In this guide, we are going to learn how to install Apache Guacamole on Ubuntu 24.04. Apache Guacamole is a clientless HTML5 web based remote desktop gateway which provides remote access to servers and desktops through a web browser. It supports standard protocols like VNC, RDP, and SSH.
Table of Contents
Install Apache Guacamole on Ubuntu 24.04
Guacamole is made up of two parts;
guacamole-server, which provides the guacd proxy and all the native, server-side components required by Guacamole to connect to remote desktops.guacamole-clientwhich provides the client to be served by the servlet container which is usuallyTomcat.
You need to install both of these components to setup Apache Guacamole web-based remote desktop client.
Run System Update
Ensure your system package cache is up-to-date;
apt update
Check Available Version of Guacamole on Default Ubuntu Repos
Guacamole is available on the default Ubuntu 24.04 repositories. However, available version is not up-to-date;
apt-cache policy guacdguacd:
Installed: (none)
Candidate: 1.3.0-1.3ubuntu1
Version table:
1.3.0-1.3ubuntu1 500
500 http://de.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
To get the latest release version of Guacamole running on Ubuntu 24.04, you need to build it from the source.
Install Required Build Tools
To install guacamole-server, you need to build it from the source. This, therefore, requires that you need install the required build tools before you can start to build guacamole-server component;
apt install -y build-essential \
libcairo2-dev \
libjpeg-turbo8-dev \
libpng-dev \
libtool-bin \
uuid-dev \
libossp-uuid-dev \
libavcodec-dev \
libavformat-dev \
libavutil-dev \
libswscale-dev \
freerdp2-dev \
libpango1.0-dev \
libssh2-1-dev \
libvncserver-dev \
libtelnet-dev \
libwebsockets-dev \
libssl-dev \
libvorbis-dev \
libwebp-dev \
libpulse-dev
A comprehensive description of these dependency tools is available on required dependencies section.
Building Guacamole-Server on Ubuntu 24.04
To build guacamole-server, download the latest source archive tarball from Guacamole releases page. Guacamole 1.5.5 is the latest release version as of this writing. You can simply run the command below;
Replace the value of the VER variable with the current release of Guacamole.
VER=1.5.5wget https://downloads.apache.org/guacamole/${VER}/source/guacamole-server-${VER}.tar.gzOnce the download is done, extract the source tarball.
tar xzf guacamole-server-${VER}.tar.gzNavigate to guacamole server source code directory;
cd guacamole-server-${VER}Run the configure script to check if any required dependency is missing and to adapt Guacamole server to your system.
Ubuntu 24.04 ships with OpenSSL 3.x and Guacamole requires openssl 1.x to successfully compile and install. The warning related to this are treated as errors and thus the compilation process will fail. As a result, you can disable the Warnings from being treated as errors and compile Guacamole on Ubuntu 24.04.
CFLAGS=-Wno-error ./configure --with-systemd-dir=/etc/systemd/system/For more configure options, run, ./configure --help.
------------------------------------------------
guacamole-server version 1.5.5
------------------------------------------------
Library status:
freerdp2 ............ yes
pango ............... yes
libavcodec .......... yes
libavformat.......... yes
libavutil ........... yes
libssh2 ............. yes
libssl .............. yes
libswscale .......... yes
libtelnet ........... yes
libVNCServer ........ yes
libvorbis ........... yes
libpulse ............ yes
libwebsockets ....... yes
libwebp ............. yes
wsock32 ............. no
Protocol support:
Kubernetes .... yes
RDP ........... yes
SSH ........... yes
Telnet ........ yes
VNC ........... yes
Services / tools:
guacd ...... yes
guacenc .... yes
guaclog .... yes
FreeRDP plugins: /usr/lib/x86_64-linux-gnu/freerdp2
Init scripts: no
Systemd units: /etc/systemd/system/
Type "make" to compile guacamole-server.
Pay attention to out of the configure script.
