How to setup a guacamole on a windows machine?

Question

From official website of gaucamole i.e. (http://guacamole.incubator.apache.org)-

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.

We call it clientless because no plugins or client software are required.

Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.

Can I setup guacamole on windows server 2012. If yes how ?

Answer 1

I run Guacamole with docker desktop on Winddows 10 and 11 OS and it works very well even on an old CPU (i5-6500T). I use a native postgreSQL server.

Answer 2

YES, WITH WSL2. I HAVE DONE IT. use wsl2 mirrored mode.

my professionalism is lacking, but i do know that my information is valuable. i don't feel like taking the time to up the professionalism, so if someone else wants to edit this to make it better, be my guest i guess

first off remove ubuntu to be able to get a new drive open a normal shell wsl --unregister ubuntu

then go to turn windows features on or off and toggle both Windows Subsystem for Linux and Hyper-V off and then press ok and then go turn them on again and press ok again

restart windows i guess

ubuntu 22.04 or something

disable bridging in hyper-v manager or whatever first so the wsl can actually get internet if possible, hope nothing is broken

run the following:

sudo apt-get update

sudo apt-get install vim

sudo apt-get install default-jre sudo apt-get install default-jdk

sudo vim /etc/environment

• arrow down to bottom (one line) or just go right
• add the following: JAVA_HOME="/usr/lib/jvm/java-11-openjdk-amd64"
• :wq [enter]

sudo vim ~/.bashrc

• arrow down to the bottom
• add the following to the bottom: source /etc/environment
• :wq [enter]

source /etc/environment

you can check with echo $JAVA_HOME

sudo apt-get install make sudo apt-get install maven sudo apt-get install tomcat9

sudo apt-get install libcairo2-dev libjpeg-turbo8-dev libpng-dev libtool-bin uuid-dev libossp-uuid-dev libavcodec-dev libavformat-dev libavutil-dev libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev

mkdir guacamole

make guacamole directory and install server and client files just download them from the website and then put the two zipped files (server and client) in the folder through file explorer

extract them tar -xzf guacamole-server-1.5.4.tar.gz tar -xzf guacamole-client-1.5.4.tar.gz

compile and install server cd guacamole-server-1.5.4 ./configure --with-init-dir=/etc/init.d make sudo make install

the following may show an error but just don't care about that sudo ldconfig

compile (?) and install client files cd ~/guacamole/guacamole-client-1.5.4 sudo mvn package wait about a minute and a half or longer

move the "new .war file" to tomcat9 cd ~/guacamole/guacamole-client-1.5.4/guacamole/target copy it!!! sudo cp guacamole-1.5.4.war /var/lib/tomcat9/webapps/guacamole.war if the thing is being fussy then you can remove the /var/lib/tomcat9/webapps/guacamole folder and restart tomcat9 and maybe guacamole

restart tomcat9 and guacamole sudo systemctl restart tomcat9 /etc/init.d/guacd start for some reason apache guacamole might not appear on systemctl, it works in the end anyways so whatever

get config files

go see apache guacamole's docs for the normal config file stuffs where i think you set some things stick the following two files in /etc/guacamole here are mine, albeit modified for confidentiality: guacd.conf

[daemon]
pid_file = /var/run/guacd.pid
#log_level = debug

[server]
#bind_host = localhost
bind_host = 127.0.0.1
bind_port = 4822

#[ssl]
#server_certificate = /etc/ssl/certs/guacd.crt
#server_key = /etc/ssl/private/guacd.key

user-mapping.xml

<user-mapping>
<!-- A user using md5 to hash the password guacadmin user and its md5 hashed password below is used to login to Guacamole Web UI-->                                                                                                                                                                                                            <!-- FIRST USER -->
<!-- -2/15/2023
Want to modify the password?
https://computingforgeeks.com/install-and-use-guacamole-on-ubuntu/#:~:text=Apache%20Guacamole%20is%20a%20clientless,desktops%20is%20a%20web%20browser.
Run:
echo -n GoodStrongPassword | openssl md5
in the console, and replace "GoodStrongPassword" with the password you want.
Put the output of that here for the password, replacing the old one in the process.-->
                                                                                                                     <authorize
username="Admin"
password="0123456789abcdef0123456789abcdef"
encoding="md5">
<!-- Second authorized Remote connection -->
<connection name="SSH c40-05">
<protocol>ssh</protocol>
<!--12/12/2023 changed from 127.0.0.1
                        to 192.168.2.10-->
                        <param name="hostname">192.168.2.10</param>
                        <!--Remember that while shellinabox may be port 6175, the actual ssh port is still 22. -2/15/2023-->
                        <param name="port">22</param>
                </connection>

