Install and configure Apache Guacamole in Ubuntu 18.04 LXD Containers

Leave a reply

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. It can be used as a replacement for Citrix or TSplus terminal servers in SMEs. Apache Guacamole is also commercially supported.

Requirements:
1. Create an A-record (gm.domain.com) and link it to your container (Public IP).
2. Configure your host & profiles for the LXD containers.
3. You can also use macvlan for an internal LAN IP Address.

Launch the Ubuntu 18.04 container for Guacamole:

lxc launch --profile default ubuntu:18.04 LC-GM-01 --target host-1
lxc config set LC-GM-01 volatile.eth1.hwaddr 00:00:00:00:00:00

NAT IP eth0:

lxc config device add LC-GM-01 eth0 nic name=eth0 nictype=bridged parent=lxdbr0

Check your LXD subnet:

[email protected]:~$ lxc network show lxdbr0
config:
  ipv4.address: 10.176.100.1/24 (example)

Set a static ipv4 address:

lxc config device set LC-GM-01 eth0 ipv4.address 10.176.100.10

Set macvlan (public/lan IP) on eth1:

lxc config device add LC-GM-01 eth1 nic name=eth1 nictype=macvlan parent=enp0s00

Restart the container

lxc restart LC-GM-01

Open the container:

lxc exec LC-GM-01 bash

Update the Guacamole container:

apt-get update && apt-get upgrade -y

Configure the firewall:

sudo ufw default deny incoming
sudo ufw default allow outgoing
ufw allow proto tcp to 0.0.0.0/0 port 443
ufw enable

Install Guacamole (version 1.0 while writing) and enter the MySQL root and Guacamole User password during the installation:

cd /root
wget https://raw.githubusercontent.com/MysticRyuujin/guac-install/master/guac-install.sh
chmod +x guac-install.sh
./guac-install.sh

Install NGINX with Let’s Encrypt:

wget https://raw.githubusercontent.com/bigredthelogger/guacamole/master/nginx-install.sh
chmod +x nginx-install.sh
./nginx-install.sh
Enter the fqdn for your domain: gm.yourdomain.com
Enter your email address: [email protected]

The installation has been completed succesfully.
You can sign in with username guacadmin and password guacadmin on your Guacamole domain! https://gm.yourdomain.com for example

Reboot the container and go back to the LXD host.

Start a new container with Ubuntu 18.04 for SSH, VNC or RDP access:

lxc launch --profile default ubuntu:18.04 LC-VD-01 --target host-1

Assign eth0 to lxdbr0:

lxc config device add LC-VD-01 eth0 nic name=eth0 nictype=bridged parent=lxdbr0

Set a static ipv4 address (from your subnet):

lxc config device set LC-VD-01 eth0 ipv4.address 10.176.100.11

Update and reboot the container..

Open the container:

lxc exec LC-VD-01 bash

Option 1: VNC Desktop

Install Desktop Environment:

apt-get install xfce4 xfce4-goodies -y

Install tightvncserver:

apt-get install tightvncserver -y

Start tightvncserver and enter your new VNC password:

vncserver

Start the vncserver service automatically with:

nano /etc/systemd/system/vncserver.service

Copy and paste the following config in /etc/systemd/system/vncserver.service:

[Unit]
 Description=Remote desktop service (VNC)
 After=syslog.target network.target

[Service]
  Type=forking
  User=root
  ExecStartPre=-/usr/bin/vncserver -kill :1 > /dev/null 2>&1
  ExecStart=/usr/bin/vncserver :1
  ExecStop=/usr/bin/vncserver -kill :1

[Install]
  WantedBy=multi-user.target

Save the file and enable the service:

systemctl enable vncserver

Reboot the container and sign in to your Guacamole interface.

Go to Settings > Connections > New Connection

Connection Settings:
Name: VNC Virtual Desktop 1
Location: ROOT
Protocol: VNC

Parameters:
Hostname: 10.176.100.11 (example)
Port: 5901
Password: VNCPASSWORD

Save your settings and go back to Home to test your VNC desktop!

Option 2: SSH Command line

Edit your SSH config:

nano /etc/ssh/sshd_config

Allow root and password authentication:

PermitRootLogin yes
PasswordAuthentication yes

Save the settings and restart the SSH server to apply the changes.

Go to your Guacamole interface: Settings > Connections > New Connection

Connection Settings:
Name: SSH Virtual Desktop 1
Location: ROOT
Protocol: SSH

Parameters:
Hostname: 10.176.100.11 (example)
Port: 22

Save your settings and go back to Home to test your SSH Connection!

Option 3: RDP Desktop (Recommended)

Install Desktop Environment:

apt-get install xfce4 xfce4-goodies -y

Install xrdp for RDP access:

apt-get install xrdp

Create xsession file:

echo xfce4-session >~/.xsession

Edit the startup file:

nano /etc/xrdp/startwm.sh

Add startxfce4 at the end of the file.

Restart the service:

service xrdp restart

Go to your Guacamole interface: Settings > Connections > New Connection

Connection Settings:
Name: RDP Virtual Desktop 1
Location: ROOT
Protocol: RDP

Parameters:
Hostname: 10.176.100.11 (example)
Port: 3389

Save your settings and go back to Home to test your RDP Connection!

The installation and configuration have been completed!
Do not forget to change the guacadmin password in Preferences.

Leave a Reply

Your email address will not be published. Required fields are marked *