Compile and install Guacamole Server on Ubuntu 24.04;
makemake installNext, run the ldconfig command to create the necessary links and cache to the most recent shared libraries found in the guacamole server directory.
ldconfigRunning Guacamole-Server
Start and enable guacd (Guacamole Daemon) to run on boot after the installation.
systemctl enable --now guacdTo check the status;
systemctl status guacd● guacd.service - Guacamole Server
Loaded: loaded (/etc/systemd/system/guacd.service; enabled; preset: enabled)
Active: active (running) since Sat 2024-10-12 05:45:05 UTC; 6s ago
Docs: man:guacd(8)
Main PID: 44663 (guacd)
Tasks: 1 (limit: 9507)
Memory: 10.0M (peak: 10.1M)
CPU: 16ms
CGroup: /system.slice/guacd.service
└─44663 /usr/local/sbin/guacd -f
Oct 12 05:45:05 svr-velo-02 systemd[1]: Started guacd.service - Guacamole Server.
Oct 12 05:45:05 svr-velo-02 guacd[44663]: Guacamole proxy daemon (guacd) version 1.5.5 started
Oct 12 05:45:05 svr-velo-02 guacd[44663]: guacd[44663]: INFO: Guacamole proxy daemon (guacd) version 1.5.5 started
Oct 12 05:45:05 svr-velo-02 guacd[44663]: guacd[44663]: INFO: Listening on host 127.0.0.1, port 4822
Oct 12 05:45:05 svr-velo-02 guacd[44663]: Listening on host 127.0.0.1, port 4822
Install Tomcat Servlet
Apache Tomcat is used to serve guacamole client content to users that connects to guacamole server via the web browser. To install Tomcat, run the command below;
Guacamole client, as of this writing is not compatible with latest releases of Apache Tomcat and hence, still requires Apache Tomcat9.
While you can install Apache Tomcat9 by building from the source as outlines in this guide;
How to Install Tomcat 9 on Debian 12
in this guide, we will use Ubuntu 22.04 Jammy Updates universe repos to install Apache Tomcat9;
Install Ubuntu 22.04 Jammy updates universe repos on Ubuntu 24.04;
echo 'deb http://ke.archive.ubuntu.com/ubuntu/ jammy-updates universe' > /etc/apt/sources.list.d/tomcat9.listRun system update;
apt updateInstall Apache Tomcat9 on Ubuntu 24.04;
apt install tomcat9 tomcat9-admin tomcat9-common tomcat9-user -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
ca-certificates-java default-jre-headless java-common libapr1t64 libeclipse-jdt-core-java libpcsclite1 libtcnative-1 libtomcat9-java openjdk-21-jre-headless
Suggested packages:
default-jre pcscd tomcat9 libnss-mdns fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho fonts-wqy-microhei | fonts-wqy-zenhei fonts-indic tomcat9-docs tomcat9-examples
The following NEW packages will be installed:
ca-certificates-java default-jre-headless java-common libapr1t64 libeclipse-jdt-core-java libpcsclite1 libtcnative-1 libtomcat9-java openjdk-21-jre-headless tomcat9 tomcat9-admin tomcat9-common tomcat9-user
0 upgraded, 13 newly installed, 0 to remove and 168 not upgraded.
Need to get 59.6 MB of archives.
After this operation, 220 MB of additional disk space will be used.
