Updated to version 1.5.3. (#258)

Fixes #248

README.md

@@ -1,35 +1,46 @@
 # guac-install
 
-## NOTE: The version of FreeRDP2 that comes in the official repo for Ubuntu 18.04 is broken. If you are using Ubuntu 18.04 and RDP is not working / crashing run the following before or after install:
+I've maintained this script for quite a few years now with the help of the other contributors and it seems to be getting more and more fragmented as libraries and system OSes diverge in their package management. I do **not** plan on maintaining this beyond perhaps approving other people's PRs and letting people continue to discuss issues, so I won't archive it but I'm also not actively maintaining it 🤷‍♂️
+
+You can also check out this other [Guacamole-Setup](https://github.com/itiligent/Guacamole-Setup) repo which sets up a complete **Virtual Desktop/Jump Server appliance with MFA, Active Directory integration & Nginx SSL reverse proxy** for more inspiration.
+
+## NOTE: The fixes below are not to be used UNLESS you're having issues, don't run these for no reason, use the distro maintainers version unless there's a reason not to.
+
+## NOTE: Ubuntu users having issues with RDP have reported the following fix:
 ```
-sudo add-apt-repository ppa:remmina-ppa-team/freerdp-daily
+sudo add-apt-repository ppa:remmina-ppa-team/remmina-next
 sudo apt-get update
 sudo apt-get install freerdp2-dev freerdp2-x11
 ```
 
-Script for installing Guacamole 1.1.0 on Ubuntu 16.04 or newer (with MySQL, or remote MySQL). It should also work on pure [Debian](https://www.debian.org/), [Raspbian](https://www.raspberrypi.org/downloads/raspbian/) or [Kali Linux](https://www.kali.org/). I have tested this with Debian 10.3.0 (Buster). **If other versions don't work please open an issue.** It is likely due to a required library having a different name.
+## NOTE: Debian users having issues with RDP have reported the following fix:
+```
+sudo bash -c 'echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list.d/backports.list'
+sudo apt update
+sudo apt -y -t buster-backports install freerdp2-dev libpulse-dev
+```
 
-Run script, enter MySQL Root Password and Guacamole User password. Guacamole User is used to connect to the Guacamole Database.
+Script for installing Guacamole 1.5.3 on Ubuntu 16.04 or newer (with MySQL, or remote MySQL). It should also work on pure [Debian](https://www.debian.org/), [Raspbian](https://www.raspberrypi.org/downloads/raspbian/), [Linux Mint](https://linuxmint.com/) (18/LMDE 4 or newer) or [Kali Linux](https://www.kali.org/). I have tested this with Debian 10.3.0 (Buster). **If other versions don't work please open an issue.** It is likely due to a required library having a different name.
+
+Run script, enter MySQL Root Password and Guacamole User password. Guacamole User is used to connect to the Guacamole Database. Be sure to save these!
 
 The script attempts to install `tomcat9` by default (it will fall back on `tomcat8` **if the available version is 8.5.x or newer**, otherwise it will fall back to `tomcat7`). If you want to manually specify a tomcat version there's a commented out line you can modify. Have at it.
 
-If you're looking to also have NGINX / Let's Encrypt / HTTPS click [HERE](https://github.com/bigredthelogger/guacamole)
-
 ## MFA/2FA
 
-By default the script will not install MFA support (QR code for Google/Microsoft Authenticator, Duo Mobile, etc. or Duo Push), if you do want MFA support you can use the `-t` or `--totp` or for Duo `-d` or `--duo` flags on the command line. Or modify the script variables `installTOTP=true` or `installDuo=true`. **Do not install both**
+By default the script will not install MFA support (QR code for Google/Microsoft Authenticator, Duo Mobile, etc. or Duo Push), if you do want MFA support you can use the `-t` or `--totp` or for Duo `-d` or `--duo` flags on the command line. Or modify the script variables `installTOTP=true` or `installDuo=true`. **Do not install both!**
 
 ## FYI
 
 Here's a cool PowerShell module for using the Guacamole API: https://github.com/UpperM/guacamole-powershell
 
-Does not work if you have MFA turned on
+Does not work if you have MFA turned on (however, you can authenticate via the gui and get a token to use it that way).
 
