Guacamole with Jetty and MySQL auth in a Jail

ClassicGOD

Contributor
Joined
Jul 28, 2011
Messages
145
I was looking around for the installation how to for Guac on FreeNAS jail but was unable to find one so I decided to write down the steps I took during the installation and post it here.

from http://guac-dev.org/:
Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC and RDP.

We call it clientless because no plugins or client software are required.

Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.


Create new jail with default settings
Login to the jail Shell by clicking on shell icon in Jail section in FreeNAS gui or by doing jexec # csh from FreeNAS shell where # is the jail id that you can check by doing jls

(for all the ports below when asked leave default settings)
Code:
portsnap fetch extract
cd /usr/ports/graphics/cairo
make install clean
cd /usr/ports/net/libvncserver
make install clean
cd /usr/ports/misc/ossp-uuid
make install clean
cd /usr/ports/x11-toolkits/pango
make install clean
cd /usr/ports/security/libssh2
make install clean
cd /usr/ports/java/openjdk7
make install clean
cd /usr/ports/www/jetty
make install clean
cd /usr/ports/databases/mysql56-server
make install clean


OR if you don't want to stare on the screen for an hour you can do: (it will still take some time but will not require your interaction until it finishes)
Code:
portsnap fetch extract && cd /usr/ports/graphics/cairo && make -DBATCH install clean && cd /usr/ports/net/libvncserver && make -DBATCH install clean && cd /usr/ports/misc/ossp-uuid && make -DBATCH install clean && cd /usr/ports/x11-toolkits/pango && make -DBATCH install clean && cd /usr/ports/security/libssh2 && make -DBATCH install clean && cd /usr/ports/java/openjdk7 && make -DBATCH install clean && cd /usr/ports/www/jetty && make -DBATCH install clean && cd /usr/ports/databases/mysql56-server && make -DBATCH install clean


Thanks to Deviant0ne for this next part. Go ahead or give him a like or something on the post below.

Install older version of FreeRDP to make RDP work:
Code:
mkdir ~/old_freerdp
svn co -r 387082 svn://svn.freebsd.org/ports/head/net/freerdp ~/old_freerdp
cd ~/old_freerdp && make install clean BATCH=yes


Download Guacamole server source, Guacamole web app, Guacamole jdbc auth modules and MySQL connector for JAVA
Code:
cd ~
fetch http://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-0.9.8.tar.gz
fetch http://sourceforge.net/projects/guacamole/files/current/binary/guacamole-0.9.8.war
fetch http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-0.9.8.tar.gz
fetch http://cdn.mysql.com/Downloads/Connector-J/mysql-connector-java-5.1.36.tar.gz


Extract what needs to be extracted
Code:
tar -zxvf guacamole-server-0.9.8.tar.gz
tar -zxvf guacamole-auth-jdbc-0.9.8.tar.gz
tar -zxvf mysql-connector-java-5.1.36.tar.gz


Configure, compile and install Guacamole Server
Code:
cd ~/guacamole-server-0.9.8
./configure CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" --with-init-dir=/etc/rc.d
make install


Edit ~/.cshrc (i recommend ee ) and add this under the other setenv lines and save the file
Code:
setenv GUACAMOLE_HOME /usr/local/jetty/.guacamole


Create some directories and move some files
Code:
mkdir /usr/local/jetty/.guacamole /usr/local/jetty/.guacamole/extensions /usr/local/jetty/.guacamole/lib
mv ~/mysql-connector-java-5.1.36/*.jar /usr/local/jetty/.guacamole/lib/
mv ~/guacamole-auth-jdbc-0.9.8/mysql/*.jar /usr/local/jetty/.guacamole/extensions/
mv ~/guacamole-*.war /usr/local/jetty/webapps/guacamole.war


Start MySQL server
Code:
service mysql-server onestart


Set the database up
Code:
mysqladmin -u root password 'YOUR_NEW_ROOT_PASS_FOR_MYSQL'

mysql -u root -p
create database GUACAMOLE_DB_NAME;
create user 'GUACAMOLE_USERNAME'@'localhost' identified by 'GUACAMOLE_USER_PASS';
grant select,insert,update,delete on GUACAMOLE_DB_NAME.* to 'GUACAMOLE_USERNAME'@'localhost';
flush privileges;
quit

cd ~/guacamole-auth-jdbc-0.9.8/mysql/schema
cat ./*.sql | mysql -u root -p GUACAMOLE_DB_NAME


