, and am installing 15.10 now.

        Cheers! 😀

  14. Can I add :

    Populate the database you just created. Again, change the MYSQLROOTPASSWORD

    cat guacamole-auth-jdbc-0.9.9/mysql/schema/*.sql | mysql -u root -pMYSQLROOTPASSWORD guacamole_db

    This command needs to be ran from /home/USERNAME

    Also, my password breaks the command due to a charachter in it..

    In my case I have to do :

    Populate the database you just created. Again, change the MYSQLROOTPASSWORD

    cat guacamole-auth-jdbc-0.9.9/mysql/schema/*.sql | mysql -u root -p guacamole_db

    Then it will ask me for a password. 🙂

  15. I went back to 14.04 and tomcat7.

    I could not bear NOT having “eth0” as a network interface.

    One issue with this script I have noticed :

    “systemctl enable guacd”

    “systemctl” is not part of ubuntu, it seems.

    I’ll try “update-rc.d guacd defaults” instead

  16. Nice script. I’ve got a similar one on my site for 0.9.9 on Ubuntu 14.04 with Tomcat7. The only differences are that I use debconf-set-properties to pass mysql passwords during install time, and also create the guacamole database inline.

    For Virtual machines, I’ve found that /dev/random can take a long time to create entropy, and can even fail. So you can modify java.securitiy to use /dev/urandom instead.
    http://chari.titanium.ee/script-to-install-guacamole/

    1. Bharath Chari,

      Without any modification to my Ubuntu 15.10 VM I have this:
      cat /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security | egrep securerandom.source=
      securerandom.source=file:/dev/urandom

  17. Nice work Bharath!

    I got it installed in the end with minor modifications to chase’s script., however I have bookmarked your script page because I know I will end up setting this up again somewhere else. I can appreciate the awkwardness both of you have to overcome to get your scripts working well, so I appreciate and applaud both of you for your efforts and contributions.

    🙂

    1. Thanks Pete,

      I noticed earlier on in the thread that you had issues because of special characters in your mysql password. In the event that you do use my script, please enclose the variables in single-quotes if you’re using special characters.
      It’s really nice of Chase to allow me to post links to my own script.

  18. hi chase,

    i am following your tutorial, do I need to install freerdp server or xrdp server? it is not mentioned above, I am confused here.

    thanks!

    1. If you are trying to connect to the server running guacamole then, yeah it needs to run some sort of remote control software. If you are trying to connect to other systems then no, it doesn’t need anything else to work. All dependencies are included to connect to remote systems.

      1. hi chase,

        could you give example of what you said of connecting to other system instead of connecting to server running guacamole? i couldn’t figure out what you mean here.

        also, i was following one tutorial of installing guacamole and there it is mentioned to create a symbolic link: sudo ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat7/.guacamole

        this is not done in your case, he used guacamole-0.9.2 and tomcat7 so I guess this is not mandatory, i guess

        thanks!
        suman

        1. Guacamole is a web proxy. You create a new “connection” for each sever/host you want to connect to and in the connection form menu put the IP address of “that” server. Of course servers you connect to must have VNC, RDP/XRDP installed/configured on them. Then when in guacamole you create a new user… at the bottom of that screen you check which servers “that” user can choose from later. Of course “that” user also needs a valid user acct on any server they want to connect to.

  19. hi chase,
    to run the file transfer with rdp I added this:
    mkdir / usr / lib / x86_64-linux-gnu / freerdp
    ln -s / usr / local / lib / freerdp / guac * / usr / lib / x86_64-linux-gnu / freerdp /
    perhaps it is worthwhile to upgrade your script
    thanks for giving me life easier … 🙂

    1. Emilio,
      This symlink line has solved a lot of frustration, thanks!
      For me (Debian 8, Guac 0.9.9) the freerdp dir was already created, but the files were not linked.

  20. Congratulations, this article is really good and clear.

    Would add two details:
    1) Castelluccio Emilio’s comment that really works
    2) the installation of GhostScript package, which enables printing on RDP.

    Greetings and thanks!!!!!

  21. Hi Chase!

    Super Guide!

    Can u help me?

    I can`t login with guacadmin user and guacadmin password – incorrect?
    Why guacadmin incorrect?

    1. i find solution:
      sudo nano /etc/guacamole/guacamole.properties
      auth-provider: net.sourceforge.guacamole.net.auth.mysql.MySQLAuthenticationProvider

  22. New question:
    guacamole-server version 0.9.9
    ————————————————

    Library status:

    freerdp …………. yes
    pango …………… yes
    libssh2 …………. yes
    libssl ………….. yes
    libtelnet ……….. yes
    libVNCServer …….. yes
    libvorbis ……….. yes
    libpulse ………… yes
    libwebp …………. yes

    Protocol support:

    RDP ……. yes
    SSH ……. yes
    Telnet …. yes
    VNC ……. yes

    But trought RDP can`t connect.
    OS Ubuntu 14.04
    log:
    17:55:18.914 [http-bio-8080-exec-7] INFO o.g.g.n.b.r.a.AuthenticationService – User “guacadmin” successfully authenticated from 192.168.1.100.
    17:55:27.008 [http-bio-8080-exec-2] ERROR o.g.g.n.b.w.t.GuacamoleWebSocketTunnelServlet – Creation of WebSocket tunnel to guacd failed: End of stream while waiting for “args”.

    Where my error?