Get:1 http://de.archive.ubuntu.com/ubuntu noble/main amd64 ca-certificates-java all 20240118 [11.6 kB]
Get:2 http://de.archive.ubuntu.com/ubuntu noble/main amd64 java-common all 0.75+exp1 [6,798 B]
Get:3 http://de.archive.ubuntu.com/ubuntu noble/main amd64 libpcsclite1 amd64 2.0.3-1build1 [21.4 kB]
Get:4 http://de.archive.ubuntu.com/ubuntu noble-updates/main amd64 openjdk-21-jre-headless amd64 21.0.4+7-1ubuntu2~24.04 [46.6 MB]
Get:5 http://ke.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 tomcat9-common all 9.0.58-1ubuntu0.1 [60.9 kB]
Get:6 http://de.archive.ubuntu.com/ubuntu noble/main amd64 default-jre-headless amd64 2:1.21-75+exp1 [3,094 B]
Get:7 http://de.archive.ubuntu.com/ubuntu noble-updates/main amd64 libapr1t64 amd64 1.7.2-3.1ubuntu0.1 [108 kB]
Get:8 http://de.archive.ubuntu.com/ubuntu noble/universe amd64 libeclipse-jdt-core-java all 3.32.0+eclipse4.26-2 [6,438 kB]
Get:9 http://de.archive.ubuntu.com/ubuntu noble-updates/universe amd64 libtomcat9-java all 9.0.70-2ubuntu0.1 [6,161 kB]
Get:10 http://ke.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 tomcat9 all 9.0.58-1ubuntu0.1 [37.0 kB]
Get:11 http://ke.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 tomcat9-admin all 9.0.58-1ubuntu0.1 [68.8 kB]
Get:12 http://de.archive.ubuntu.com/ubuntu noble/universe amd64 libtcnative-1 amd64 1.2.35-1build2 [93.9 kB]
Get:13 http://ke.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 tomcat9-user all 9.0.58-1ubuntu0.1 [33.6 kB]
Fetched 59.6 MB in 1s (57.6 MB/s)
Selecting previously unselected package ca-certificates-java.
(Reading database ... 91757 files and directories currently installed.)
Preparing to unpack .../00-ca-certificates-java_20240118_all.deb ...
Unpacking ca-certificates-java (20240118) ...
Selecting previously unselected package java-common.
Preparing to unpack .../01-java-common_0.75+exp1_all.deb ...
Unpacking java-common (0.75+exp1) ...
Selecting previously unselected package libpcsclite1:amd64.
Preparing to unpack .../02-libpcsclite1_2.0.3-1build1_amd64.deb ...
Unpacking libpcsclite1:amd64 (2.0.3-1build1) ...
Selecting previously unselected package openjdk-21-jre-headless:amd64.
Preparing to unpack .../03-openjdk-21-jre-headless_21.0.4+7-1ubuntu2~24.04_amd64.deb ...
Unpacking openjdk-21-jre-headless:amd64 (21.0.4+7-1ubuntu2~24.04) ...
Selecting previously unselected package default-jre-headless.
Preparing to unpack .../04-default-jre-headless_2%3a1.21-75+exp1_amd64.deb ...
Unpacking default-jre-headless (2:1.21-75+exp1) ...
Selecting previously unselected package libapr1t64:amd64.
Preparing to unpack .../05-libapr1t64_1.7.2-3.1ubuntu0.1_amd64.deb ...
Unpacking libapr1t64:amd64 (1.7.2-3.1ubuntu0.1) ...
Selecting previously unselected package libeclipse-jdt-core-java.
Preparing to unpack .../06-libeclipse-jdt-core-java_3.32.0+eclipse4.26-2_all.deb ...
Unpacking libeclipse-jdt-core-java (3.32.0+eclipse4.26-2) ...
Selecting previously unselected package libtomcat9-java.
Preparing to unpack .../07-libtomcat9-java_9.0.70-2ubuntu0.1_all.deb ...
Unpacking libtomcat9-java (9.0.70-2ubuntu0.1) ...
Selecting previously unselected package tomcat9-common.
Preparing to unpack .../08-tomcat9-common_9.0.58-1ubuntu0.1_all.deb ...
Unpacking tomcat9-common (9.0.58-1ubuntu0.1) ...
Selecting previously unselected package tomcat9.
Preparing to unpack .../09-tomcat9_9.0.58-1ubuntu0.1_all.deb ...
Unpacking tomcat9 (9.0.58-1ubuntu0.1) ...
Selecting previously unselected package tomcat9-admin.
Preparing to unpack .../10-tomcat9-admin_9.0.58-1ubuntu0.1_all.deb ...
Unpacking tomcat9-admin (9.0.58-1ubuntu0.1) ...
Selecting previously unselected package tomcat9-user.
Preparing to unpack .../11-tomcat9-user_9.0.58-1ubuntu0.1_all.deb ...