 ## How to Run:
 
 ### Download file directly from here:
 
-`wget https://git.io/fxZq5`
+`wget https://git.io/fxZq5 -O guac-install.sh`
 
 ### Make it executable:
 
@@ -108,10 +119,9 @@ NOTE: Only the switches for MySQL Host, MySQL Port and Guacamole Database are av
 
 ## WARNING
 
-- Upgrading from 0.9.14 -> 1.1.0 has not been tested, only 1.0.0 -> 1.1.0.
+- Upgrading from versions older than a couple dot fixes ago have not been tested with this script, use at your own risk and take backups first!
-- Switches have changed and additional ones have been added!
 
-## How to Run:
+## How to Upgrade:
 
 ### Download file directly from here:
 
@@ -130,3 +140,38 @@ Interactive (asks for passwords):
 Non-Interactive (MySQL root password provided via cli):
 
 `./guac-upgrade.sh --mysqlpwd password`
+
+## Post Installation - Reverse Proxies
+
+Make sure that you configure your reverse proxy (NGinx or Apache) as per the [Official Documentation](https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html)
+
+For Nginx:
+```
+location /guacamole/ {
+    proxy_pass http://HOSTNAME:8080/guacamole/;
+    proxy_buffering off;
+    proxy_http_version 1.1;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    access_log off;
+}
+```
+For Apache:
+```
+<Location /guacamole/>
+    Order allow,deny
+    Allow from all
+    ProxyPass http://HOSTNAME:8080/guacamole/ flushpackets=on
+    ProxyPassReverse http://HOSTNAME:8080/guacamole/
+</Location>
+```
+
+## NOTE: SSH doesnt work with Ubuntu 22.04:
+
+Guacamole only supports ssh-dss and ssh-rsa, and both have been disabled in Ubuntu 22.04.
+
+In the meantime a workaround is adding ```HostKeyAlgorithms +ssh-rsa``` to the end of ``` /etc/ssh/sshd_config ``` on the Ubuntu machine and restart sshd. 
+
+###### :warning: use at your own risk! :warning:
+

docker-install.sh

@@ -4,7 +4,32 @@
 if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi
 
 # Version number of Guacamole to install
-GUACVERSION="1.1.0"
+GUACVERSION="1.5.3"
+
+# Initialize variable values
+installTOTP=""
+installDUO=""
+
+# This is where we'll store persistent data for guacamole
+INSTALLFOLDER="/opt/guacamole"
+
+# This is where we'll store persistent data for mysql
+MYSQLDATAFOLDER="/opt/mysql"
+
+# Make folders!
+mkdir -p ${INSTALLFOLDER}/install_files
+mkdir ${INSTALLFOLDER}/extensions
+mkdir ${MYSQLDATAFOLDER}
+
+cd ${INSTALLFOLDER}/install_files
+
+# Colors to use for output
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+CYAN='\033[0;36m'
+NC='\033[0m' # No Color
 
 # Get script arguments for non-interactive mode
 while [ "$1" != "" ]; do
@@ -17,11 +42,17 @@ while [ "$1" != "" ]; do
             shift
             guacpwd="$1"
             ;;
+        -t | --totp )
+            installTOTP=true
+			;;
+        -d | --duo )
+            installDUO=true
+		
     esac
     shift
 done
 
-# Get MySQL root password and Guacamole User password
+# Get MySQLroot password and Guacamole User password
 if [ -n "$mysqlpwd" ] && [ -n "$guacpwd" ]; then
         mysqlrootpassword=$mysqlpwd
         guacdbuserpassword=$guacpwd
@@ -51,9 +82,71 @@ else
     echo
 fi
 