  23. I can confirm above instructions still work for Ubuntu 16.04. I had no problem installing Guacamole on 16.04.
    After installing admin page can be found at http://server-ip:8080/guacamole
    guacadmin account works fine for configuring.

    One comment though:
    For RDP file transfer support I had to copy /usr/local/lib/freerdp/guacsnd-client.so and /usr/local/lib/freerdp/guacdr-client.so to /usr/lib/x86_64-linux-gnu/freerdp

  24. This guide is definitely the best guide to install guacamole on Ubuntu. I just tested today on 16.04 and it works perfectly. There is one problem, following your guide everything will work perfectly except for extra features of RDP (remote sound, remote printing, and remote drive).

    This can be simple fixed by adding the lines to your script

    apt-get install freerdp ghostscript
    ln -s /usr/local/lib/freerdp/* /usr/lib/x86_64-linux-gnu/freerdp/.

    after that everything should work perfectly

  25. Hello Chase! Thanks for your useful posting!
    I love guacamole. You article is very helpful for me!

    Now I have some problem.
    I’d like to add some functions to default guacamole app.

    Guacamole says it is possible.

    So could you tell me about it? How can I add?
    for example, I’d like to add useremail fields in guacamole_user table.

    Hope your answers!
    Best regards.
    Leonid

    1. Leonid, you’d be better off asking on their official forms or searching Google for a similar blog post. This isn’t something I’ve done myself. Sorry.

  26. Thanks for making such an easy-to-use .SH script. Saves me a LOT of time and effort. Might want to consider putting this on the Guacamole site itself.

    Quick question. I’ve dug around for answers but the Google overlords aren’t finding any answers.

    Whether I’m creating a new group or a new connection, it doesn’t show up in the list. I have to logout and login again before it shows.

    Have you heard of this happening before? I can provide system specs (but needless to say, it’s 16.04.1 updated and using your .SH script).

    1. John,

      I literally just re-installed this a few days ago and used my own script to do it. I’m not having that problem. I just created a new connection group and it showed up right away.

      Try a different browser? Any extensions blocking anything? Maybe open a ticket with the developers…I don’t know 🙂

      1. Well … I just opened my site in a different browser (IE vs Chrome), created a new 2nd Windows connection, and … still not showing up.

        What’s weird is, I decided to use your script at first because my original Guacamole server worked right (new connections would show), but I could never get it to connect. After yours did the same thing, I dug deeper and realized that I hadn’t disabled “proxy_buffering”. Once I did that, the connections worked normally.

        I don’t know what I did with yours. Brand-new Ubuntu 16.04.1 server, all updated, nothing customized. Ran your 0.99 .SH script (oh, I had meant to point out the “sed” thing the guy RIGHT AFTER ME pointed out … but forgot to), and had a Guacamole server. But … unlike my earlier one (I deleted it … idiot), this one isn’t showing new connections until I logout.

        I went digging through the forums, couldn’t find an instance of this. Was kinda’ hoping you’d have an idea (maybe the SQL server part?)

        1. Yeah I am. I also read that guacamole works really well behind a reverse proxy.

        2. Try to bypass it, see if behavior changes. I will post my config later when I get a chance.

      1. Well, that’s odd.

        It suddenly started working … on both sides of the reverse proxy.

        Thanks for the profile, though.

      2. Would this code help me enable https for mysite.com:8443/guacamole? I am undable to get 8443 to work. It works fine with http:mysite.com:8080/guacamole..

        Could you point me to the correct location?

        Thanks

        1. Try to un-comment this config section

          Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11NioProtocol”
          maxThreads=”150″ SSLEnabled=”true” scheme=”https” secure=”true”
          clientAuth=”false” sslProtocol=”TLS”

          In /etc/tomcat8/server.xml then restart tomcat service tomcat8 restart I don’t know if that’ll work or not…maybe?

        2. Thanks Chase, I tried that. When that section is not commented out, my guacd landing page just hangs as if it’s trying to load. however when it is commented out, i get the unable to connect page.

          Is there anything else I should adjust, such as an SSL = true somewhere?

          I appreciate your help on this one.

          Cheers

        3. On most installations, I install nginx or apache and reverse proxy guacd. The reason is because at the time I wanted to use lets encrypt and getting it working with tomcat was an exercise in futility whereas more mainstream web servers will always be easy to use. Perhaps this could be a solution for you also? The nginx config I use is below.

          # Listen 80
          server {
          listen 80 default_server;
          listen [::]:80 default_server;

          server_name guacamoleserver.com;
          #bounce everyone to HTTPS using a 301 redirect
          return 301 https://$server_name$request_uri;
          # Nginx hardening – suppress 401 and 403 messages
          error_page 401 403 404 /404.html;

          root /var/www/html;

          # Add index.php to the list if you are using PHP
          index index.html index.htm index.nginx-debian.html;

          # Proxy guacamole through nginx
          location / {
          proxy_pass http://localhost:8080/guacamole/;
          proxy_buffering off;
          proxy_http_version 1.1;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection $http_connection;
          access_log off;
          }

          }

          server {
          # SSL Configuration
          listen 443 ssl default_server;
          listen [::]:443 ssl default_server;
          include snippets/ssl-guacamoleserver.com.conf;
          include snippets/ssl-params.conf;
          # nginx hardening — suppress 401 and 403 messages
          error_page 401 403 404 /404.html;

          location / {
          proxy_pass http://localhost:8080/guacamole/;
          proxy_buffering off;
          proxy_http_version 1.1;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection $http_connection;
          access_log off;
          }

          }

        4. I already have a post about LetsEncrypt and NGINX and I use Guacamole as an example but this is useful for the comments section too.