Unpacking tomcat9-user (9.0.58-1ubuntu0.1) ...
Selecting previously unselected package libtcnative-1:amd64.
Preparing to unpack .../12-libtcnative-1_1.2.35-1build2_amd64.deb ...
Unpacking libtcnative-1:amd64 (1.2.35-1build2) ...
Setting up java-common (0.75+exp1) ...
Setting up libeclipse-jdt-core-java (3.32.0+eclipse4.26-2) ...
Setting up libpcsclite1:amd64 (2.0.3-1build1) ...
Setting up libtomcat9-java (9.0.70-2ubuntu0.1) ...
Setting up libapr1t64:amd64 (1.7.2-3.1ubuntu0.1) ...
Setting up ca-certificates-java (20240118) ...
No JRE found. Skipping Java certificates setup.
Setting up libtcnative-1:amd64 (1.2.35-1build2) ...
Setting up openjdk-21-jre-headless:amd64 (21.0.4+7-1ubuntu2~24.04) ...
update-alternatives: using /usr/lib/jvm/java-21-openjdk-amd64/bin/java to provide /usr/bin/java (java) in auto mode
update-alternatives: using /usr/lib/jvm/java-21-openjdk-amd64/bin/jpackage to provide /usr/bin/jpackage (jpackage) in auto mode
update-alternatives: using /usr/lib/jvm/java-21-openjdk-amd64/bin/keytool to provide /usr/bin/keytool (keytool) in auto mode
update-alternatives: using /usr/lib/jvm/java-21-openjdk-amd64/bin/rmiregistry to provide /usr/bin/rmiregistry (rmiregistry) in auto mode
update-alternatives: using /usr/lib/jvm/java-21-openjdk-amd64/lib/jexec to provide /usr/bin/jexec (jexec) in auto mode
Processing triggers for libc-bin (2.39-0ubuntu8.1) ...
Processing triggers for rsyslog (8.2312.0-3ubuntu9) ...
Processing triggers for man-db (2.12.0-4build2) ...
Processing triggers for ca-certificates-java (20240118) ...
Adding debian:ACCVRAIZ1.pem
Adding debian:AC_RAIZ_FNMT-RCM.pem
Adding debian:AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
Adding debian:Actalis_Authentication_Root_CA.pem
Adding debian:AffirmTrust_Commercial.pem
Adding debian:AffirmTrust_Networking.pem
Adding debian:AffirmTrust_Premium_ECC.pem
Adding debian:AffirmTrust_Premium.pem
Adding debian:Amazon_Root_CA_1.pem
Adding debian:Amazon_Root_CA_2.pem
Adding debian:Amazon_Root_CA_3.pem
Adding debian:Amazon_Root_CA_4.pem
Adding debian:ANF_Secure_Server_Root_CA.pem
Adding debian:Atos_TrustedRoot_2011.pem
Adding debian:Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem
Adding debian:Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem
Adding debian:Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
Adding debian:Baltimore_CyberTrust_Root.pem
Adding debian:BJCA_Global_Root_CA1.pem
Adding debian:BJCA_Global_Root_CA2.pem
Adding debian:Buypass_Class_2_Root_CA.pem
Adding debian:Buypass_Class_3_Root_CA.pem
Adding debian:CA_Disig_Root_R2.pem
Adding debian:Certainly_Root_E1.pem
Adding debian:Certainly_Root_R1.pem
Adding debian:Certigna.pem
Adding debian:Certigna_Root_CA.pem
Adding debian:certSIGN_Root_CA_G2.pem
Adding debian:certSIGN_ROOT_CA.pem
Adding debian:Certum_EC-384_CA.pem
Adding debian:Certum_Trusted_Network_CA_2.pem
Adding debian:Certum_Trusted_Network_CA.pem
Adding debian:Certum_Trusted_Root_CA.pem
Adding debian:CFCA_EV_ROOT.pem
Adding debian:CommScope_Public_Trust_ECC_Root-01.pem
Adding debian:CommScope_Public_Trust_ECC_Root-02.pem
Adding debian:CommScope_Public_Trust_RSA_Root-01.pem