-# Install Stuff
+if [[ -z "${installTOTP}" ]]; then
+    # Prompt the user if they would like to install TOTP MFA, default of no
+    echo -e -n "${CYAN}MFA: Would you like to install TOTP? (y/N): ${NC}"
+    read PROMPT
+    if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
+        installTOTP=true
+    else
+        installTOTP=false
+    fi
+fi
+
+if [[ -z "${installDUO}" ]]; then
+    # Prompt the user if they would like to install DUO MFA, default of no
+    echo -e -n "${CYAN}MFA: Would you like to install DUO? (y/N): ${NC}"
+    read PROMPT
+    if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
+        installDUO=true
+    else
+        installDUO=false
+    fi
+fi
+
+# We can't install TOTP and Duo at the same time...
+if [[ "${installTOTP}" = true ]] && [ "${installDuo}" = true ]; then
+    echo -e "${RED}MFA: The script does not support installing TOTP and Duo at the same time.${NC}" 1>&2
+    exit 1
+fi
+echo
+
+# Update install wget if it's missing
 apt-get update
-apt-get -y install docker-ce mysql-client wget
+apt-get -y install wget
+
+# Check if mysql client already installed
+if [ -x "$(command -v mysql)" ]; then
+    echo "mysql detected!"
+else
+    # Install mysql-client
+    apt-get -y install default-mysql-client
+    if [ $? -ne 0 ]; then
+        echo "Failed to install apt prerequisites: default-mysql-client"
+        echo "Try manually isntalling this prerequisites and try again"
+        exit
+    fi
+fi
+
+# Check if docker already installed
+if [ -x "$(command -v docker)" ]; then
+    echo "docker detected!"
+else
+    echo "Installing docker"
+    # Try to install docker from the official repo
+    apt-get -y install docker-ce docker-ce-cli containerd.io
+    if [ $? -ne 0 ]; then
+        echo "Failed to install docker via official apt repo"
+       echo "Trying to install docker from https://get.docker.com"
+        wget -O get-docker.sh https://get.docker.com
+        chmod +x ./get-docker.sh
+        ./get-docker.sh
+        if [ $? -ne 0 ]; then
+            echo "Failed to install docker from https://get.docker.com"
+            exit
+        fi
+    fi
+fi
 
 # Set SERVER to be the preferred download server from the Apache CDN
 SERVER="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GUACVERSION}"
@@ -68,12 +161,69 @@ fi
 
 tar -xzf guacamole-auth-jdbc-${GUACVERSION}.tar.gz
 
-# Start MySQL
-docker run --restart=always --detach --name=mysql --env="MYSQL_ROOT_PASSWORD=$mysqlrootpassword" --publish 3306:3306 mysql
 
