温馨提示:
本文所述内容具有依赖性,可能因软硬条件不同而与预期有所差异,故请以实际为准,仅供参考。
Guacamole 是 Apache 出品的免费开源远程桌面网关,通过 Guacamole,无需任何客户端或插件,只要有支持 HTML5 和 JavaScript 的 Web 浏览器即可访问远程资源,不仅支持 Windows RDP 协议,也支持 VNC 协议,甚至还支持 SSH、Telnet 等协议。Guacamole 的核心目标是将桌面保持在云端,从任何地方访问计算机。
原理
先来看下 Guacamole 工作原理:
用户使用其 Web 浏览器访问到 Guacamole 服务器,通过基于 HTTP 协议的 Guacamole 协议进行交互。Guacamole 服务器中的 Web 应用程序解析 Guacamole 协议,并将相应请求继续通过 Guacamole 协议转发到本地 Guacamole 代理 guacd。而 guacd 则是实际上连接到远程桌面服务器的服务代理。
Guacamole 协议与 guacd 的结合可提供协议的不可知性:Guacamole 客户端和 Web 应用程序都无需知道实际使用的远程桌面协议。
详细原理说明可参见官方文档《Implementation and architecture》、官方网站。
搭建
从上面原理中知道 Guacamole 分服务端和客户端,客户端运行于 Tomcat 上,我们来分别安装。
Tomcat
Ubuntu
apt install tomcat9
安装后还需要配置一下:
echo "" >> /etc/default/tomcat9
echo "# GUACAMOLE EVN VARIABLE" >> /etc/default/tomcat9
echo "GUACAMOLE_HOME=/etc/guacamole" >> /etc/default/tomcat9
CentOS
yum install tomcat
Guacamole Server
guacamole-server 包含 Guacamole 连接到远程桌面所需的所有本机服务器端组件。
依赖
这部分是为满足通用 C 库 libguac 和后台驻留监听程序 guacd 依赖,主要有 Cairo、libjpeg-turbo、libpng、OSSP UUID。
Ubuntu
apt install libcairo2-dev libjpeg-turbo8-dev libpng12-dev libtool-bin libossp-uuid-dev
CentOS
yum install cairo-devel libjpeg-turbo-devel libpng-devel libtool uuid-devel
排错
1、问题:安装时提示 Package 'libpng12-dev' has no installation candidate;
解决方案:改为安装 libpng-dev
;
可选插件
这部分主要是根据自己需要安装的具体协议支持,比如 VNC、RDP、SSH、Telnet、Kubernetes 等等。可选择安装的库有:FFmpeg、FreeRDP、Pango、libssh2、libtelnet、libVNCServer、PulseAudio、OpenSSL、libvorbis、libwebp。
具体哪个协议对应哪个插件,可参考官方文档-- Optional dependencies ,下方我们安装所有协议支持。
Ubuntu
apt install libavcodec-dev libavutil-dev libswscale-dev freerdp2-dev \
libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev \
libwebsockets-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev
CentOS
yum install ffmpeg-devel freerdp-devel pango-devel libssh2-devel \
libtelnet-devel libvncserver-devel libwebsockets-devel \
pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
guacamole-server
从官方网站下载最新源码,目前最新版本是 2020-01-29 发布的 1.1.0 版本:
~ # wget "http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.1.0/source/guacamole-server-1.1.0.tar.gz" -O guacamole-server-1.1.0.tar.gz
--2020-05-24 13:37:17-- http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.1.0/source/guacamole-server-1.1.0.tar.gz
Resolving apache.org (apache.org)... 40.79.78.1, 95.216.24.32
Connecting to apache.org (apache.org)|40.79.78.1|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://mirror.bit.edu.cn/apache/guacamole/1.1.0/source/guacamole-server-1.1.0.tar.gz [following]
--2020-05-24 13:37:18-- https://mirror.bit.edu.cn/apache/guacamole/1.1.0/source/guacamole-server-1.1.0.tar.gz
Resolving mirror.bit.edu.cn (mirror.bit.edu.cn)... 114.247.56.117, 2001:da8:204:1205::22
Connecting to mirror.bit.edu.cn (mirror.bit.edu.cn)|114.247.56.117|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1025593 (1002K) [application/octet-stream]
Saving to: ‘guacamole-server-1.1.0.tar.gz’
100%[==================================================================================================================>] 1,025,593 1.86MB/s in 0.5s
2020-05-24 13:37:20 (1.86 MB/s) - ‘guacamole-server-1.1.0.tar.gz’ saved [1025593/1025593]
~ # tar -xzf guacamole-server-1.1.0.tar.gz
~ # cd guacamole-server-1.1.0/
编译源码,并将启动项写入到 /etc/init.d,如果后续没有自启动的需求,可以忽略 with-init-dir:
~/guacamole-server-1.1.0 # ./configure --with-init-dir=/etc/init.d
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
......
