Updated to version 1.5.3. (#258)

Fixes #248

README.md

@@ -1,6 +1,8 @@
 # guac-install
 
-I've maintained this script for quite a few years now with the help of the other contributors and it seems to be getting more and more fragmented as libraries and system OSes diverge in their package management. I plan to continue maintaining the install script, but, I do highly suggest that more people try to use the containerized (docker) version. As it should work on basically any 64bit OS with Docker support. (That means it doesn't work on 32bit ARM/Rasp Pi)
+I've maintained this script for quite a few years now with the help of the other contributors and it seems to be getting more and more fragmented as libraries and system OSes diverge in their package management. I do **not** plan on maintaining this beyond perhaps approving other people's PRs and letting people continue to discuss issues, so I won't archive it but I'm also not actively maintaining it 🤷‍♂️
+
+You can also check out this other [Guacamole-Setup](https://github.com/itiligent/Guacamole-Setup) repo which sets up a complete **Virtual Desktop/Jump Server appliance with MFA, Active Directory integration & Nginx SSL reverse proxy** for more inspiration.
 
 ## NOTE: The fixes below are not to be used UNLESS you're having issues, don't run these for no reason, use the distro maintainers version unless there's a reason not to.
 
@@ -18,23 +20,21 @@ sudo apt update
 sudo apt -y -t buster-backports install freerdp2-dev libpulse-dev
 ```
 
-Script for installing Guacamole 1.3.0 on Ubuntu 16.04 or newer (with MySQL, or remote MySQL). It should also work on pure [Debian](https://www.debian.org/), [Raspbian](https://www.raspberrypi.org/downloads/raspbian/), [Linux Mint](https://linuxmint.com/) (18/LMDE 4 or newer) or [Kali Linux](https://www.kali.org/). I have tested this with Debian 10.3.0 (Buster). **If other versions don't work please open an issue.** It is likely due to a required library having a different name.
+Script for installing Guacamole 1.5.3 on Ubuntu 16.04 or newer (with MySQL, or remote MySQL). It should also work on pure [Debian](https://www.debian.org/), [Raspbian](https://www.raspberrypi.org/downloads/raspbian/), [Linux Mint](https://linuxmint.com/) (18/LMDE 4 or newer) or [Kali Linux](https://www.kali.org/). I have tested this with Debian 10.3.0 (Buster). **If other versions don't work please open an issue.** It is likely due to a required library having a different name.
 
 Run script, enter MySQL Root Password and Guacamole User password. Guacamole User is used to connect to the Guacamole Database. Be sure to save these!
 
 The script attempts to install `tomcat9` by default (it will fall back on `tomcat8` **if the available version is 8.5.x or newer**, otherwise it will fall back to `tomcat7`). If you want to manually specify a tomcat version there's a commented out line you can modify. Have at it.
 
-If you're looking to also have NGINX / Let's Encrypt / HTTPS click [HERE](https://github.com/bigredthelogger/guacamole)
-
 ## MFA/2FA
 
-By default the script will not install MFA support (QR code for Google/Microsoft Authenticator, Duo Mobile, etc. or Duo Push), if you do want MFA support you can use the `-t` or `--totp` or for Duo `-d` or `--duo` flags on the command line. Or modify the script variables `installTOTP=true` or `installDuo=true`. **Do not install both**
+By default the script will not install MFA support (QR code for Google/Microsoft Authenticator, Duo Mobile, etc. or Duo Push), if you do want MFA support you can use the `-t` or `--totp` or for Duo `-d` or `--duo` flags on the command line. Or modify the script variables `installTOTP=true` or `installDuo=true`. **Do not install both!**
 
 ## FYI
 
 Here's a cool PowerShell module for using the Guacamole API: https://github.com/UpperM/guacamole-powershell
 
-Does not work if you have MFA turned on (however, you can authenticate via the gui and get a token to use it that way)
+Does not work if you have MFA turned on (however, you can authenticate via the gui and get a token to use it that way).
 
 ## How to Run:
 
@@ -119,10 +119,9 @@ NOTE: Only the switches for MySQL Host, MySQL Port and Guacamole Database are av
 
 ## WARNING
 
-- Upgrading from 0.9.14 or 1.1.0 to 1.3.0 has not been tested, only 1.2.0 to 1.3.0 has been tested.
-- Switches have changed and additional ones have been added!
+- Upgrading from versions older than a couple dot fixes ago have not been tested with this script, use at your own risk and take backups first!