-# Sleep to let MySQL load (there's probably a better way to do this)
+# Download and install TOTP
-echo "Waiting 30 seconds for MySQL to load"
+if [ "${installTOTP}" = true ]; then
-sleep 30
+    wget -q --show-progress -O guacamole-auth-totp-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-totp-${GUACVERSION}.tar.gz
+    if [ $? -ne 0 ]; then
+        echo -e "${RED}Failed to download guacamole-auth-totp-${GUACVERSION}.tar.gz" 1>&2
+        echo -e "${SERVER}/binary/guacamole-auth-totp-${GUACVERSION}.tar.gz"
+        exit 1
+    else
+        echo -e "${GREEN}Downloaded guacamole-auth-totp-${GUACVERSION}.tar.gz${NC}"
+        tar -xzf guacamole-auth-totp-${GUACVERSION}.tar.gz
+        echo -e "${BLUE}Moving guacamole-auth-totp-${GUACVERSION}.jar (${INSTALLFOLDER}/extensions/)...${NC}"
+        cp -f guacamole-auth-totp-${GUACVERSION}/guacamole-auth-totp-${GUACVERSION}.jar ${INSTALLFOLDER}/extensions/
+        echo
+    fi
+fi
+
+
+# Download and install DUO
+
+if [ "${installDUO}" = true ]; then
+    wget -q --show-progress -O guacamole-auth-duo-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-duo-${GUACVERSION}.tar.gz
+    if [ $? -ne 0 ]; then
+        echo -e "${RED}Failed to download guacamole-auth-duo-${GUACVERSION}.tar.gz" 1>&2
+        echo -e "${SERVER}/binary/guacamole-auth-duo-${GUACVERSION}.tar.gz"
+        exit 1
+    else
+        echo -e "${GREEN}Downloaded guacamole-auth-duo-${GUACVERSION}.tar.gz${NC}"
+        tar -xzf guacamole-auth-duo-${GUACVERSION}.tar.gz
+        echo -e "${BLUE}Moving guacamole-auth-duo-${GUACVERSION}.jar (${INSTALLFOLDER}/extensions/)...${NC}"
+        cp -f guacamole-auth-duo-${GUACVERSION}/guacamole-auth-duo-${GUACVERSION}.jar ${INSTALLFOLDER}/extensions/
+        echo
+    fi
+fi
+
+
+# Configure guacamole.properties
+rm -f ${INSTALLFOLDER}/guacamole.properties
+touch ${INSTALLFOLDER}/guacamole.properties
+echo "mysql-hostname: 127.0.0.1" >> ${INSTALLFOLDER}/guacamole.properties
+echo "mysql-port: 3306" >> ${INSTALLFOLDER}/guacamole.properties
+echo "mysql-database: guacamole_db" >> ${INSTALLFOLDER}/guacamole.properties
+echo "mysql-username: guacamole_user" >> ${INSTALLFOLDER}/guacamole.properties
+echo "mysql-password: $guacdbuserpassword" >> ${INSTALLFOLDER}/guacamole.properties
+
+# Output Duo configuration settings but comment them out for now
+if [ "${installDUO}" = true ]; then
+    echo "# duo-api-hostname: " >> ${INSTALLFOLDER}/guacamole.properties
+    echo "# duo-integration-key: " >> ${INSTALLFOLDER}/guacamole.properties
+    echo "# duo-secret-key: " >> ${INSTALLFOLDER}/guacamole.properties
+    echo "# duo-application-key: " >> ${INSTALLFOLDER}/guacamole.properties
+    echo -e "${YELLOW}Duo is installed, it will need to be configured via guacamole.properties at ${INSTALLFOLDER}/guacamole.properties${NC}"
+fi
+
+
+# Start MySQL
+docker run --restart=always --detach --name=mysql -v ${MYSQLDATAFOLDER}:/var/lib/mysql --env="MYSQL_ROOT_PASSWORD=$mysqlrootpassword" --publish 3306:3306 healthcheck/mysql --default-authentication-plugin=mysql_native_password
+
+# Wait for the MySQL Health Check equal "healthy"
+echo "Waiting for MySQL to be healthy"
+until [ "$(/usr/bin/docker inspect -f {{.State.Health.Status}} mysql)" == "healthy" ]; do
+    sleep 0.1;
+done;
 
 # Create the Guacamole database and the user account
 # SQL Code
@@ -88,7 +238,12 @@ echo $SQLCODE | mysql -h 127.0.0.1 -P 3306 -u root -p$mysqlrootpassword
 
 cat guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/*.sql | mysql -u root -p$mysqlrootpassword -h 127.0.0.1 -P 3306 guacamole_db
 
-docker run --restart=always --name guacd -d guacamole/guacd
+docker run --restart=always --name guacd --detach guacamole/guacd:${GUACVERSION}
-docker run --restart=always --name guacamole  --link mysql:mysql --link guacd:guacd -e MYSQL_HOSTNAME=127.0.0.1 -e MYSQL_DATABASE=guacamole_db -e MYSQL_USER=guacamole_user -e MYSQL_PASSWORD=$guacdbuserpassword --detach -p 8080:8080 guacamole/guacamole
+docker run --restart=always --name guacamole --detach --link mysql:mysql --link guacd:guacd -v ${INSTALLFOLDER}:/etc/guacamole -e MYSQL_HOSTNAME=127.0.0.1 -e MYSQL_DATABASE=guacamole_db -e MYSQL_USER=guacamole_user -e MYSQL_PASSWORD=$guacdbuserpassword -e GUACAMOLE_HOME=/etc/guacamole -p 8080:8080 guacamole/guacamole:${GUACVERSION}
 