Adding debian:CommScope_Public_Trust_RSA_Root-02.pem
Adding debian:Comodo_AAA_Services_root.pem
Adding debian:COMODO_Certification_Authority.pem
Adding debian:COMODO_ECC_Certification_Authority.pem
Adding debian:COMODO_RSA_Certification_Authority.pem
Adding debian:DigiCert_Assured_ID_Root_CA.pem
Adding debian:DigiCert_Assured_ID_Root_G2.pem
Adding debian:DigiCert_Assured_ID_Root_G3.pem
Adding debian:DigiCert_Global_Root_CA.pem
Adding debian:DigiCert_Global_Root_G2.pem
Adding debian:DigiCert_Global_Root_G3.pem
Adding debian:DigiCert_High_Assurance_EV_Root_CA.pem
Adding debian:DigiCert_TLS_ECC_P384_Root_G5.pem
Adding debian:DigiCert_TLS_RSA4096_Root_G5.pem
Adding debian:DigiCert_Trusted_Root_G4.pem
Adding debian:D-TRUST_BR_Root_CA_1_2020.pem
Adding debian:D-TRUST_EV_Root_CA_1_2020.pem
Adding debian:D-TRUST_Root_Class_3_CA_2_2009.pem
Adding debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem
Adding debian:emSign_ECC_Root_CA_-_C3.pem
Adding debian:emSign_ECC_Root_CA_-_G3.pem
Adding debian:emSign_Root_CA_-_C1.pem
Adding debian:emSign_Root_CA_-_G1.pem
Adding debian:Entrust.net_Premium_2048_Secure_Server_CA.pem
Adding debian:Entrust_Root_Certification_Authority_-_EC1.pem
Adding debian:Entrust_Root_Certification_Authority_-_G2.pem
Adding debian:Entrust_Root_Certification_Authority_-_G4.pem
Adding debian:Entrust_Root_Certification_Authority.pem
Adding debian:ePKI_Root_Certification_Authority.pem
Adding debian:e-Szigno_Root_CA_2017.pem
Adding debian:GDCA_TrustAUTH_R5_ROOT.pem
Adding debian:GlobalSign_ECC_Root_CA_-_R4.pem
Adding debian:GlobalSign_ECC_Root_CA_-_R5.pem
Adding debian:GlobalSign_Root_CA.pem
Adding debian:GlobalSign_Root_CA_-_R3.pem
Adding debian:GlobalSign_Root_CA_-_R6.pem
Adding debian:GlobalSign_Root_E46.pem
Adding debian:GlobalSign_Root_R46.pem
Adding debian:GLOBALTRUST_2020.pem
Adding debian:Go_Daddy_Class_2_CA.pem
Adding debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem
Adding debian:GTS_Root_R1.pem
Adding debian:GTS_Root_R2.pem
Adding debian:GTS_Root_R3.pem
Adding debian:GTS_Root_R4.pem
Adding debian:HARICA_TLS_ECC_Root_CA_2021.pem
Adding debian:HARICA_TLS_RSA_Root_CA_2021.pem
Adding debian:Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
Adding debian:Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
Adding debian:HiPKI_Root_CA_-_G1.pem
Adding debian:Hongkong_Post_Root_CA_3.pem
Adding debian:IdenTrust_Commercial_Root_CA_1.pem
Adding debian:IdenTrust_Public_Sector_Root_CA_1.pem
Adding debian:ISRG_Root_X1.pem
Adding debian:ISRG_Root_X2.pem
Adding debian:Izenpe.com.pem
Adding debian:Microsec_e-Szigno_Root_CA_2009.pem
Adding debian:Microsoft_ECC_Root_Certificate_Authority_2017.pem
Adding debian:Microsoft_RSA_Root_Certificate_Authority_2017.pem
Adding debian:NAVER_Global_Root_Certification_Authority.pem
Adding debian:NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem
Adding debian:OISTE_WISeKey_Global_Root_GB_CA.pem
Adding debian:OISTE_WISeKey_Global_Root_GC_CA.pem
Adding debian:QuoVadis_Root_CA_1_G3.pem
Adding debian:QuoVadis_Root_CA_2_G3.pem
Adding debian:QuoVadis_Root_CA_2.pem
Adding debian:QuoVadis_Root_CA_3_G3.pem