  27. Thanks for this great script!
    I only ran into this small issue: after running the chmod command, executing the script throws an error “/bin/bash^M: bad interpreter: No such file or directory”. After checking the file, it looks like it might not have the proper line feed encoding (saved as Windows versus Unix). I found this command, which converted the line feeds to proper Unix encoding: “sed -i -e ‘s/r$//’ guac-install.sh”.

    Once that was sorted, the install went perfectly!

    1. Thanks for letting me know! It is because of the encoding. Ill update. For future reference you can use dos2unix to fix that.

  28. Hi There,

    I’m trying this on my Ubuntu box but it seems to be failing & giving me this message, do you know what this might be at all?

    ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: YES)

    1. I think I figured it already, i tried this twice & changed the password, the original password is letting me in.
      Thanks

  29. I could not connect to guacamole after running this script. I fixed this by running the following command:
    sudo ufw allow 8080/tcp

  30. Hey Chase,
    Awesome script, I just made two minor changes.

    I did a fresh install of Ubuntu 16.04 desktop as a virtual box then I went to your blog with firefox, and also opened a terminal window

    I cut and paste the following in the terminal window.

    sudo apt install dos2unix

    wget https://raw.githubusercontent.com/MysticRyuujin/guac-install/master/guac-install.sh
    chmod +x guac-install.sh
    dos2unix guac-install.sh
    sudo ./guac-install.sh

    it was awsome. I went to the http://localhost:8080/guacamole and everything worked. thanks for the awesome script. I just need to add a ssl cert and change the website to be the default.

  31. Hi, i cant connec to the web interface, it show bad login….
    How can i change user & password for this one?

    Thx

        1. If guacadmin/guacadmin doesn’t work then you didn’t follow the tutorial correctly. Try again, or go to the guacamole forms.

  32. Do you have please some webpage that explain also
    the settings of VNC o RDP in order to use the guacamole ?
    Thanks in advance

    1. Guacamole isn’t an RDP or VNC Server, it’s a client. So if you’re trying to connect to a Linux or Mac system it will need a VNC server installed and configured on it. Windows Home version doesn’t allow RDP connections TO them but the rest of the versions do, assuming you set it to be allowed and allow it in Windows Firewall (if turned on). As far as Guacamole goes you just need to go to the settings by clicking on the top right, go to the connections tab, click New Connection. Then just configure it as needed…For a Windows RDP session fill in the Name of the computer, change the protocol to RDP, enter the hostname (or IP), enter the username, password, and domain (if you’re not on a domain leave it blank, if that doesn’t work enter the computer name in this field), set security mode to NLA, then click “Ignore server certificate”…that’s all that is required.

  33. Thanks for the answer.

    What i need is to configura a RDP connection in order to connect a VM make it using KWM
    with windows7 (ultimate)

    So I need to configure the RPD protocol
    I still not understand if guacamole need a RDP server or RDP client in order to connect
    to windows 7

    I find on net the xrdp, the freedrp the freerdpx11 and the xfreerdp …witch one is the best
    in my case ?

    Thanks a lot again
    Denis

  34. I Just saw this and was wondering if I set up guacamole on a Linux PC, can it be configured to allow a remote user to log in if I don’t know their host name or IP address? I’m looking to provide PC support to Windows users using my Linux box and seeing their screens so I can provide accurate instructions. I’d like to be able to remotely access their screen without them being able to access mine. I provide support for 3 friends but don’t drive any longer, and would like to provide support similar to webex taking over the customer’s screen.

  35. Hey, Chase,
    good instructions and a script to work out all well and start the server.
    But I have a few problems.

    1. When trying to connect on port 3389 (RDP), you receive the error “An error occurred on the server” in the interface of speaking that, with all the logs approx.
    2. After an attempt at connection port 5900, there is the same error as with the RDP, with ssh connects perfectly.

    logs:
    23:57:13.477 [http-nio-8080-exec-10] INFO o.g.g.net.basic.TunnelRequestService – User “admin” connected to connection “3”.
    23:57:13.626 [http-nio-8080-exec-3] INFO o.g.g.net.basic.TunnelRequestService – User “admin” disconnected from connection “3”. Duration: 149 milliseconds

    There is a connection attempt and reset …

    1. While I can’t help you diagnose your RDP issues in detail here are a few key points:
      #1. RDP only works on Windows Pro versions are higher, not Home. You can RDP FROM a Home version but not TO a home version.
      #2. You must enable remote desktop on the system you’re trying to connect to.
      #3. You must ensure that the firewall is allowing the RDP connection on the remote system.
      #4. You must ensure that the username and password you are using is allowed to remote to that system.
      #5. If you are using Network Level Authentication, you should probably tell Guacamole to ignore the certificate (unless of course you actually have a certificate trust configured in your network).