-rm -rf guacamole-auth-jdbc-${GUACVERSION}*
+# Done
+echo
+echo -e "${YELLOW}\nInstallation Complete\n- Visit: http://localhost:8080/guacamole/\n- Default login (username/password): guacadmin/guacadmin\n***Be sure to change the password***."
+if [ "${installDUO}" = true ]; then
+    echo -e "${YELLOW}\nDon't forget to configure Duo in guacamole.properties at ${INSTALLFOLDER}/. You will not be able to login otherwise.\nhttps://guacamole.apache.org/doc/${GUACVERSION}/gug/duo-auth.html${NC}"
+fi

guac-install-server.sh

@@ -4,11 +4,11 @@
 if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi
 
 # Version number of Guacamole to install
-GUACVERSION="1.1.0"
+GUACVERSION="1.5.3"
 
-# Different version of Ubuntu and Debian have different package names...
+# Different version of Ubuntu/Linux Mint and Debian have different package names...
 source /etc/os-release
-if [[ "${NAME}" == "Ubuntu" ]]; then
+if [[ "${NAME}" == "Ubuntu" ]] || [[ "${NAME}" == "Linux Mint" ]]; then
     # Ubuntu > 18.04 does not include universe repo by default
     # Add the "Universe" repo, don't update
     add-apt-repository -yn universe
@@ -20,29 +20,29 @@ if [[ "${NAME}" == "Ubuntu" ]]; then
     else
         LIBPNG="libpng-dev"
     fi
-elif [[ "${NAME}" == *"Debian"* ]] || [[ "${NAME}" == *"Raspbian GNU/Linux"* ]] || [[ "${NAME}" == *"Kali GNU/Linux"* ]]; then
+elif [[ "${NAME}" == *"Debian"* ]] || [[ "${NAME}" == *"Raspbian GNU/Linux"* ]] || [[ "${NAME}" == *"Kali GNU/Linux"* ]]  || [[ "${NAME}" == "LMDE" ]]; then
     JPEGTURBO="libjpeg62-turbo-dev"
-    if [[ "${PRETTY_NAME}" == *"stretch"* ]] || [[ "${PRETTY_NAME}" == *"buster"* ]] || [[ "${PRETTY_NAME}" == *"Kali GNU/Linux Rolling"* ]]; then
+    if [[ "${PRETTY_NAME}" == *"bullseye"* ]] || [[ "${PRETTY_NAME}" == *"stretch"* ]] || [[ "${PRETTY_NAME}" == *"buster"* ]] || [[ "${PRETTY_NAME}" == *"Kali GNU/Linux Rolling"* ]] || [[ "${NAME}" == "LMDE" ]]; then
         LIBPNG="libpng-dev"
     else
         LIBPNG="libpng12-dev"
     fi
 else
-    echo "Unsupported Distro - Ubuntu, Debian, Kali or Raspbian Only"
+    echo "Unsupported Distro - Ubuntu, Linux Mint, Debian, Kali or Raspbian Only"
     exit 1
 fi
 
 # Install Server Features
 apt-get -qq update
 export DEBIAN_FRONTEND=noninteractive
-apt-get -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavutil-dev \
+apt-get -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavformat-dev libavutil-dev \
 libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \
-libvorbis-dev libwebp-dev libwebsockets-dev wget libtool-bin
+libvorbis-dev libwebp-dev libwebsockets-dev freerdp2-x11 libtool-bin ghostscript dpkg-dev wget crudini libc-bin
 
 # If apt fails to run completely the rest of this isn't going to work...
 if [ $? != 0 ]; then
     echo "apt-get failed to install all required dependencies."
-    exit
+    exit 1
 fi
 