Adding debian:QuoVadis_Root_CA_3.pem
Adding debian:Sectigo_Public_Server_Authentication_Root_E46.pem
Adding debian:Sectigo_Public_Server_Authentication_Root_R46.pem
Adding debian:Secure_Global_CA.pem
Adding debian:SecureSign_RootCA11.pem
Adding debian:SecureTrust_CA.pem
Adding debian:Security_Communication_ECC_RootCA1.pem
Adding debian:Security_Communication_RootCA2.pem
Adding debian:Security_Communication_RootCA3.pem
Adding debian:Security_Communication_Root_CA.pem
Adding debian:SSL.com_EV_Root_Certification_Authority_ECC.pem
Adding debian:SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
Adding debian:SSL.com_Root_Certification_Authority_ECC.pem
Adding debian:SSL.com_Root_Certification_Authority_RSA.pem
Adding debian:SSL.com_TLS_ECC_Root_CA_2022.pem
Adding debian:SSL.com_TLS_RSA_Root_CA_2022.pem
Adding debian:Starfield_Class_2_CA.pem
Adding debian:Starfield_Root_Certificate_Authority_-_G2.pem
Adding debian:Starfield_Services_Root_Certificate_Authority_-_G2.pem
Adding debian:SwissSign_Gold_CA_-_G2.pem
Adding debian:SwissSign_Silver_CA_-_G2.pem
Adding debian:SZAFIR_ROOT_CA2.pem
Adding debian:Telia_Root_CA_v2.pem
Adding debian:TeliaSonera_Root_CA_v1.pem
Adding debian:TrustAsia_Global_Root_CA_G3.pem
Adding debian:TrustAsia_Global_Root_CA_G4.pem
Adding debian:Trustwave_Global_Certification_Authority.pem
Adding debian:Trustwave_Global_ECC_P256_Certification_Authority.pem
Adding debian:Trustwave_Global_ECC_P384_Certification_Authority.pem
Adding debian:T-TeleSec_GlobalRoot_Class_2.pem
Adding debian:T-TeleSec_GlobalRoot_Class_3.pem
Adding debian:TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
Adding debian:TunTrust_Root_CA.pem
Adding debian:TWCA_Global_Root_CA.pem
Adding debian:TWCA_Root_Certification_Authority.pem
Adding debian:UCA_Extended_Validation_Root.pem
Adding debian:UCA_Global_G2_Root.pem
Adding debian:USERTrust_ECC_Certification_Authority.pem
Adding debian:USERTrust_RSA_Certification_Authority.pem
Adding debian:vTrus_ECC_Root_CA.pem
Adding debian:vTrus_Root_CA.pem
Adding debian:XRamp_Global_CA_Root.pem
done.
Setting up tomcat9-common (9.0.58-1ubuntu0.1) ...
Setting up default-jre-headless (2:1.21-75+exp1) ...
Setting up tomcat9-user (9.0.58-1ubuntu0.1) ...
Setting up tomcat9-admin (9.0.58-1ubuntu0.1) ...
Setting up tomcat9 (9.0.58-1ubuntu0.1) ...
Creating group 'tomcat' with GID 988.
Creating user 'tomcat' (Apache Tomcat) with UID 988 and GID 988.
Creating config file /etc/tomcat9/tomcat-users.xml with new version
Creating config file /etc/tomcat9/web.xml with new version
Creating config file /etc/tomcat9/server.xml with new version
Creating config file /etc/tomcat9/logging.properties with new version
Creating config file /etc/tomcat9/context.xml with new version
Creating config file /etc/tomcat9/catalina.properties with new version
Creating config file /etc/tomcat9/jaspic-providers.xml with new version
Creating config file /etc/logrotate.d/tomcat9 with new version
Creating config file /etc/default/tomcat9 with new version
Created symlink /etc/systemd/system/multi-user.target.wants/tomcat9.service → /usr/lib/systemd/system/tomcat9.service.