                <!--12/10/2023 allow access to host computer-->
                <connection name="compooper">
                        <protocol>rdp</protocol>
               <param name="hostname">127.0.0.1</param>
                        <param name="port">3389</param>
                        <param name="username">your windows username</param>
                        <param name="ignore-cert">true</param>
                </connection>

        </authorize>
</user-mapping>

cd /etc/guacamole

add ip thing maybe do the following to "flush" or get rid of the other included ip: sudo ip addr flush dev eth0

run: sudo ip addr add 192.168.2.4/24 dev eth0

Connecting to WSL2 server via local network one could do the following: sudo ip addr flush dev eth0 sudo dhclient eth0

make a file in %UserProfile% (directly on your windows machine) and name it .wslconfig and put the following in it:

[wsl2]
networkingMode=mirrored

restart your ubuntu or your computer or something idk as it probably needs to reinitialize

ensure windows is on port 192.168.2.3 already Manual IP IPv4: On IP address: 192.168.2.3 Subnet mask: 255.255.255.255 Gateway: Preferred DNS: <a preferred DNS, i think you can't leave this blank> DNS over HTTPS: Off Alternate DNS: <i think you can leave this blank if you want, but why> DNS over HTTPS: Off IPv6: Off

if windows wasn't on port 192.168.2.3 already then sudo ip addr add 192.168.2.4/24 dev eth0 again

open the ports in ubuntu sudo ufw allow 80 sudo ufw allow 443 sudo ufw allow 8080 sudo ufw allow 8081

now go to powershell in administrator New-NetFirewallHyperVRule -Name "UbuntuGuacamole" -DisplayName "Ubuntu Apache Guacamole (UbuntuGuacamole)" -Direction Inbound -VMCreatorId "{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}" -Protocol TCP -LocalPorts @(8080, 80, 443, 8081)

the following can be used to change ports after the fact: Set-NetFirewallHyperVRule -Name UbuntuGuacamole -LocalPort @(8080, 80, 443, 8081)

check with: Get-NetFirewallHyperVRule -Name UbuntuGuacamole

open ports 8080, 80, 443, 8081 in windows firewall as inbound (and outbound?) ports on TCP (windows key --> Windows Defender Firewall --> Advanced Settings (last one on the left) --> Inbound Rules (on the left) --> New Rule (on the right) select Port, next, type in the port, next, allow the connection, next, domain private and public all three checked, next, and put whatever name and description you want (i put "allow port 80" for example) do that for ports 8080, 80, 443, 8081, and 3389 go to outbound rules on the left and do the same for 8080, 80, 443, and 8081 3389 is there so windows rdp can work

ubuntu WSL sudo vim /etc/tomcat9/server.xml go to 69,25 and change 8080 to 8081 i personally changed them because i had my actual linux computer that i wanted to stop using already taking up that port using apache guacamole with tomcat9 on that port already

sudo vim /etc/guacamole/user-mapping.xml go to 56,38-59 and change from 192.168.2.3 to 127.0.0.1

port forward port 8081 and connect to the device with port 8081 and it works on port 8081 now if you followed my steps

i personally connect to my home gaming computer through my website on my school chromebook so i can actually get more power and the ability to actually be able to program C++ while at school (i have a few weeks left before graduation at this point so idk why i really bothered)

this isn't fast enough for gaming and typically gets slow to the point of freezing if you try to do gaming or watch a fullscreen video

if you watch a video, make it as small as possible

i didn't necessarily cater this towards stackoverflow, i just already had the text file written so i just copy/pasted it and reformatted it as a courtesy for anyone else trying to do the same unwise thing as myself, providing at least a basic roadmap for those crazy enough about apache guacamole to not want to migrate away from it even when you stop using direct linux with it

i just had this working already but my computer kept on bluescreening due to hypervisor error (probably from something i did trying to manage this idk) so i reset windows while keeping my files and found part of the text document i used to quicken the process from my earlier definition of insanity style trial and error of trying to find the issues with why different things weren't working.

"Currently Guacamole 1.1.0 is not compatible with the default encryption of Windows. If you disable NLA it should work.

Open Registry editor ‘regedit’ and make the following settings:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]

Change “SecurityLayer” value to dword:00000001

Verify “UserAuthentication” value is dword:0x00000000

This should work without reboot."

also for your windows password, if you don't know it, i remember i found an article that said something stupid like the username is your phone number somewhere, i forget where but it was kind of dumb but it was correct. it's like your windows username and password for getting into the RDP.

This is a lot of steps, but it works now

Answer 3

It should be possible to run the Guacamole Docker container in the Docker Toolbox under Windows Server 2012. This reduces the overhead compared to a full blown VM like suggested by Bram.

Answer 4

The anwser is no, the manual is made for linux distro (since the guacd daemon is written for Linux).. So i would install it on Ubuntu in vmware on the Windows server. That way it is possible.