- Clientless SSH, VNC, Remote Desktop (Windows) terminal gateway.
웹을 통해 SSH, VNC, Windows Remote Desktop, SFTP 등에 연결할 수 있는 서비스.
Apache Guacamole 공식홈페이지
- Guacamole는 WAS 상에서 어플리케이션으로 동작한다.
Apache Tomcat 설치
# 추가 리포지터리 활성화를 위한 config-manager 및 epel-release 설치, 리포지터리 활성화
dnf install -y 'dnf-command(config-manager)' epel-release
dnf install -y --nogpgcheck https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm
dnf config-manager --set-enabled crb
# 리포지터리 갱신
dnf update -y
# Java 설치
dnf install -y java-11-openjdk java-11-openjdk-devel java-11-openjdk-headless java-11-openjdk-javadoc
# 필요 의존성 패키지 설치
dnf install -y cairo-devel libjpeg-turbo-devel libpng-devel libtool libuuid-devel
# Guacamole에서 지원하고자 하는 기능에 따른 패키지
dnf install -y freerdp-devel ffmpeg-devel pango-devel libssh2-devel libvncserver-devel
# 소스코드로부터 컴파일을 위한 패키지 설치
dnf groupinstall -y "Development Tools"
dnf install -y npm maven nodejs
- 미리 컴파일 된 바이너리와 라이브러리가 있다면 다음과 같이 파일들을 위치시킨다.
# Guacamole server binary
/usr/bin/guacd
# Guacamole server libraries
/lib
libguac-client-rdp.a
libguac-client-rdp.la
libguac-client-rdp.so -> libguac-client-rdp.so.0.0.0
libguac-client-rdp.so.0 -> libguac-client-rdp.so.0.0.0
libguac-client-rdp.so.0.0.0
libguac-client-ssh.a
libguac-client-ssh.la
libguac-client-ssh.so -> libguac-client-ssh.so.0.0.0
libguac-client-ssh.so.0 -> libguac-client-ssh.so.0.0.0
libguac-client-ssh.so.0.0.0
libguac-client-vnc.a
libguac-client-vnc.la
libguac-client-vnc.so -> libguac-client-vnc.so.0.0.0
libguac-client-vnc.so.0 -> libguac-client-vnc.so.0.0.0
libguac-client-vnc.so.0.0.0
libguac-terminal.a
libguac-terminal.la
libguac-terminal.so -> libguac-terminal.so.2.0.0
libguac-terminal.so.2 -> libguac-terminal.so.2.0.0
libguac-terminal.so.2.0.0
libguac.a
libguac.la
libguac.so -> libguac.so.25.0.0
libguac.so.25 -> libguac.so.25.0.0
libguac.so.25.0.0
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/lib
# 소스코드 다운로드 및 압축 해제
curl -L -O "https://apache.org/dyn/closer.lua/guacamole/1.6.0/source/guacamole-server-1.6.0.tar.gz?action=download"
tar -xvzf guacamole-server-1.6.0.tar.gz
cd guacamole-server-1.6.0
# 빌드
./configure --with-systemd-dir=/usr/local/lib/systemd/system
# ...중략...
# ------------------------------------------------
# guacamole-server version 1.6.0
# ------------------------------------------------
# Library status:
# freerdp ............. yes (2.x)
# pango ............... yes
# libavcodec .......... yes
# libavformat ......... yes
# libavutil ........... yes
# libssh2 ............. yes
# libssl .............. yes
# libswscale .......... yes
# libtelnet ........... no
# libVNCServer ........ yes
# libvorbis ........... no
# libpulse ............ no
# libwebsockets ....... no
# libwebp ............. no
# wsock32 ............. no
# Protocol support:
# Kubernetes .... no
# RDP ........... yes
# SSH ........... yes
# Telnet ........ no
# VNC ........... yes
# Services / tools:
# guacd ...... yes
# guacenc .... yes
# guaclog .... yes
# FreeRDP plugins: /usr/lib/x86_64-linux-gnu/freerdp2
# Init scripts: no
# Systemd units: /usr/local/lib/systemd/system
# Type "make" to compile guacamole-server.
# Make
make
# ...중략...
# Make install
make install
# ...중략...
# 라이브러리 시스템 캐시 업데이트
ldconfig
- 컴파일을 하면
/usr/local/lib/systemd/system/guacd.service 에 파일이 위치하게 된다.
# /lib/systemd/system/guacd.service
[Unit]
Description=Guacamole Server
Documentation=man:guacd(8)
After=network.target
[Service]
Environment="GUACAMOLE_HOME=/etc/guacamole"
User=daemon
ExecStart=/usr/local/sbin/guacd -f -L debug
Restart=on-abnormal
StandardOutput=file:/var/log/guacd/guacd.log
StandardError=file:/var/log/guacd/guacd.log
[Install]
WantedBy=multi-user.target
$GUACAMOLE_HOME 변수에 할당된 디렉토리에 파일이 위치해야 한다.
WAS에 배포된 guacamole client가 참조하는 설정파일이기도 하다.
export GUACAMOLE_HOME=/etc/guacamole 일 경우:
# /etc/guacamole/guacamole.properties
# Guacamole server
guacd-hostname: guacamole.host.name
guacd-port: 4822
# Authentication provider
auth-provider: net.sourceforge.guacamole.net.auth.postgresql.PostgreSQLAuthenticationProvider
# Authentication database info
postgresql-hostname: localhost
postgresql-port: 5432
postgresql-database: guacamole
postgresql-username: guacamole
postgresql-password: ${GUACAMOLE_DB_PASSWORD}
# Guacamole server log level
libguac-log-level: info
# systemctl
systemctl enable guacd --now
# 명령줄 실행 (포그라운드 디버그)
# guacd [-l LISTENPORT] [-b LISTENADDRESS] [-p PIDFILE] [-L LOG_LEVEL] [-C CERT_FILE] [-K PEM_FILE] [-f] [-v]
/usr/bin/guacd -f -b 0.0.0.0 -l 4822 -L debug