      1. I would like to add to your information.

        You can RDP to a Home version, but you have to install RDPWrap (https://github.com/stascorp/rdpwrap)

        Guacamole is very finicky with RDP configs. Here’s a few config scenarios I have working

        RDP with NLA enabled on the Target Win 10:
        Security Mode: NLA, Check Ignore Certificates, Fill out Username and Password fields

        RDP with no NLA on Win 10 no credentials pre-entered:
        Security Mode: TLS Encryption, Ignore Certificates, Fill out Username field, i.e. “Enter Username”

        RDP with no NLA on Win 10 with credentials pre-entered:
        Security Mode: Any Encryption, Ignore Certificates, Fill out Username field, and Password Field

        Thanks for all your work making this install easy Chase!!

      1. As the connection is outgoing this shouldn’t be required unless you’ve altered the standard installation. Unless there’s something I don’t know about the Desktop version (I use Server)?

  36. thanks, Chase, RDP is working now. But VNC can’t start session. i see error in browser.
    CONNECTION ERROR”
    An error occurred on the server, Remote Desktop and the connection was closed. Please try again later or contact your administrator.”

  37. guacadmin password not working on a fresh install.
    Freshly build Ubuntu 16.04 LTS with only SSH/SAMBA/Utilities
    Installed Webmin
    Applied updates/upgrades
    Ran each line in script as SUDO SU.
    Changed password where instructed.
    Guacamole 0.9.9 loads, but guacadmin/guacadmin does not allow me to connect.
    Any pointers/suggestions/etc appreciated

  38. Not sure why, but curl was not installed on my base ubuntu 16.04 container. Added curl to the initial list of the installed packages and the script worked fine again.

  39. Hello,

    I had also problem with the white blank screen with Ubuntu 16.04. I looked MySQL logs and there was an error about SSL. This is a similar problem http://stackoverflow.com/questions/34189756/warning-about-ssl-connection-when-connecting-to-mysql-database

    I googled for some time, but after awhile decided to try installing PostgreSQL and Guacamole started working. I used this article’s instructions otherwise except installing PostgreSQL. Here’s how I installed PostgreSQL:

    # Download PostgreSQL driver
    wget https://jdbc.postgresql.org/download/postgresql-9.4.1212.jar
    cp postgresql-9.4.1212.jar /etc/guacamole/lib/

    # Download PostgreSQL authentication extension and extract it
    wget http://www-us.apache.org/dist/incubator/guacamole/0.9.10-incubating/binary/guacamole-auth-jdbc-0.9.10-incubating.tar.gz
    tar -xzf guacamole-auth-jdbc-0.9.10-incubating.tar.gz
    cp guacamole-auth-jdbc-postgresql-0.9.10-incubating.jar /etc/guacamole/extensions/

    # Make database
    sudo su – postgres
    createdb guacamole_db

    # Populate the database
    cd guacamole-auth-jdbc-0.9.10-incubating/postgresql/
    cat schema/*.sql | psql -d guacamole_db -f –

    # Create database user
    $ psql -d guacamole_db
    guacamole=# CREATE USER guacamole_user WITH PASSWORD ‘some_password’;
    CREATE ROLE
    guacamole=# GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA public TO guacamole_user;
    GRANT
    guacamole=# GRANT SELECT,USAGE ON ALL SEQUENCES IN SCHEMA public TO guacamole_user;
    GRANT
    guacamole=# q
    exit

    # I got error “PostgreSQL server: FATAL: no pg_hba.conf entry for host” and fixed it by adding line below to end of file /etc/postgresql/9.5/main/pg_hba.conf
    host all all 0.0.0.0/0 md5

    # guacamole.properties configuration
    postgresql-hostname: localhost
    postgresql-port: 5432
    postgresql-database: guacamole_db
    postgresql-username: guacamole_user
    postgresql-password: some_password

  40. Just wanted to post a thank you for this. I just ran through this guide front to back and it worked flawlessly.

    I wanted to add the steps I took to get the server to listen on port 80.

    1. Make sure “authbind” is installed.
    2. Edit the “/etc/default/tomcat8” file and un-comment the “AUTHBIND=no” and change it to yes.
    3. Then run the following commands.
    “sudo touch /etc/authbind/byport/80”
    “sudo chmod 500 /etc/authbind/byport/80”
    “sudo chown tomcat8 /etc/authbind/byport/80”
    4. Restart services.

  41. Hi@all,

    I have installed tomcat and guacamole with the script on a fresh ubuntu 1604 with just a public IP. Tomcat and guacamole was accessable over publicip:8080 immediately after installation. Unfortunately tomcat stopped working after reboot and I can’t figure out why. I have tried to chande port to 80 and also tried to bind it to ipv4 only. But everythimg without sucess.

    Any idea why this could happan?

      1. I think it is because of the new version of guacamole. The script is trying to copy some stuff for 0.9.10 but the version that is installed automaticaly is 0.9.11

        1. What? The latest RELEASE of Guacamole as of right now is 0.9.10, nothing in my script is targeting 0.9.11 and nothing is installed “automatically” related to Guacamole. Unless you are modifying my script or the components related to it (E.G. Trying to make Tomcat listen on port 80), it works just fine.

        2. It’s guessing it’s because you’ve set Tomcat to listen on Port 80 and it cannot do that without extra permissions. Set Tomcat back to 8080 and see if it auto starts. Your problem with Tomcat has nothing to do with Guacamole or this script, your problem is that Tomcat doesn’t auto start, google that. I’m guessing everything works if you start tomcat manually with root permissions because root has permissions to listed on ports below 1023.

        3. Well actually it does not help to try to start tomcat manualy with “sudo /etc/init.d/tomcat start” or “restart”. The system is showing that tomcat is running, but it is not accessable.