 
-## How to Run:
+## How to Upgrade:
 
 ### Download file directly from here:
 
@@ -141,3 +140,38 @@ Interactive (asks for passwords):
 Non-Interactive (MySQL root password provided via cli):
 
 `./guac-upgrade.sh --mysqlpwd password`
+
+## Post Installation - Reverse Proxies
+
+Make sure that you configure your reverse proxy (NGinx or Apache) as per the [Official Documentation](https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html)
+
+For Nginx:
+```
+location /guacamole/ {
+    proxy_pass http://HOSTNAME:8080/guacamole/;
+    proxy_buffering off;
+    proxy_http_version 1.1;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    access_log off;
+}
+```
+For Apache:
+```
+<Location /guacamole/>
+    Order allow,deny
+    Allow from all
+    ProxyPass http://HOSTNAME:8080/guacamole/ flushpackets=on
+    ProxyPassReverse http://HOSTNAME:8080/guacamole/
+</Location>
+```
+
+## NOTE: SSH doesnt work with Ubuntu 22.04:
+
+Guacamole only supports ssh-dss and ssh-rsa, and both have been disabled in Ubuntu 22.04.
+
+In the meantime a workaround is adding ```HostKeyAlgorithms +ssh-rsa``` to the end of ``` /etc/ssh/sshd_config ``` on the Ubuntu machine and restart sshd. 
+
+###### :warning: use at your own risk! :warning:
+

docker-install.sh

@@ -4,10 +4,11 @@
 if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi
 
 # Version number of Guacamole to install
-GUACVERSION="1.3.0"
+GUACVERSION="1.5.3"
 
 # Initialize variable values
 installTOTP=""
+installDUO=""
 
 # This is where we'll store persistent data for guacamole
 INSTALLFOLDER="/opt/guacamole"
@@ -22,6 +23,14 @@ mkdir ${MYSQLDATAFOLDER}
 
 cd ${INSTALLFOLDER}/install_files
 
+# Colors to use for output
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+CYAN='\033[0;36m'
+NC='\033[0m' # No Color
+
 # Get script arguments for non-interactive mode
 while [ "$1" != "" ]; do
     case $1 in
@@ -35,11 +44,15 @@ while [ "$1" != "" ]; do
             ;;
         -t | --totp )
             installTOTP=true
+			;;
+        -d | --duo )
+            installDUO=true
+		
     esac
     shift
 done
 
-# Get MySQL root password and Guacamole User password
+# Get MySQLroot password and Guacamole User password
 if [ -n "$mysqlpwd" ] && [ -n "$guacpwd" ]; then
         mysqlrootpassword=$mysqlpwd
         guacdbuserpassword=$guacpwd
@@ -80,7 +93,25 @@ if [[ -z "${installTOTP}" ]]; then
     fi
 fi
 
-# Update apt and install wget if it's missing
+if [[ -z "${installDUO}" ]]; then
+    # Prompt the user if they would like to install DUO MFA, default of no
+    echo -e -n "${CYAN}MFA: Would you like to install DUO? (y/N): ${NC}"
+    read PROMPT
+    if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
+        installDUO=true
+    else
+        installDUO=false
+    fi
+fi
+
+# We can't install TOTP and Duo at the same time...
+if [[ "${installTOTP}" = true ]] && [ "${installDuo}" = true ]; then
+    echo -e "${RED}MFA: The script does not support installing TOTP and Duo at the same time.${NC}" 1>&2
+    exit 1
+fi
+echo
+
+# Update install wget if it's missing
 apt-get update
 apt-get -y install wget
 
@@ -106,7 +137,7 @@ else
     apt-get -y install docker-ce docker-ce-cli containerd.io
     if [ $? -ne 0 ]; then
         echo "Failed to install docker via official apt repo"
-        echo "Trying to install docker from https://get.docker.com"
+       echo "Trying to install docker from https://get.docker.com"
         wget -O get-docker.sh https://get.docker.com
         chmod +x ./get-docker.sh
         ./get-docker.sh
@@ -130,6 +161,7 @@ fi
 
 tar -xzf guacamole-auth-jdbc-${GUACVERSION}.tar.gz
 
+
 # Download and install TOTP
 if [ "${installTOTP}" = true ]; then
     wget -q --show-progress -O guacamole-auth-totp-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-totp-${GUACVERSION}.tar.gz
@@ -146,6 +178,44 @@ if [ "${installTOTP}" = true ]; then
     fi
 fi
 
+
+# Download and install DUO
+
+if [ "${installDUO}" = true ]; then
+    wget -q --show-progress -O guacamole-auth-duo-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-duo-${GUACVERSION}.tar.gz
+    if [ $? -ne 0 ]; then
+        echo -e "${RED}Failed to download guacamole-auth-duo-${GUACVERSION}.tar.gz" 1>&2