 # Set SERVER to be the preferred download server from the Apache CDN
@@ -51,9 +51,9 @@ SERVER="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GU
 # Download Guacamole Server
 wget -O guacamole-server-${GUACVERSION}.tar.gz ${SERVER}/source/guacamole-server-${GUACVERSION}.tar.gz
 if [ $? -ne 0 ]; then
-    echo "Failed to download guacamole-server-${GUACVERSION}.tar.gz"
+    echo -e "${RED}Failed to download guacamole-server-${GUACVERSION}.tar.gz" 1>&2
-    echo "${SERVER}/source/guacamole-server-${GUACVERSION}.tar.gz"
+    echo -e "${SERVER}/source/guacamole-server-${GUACVERSION}.tar.gz${NC}"
-    exit
+    exit 1
 else
     # Extract Guacamole Files
     tar -xzf guacamole-server-${GUACVERSION}.tar.gz
@@ -64,7 +64,7 @@ mkdir -p /etc/guacamole
 
 # Install guacd (Guacamole-server)
 cd guacamole-server-${GUACVERSION}
-./configure --with-init-dir=/etc/init.d
+./configure --with-systemd-dir=/etc/systemd/system
 make
 make install
 

guac-install.sh

@@ -15,11 +15,11 @@ fi
 
 # Version number of Guacamole to install
 # Homepage ~ https://guacamole.apache.org/releases/
-GUACVERSION="1.1.0"
+GUACVERSION="1.5.3"
 
 # Latest Version of MySQL Connector/J if manual install is required (if libmariadb-java/libmysql-java is not available via apt)
 # Homepage ~ https://dev.mysql.com/downloads/connector/j/
-MCJVER="8.0.19"
+MCJVER="8.0.27"
 
 # Colors to use for output
 YELLOW='\033[1;33m'
@@ -101,7 +101,7 @@ done
 
 if [[ -z "${installTOTP}" ]] && [[ "${installDuo}" != true ]]; then
     # Prompt the user if they would like to install TOTP MFA, default of no
-    echo -e -n "${CYAN}MFA: Would you like to install TOTP? (y/N): ${NC}"
+    echo -e -n "${CYAN}MFA: Would you like to install TOTP (choose 'N' if you want Duo)? (y/N): ${NC}"
     read PROMPT
     if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
         installTOTP=true
@@ -212,12 +212,12 @@ if [ "${installMySQL}" = true ]; then
     debconf-set-selections <<< "mysql-server mysql-server/root_password_again password ${mysqlRootPwd}"
 fi
 
-# Different version of Ubuntu and Debian have different package names...
+# Different version of Ubuntu/Linux Mint and Debian have different package names...
 source /etc/os-release
-if [[ "${NAME}" == "Ubuntu" ]]; then
+if [[ "${NAME}" == "Ubuntu" ]] || [[ "${NAME}" == "Linux Mint" ]]; then
     # Ubuntu > 18.04 does not include universe repo by default
     # Add the "Universe" repo, don't update
-    add-apt-repository -yn universe
+    add-apt-repository -y universe
     # Set package names depending on version
     JPEGTURBO="libjpeg-turbo8-dev"
     if [[ "${VERSION_ID}" == "16.04" ]]; then
@@ -233,9 +233,9 @@ if [[ "${NAME}" == "Ubuntu" ]]; then
     else
         MYSQL="mysql-client"
     fi
-elif [[ "${NAME}" == *"Debian"* ]] || [[ "${NAME}" == *"Raspbian GNU/Linux"* ]] || [[ "${NAME}" == *"Kali GNU/Linux"* ]]; then
+elif [[ "${NAME}" == *"Debian"* ]] || [[ "${NAME}" == *"Raspbian GNU/Linux"* ]] || [[ "${NAME}" == *"Kali GNU/Linux"* ]] || [[ "${NAME}" == "LMDE" ]]; then
     JPEGTURBO="libjpeg62-turbo-dev"
-    if [[ "${PRETTY_NAME}" == *"stretch"* ]] || [[ "${PRETTY_NAME}" == *"buster"* ]] || [[ "${PRETTY_NAME}" == *"Kali GNU/Linux Rolling"* ]]; then
+    if [[ "${PRETTY_NAME}" == *"bullseye"* ]] || [[ "${PRETTY_NAME}" == *"stretch"* ]] || [[ "${PRETTY_NAME}" == *"buster"* ]] || [[ "${PRETTY_NAME}" == *"Kali GNU/Linux Rolling"* ]] || [[ "${NAME}" == "LMDE" ]]; then
         LIBPNG="libpng-dev"
     else
         LIBPNG="libpng12-dev"
@@ -249,7 +249,7 @@ elif [[ "${NAME}" == *"Debian"* ]] || [[ "${NAME}" == *"Raspbian GNU/Linux"* ]]
         MYSQL="default-mysql-client"
     fi
 else
-    echo "Unsupported distribution - Debian, Kali, Raspbian or Ubuntu only"
+    echo "Unsupported distribution - Debian, Kali, Raspbian, Linux Mint or Ubuntu only"
     exit 1
 fi
 