Edit /usr/local/jetty/.guacamole/guacamole.properties (again I recommend ee) the file will be empty (it does not exist yet) type this in and save:
Code:
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: GUACAMOLE_DB_NAME
mysql-username: GUACAMOLE_USERNAME
mysql-password: GUACAMOLE_USER_PASS


Start Jetty and Guacd
Code:
service jetty onestart
service guacd start


Now you should see Jetty start page on http://jour_jail_ip:8080 and Guacamole Login page at: http://your_jail_ip:8080/guacamole/

Default admin login and pass to Guacamole is guacadmin/guacadmin

If everything is working ok you can make Guacamole start automatically with your jail by doing this:

Edit /etc/rc.conf type this in at the end of file and save:
Code:
mysql_enable="YES"
jetty_enable="YES"
guacd_enable="YES"



Edit /etc/rc.d/guacd and after:
Code:
try-restart)
status && restart
;;

add this and save:
Code:
quietstart)
start
;;

Restart your jail and verify that everything is working.
 
Last edited:

Deviant0ne

Dabbler
Joined
Sep 21, 2015
Messages
20
Absolutely fantastic post, thank you very much!

I will say that in order to get this working on my jail, I have to downgrade FreeRDP to an earlier version in order to connect to RDP sessions:

mkdir ~/old_freerdp
svn co -r 387082 svn://svn.freebsd.org/ports/head/net/freerdp ~/old_freerdp
cd ~/old_freerdp && make install clean BATCH=yes
 
Last edited:

ClassicGOD

Contributor
Joined
Jul 28, 2011
Messages
145
Absolutely fantastic post, thank you very much!

I will say that in order to get this working on my jail, I have to downgrade FreeRDP to an earlier version in order to connect to RDP sessions:

mkdir ~/old_freerdp
svn co -r 387082 svn://svn.freebsd.org/ports/head/net/freerdp ~/old_rdp
cd ~/old_rdp && make install clean BATCH=yes
Thanks! I was trying to figure this out, I even wrote a question to devs on Guac Sourceforge but over 100views later and many post by devs in different threads I got no answer. I tried to diagnose it myself but logs didn't tell me anything . I'll try this as soon as I'll be able to.
 

Deviant0ne

Dabbler
Joined
Sep 21, 2015
Messages
20
Thanks! I was trying to figure this out, I even wrote a question to devs on Guac Sourceforge but over 100views later and many post by devs in different threads I got no answer. I tried to diagnose it myself but logs didn't tell me anything . I'll try this as soon as I'll be able to.

Ha - I came across your other threads trying to diagnose the issue myself; I knew your instructions for installing Guacamole were good, since SSH and VNC were both working normally, it was only RDP I couldn't use. Then I found a post by someone using Arch that upgraded FreeRDP, which broke RDP in Guacamole for them, and reverted to an earlier version to correct the issue.

As a side note, the revision I mentioned above was the last available version of FreeRDP in the 1.1 branch before they upgraded to 1.2.
 
Last edited:

ClassicGOD

Contributor
Joined
Jul 28, 2011
Messages
145
Ha - I came across your other threads trying to diagnose the issue myself; I knew your instructions for installing Guacamole were good, since SSH and VNC were both working normally, it was only RDP I couldn't use. Then I found a post by someone using Arch that upgraded FreeRDP, which broke RDP in Guacamole for them, and reverted to an earlier version to correct the issue.

As a side note, the revision I mentioned above was the last available version of FreeRDP in the 1.1 branch before they upgraded to 1.2.
Just modified the original post, fixed few typos, modified the formatting and placed you solution in the 'step by step' - hope you don't mind. I also updated the versions to the newest Guac version and then run the entire procedure step by step by copy paste from it to verify it's working ;)
 

Deviant0ne

Dabbler
Joined
Sep 21, 2015
Messages
20
Just modified the original post, fixed few typos, modified the formatting and placed you solution in the 'step by step' - hope you don't mind. I also updated the versions to the newest Guac version and then run the entire procedure step by step by copy paste from it to verify it's working ;)

Absolutely OUTSTANDING how-to! Thank you so much for this - I am actually going to save this as a PDF for my records.I am curious to know if the older version of FreeRDP corrected your issue connecting to a Windows 10 machine... :)

As proof this works, I created a new jail from scratch, followed your guide and I am writing this from my iPad!
 