config.status: executing libtool commands
------------------------------------------------
guacamole-server version 1.1.0
------------------------------------------------
Library status:
freerdp2 ............ yes
pango ............... yes
libavcodec .......... yes
libavutil ........... yes
libssh2 ............. yes
libssl .............. yes
libswscale .......... yes
libtelnet ........... yes
libVNCServer ........ yes
libvorbis ........... yes
libpulse ............ yes
libwebsockets ....... yes
libwebp ............. yes
wsock32 ............. no
Protocol support:
Kubernetes .... yes
RDP ........... yes
SSH ........... yes
Telnet ........ yes
VNC ........... yes
Services / tools:
guacd ...... yes
guacenc .... yes
guaclog .... yes
FreeRDP plugins: /usr/lib/x86_64-linux-gnu/freerdp2
Init scripts: /etc/init.d
Systemd units: no
Type "make" to compile guacamole-server.
安装 guacamole-server:
~/guacamole-server-1.1.0 # make && make install
make all-recursive
make[1]: Entering directory '/root/guacamole-server-1.1.0'
Making all in src/libguac
make[2]: Entering directory '/root/guacamole-server-1.1.0/src/libguac'
Making all in .
make[3]: Entering directory '/root/guacamole-server-1.1.0/src/libguac'
CC libguac_la-audio.lo
CC libguac_la-client.lo
CC libguac_la-encode-jpeg.lo
CC libguac_la-encode-png.lo
CC libguac_la-error.lo
CC libguac_la-hash.lo
CC libguac_la-id.lo
......
make[2]: Entering directory '/root/guacamole-server-1.1.0'
make[2]: Nothing to be done for 'install-exec-am'.
make[2]: Nothing to be done for 'install-data-am'.
make[2]: Leaving directory '/root/guacamole-server-1.1.0'
make[1]: Leaving directory '/root/guacamole-server-1.1.0'
~/guacamole-server-1.1.0# ldconfig
至此,guacamole-server 所有内容均已安装,启动服务:
~/guacamole-server-1.1.0 # /etc/init.d/guacd start
Starting guacd: guacd[31212]: INFO: Guacamole proxy daemon (guacd) version 1.1.0 started
SUCCESS
Guacamole Client
guacamole-client 包含 Guacamole 的所有 Java 和 JavaScript 组件(guacamole,guacamole-common, guacamole-ext 和 guacamole-common-js)。
编译
一般情况下我们无需自己编译,直接使用编译好的即可(下一节),如要自己编译,参考本节步骤。
下载最新客户端源码:
~ # wget "http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.1.0/source/guacamole-client-1.1.0.tar.gz" -O guacamole-client-1.1.0.tar.gz
--2020-05-24 14:18:56-- http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.1.0/source/guacamole-client-1.1.0.tar.gz
Resolving apache.org (apache.org)... 40.79.78.1, 95.216.24.32
Connecting to apache.org (apache.org)|40.79.78.1|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://mirror.bit.edu.cn/apache/guacamole/1.1.0/source/guacamole-client-1.1.0.tar.gz [following]
--2020-05-24 14:18:57-- https://mirror.bit.edu.cn/apache/guacamole/1.1.0/source/guacamole-client-1.1.0.tar.gz
Resolving mirror.bit.edu.cn (mirror.bit.edu.cn)... 114.247.56.117, 2001:da8:204:1205::22
Connecting to mirror.bit.edu.cn (mirror.bit.edu.cn)|114.247.56.117|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6095174 (5.8M) [application/octet-stream]
Saving to: ‘guacamole-client-1.1.0.tar.gz’
100%[==================================================================================================================>] 6,095,174 889KB/s in 6.7s
2020-05-24 14:19:05 (894 KB/s) - ‘guacamole-client-1.1.0.tar.gz’ saved [6095174/6095174]
~ # tar -xzf guacamole-client-1.1.0.tar.gz
~ # cd guacamole-client-1.1.0/
~/guacamole-client-1.1.0 # git clone git://github.com/apache/guacamole-client.git
Cloning into 'guacamole-client'...