  42. Thanks Chase for this script and instructions. The script worked very well for me and saved a lot of time. I really appreciate it and like to wish my best for your future works.

  43. Great script but am having issues with Guacamole on Raspberry Pi. Am able to login w/guacadmin until I create a user and RDP connection. Then admin and user connections times out. just after login. Guacd status indicates ” Error connecting to RDP server” . Also failed to load guac

    Script runs to completion with only one error. /usr/lib/x86_64-linux-gnu/freerdp is not created . Manually created and created link to /usr/local/lib/freerdp/ also created link to /usr/lib/arm-linux-gnueabihf/freerdp/. Questions : Where is guacd looking for “RDP” server? Are script mods required for RPI?

    Using Ubuntu-mate 16.04 updated/upgraded on Raspberry Pi

    Thanks

    1. Please see previous comment answers about RDP. E.G. Have you verified that RDP is working on the client you’re trying to connect to in the first place? Have you set the security mode correctly? Etc.

  44. Thanks Mr Chase for this script and instructions. The script worked very well for me and saved a lot of time. I really appreciate it and like to wish my best for your future works.

  45. Was able to get Guacamole working on both a RPI3 and Intel Core Dual using scripts. Learned a couple of lessons in the process.
    1) Minimum fields for a RDP connection: connection name, Hostname, Port, username, password, security mode (ANY), ignore server certificate checked
    2) If Home button does not appear on failed connection for admin user, server can be recovered by entering mysql and deleting offending row from guacamole_connection table. (Suggest developers add * to indicate required fields.)
    3) RPI3 w/ Ubuntu-Mate worked but slower than Core Dual and was not satisfactory for video over local connections.
    Reynold

    1. Port is not required if default and security mode is dependent on Windows settings. Ignore Server Certificate should always be checked UNLESS you actually have a Certificate Authority with appropriate client/server setup.

  46. I use guacamole to access servers that host business applications, users access these applications through the browser using guacamole per base. We basically use windows server 2012r2 for RDS. Version 0.99 had the numlock key bug and did not allow paste copying through the browser plug-in.

    Thinking about it, I waited anxiously for 0.9.10, but when it came, I discovered two bugs that prevented it from being deployed: Printing did not work properly and file copying via the remote drive sometimes failed when files larger than 10mb. About the print was easy to validate, because the test page print windows no longer worked, the strangest thing is that use the wordpad to test printing normally. Adobe Acrobat did not go, so some company applications did not work for printing and others did.

    Have you checked if this happens in your environment?

    I tested it with ubuntu 16.04 / 14.04 / 15.10 and nothing. Same problem.

    I followed your scheme both using the full script version and using step by step to the older versions of Ubuntu.

    Please help me. I need to update my environment because of the numlock bug and the copy + paste of 0.9.10.

    1. If you go check out the official website and click on JIRA you can track the progress of the printing bugs. I believe it is scheduled to be fixed in 0.9.12, if you need support immediately you’ll probably have to build from github source which I have not attempted.

      1. I tried this (build from source), but without success.

        In your ambient this error occur to?

        You can try to simulate the error for me?
        Try to print a self-test page with a printer of guacamole.

  47. Hi Chase,

    Your guide is very well writted! Thanks a lot for your efforts.

    I have one problem on guacamole and tried a lot of things but nothing worked.

    The printing doesn´t work well on guacamole 0.9.10. If I print a self test page doesn´t print. But in wordpad is ok. Acrobat reader doesn´t work.

  48. Awesome work. Have you developed any automation around reverse proxying port 80 to 8080/guacamole to help with more locked down environments?

    1. I have another blog post about Let’s Encrypt and NGINX. In it I reverse proxy Guacamole. You can use that as a starting point.

  49. It was working fine; I updated my ubuntu to 16.04.1 and it doesn’t work no more. How can I uninstall it and reinstall it

    1. I guess it depends on how you installed it originally? Probably broken dependencies? Try running the “apt-get -y install” command and see if new dependencies are installed. If they are it’s a good indication that you need to re-build the guacamole-server, following the instructions to do the ./configure, make, and make install should overwrite your old install on the server side. The client side is just the .war file so there shouldn’t be any problem there…but double check that tomcat8 is installed and working and ensure that your authentication method is working, if using mysql verify it’s still up and running…

  50. Hello,

    Thanks a lot for your script !
    I’m a newbie with TomCat …so after the installation script, it’s only say “it’s work” on myip:8080 ,
    what is the port to use guacamole ?
    Thanks a lot

  51. This is great stuff. Using your instructions I have nginx with let’s enrypt pointing to my guac server using mysql and duo. 2FA Sweet!

    Thanks so much!

    1. The intent of my script is to get Guacamole installed and working, not to provide customization to the install. I do have instructions on getting NGINX to reverse proxy, which in my opinion is a much more elegant and flexible solution. NGINX is also supported directly via Guacamole’s documentation.

  52. Hello,
    Thanks a lot for your script !
    everything is now ok (I “RTFM” between my last mail and this one 😉 …)

  53. Thanks for the great install script having one issue. Trying to create the MS-SQL user and I’m getting an error.

    Command:
    create user ‘guacamole_user’@’%’ identified by ‘PASSWORD’;
    Error:
    ERROR 1396 (HY000): Operation CREATE USER failed for ‘guacamole_user’@’%’

    Not sure why.