Attachments

  • image1.PNG
    image1.PNG
    539.4 KB · Views: 985

ClassicGOD

Contributor
Joined
Jul 28, 2011
Messages
145
I am curious to know if the older version of FreeRDP corrected your issue connecting to a Windows 10 machine... :)
Yes, I can connect to my Win10 installation without any problem when using FreeRDP version you recommended. :)
 

dublea

Dabbler
Joined
May 27, 2015
Messages
33
First off, THANKS ClassicGOD! Utilizing this tutorial, I was able to install a Guacamole 0.9.9 Jail onto FreeNAS 9.10. Still need to test RDP to Windows 10 (I did install that older version of FreeRDP) but I will report back once I am able to test. So, here are the things I had to change in order to install 0.9.9 on 9.10:


Edit /usr/local/etc/pkg/repos/FreeBSD.conf and mirror below:
Code:
FreeBSD: { 
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", 
  mirror_type: "srv", 
  enabled: yes 
} 



Then follow the edits below:
I was looking around for the installation how to for Guac on FreeNAS jail but was unable to find one so I decided to write down the steps I took during the installation and post it here.

from http://guac-dev.org/:



Create new jail with default settings
Login to the jail Shell by clicking on shell icon in Jail section in FreeNAS gui or by doing jexec # csh from FreeNAS shell where # is the jail id that you can check by doing jls

(for all the ports below when asked leave default settings)
Code:
portsnap fetch extract
cd /usr/ports/graphics/cairo
make install clean
cd /usr/ports/net/libvncserver
make install clean
cd /usr/ports/misc/ossp-uuid
make install clean
cd /usr/ports/x11-toolkits/pango
make install clean
cd /usr/ports/security/libssh2
make install clean
cd /usr/ports/java/openjdk7
make install clean
cd /usr/ports/www/jetty8
make install clean
cd /usr/ports/databases/mysql56-server
make install clean


OR if you don't want to stare on the screen for an hour you can do: (it will still take some time but will not require your interaction until it finishes)
Code:
portsnap fetch extract && cd /usr/ports/graphics/cairo && make -DBATCH install clean && cd /usr/ports/net/libvncserver && make -DBATCH install clean && cd /usr/ports/misc/ossp-uuid && make -DBATCH install clean && cd /usr/ports/x11-toolkits/pango && make -DBATCH install clean && cd /usr/ports/security/libssh2 && make -DBATCH install clean && cd /usr/ports/java/openjdk7 && make -DBATCH install clean && cd /usr/ports/www/jetty8 && make -DBATCH install clean && cd /usr/ports/databases/mysql56-server && make -DBATCH install clean


Thanks to Deviant0ne for this next part. Go ahead or give him a like or something on the post below.

Install older version of FreeRDP to make RDP work:
Code:
mkdir ~/old_freerdp
svn co -r 387082 svn://svn.freebsd.org/ports/head/net/freerdp ~/old_freerdp
cd ~/old_freerdp && make install clean BATCH=yes


Download Guacamole server source, Guacamole web app, Guacamole jdbc auth modules and MySQL connector for JAVA
Code:
cd ~
fetch http://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-0.9.9.tar.gz
fetch http://sourceforge.net/projects/guacamole/files/current/binary/guacamole-0.9.9.war
fetch http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-0.9.9.tar.gz
fetch https://downloads.mysql.com/archives/get/file/mysql-connector-java-5.1.36.tar.gz (old source was invalid or down)


Extract what needs to be extracted
Code:
tar -zxvf guacamole-server-0.9.9.tar.gz
tar -zxvf guacamole-auth-jdbc-0.9.9.tar.gz
tar -zxvf mysql-connector-java-5.1.36.tar.gz


Configure, compile and install Guacamole Server
Code:
cd ~/guacamole-server-0.9.9
./configure CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" --with-init-dir=/etc/rc.d
make install