+        echo -e "${SERVER}/binary/guacamole-auth-duo-${GUACVERSION}.tar.gz"
+        exit 1
+    else
+        echo -e "${GREEN}Downloaded guacamole-auth-duo-${GUACVERSION}.tar.gz${NC}"
+        tar -xzf guacamole-auth-duo-${GUACVERSION}.tar.gz
+        echo -e "${BLUE}Moving guacamole-auth-duo-${GUACVERSION}.jar (${INSTALLFOLDER}/extensions/)...${NC}"
+        cp -f guacamole-auth-duo-${GUACVERSION}/guacamole-auth-duo-${GUACVERSION}.jar ${INSTALLFOLDER}/extensions/
+        echo
+    fi
+fi
+
+
+# Configure guacamole.properties
+rm -f ${INSTALLFOLDER}/guacamole.properties
+touch ${INSTALLFOLDER}/guacamole.properties
+echo "mysql-hostname: 127.0.0.1" >> ${INSTALLFOLDER}/guacamole.properties
+echo "mysql-port: 3306" >> ${INSTALLFOLDER}/guacamole.properties
+echo "mysql-database: guacamole_db" >> ${INSTALLFOLDER}/guacamole.properties
+echo "mysql-username: guacamole_user" >> ${INSTALLFOLDER}/guacamole.properties
+echo "mysql-password: $guacdbuserpassword" >> ${INSTALLFOLDER}/guacamole.properties
+
+# Output Duo configuration settings but comment them out for now
+if [ "${installDUO}" = true ]; then
+    echo "# duo-api-hostname: " >> ${INSTALLFOLDER}/guacamole.properties
+    echo "# duo-integration-key: " >> ${INSTALLFOLDER}/guacamole.properties
+    echo "# duo-secret-key: " >> ${INSTALLFOLDER}/guacamole.properties
+    echo "# duo-application-key: " >> ${INSTALLFOLDER}/guacamole.properties
+    echo -e "${YELLOW}Duo is installed, it will need to be configured via guacamole.properties at ${INSTALLFOLDER}/guacamole.properties${NC}"
+fi
+
+
 # Start MySQL
 docker run --restart=always --detach --name=mysql -v ${MYSQLDATAFOLDER}:/var/lib/mysql --env="MYSQL_ROOT_PASSWORD=$mysqlrootpassword" --publish 3306:3306 healthcheck/mysql --default-authentication-plugin=mysql_native_password
 
@@ -173,4 +243,7 @@ docker run --restart=always --name guacamole --detach --link mysql:mysql --link
 
 # Done
 echo
-echo -e "Installation Complete\n- Visit: http://localhost:8080/guacamole/\n- Default login (username/password): guacadmin/guacadmin\n***Be sure to change the password***."
+echo -e "${YELLOW}\nInstallation Complete\n- Visit: http://localhost:8080/guacamole/\n- Default login (username/password): guacadmin/guacadmin\n***Be sure to change the password***."
+if [ "${installDUO}" = true ]; then
+    echo -e "${YELLOW}\nDon't forget to configure Duo in guacamole.properties at ${INSTALLFOLDER}/. You will not be able to login otherwise.\nhttps://guacamole.apache.org/doc/${GUACVERSION}/gug/duo-auth.html${NC}"
+fi

guac-install-server.sh

@@ -4,7 +4,7 @@
 if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi
 
 # Version number of Guacamole to install
-GUACVERSION="1.3.0"
+GUACVERSION="1.5.3"
 
 # Different version of Ubuntu/Linux Mint and Debian have different package names...
 source /etc/os-release
@@ -22,7 +22,7 @@ if [[ "${NAME}" == "Ubuntu" ]] || [[ "${NAME}" == "Linux Mint" ]]; then
     fi
 elif [[ "${NAME}" == *"Debian"* ]] || [[ "${NAME}" == *"Raspbian GNU/Linux"* ]] || [[ "${NAME}" == *"Kali GNU/Linux"* ]]  || [[ "${NAME}" == "LMDE" ]]; then
     JPEGTURBO="libjpeg62-turbo-dev"
-    if [[ "${PRETTY_NAME}" == *"stretch"* ]] || [[ "${PRETTY_NAME}" == *"buster"* ]] || [[ "${PRETTY_NAME}" == *"Kali GNU/Linux Rolling"* ]] || [[ "${NAME}" == "LMDE" ]]; then
+    if [[ "${PRETTY_NAME}" == *"bullseye"* ]] || [[ "${PRETTY_NAME}" == *"stretch"* ]] || [[ "${PRETTY_NAME}" == *"buster"* ]] || [[ "${PRETTY_NAME}" == *"Kali GNU/Linux Rolling"* ]] || [[ "${NAME}" == "LMDE" ]]; then
         LIBPNG="libpng-dev"
     else
         LIBPNG="libpng12-dev"
@@ -37,12 +37,12 @@ apt-get -qq update
 export DEBIAN_FRONTEND=noninteractive
 apt-get -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavformat-dev libavutil-dev \
 libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \
-libvorbis-dev libwebp-dev libwebsockets-dev wget libtool-bin libc-bin
+libvorbis-dev libwebp-dev libwebsockets-dev freerdp2-x11 libtool-bin ghostscript dpkg-dev wget crudini libc-bin
 
 # If apt fails to run completely the rest of this isn't going to work...
 if [ $? != 0 ]; then
     echo "apt-get failed to install all required dependencies."