@@ -302,11 +302,9 @@ echo -e "${BLUE}Installing packages. This might take a few minutes...${NC}"
 export DEBIAN_FRONTEND=noninteractive
 
 # Required packages
-apt-get -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavutil-dev \
+apt-get -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavformat-dev libavutil-dev \
 libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \
-libvorbis-dev libwebp-dev libwebsockets-dev \
+libvorbis-dev libwebp-dev libwebsockets-dev freerdp2-x11 libtool-bin ghostscript dpkg-dev wget crudini libc-bin \
-freerdp2-x11 libtool-bin ghostscript dpkg-dev \
-wget crudini \
 ${MYSQL} ${LIBJAVA} ${TOMCAT} &>> ${LOG}
 
 # If apt fails to run completely the rest of this isn't going to work...
@@ -406,16 +404,32 @@ rm -rf /etc/guacamole/extensions/
 mkdir -p /etc/guacamole/lib/
 mkdir -p /etc/guacamole/extensions/
 
+# Fix for #196
+mkdir -p /usr/sbin/.config/freerdp
+chown daemon:daemon /usr/sbin/.config/freerdp
+
+# Fix for #197
+mkdir -p /var/guacamole
+chown daemon:daemon /var/guacamole
+
 # Install guacd (Guacamole-server)
 cd guacamole-server-${GUACVERSION}/
 
 echo -e "${BLUE}Building Guacamole-Server with GCC $( gcc --version | head -n1 | grep -oP '\)\K.*' | awk '{print $1}' ) ${NC}"
 
+# Fix for warnings #222
+export CFLAGS="-Wno-error"
+
 echo -e "${BLUE}Configuring Guacamole-Server. This might take a minute...${NC}"
-./configure --with-init-dir=/etc/init.d  &>> ${LOG}
+./configure --with-systemd-dir=/etc/systemd/system  &>> ${LOG}
 if [ $? -ne 0 ]; then
-    echo -e "${RED}Failed. See ${LOG}${NC}" 1>&2
+    echo "Failed to configure guacamole-server"
-    exit 1
+    echo "Trying again with --enable-allow-freerdp-snapshots"
+    ./configure --with-systemd-dir=/etc/systemd/system --enable-allow-freerdp-snapshots
+    if [ $? -ne 0 ]; then
+        echo "Failed to configure guacamole-server - again"
+        exit
+    fi
 else
     echo -e "${GREEN}OK${NC}"
 fi
@@ -628,6 +642,14 @@ else
 fi
 echo
 
+# Create guacd.conf file required for 1.4.0
+echo -e "${BLUE}Create guacd.conf file...${NC}"
+cat >> /etc/guacamole/guacd.conf <<- "EOF"
+[server]
+bind_host = 0.0.0.0
+bind_port = 4822
+EOF
+
 # Ensure guacd is started
 echo -e "${BLUE}Starting guacd service & enable at boot...${NC}"
 service guacd stop 2>/dev/null
@@ -635,6 +657,36 @@ service guacd start
 systemctl enable guacd
 echo
 
