原文地址:https://lala.im/5974.html,請支持原作者!該處僅作轉載。
Apache Guacamole是一款网页云桌面,无需客户端即可连接到你的各种服务器,支持SSH/RDP/VNC/Telnet等协议。并且支持很多高级功能,例如:SFTP/虚拟RDP硬盘/录制终端视频/终端分享。
其实这是一个非常好用的运维工具,我个人觉得这东西是个神器,所以今天介绍下,它主要解决了我的一个什么问题?
我有很多台系统不一的服务器需要进行管理,通过使用Guacamole即可把它们统一集合在一起,这样管理起来非常方便,只需要一个浏览器就能做全部事情。另外有一些服务器因为在国外,国内连终端会非常卡,将Guacamole部署在一台线路比较好的机器上,可以做到一个中转加速的效果。
今天在Debian9下面部署了一下,踩了一堆坑,而且看网上的文档大部分都没写怎么去配置MySQL,Guacamole如果不配合MySQL使用的话,就是个残废。。所以这里记录下完整的安装过程。。
安装所需依赖/包:
apt -y install build-essential curl maven openjdk-8-jdk mariadb-server libcairo2-dev \
libjpeg62-turbo-dev libpng-dev libossp-uuid-dev libavcodec-dev libavutil-dev \
libswscale-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev \
libvncserver-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev libwebsockets-dev新建Tomcat用户:
useradd -m -d /opt/tomcat -s /sbin/nologin -U tomcat安装Tomcat:
wget https://www.apache.org/dist/tomcat/tomcat-9/v9.0.21/bin/apache-tomcat-9.0.21.tar.gz
tar -xzvf apache-tomcat-9.0.21.tar.gz -C /opt
cp -r /opt/apache-tomcat-9.0.21/. /opt/tomcat
rm -rf /opt/apache-tomcat-9.0.21
chown -R tomcat:tomcat /opt/tomcat新建systemd服务文件:
nano /etc/systemd/system/tomcat.service写入:
[Unit]
Description=Apache Tomcat 9 Server
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always
Environment=JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"
Environment=CATALINA_BASE=/opt/tomcat
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
[Install]
WantedBy=multi-user.target使用systemd管理Tomcat:
systemctl start tomcat
systemctl enable tomcat
systemctl status tomcat编译guacamole-server端:
wget https://www-us.apache.org/dist/guacamole/1.0.0/source/guacamole-server-1.0.0.tar.gz
tar -xzvf guacamole-server-1.0.0.tar.gz
cd guacamole-server-1.0.0
./configure --with-init-dir=/etc/init.d
make -j$(nproc)
make install
ldconfig如果构建参数那里没问题的话,你应该看到这些协议都是yes:
启动Guacd:
systemctl enable guacd
systemctl start guacd编译guacamole-client端:
cd
wget https://www-us.apache.org/dist/guacamole/1.0.0/source/guacamole-client-1.0.0.tar.gz
tar -xzvf guacamole-client-1.0.0.tar.gz
cd guacamole-client-1.0.0
mvn package
cp guacamole/target/guacamole-1.0.0.war /opt/tomcat/webapps/guacamole.war如果mvn package这一步没问题的话,这里应该全部回显SUCCESS:
添加Guacamole的环境变量:
echo "export GUACAMOLE_HOME=/etc/guacamole" > /etc/profile.d/guacamole.sh
chmod +x /etc/profile.d/guacamole.sh
source /etc/profile.d/guacamole.sh新建Guacamole所需的目录:
mkdir -p /etc/guacamole/ && mkdir -p /etc/guacamole/extensions && mkdir -p /etc/guacamole/lib && mkdir -p /etc/guacamole/mysqlauth/安装MySQL扩展:
cd /etc/guacamole/mysqlauth/
wget https://www-us.apache.org/dist/guacamole/1.0.0/binary/guacamole-auth-jdbc-1.0.0.tar.gz
wget https://cdn.mysql.com/Downloads/Connector-J/mysql-connector-java-5.1.47.tar.gz
tar -xzvf guacamole-auth-jdbc-1.0.0.tar.gz