    1. Sorry it should be localhost not %, % is for the Docker Version, I updated incorrectly. Try it now. Also, if you don’t want to use MySQL then don’t…authentication can be controlled via the guacamole.properties file

      1. Thanks for the update but I still get an error. I substitute my password

        create user ‘guacamole_user’@’localhost’ identified by ‘PASSWORD’;

        ERROR 1396 (HY000): Operation CREATE USER failed for ‘guacamole_user’@’localhost’

        1. I don’t think so because the next line has be grant permissions to the user and that fails claiming no user.

          mysql -u root -pPASSORD
          mysql: [Warning] Using a password on the command line interface can be insecure.
          Welcome to the MySQL monitor. Commands end with ; or g.
          Your MySQL connection id is 7
          Server version: 5.7.17-0ubuntu0.16.04.1 (Ubuntu)

          Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

          Oracle is a registered trademark of Oracle Corporation and/or its
          affiliates. Other names may be trademarks of their respective
          owners.

          Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the current input statement.

          mysql> create database guacamole_db;
          ERROR 1007 (HY000): Can’t create database ‘guacamole_db’; database exists
          mysql> create user ‘guacamole_user’@’localhost’ identified by ‘PASSWORD’;
          ERROR 1396 (HY000): Operation CREATE USER failed for ‘guacamole_user’@’localhost’
          mysql> GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO ‘guacamole_user’@’localhost’;
          Query OK, 0 rows affected (0.00 sec)

        2. In the interest of full disclosure. I’ll admit that I’m not a genius at the CLI in linux (Ubuntu Server in this case). I will say that running:

          “wget https://raw.githubusercontent.com/MysticRyuujin/guac-install/master/guac-install.sh && chmod +x guac-install.sh && apt-get -y install dos2unix && dos2unix guac-install.sh && ./guac-install.sh”

          Gets me a server that works and I can login with guacadmin/guacadmin. But I’m trying to understand more about how the MY-SQL part works.

          Thanks,
          Doug

        3. This isn’t a troubleshooting forum. Your output shows that you’ve already ran the commands…to see if a user exists use:

          SELECT User FROM mysql.user;

        4. I understand, but I’m a little confused as to what purpose the portion of your original post serves from the “This is where you will want to change “PASSWORD”” on down.

          Thanks for you help,

          Doug

        5. OK so starting above that with:
          # Configure guacamole.properties
          guacamole.properties is what controls authentication and other aspects of the guacamole client. The entire point of modifying that file is to tell guacamole where/how to authenticate. In that I’m telling guacamole to use MySQL, connect to the local database “guacamole_db” with the username “guacamole_user” and the password “PASSWORD”

          If you don’t want to use MySQL you can ignore all 5 lines that are echo’d into the guacamole.properties file, just do the rm and ls commands and restart tomcat and you’re kind of done with the exception that you still need to edit guacamole.properties in whatever manner you want…to which my only recommendation is to read the manual from the website.

    1. 16:26:35.149 [http-nio-8097-exec-4] DEBUG o.a.i.t.jdbc.JdbcTransaction – Opening JDBC Connection
      16:26:35.417 [http-nio-8097-exec-4] ERROR o.a.g.rest.RESTExceptionWrapper – Unexpected internal error:
      ### Error querying database. Cause: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

      Looks like you’re having issues with your MySQL instance OR the connector

      1. It works when i use user-mapping.xml.

        All the files are in there proper location
        mysql-connector-java-5.1.40-bin.jar is in /etc/guacamole/lib
        guacamole-auth-jdbc-mysql-0.9.11-incubating.jar is in /etc/guacamole/extensions

        I recreated the DB and user and made sure the password matches the guacamole.properties file

        1. my mysql is :

          Server: Localhost via UNIX socket
          Server type: MariaDB
          Server version: 10.1.20-MariaDB-1~xenial – mariadb.org binary distribution
          Protocol version: 10
          User: root@localhost
          Server charset: UTF-8 Unicode (utf8)

        2. This part is important as well:
          cat guacamole-auth-jdbc-0.9.11-incubating/mysql/schema/*.sql | mysql -u root -pMYSQLROOTPASSWORD guacamole_db

          That ensures that the shema is installed into the database. Just creating the database isn’t enough, you must populate it with the required tables, which that command does.

        3. cat guacamole-auth-jdbc-0.9.11-incubating/mysql/schema/*.sql | mysql -u root -pMYSQLROOTPASSWORD guacamole_db

          was done as well

        4. figured it out…it was the bind in my.cnf

          it needed to be 127.0.0.1 or 0.0.0.0

  54. Command “systemctl enable guacd” seems not working:

    “guacd.service is not a native service, redirecting to systemd-sysv-install
    Executing /lib/systemd/systemd-sysv-install enable guacd”

    I did “service guacd start”t o offset this problem.

  55. Hey Chase this is super helpful and I followed the instructions with great success.

    Do you know of a way to customize the logo on guacamole login?

    1. That question has been asked & answered many times on the guacamole email alias. You shoul go sesrch thru those

  56. Hi all,
    Great tutorial Chase!

    I was wondering if anyone could help me!