+# Deal with ufw and/or iptables
+
+# Check if ufw is a valid command
+if [ -x "$( command -v ufw )" ]; then
+    # Check if ufw is active (active|inactive)
+    if [[ $(ufw status | grep inactive | wc -l) -eq 0 ]]; then
+        # Check if 8080 is not already allowed
+        if [[ $(ufw status | grep "8080/tcp" | grep "ALLOW" | grep "Anywhere" | wc -l) -eq 0 ]]; then
+            # ufw is running, but 8080 is not allowed, add it
+            ufw allow 8080/tcp comment 'allow tomcat'
+        fi
+    fi
+fi    
+
+# It's possible that someone is just running pure iptables...
+
+# Check if iptables is a valid running service
+systemctl is-active --quiet iptables
+if [ $? -eq 0 ]; then
+    # Check if 8080 is not already allowed
+    # FYI: This same command matches the rule added with ufw (-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT)
+    if [[ $(iptables --list-rules | grep -- "-p tcp" | grep -- "--dport 8080" | grep -- "-j ACCEPT" | wc -l) -eq 0 ]]; then
+        # ALlow it
+        iptables -A INPUT -p tcp --dport 8080 --jump ACCEPT
+    fi
+fi
+
+# I think there is another service called firewalld that some people could be running instead
+# Unless someone opens an issue about it or submits a pull request, I'm going to ignore it for now
+
 # Cleanup
 echo -e "${BLUE}Cleanup install files...${NC}"
 rm -rf guacamole-*

guac-upgrade.sh

@@ -4,7 +4,7 @@
 if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi
 
 # Version number of Guacamole to install
-GUACVERSION="1.1.0"
+GUACVERSION="1.5.3"
 
 # Colors to use for output
 YELLOW='\033[1;33m'
@@ -32,7 +32,7 @@ while [ "$1" != "" ]; do
             ;;
         -r | --mysqlpwd )
             shift
-            mysqlrootpwd="$1"
+            mysqlRootPwd="$1"
             ;;
     esac
     shift
@@ -90,7 +90,7 @@ service guacd stop
 apt-get -qq update
 
 # Install additional packages if they do not exist yet
-apt-get -y install freerdp2-dev freerdp2-x11 libtool-bin libwebsockets-dev
+apt-get -y install freerdp2-dev freerdp2-x11 libtool-bin libwebsockets-dev libavformat-dev
 
 # Download Guacamole server
 wget -q --show-progress -O guacamole-server-${GUACVERSION}.tar.gz ${SERVER}/source/guacamole-server-${GUACVERSION}.tar.gz
@@ -124,7 +124,16 @@ fi
 
 # Upgrade Guacamole Server
 cd guacamole-server-${GUACVERSION}
-./configure --with-init-dir=/etc/init.d
+./configure --with-systemd-dir=/etc/systemd/system
+if [ $? -ne 0 ]; then
+    echo "Failed to configure guacamole-server"
+    echo "Trying again with --enable-allow-freerdp-snapshots"
+    ./configure --with-systemd-dir=/etc/systemd/system --enable-allow-freerdp-snapshots
+    if [ $? -ne 0 ]; then
+        echo "Failed to configure guacamole-server - again"
+        exit
+    fi
+fi
 make
 make install
 
@@ -188,6 +197,14 @@ for file in /etc/guacamole/extensions/guacamole-auth-duo*.jar; do
     fi
 done
 
+# Fix for #196
+mkdir -p /usr/sbin/.config/freerdp
+chown daemon:daemon /usr/sbin/.config/freerdp
+
+# Fix for #197
+mkdir -p /var/guacamole
+chown daemon:daemon /var/guacamole
+
 # Start tomcat and Guacamole
 echo -e "${BLUE}Starting tomcat and guacamole...${NC}"
 service ${TOMCAT} start