Edit ~/.cshrc (i recommend ee ) and add this under the other setenv lines and save the file
Code:
setenv GUACAMOLE_HOME /usr/local/jetty/.guacamole


Create some directories and move some files
Code:
mkdir /usr/local/jetty/.guacamole /usr/local/jetty/.guacamole/extensions /usr/local/jetty/.guacamole/lib
mv ~/mysql-connector-java-5.1.36/*.jar /usr/local/jetty/.guacamole/lib/
mv ~/guacamole-auth-jdbc-0.9.9/mysql/*.jar /usr/local/jetty/.guacamole/extensions/
mv ~/guacamole-*.war /usr/local/jetty/webapps/guacamole.war


Start MySQL server
Code:
service mysql-server onestart


Set the database up
Code:
mysqladmin -u root password 'YOUR_NEW_ROOT_PASS_FOR_MYSQL'

mysql -u root -p
create database GUACAMOLE_DB_NAME;
create user 'GUACAMOLE_USERNAME'@'localhost' identified by 'GUACAMOLE_USER_PASS';
grant select,insert,update,delete on GUACAMOLE_DB_NAME.* to 'GUACAMOLE_USERNAME'@'localhost';
flush privileges;
quit

cd ~/guacamole-auth-jdbc-0.9.9/mysql/schema
cat ./*.sql | mysql -u root -p GUACAMOLE_DB_NAME


Edit /usr/local/jetty/.guacamole/guacamole.properties (again I recommend ee) the file will be empty (it does not exist yet) type this in and save:
Code:
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: GUACAMOLE_DB_NAME
mysql-username: GUACAMOLE_USERNAME
mysql-password: GUACAMOLE_USER_PASS


Start Jetty and Guacd
Code:
service jetty onestart
service guacd start


Now you should see Jetty start page on http://jour_jail_ip:8080 and Guacamole Login page at: http://your_jail_ip:8080/guacamole/

Default admin login and pass to Guacamole is guacadmin/guacadmin

If everything is working ok you can make Guacamole start automatically with your jail by doing this:

Edit /etc/rc.conf type this in at the end of file and save:
Code:
mysql_enable="YES"
jetty_enable="YES"
guacd_enable="YES"



Edit /etc/rc.d/guacd and after:
Code:
try-restart)
status && restart
;;

add this and save:
Code:
quietstart)
start
;;

Restart your jail and verify that everything is working.
 
Last edited:

Deviant0ne

Dabbler
Joined
Sep 21, 2015
Messages
20
... Still need to test RDP to Windows 10 (I did install that older version of FreeRDP) but I will report back once I am able to test...

It's good that you used the V1.1.0_2 of FreeRDP, I haven't had an opportunity to test this version in conjunction with Windows 10 on Guacamole 0.9.9 + FreeNAS 9.10; I've been testing Guacamole 0.9.9 with FreeNAS 9.10 and the latest version of FreeRDP [both from the FreeBSD ports and the Git version] and haven't been able to connect to Windows 10 machines.

I'll be curious to know if your notes line-up with mine, once you post them.

EDIT: Interesting work-around on installing 0.9.9 on 9.10; I took to approach of creating a new jail [using the FreeBSD 10.3 template] and installing Guacamole 0.9.9 on Jetty 9 [which turned-out to be a much different process from installing on 7/8] from scratch.
 
Last edited:

dublea

Dabbler
Joined
May 27, 2015
Messages
33
Welp, cannot RDP into Windows 10. I've disabled NLA on the Win device but it still will not connect. Still digging into it
 

Deviant0ne

Dabbler
Joined
Sep 21, 2015
Messages
20
Welp, cannot RDP into Windows 10. I've disabled NLA on the Win device but it still will not connect. Still digging into it

Try toggling the following key from 2 to 1: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
“SecurityLayer”=dword:00000001
 
Last edited:

dublea

Dabbler
Joined
May 27, 2015
Messages
33
Try toggling the following key from 2 to 1: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
“SecurityLayer”=dword:00000001

That is how I disabled NLA. It is defaultly set to 1, not 2. Also, I even tried disabling it altogether.
 