    I´m trying to connect using RDP. I´ve already changed the authentication methods in my win7, I´m not using NLA, and in my guacamole I ´ve tried all types of authentication (none, any, rdp, nla), but I still receive the same message in syslog:

    Mar 29 17:54:01 guacamole-server guacd[1352]: Creating new client for protocol “rdp”
    Mar 29 17:54:01 guacamole-server guacd[1352]: Connection ID is “$6eab2d7b-7a12-494e-b809-a2346ab47916”
    Mar 29 17:54:01 guacamole-server guacd[1628]: Security mode: RDP
    Mar 29 17:54:01 guacamole-server guacd[1628]: Resize method: none
    Mar 29 17:54:01 guacamole-server guacd[1628]: User “@c9cf4158-c4a4-4f71-a92d-fcde39d7bfd0” joined connection “$6eab2d7b-7a12-494e-b809-a2346ab47916” (1 users now present)
    Mar 29 17:54:01 guacamole-server guacd[1628]: Loading keymap “base”
    Mar 29 17:54:01 guacamole-server guacd[1628]: Loading keymap “en-us-qwerty”
    Mar 29 17:54:02 guacamole-server kernel: [ 204.693118] traps: guacd[1642] general protection ip:7f5ee7875c69 sp:7f5ee5f8bc98 error:0 in libguac.so.5.0.0[7f5ee7871000+d000]
    Mar 29 17:54:02 guacamole-server guacd[1352]: Connection “$6eab2d7b-7a12-494e-b809-a2346ab47916” removed.

    and in catalina.out:

    17:54:01.716 [http-nio-8080-exec-4] INFO o.a.g.tunnel.TunnelRequestService – User “guacadmin” connected to connection “2”.
    17:54:03.260 [Thread-4] INFO o.a.g.tunnel.TunnelRequestService – User “guacadmin” disconnected from connection “2”. Duration: 1529 milliseconds

    1. All I can suggest is read all of the RDP related posts already in the thread here and go from there…

      1. After some research I’ve find out what the problem is,

        Uninstall whatever package provides “/usr/lib/x86_64-linux-gnu/libguac.so.5”. This lib comes installed from Ubuntu 16.04 distribution’s packages and will not be compatible with the version 0.9.11 that I was trying to build, and will likely conflict.

        So I just removed libguac5 package and left libguac12 installed.

  57. This is what I get when I run the script – fresh ubuntu 16.04

    Any thoughts?

    tar (child): Error is not recoverable: exiting now
    tar: Child returned status 2
    tar: Error is not recoverable: exiting now
    tar (child): guacamole-auth-jdbc-0.9.11-incubating.tar.gz: Cannot open: No such file or directory
    tar (child): Error is not recoverable: exiting now
    tar: Child returned status 2
    tar: Error is not recoverable: exiting now
    ./guac-install.sh: line 49: cd: guacamole-server-0.9.11-incubating: No such file or directory
    ./guac-install.sh: line 50: ./configure: No such file or directory
    make: *** No targets specified and no makefile found. Stop.
    make: *** No rule to make target ‘install’. Stop.
    Failed to execute operation: No such file or directory
    mv: cannot stat ‘guacamole-0.9.11-incubating.war’: No such file or directory
    cp: cannot stat ‘mysql-connector-java-5.1.41/mysql-connector-java-5.1.41-bin.jar’: No such file or directory
    cp: cannot stat ‘guacamole-auth-jdbc-0.9.11-incubating/mysql/guacamole-auth-jdbc-mysql-0.9.11-incubating.jar’: No such file or directory
    mysql: [Warning] Using a password on the command line interface can be insecure.
    cat: ‘guacamole-auth-jdbc-0.9.11-incubating/mysql/schema/*.sql’: No such file or directory
    mysql: [Warning] Using a password on the command line interface can be insecure.
    guac@ubuntuguac:~$

    1. There is already another script on my blog about configuring NGINX for Guacamole, it includes Let’s Encrypt instructions as well but really apt-get -y install nginx and then just check out my other post for guidance on how to configure NGINX for Guacamole.

  58. Mr. Wright. Thank you for the great script you wrote. It worked exactly as you explained after a complete emptied and fresh installation of Ubuntu 16.04. Just one little detail but it is maybe even too small to mention.

    After the installation (with or without restarting the system) you have to open the client with this link : http://:8080/guacamole/&gt;

    Just another little think but not really important too : Some people maybe like the idea of using phpMyAdmin and maybe it is a nice addition to you really awesome script!

    Again thank you. It saved a lot of time, and for sure I will use it again. Maybe a bit early but for now please enjoy your weekend!

  59. Just installed Guac 0.9.11 on our DMZ using MySQL on a machine that is on the corporate LAN. Guacamole communicates with the DB backend through standard Cisco firewall rules.

    When we set it up this way there are “backend time outs” written to the logs on the Guac server and the Guac server refuses to take new connections. Both Guac and Tomcat8 need to be rebooted before the application responds. This was also true for 0.9.9.

    If the DB is local to the Guac server there are no problems.

    Is there something inherent in the Guac code that makes this setup unworkable? Are we missing something?

    We have other apps on our DMZ that communicat to DB’s LAN and there are are no issues like this. I don’t think it’s a firewall problem — but it might be.

    Hope someone can help.

    Thanks
    Mark

      1. To the best of my knowledge having a remote MySQL Server is not an issue…but yeah, there are support options available. I mean if there is crazy latency or poor database performance or lots of packet loss then I imagine you’d have issues but “network issues” aside I don’t see why it wouldn’t work.