tar -xzvf mysql-connector-java-5.1.47.tar.gz
cp /etc/guacamole/mysqlauth/guacamole-auth-jdbc-1.0.0/mysql/guacamole-auth-jdbc-mysql-1.0.0.jar /etc/guacamole/extensions
cp /etc/guacamole/mysqlauth/mysql-connector-java-5.1.47/mysql-connector-java-5.1.47-bin.jar /etc/guacamole/lib初始化MySQL:
mysql_secure_installation流程:
Enter current password for root (enter for none):回车
Set root password? [Y/n] Y
New password: 设置你的Mariadb数据库root密码
Re-enter new password: 重复输入一次密码
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y登录到MySQL命令行:
mysql -u root -p创建数据库/创建用户/授权:
CREATE DATABASE guacamole CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'guacamoleadmin'@'localhost' IDENTIFIED BY '设置你的数据库用户密码';
GRANT ALL PRIVILEGES ON guacamole.* TO 'guacamoleadmin'@'localhost';
FLUSH PRIVILEGES;
quit导入数据库:
cd /etc/guacamole/mysqlauth/guacamole-auth-jdbc-1.0.0/mysql
cat schema/*.sql | mysql -u root -p guacamole新建Guacamole配置文件:
nano /etc/guacamole/guacamole.properties写入:
guacd-hostname: localhost
guacd-port: 4822
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole
mysql-username: guacamoleadmin
mysql-password: 你的数据库用户密码下载语言包,这个语言包也是说来话长。。目前的1.0.0稳定版是没有中文的,但是我之前踩坑部署了一个git的版本,这个版本我看了下是1.1.0,里面已经支持了中文,所以我就直接把这个版本的语言包给移到1.0.0上面了,可以正常用没问题:
cd /opt/tomcat/webapps/guacamole/translations
wget https://git.lala.im/imlala/Apache-Guacamole-Chinese-Translations/raw/commit/caef8c3901c6862aebef086eeedc73830a4d217c/zh.json最后重启Guacd/Tomcat即可:
systemctl restart guacd
systemctl restart tomcat验证安装是否正常,访问你的服务器公网IP:8080/guacamole
应该可以看到登录界面,默认的管理员账号密码均是:guacadmin
现在配置Caddy反向代理,并且必须配置SSL才能使用到复制/粘贴的功能(Chrome等浏览器的特性):
cd
curl https://getcaddy.com | bash -s personal
mkdir -p /etc/caddy && mkdir -p /etc/ssl/caddy
nano /etc/caddy/Caddyfile写入:
desktop.koko.cat {
log stdout
gzip
tls [email protected]
proxy / http://你的服务器公网IP:8080/guacamole {
websocket
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-For {remote}
header_upstream X-Forwarded-Port {server_port}
header_upstream X-Forwarded-Proto {scheme}
}
}新建systemd服务文件:
nano /etc/systemd/system/caddy.service写入:
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
Restart=on-abnormal
User=root
Group=root
Environment=CADDYPATH=/etc/ssl/caddy
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile
ExecReload=/bin/kill -USR1 \$MAINPID
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s
[Install]
WantedBy=multi-user.target启动caddy:
systemctl start caddy
systemctl enable caddy现在访问你的站点域名,可以看到登录界面:
登录进去之后第一件事应该是更改你的管理员密码:
接着我们就可以新建连接了:
我新建了一个ssh/rdp进行测试:
SSH工作正常:
RDP工作正常:
按键盘组合键Ctrl+Alt+Shift可以打开当前终端的菜单:
我共享出来的一个终端链接,你可以通过这个链接查看到我这台机器的桌面:
https://desktop.koko.cat/#/client/emJvbWFuQWVjcWx4Vk1JMHlzTFVTZ3hTWEhNZzRUZnZ2cG9PRU9NM1lCdnUAYwBteXNxbC1zaGFyZWQ=?key=zbomanAecqlxVMI0ysLUSgxSXHMg4TfvvpoOEOM3YBvu
还有很多功能这里就不演示了,有需求可以自己搭建。
