Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. It can be used as a replacement for Citrix or TSplus terminal servers in SMEs. Apache Guacamole is also commercially supported.
Requirements:
1. Create an A-record (gm.domain.com) and link it to your container (Public IP).
2. Configure your host & profiles for the LXD containers.
3. You can also use macvlan for an internal LAN IP Address.
Launch the Ubuntu 18.04 container for Guacamole:
lxc launch --profile default ubuntu:18.04 LC-GM-01 --target host-1
lxc config set LC-GM-01 volatile.eth1.hwaddr 00:00:00:00:00:00
NAT IP eth0:
lxc config device add LC-GM-01 eth0 nic name=eth0 nictype=bridged parent=lxdbr0
Check your LXD subnet:
[email protected]:~$ lxc network show lxdbr0
config:
ipv4.address: 10.176.100.1/24 (example)
Set a static ipv4 address:
lxc config device set LC-GM-01 eth0 ipv4.address 10.176.100.10
Set macvlan (public/lan IP) on eth1:
lxc config device add LC-GM-01 eth1 nic name=eth1 nictype=macvlan parent=enp0s00
Restart the container
lxc restart LC-GM-01
Open the container:
lxc exec LC-GM-01 bash
Update the Guacamole container:
apt-get update && apt-get upgrade -y
Configure the firewall:
sudo ufw default deny incoming
sudo ufw default allow outgoing
ufw allow proto tcp to 0.0.0.0/0 port 443
ufw enable
Install Guacamole (version 1.0 while writing) and enter the MySQL root and Guacamole User password during the installation:
cd /root
wget https://raw.githubusercontent.com/MysticRyuujin/guac-install/master/guac-install.sh
chmod +x guac-install.sh
./guac-install.sh
Install NGINX with Let’s Encrypt:
wget https://raw.githubusercontent.com/bigredthelogger/guacamole/master/nginx-install.sh
chmod +x nginx-install.sh
./nginx-install.sh
Enter the fqdn for your domain: gm.yourdomain.com
Enter your email address: [email protected]
The installation has been completed succesfully.
You can sign in with username guacadmin and password guacadmin on your Guacamole domain! https://gm.yourdomain.com for example
Reboot the container and go back to the LXD host.
Start a new container with Ubuntu 18.04 for SSH, VNC or RDP access:
lxc launch --profile default ubuntu:18.04 LC-VD-01 --target host-1
Assign eth0 to lxdbr0:
lxc config device add LC-VD-01 eth0 nic name=eth0 nictype=bridged parent=lxdbr0
Set a static ipv4 address (from your subnet):
lxc config device set LC-VD-01 eth0 ipv4.address 10.176.100.11
Update and reboot the container..
Open the container:
lxc exec LC-VD-01 bash
Option 1: VNC Desktop
Install Desktop Environment:
apt-get install xfce4 xfce4-goodies -y
Install tightvncserver:
apt-get install tightvncserver -y
Start tightvncserver and enter your new VNC password:
vncserver
Start the vncserver service automatically with:
nano /etc/systemd/system/vncserver.service
Copy and paste the following config in /etc/systemd/system/vncserver.service:
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=forking
User=root
ExecStartPre=-/usr/bin/vncserver -kill :1 > /dev/null 2>&1
ExecStart=/usr/bin/vncserver :1
ExecStop=/usr/bin/vncserver -kill :1
[Install]
WantedBy=multi-user.target
Save the file and enable the service:
systemctl enable vncserver
Reboot the container and sign in to your Guacamole interface.
Go to Settings > Connections > New Connection
Connection Settings:
Name: VNC Virtual Desktop 1
Location: ROOT
Protocol: VNC
Parameters:
Hostname: 10.176.100.11 (example)
Port: 5901
Password: VNCPASSWORD
Save your settings and go back to Home to test your VNC desktop!
Option 2: SSH Command line
Edit your SSH config:
nano /etc/ssh/sshd_config
Allow root and password authentication:
PermitRootLogin yes
PasswordAuthentication yes
Save the settings and restart the SSH server to apply the changes.
Go to your Guacamole interface: Settings > Connections > New Connection
Connection Settings:
Name: SSH Virtual Desktop 1
Location: ROOT
Protocol: SSH
Parameters:
Hostname: 10.176.100.11 (example)
Port: 22
Save your settings and go back to Home to test your SSH Connection!
Option 3: RDP Desktop (Recommended)
Install Desktop Environment:
apt-get install xfce4 xfce4-goodies -y
Install xrdp for RDP access:
apt-get install xrdp
Create xsession file:
echo xfce4-session >~/.xsession
Edit the startup file:
nano /etc/xrdp/startwm.sh
Add startxfce4 at the end of the file.
Restart the service:
service xrdp restart
Go to your Guacamole interface: Settings > Connections > New Connection
Connection Settings:
Name: RDP Virtual Desktop 1
Location: ROOT
Protocol: RDP
Parameters:
Hostname: 10.176.100.11 (example)
Port: 3389
Save your settings and go back to Home to test your RDP Connection!
The installation and configuration have been completed!
Do not forget to change the guacadmin password in Preferences.