  60. Hello Chase,

    I used your updated script to install Guacamole on a Ubuntu 16.04.1 LTS Mate image on a Raspberry Pi 2. It installed perfectly and works flawlessly.

    Thank you very much for all of your efforts!!

  61. I am trying to get this up and running, I ran the following command:

    # Get your Preferred Mirror for download from Apache using jq
    SERVER=$(curl -s ‘https://www.apache.org/dyn/closer.cgi?as_json=1’ | jq –raw-output ‘.preferred|rtrimstr(“/”)’)

    Then when i try to run the commands below to download, I get an error saying scheme missing.

    # Download Guacamole Files from Preferred Mirror
    wget $SERVER/incubator/guacamole/0.9.12-incubating/source/guacamole-server-0.9.12-incubating.tar.gz
    wget $SERVER/incubator/guacamole/0.9.12-incubating/binary/guacamole-0.9.12-incubating.war
    wget $SERVER/incubator/guacamole/0.9.12-incubating/binary/guacamole-auth-jdbc-0.9.12-incubating.tar.gz

      1. Seems to be another issue:

        it doesnt appears to be creating the guacamole directories and isnt accessing the .war or .jar files.

  62. Thank You!
    One question, how can i get audio working over RDP?
    For older Guacamole, it worked, but after deploying a new Guacamole, with this script, audio doesnt work.

  63. Hello, Anyone know how to use the new feature “In-browser playback of screen recordings”?

  64. It’s failing on

    cat guacamole-auth-jdbc-0.9.13-incubating/mysql/schema/*.sql | mysql -u root -pMYSQLROOTPASSWORD guacamole_db

    for me.

    Says that the file can’t be found. 😦

  65. Thanks for this script and guide. Install went smoothly on a fresh Ubuntu 16.04.3 server. I’m able to login as guacadmin and add connections..but none of the connections I’ve tried work. (RDP, SSH).

    If I try the RDP or SSH connection, I will just get “CONNECTION ERROR” with error saying…

    “An internal error has occurred within the Guacamole server, and the connection has been terminated. If the problem persists, please notify your system administrator, or check your system logs….”

    I’ve made sure guacd and tomcat8 are running already. Anyone have any ideas what’s causing the issue? Do I need to install some additional packages?

    TIA,
    Chris

    1. Well I have no idea what you’re trying to RDP or SSH to? Off the top of my head just make sure you’re configuring the connections correctly, and make sure there are no firewalls blocking the connection from the Guacamole server to your intended targets. For RDP you’ll probably need to tell it to ignore client certificates.

      1. I ended up starting over with a new server and re-ran the install script but used Tomcat 7 instead. (i.e. uncommmented #TOMCAT=”” and changed to TOMCAT=”tomcat7″.

        It worked without any issues after using Tomcat 7, and was able to connect to machines via SSH and RDP. Don’t know what the issue was with tomcat 8 but I am happy it’s working with tomcat 7.

        1. Odd. I’m not sure it’s tomcat causing that issue though. I ran this script a few weeks back when it was using Tomcat 8 to make a Guacamole VM. Worked great, but we had issues uploading it to where we wanted to run it from, so today I made a new one on AWS, using the Ubuntu 16.04 LTS server from the AWS Marketplace and I ran into that exact issue mentioned above – “connection error – an internal error has occurred” I had to restart the instance and it was fine afterwards however I’m seeing issues I didn’t see when I had v8. If I add users or connections they don’t show till I logout and back in (refresh doesn’t help). Also now i’m seeing more odd things – I added 3 users and 1 connection. I made an admin user for someone and another for myself and disconnected both of them from the 1 available connection, however when I log in as that admin user it’s still connecting to the RDP connection, but i’m sure it wasn’t doing that an hour ago.

  66. I have added 3 users and 1 connection. I made an admin user for someone and another for myself however when I log in as that admin user it’s still connecting to the RDP connection.

  67. Fantastic instructions, thank you so much.

    Just one question, how can we get a UK keyboard layout in Guacamole?

    Thanks, Steve

    1. That’s a good question. I don’t know. Maybe ask the developers? I see under the connection options there is a Keyboard Layout dropdown menu but yeah, I don’t see UK as an option.

  68. hi i have a problem connecting to another system after loggin into guacamole it is showing
    “An internal error has occured within guacamole server and connection has been terminated” and suggesting to check logs and in
    system logs : “Guacamole handshake failed: Timed out”
    catalina.out:”org.apache.coyote.AbstractProtocol$AbstractConnectionHandler process
    SEVERE: Error reading request, ignored java.lang.NullPointerException at org.apache.guacamole.protocol.GuacamoleInstruction.toString(GuacamoleInstruction.java:121)
    andin localhost_access log:getting 500 response for” “POST /guacamole-0.9.13-incubating/tunnel?connect HTTP/1.1″ 500 2753”

    iamunable to understand the problem….please help

    1. Well it would suggest you have NGINX installed somewhere in your environment…seeing how this script does not install NGINX, I would start looking there, possibly a misconfiguration in NGINX?

  69. Thank you for the awesome script. I installed it perfectly with no issues. After install was complete, and i log in as user: guacadmin password: guacadmin, i created another full privilege administrator account, verified i can log in and delete the default “guacadmin” account created by your script. Again thank you!

  70. Hi Chase,

    Thanks for this wonderful script.

    Just a request. Can you guide me in doing an install of LDAP authentication extension for users logging in? Currently we have an existing MS AD.

    Thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.