Deviant0ne

Dabbler
Joined
Sep 21, 2015
Messages
20
That is how I disabled NLA. It is defaultly set to 1, not 2. Also, I even tried disabling it altogether.
That's odd, mine was set to "2" by default. Have you tried relaxing the security settings from the Remote settings menu?
 

Schuby

Dabbler
Joined
Apr 27, 2016
Messages
37
A few changes below due to the original post being older.

jetty to jetty8

Code:
portsnap fetch extract
cd /usr/ports/graphics/cairo
make install clean
cd /usr/ports/net/libvncserver
make install clean
cd /usr/ports/misc/ossp-uuid
make install clean
cd /usr/ports/x11-toolkits/pango
make install clean
cd /usr/ports/security/libssh2
make install clean
cd /usr/ports/java/openjdk7
make install clean
cd /usr/ports/www/jetty8
make install clean
cd /usr/ports/databases/mysql56-server
make install clean


Code:
portsnap fetch extract && cd /usr/ports/graphics/cairo && make -DBATCH install clean && cd /usr/ports/net/libvncserver && make -DBATCH install clean && cd /usr/ports/misc/ossp-uuid && make -DBATCH install clean && cd /usr/ports/x11-toolkits/pango && make -DBATCH install clean && cd /usr/ports/security/libssh2 && make -DBATCH install clean && cd /usr/ports/java/openjdk7 && make -DBATCH install clean && cd /usr/ports/www/jetty8 && make -DBATCH install clean && cd /usr/ports/databases/mysql56-server && make -DBATCH install clean


mysql-connector-java package location is gone. New URL provided.

Code:
cd ~
fetch http://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-0.9.8.tar.gz
fetch http://sourceforge.net/projects/guacamole/files/current/binary/guacamole-0.9.8.war
fetch http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-jdbc-0.9.8.tar.gz
fetch https://downloads.mysql.com/archives/get/file/mysql-connector-java-5.1.36.tar.gz



Edit: Doh, someone else already made these changes. Whoops.
 
Last edited:

ClassicGOD

Contributor
Joined
Jul 28, 2011
Messages
145
Hi, thanks for the fixes, I had no time to visit the forums or mess with something that is working to test the changes myself. I am planning to redo my entire FreeNAS installation once 10.0 hits and I was planning to update the tutorial then but it's taking longer than I anticipated.

Meanwhile Guacamole became an Apache Incubator project and is now "Apache Guacamole" and I'm hoping it will not impact compatibility with Jetty. :P
 

moldboy

Dabbler
Joined
Dec 7, 2014
Messages
23
I followed your steps, everything works great even RDP to windows 10. However I'm having a weird problem. When I'm connected to guacamole my nextcloud running in a different jail doesn't respond. If I close guacamole and wait a few minutes nextcloud works fine again. I know jails aren't the same as virtual machines but I thought they ran processes separately and had independent network stacks. This might not be the right place, but I thought I'd ask. When this happens nothing is using a lot of server resources so I don't know what's going on
 

Deviant0ne

Dabbler
Joined
Sep 21, 2015
Messages
20
I followed your steps, everything works great even RDP to windows 10. However I'm having a weird problem. When I'm connected to guacamole my nextcloud running in a different jail doesn't respond. If I close guacamole and wait a few minutes nextcloud works fine again. I know jails aren't the same as virtual machines but I thought they ran processes separately and had independent network stacks. This might not be the right place, but I thought I'd ask. When this happens nothing is using a lot of server resources so I don't know what's going on
I'm not really sure what could be causing this; if I were you, I would try and configure Guacamole to use XML/plain text authentication rather than database authentication and see if that changes your experience. My thought is that it could be a database connection issue, but I'm just talking out loud...
 

Osiris

Contributor
Joined
Aug 15, 2013
Messages
148
I've got this as a Rancherstack (docker) on an ubuntu-vm on Freenas11.
It works fine, but I can't connect to the Freenas VM's vnc.
Anyone got this working with guacamole?
 

diskdiddler

Wizard
Joined
Jul 9, 2014
Messages
2,374
Is there a more modern guide of this for 11.1 U6 or 11.2 Beta / RC?

We have docker (kinda) available to us now, as well as iocage jails and full VMs
 
Top