Processing triggers for rsyslog (8.2312.0-3ubuntu9) ...
Scanning processes...
Scanning candidates...
Scanning linux images...
Running kernel seems to be up-to-date.
Restarting services...
Service restarts being deferred:
/etc/needrestart/restart.d/dbus.service
systemctl restart systemd-logind.service
systemctl restart unattended-upgrades.service
No containers need to be restarted.
User sessions running outdated binaries:
kifarunix @ session #3: sshd[1392]
kifarunix @ user manager service: systemd[989]
No VM guests are running outdated hypervisor (qemu) binaries on this host.
Disable Ubuntu 22.04 Jammy updates universe repos and run system package cache update;
sed -i 's/^/#/' /etc/apt/sources.list.d/tomcat9.listapt updateTomcat9 is started and enabled to run on system boot upon installation.
systemctl status tomcat9● tomcat9.service - Apache Tomcat 9 Web Application Server
Loaded: loaded (/usr/lib/systemd/system/tomcat9.service; enabled; preset: enabled)
Active: active (running) since Sat 2024-10-12 07:02:07 UTC; 3min 1s ago
Docs: https://tomcat.apache.org/tomcat-9.0-doc/index.html
Process: 7799 ExecStartPre=/usr/libexec/tomcat9/tomcat-update-policy.sh (code=exited, status=0/SUCCESS)
Main PID: 7804 (java)
Tasks: 35 (limit: 4614)
Memory: 150.3M (peak: 154.7M)
CPU: 5.639s
CGroup: /system.slice/tomcat9.service
└─7804 /usr/lib/jvm/default-java/bin/java -Djava.util.logging.config.file=/var/lib/tomcat9/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.awt.headl>
Oct 12 07:02:09 noble tomcat9[7804]: Deployment of deployment descriptor [/etc/tomcat9/Catalina/localhost/host-manager.xml] has finished in [1,051] ms
Oct 12 07:02:09 noble tomcat9[7804]: Deploying deployment descriptor [/etc/tomcat9/Catalina/localhost/manager.xml]
Oct 12 07:02:09 noble tomcat9[7804]: The path attribute with value [/manager] in deployment descriptor [/etc/tomcat9/Catalina/localhost/manager.xml] has been ignored
Oct 12 07:02:10 noble tomcat9[7804]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in the>
Oct 12 07:02:10 noble tomcat9[7804]: Deployment of deployment descriptor [/etc/tomcat9/Catalina/localhost/manager.xml] has finished in [413] ms
Oct 12 07:02:10 noble tomcat9[7804]: Deploying web application directory [/var/lib/tomcat9/webapps/ROOT]
Oct 12 07:02:10 noble tomcat9[7804]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in the>
Oct 12 07:02:10 noble tomcat9[7804]: Deployment of web application directory [/var/lib/tomcat9/webapps/ROOT] has finished in [398] ms
Oct 12 07:02:10 noble tomcat9[7804]: Starting ProtocolHandler ["http-nio-8080"]
Oct 12 07:02:10 noble tomcat9[7804]: Server startup in [1962] milliseconds
If UFW is running, allow Tomcat through it.
ufw allow 8080/tcpInstalling Guacamole Client on Ubuntu 24.04
guacamole-client contains provides web application that will serve the HTML5 Guacamole client to users that connect to your server. The web application will then connect to guacd on behalf of connected users in order to serve them any remote desktop they are authorized to access.