-    exit
+    exit 1
 fi
 
 # Set SERVER to be the preferred download server from the Apache CDN
@@ -51,9 +51,9 @@ SERVER="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GU
 # Download Guacamole Server
 wget -O guacamole-server-${GUACVERSION}.tar.gz ${SERVER}/source/guacamole-server-${GUACVERSION}.tar.gz
 if [ $? -ne 0 ]; then
-    echo "Failed to download guacamole-server-${GUACVERSION}.tar.gz"
-    echo "${SERVER}/source/guacamole-server-${GUACVERSION}.tar.gz"
-    exit
+    echo -e "${RED}Failed to download guacamole-server-${GUACVERSION}.tar.gz" 1>&2
+    echo -e "${SERVER}/source/guacamole-server-${GUACVERSION}.tar.gz${NC}"
+    exit 1
 else
     # Extract Guacamole Files
     tar -xzf guacamole-server-${GUACVERSION}.tar.gz

guac-install.sh

@@ -15,11 +15,11 @@ fi
 
 # Version number of Guacamole to install
 # Homepage ~ https://guacamole.apache.org/releases/
-GUACVERSION="1.3.0"
+GUACVERSION="1.5.3"
 
 # Latest Version of MySQL Connector/J if manual install is required (if libmariadb-java/libmysql-java is not available via apt)
 # Homepage ~ https://dev.mysql.com/downloads/connector/j/
-MCJVER="8.0.19"
+MCJVER="8.0.27"
 
 # Colors to use for output
 YELLOW='\033[1;33m'
@@ -101,7 +101,7 @@ done
 
 if [[ -z "${installTOTP}" ]] && [[ "${installDuo}" != true ]]; then
     # Prompt the user if they would like to install TOTP MFA, default of no
-    echo -e -n "${CYAN}MFA: Would you like to install TOTP? (y/N): ${NC}"
+    echo -e -n "${CYAN}MFA: Would you like to install TOTP (choose 'N' if you want Duo)? (y/N): ${NC}"
     read PROMPT
     if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
         installTOTP=true
@@ -408,11 +408,18 @@ mkdir -p /etc/guacamole/extensions/
 mkdir -p /usr/sbin/.config/freerdp
 chown daemon:daemon /usr/sbin/.config/freerdp
 
+# Fix for #197
+mkdir -p /var/guacamole
+chown daemon:daemon /var/guacamole
+
 # Install guacd (Guacamole-server)
 cd guacamole-server-${GUACVERSION}/
 
 echo -e "${BLUE}Building Guacamole-Server with GCC $( gcc --version | head -n1 | grep -oP '\)\K.*' | awk '{print $1}' ) ${NC}"
 
+# Fix for warnings #222
+export CFLAGS="-Wno-error"
+
 echo -e "${BLUE}Configuring Guacamole-Server. This might take a minute...${NC}"
 ./configure --with-systemd-dir=/etc/systemd/system  &>> ${LOG}
 if [ $? -ne 0 ]; then
@@ -635,6 +642,14 @@ else
 fi
 echo
 
+# Create guacd.conf file required for 1.4.0
+echo -e "${BLUE}Create guacd.conf file...${NC}"
+cat >> /etc/guacamole/guacd.conf <<- "EOF"
+[server]
+bind_host = 0.0.0.0
+bind_port = 4822
+EOF
+
 # Ensure guacd is started
 echo -e "${BLUE}Starting guacd service & enable at boot...${NC}"
 service guacd stop 2>/dev/null

guac-upgrade.sh

@@ -4,7 +4,7 @@
 if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi
 
 # Version number of Guacamole to install
-GUACVERSION="1.3.0"
+GUACVERSION="1.5.3"
 
 # Colors to use for output
 YELLOW='\033[1;33m'
@@ -32,7 +32,7 @@ while [ "$1" != "" ]; do
             ;;
         -r | --mysqlpwd )
             shift
-            mysqlrootpwd="$1"
+            mysqlRootPwd="$1"
             ;;
     esac
     shift
@@ -197,6 +197,14 @@ for file in /etc/guacamole/extensions/guacamole-auth-duo*.jar; do
     fi
 done
 
+# Fix for #196
+mkdir -p /usr/sbin/.config/freerdp
+chown daemon:daemon /usr/sbin/.config/freerdp
+
+# Fix for #197
+mkdir -p /var/guacamole
+chown daemon:daemon /var/guacamole
+
 # Start tomcat and Guacamole
 echo -e "${BLUE}Starting tomcat and guacamole...${NC}"
 service ${TOMCAT} start