Create Guacamole configuration directory;
mkdir /etc/guacamoleDownload Guacamole-client Binary
Guacamole client can be installed from a source code or from ready binary. Binary installation is used in this demo. Download Guacamole-client from Guacamole releases page for the respective latest version (v1.5.5 as of this writing) and store it in the configuration directory created above;
VER=1.5.5wget https://downloads.apache.org/guacamole/${VER}/binary/guacamole-${VER}.war -O /etc/guacamole/guacamole.warCreate a symbolic link of the guacamole client to Tomcat webapps directory as shown below;
ln -s /etc/guacamole/guacamole.war /var/lib/tomcat9/webapps/Restart Tomcat to deploy the new web application;
systemctl restart tomcat9Restart guacd daemon as well;
systemctl restart guacdConfigure Apache Guacamole on Ubuntu 24.04
Guacamole has two major configuration files; /etc/guacamole which is referenced by the GUACAMOLE_HOME environment variable and /etc/guacamole/guacamole.properties which is the main configuration file used by Guacamole and its extensions.
There are also guacamole extensions and libraries configurations. You need to create the directories for these configs;
mkdir /etc/guacamole/{extensions,lib}Set the guacamole home directory environment variable and add it to /etc/default/tomcat9 configuration file.
echo "GUACAMOLE_HOME=/etc/guacamole" >> /etc/default/tomcat9Configure Guacamole Server Connections
To define how Guacamole connects to guacd, create the guacamole.properties file under /etc/guacamole directory with the following content.
vim /etc/guacamole/guacamole.propertiesguacd-hostname: localhost
guacd-port: 4822
user-mapping: /etc/guacamole/user-mapping.xml
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
After that, save the configuration file and link the Guacamole configurations directory to Tomcat servlet directory as shown below.
ln -s /etc/guacamole /usr/share/tomcat9/.guacamoleConfigure Guacamole Authentication Method
Guacamole’s default authentication method reads all users and connections from a single file called user-mapping.xml. In this file,you need to define the users allowed to access Guacamole web UI, the servers to connect to and the method of connection.
Therefore, run the command below to create this file with the following contents.
vim /etc/guacamole/user-mapping.xmlBe sure to replace password with your strong password.
<user-mapping>
<!-- Per-user authentication and config information -->
<!-- A user using md5 to hash the password
guacadmin user and its md5 hashed password below is used to
login to Guacamole Web UI-->
<authorize
username="guacadmin"
password="5f4dcc3b5aa765d61d8327deb882cf99"
encoding="md5">
<!-- First authorized Remote connection -->
<connection name="CentOS-Server">
<protocol>ssh</protocol>
<param name="hostname">192.168.56.156</param>
<param name="port">22</param>
</connection>
<!-- Second authorized remote connection -->
<connection name="Windows 7">
<protocol>rdp</protocol>
<param name="hostname">192.168.56.122</param>
<param name="port">3389</param>
<param name="username">koromicha</param>
<param name="ignore-cert">true</param>
</connection>
</authorize>
</user-mapping>
Generate the MD5 hash of passwords for the user used for logging into Guacamole web user interface. Replace you password accordingly;
echo -n password | openssl md5printf '%s' password | md5sumIf you need to explicitly define usernames and passwords, add the parameters;
<param name="username">USERNAME</param>
<param name="password">PASSWORD</param>Save and exit the configuration file.
You can check how to enable Guacamole OpenLDAP Authentication;
Setup Apache Guacamole OpenLDAP Authentication
Restart both Tomcat and guacd to effect the changes.
systemctl restart tomcat9 guacdBe sure to check the syslog, /var/log/syslog or /var/log/tomcat9/CATALINA-* for any issues.
Accessing Apache Guacamole from Browse
Once Guacamole is setup, you can access it from web browser using the address http://server-IP:8080/guacamole.
Upon successful login, you get to Apache Guacamole web dashboard and you should be able to see the added connections.
Click on a connection to name to initiate remote login. For example, SSHing into my CentOS-serve gets a me password prompt since we already defined the user;
To login to Windows 7 via RDP, just click on Windows 7;
And there you go. Enter your password and proceed to your desktop.
If windows login fail with the error;
The follow the guide below to fix it;
You can now add more connections to your Guacamole. That marks the end of our guide on install Apache Guacamole on Ubuntu.
Read more on Guacamole.
Configure TOTP Two-Factor Authentication on Apache Guacamole