remote: Enumerating objects: 69528, done.
remote: Total 69528 (delta 0), reused 0 (delta 0), pack-reused 69528
Receiving objects: 100% (69528/69528), 18.14 MiB | 7.50 MiB/s, done.
Resolving deltas: 100% (33971/33971), done.
安装编译工具(Ubuntu):
apt install maven
安装编译工具(CentOS):
yum install maven
编译:
~/guacamole-client-1.1.0 # mvn package
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] guacamole-common
[INFO] guacamole-ext
......
[INFO] Final Memory: 42M/379M
[INFO] ------------------------------------------------------------------------
编译完成后,会生成 guacamole/target/guacamole-1.1.0.war
文件,这就是我们需要的文件。
下载客户端
自己编译或多或少会有问题,不如直接使用官方编译好的,下载:
~ # wget "http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.1.0/binary/guacamole-1.1.0.war" -O guacamole-1.1.0.war
--2020-05-24 06:57:57-- http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.1.0/binary/guacamole-1.1.0.war
Resolving apache.org (apache.org)... 40.79.78.1, 95.216.24.32
Connecting to apache.org (apache.org)|40.79.78.1|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://mirror-hk.koddos.net/apache/guacamole/1.1.0/binary/guacamole-1.1.0.war [following]
--2020-05-24 06:57:57-- https://mirror-hk.koddos.net/apache/guacamole/1.1.0/binary/guacamole-1.1.0.war
Resolving mirror-hk.koddos.net (mirror-hk.koddos.net)... 103.109.101.20, 2402:7840:0:1::101:20
Connecting to mirror-hk.koddos.net (mirror-hk.koddos.net)|103.109.101.20|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9518140 (9.1M) [application/x-troff-man]
Saving to: ‘guacamole-1.1.0.war’
guacamole-1.1.0.war 100%[===========================================================>] 9.08M 32.9MB/s in 0.3s
2020-05-24 06:57:58 (32.9 MB/s) - ‘guacamole-1.1.0.war’ saved [9518140/9518140]
部署到 Tomcat
如果是自己编译的:
Ubuntu:
~/guacamole-client-1.1.0 # cp guacamole/target/guacamole-1.1.0.war /var/lib/tomcat9/webapps/guacamole.war
CentOS:
~/guacamole-client-1.1.0 # cp guacamole/target/guacamole-1.1.0.war /usr/share/tomcat/webapps/guacamole.war
如果是下载的:
Ubuntu:
~ # cp guacamole-1.1.0.war /var/lib/tomcat9/webapps/guacamole.war
CentOS:
~ # cp guacamole-1.1.0.war /usr/share/tomcat/webapps/guacamole.war
配置
guacd 连接信息:
~ # mkdir -p /etc/guacamole/
~ # vim /etc/guacamole/guacamole.properties
guacd-hostname: localhost
guacd-port: 4822
enable-clipboard-integration: true
远程桌面信息都保存在 /etc/guacamole/user-mapping.xml
,详细配置说明可参考官方说明,简单配置如下:
~ # vim /etc/guacamole/user-mapping.xml
<user-mapping>
<!-- Per-user authentication and config information -->
<authorize username="USERNAME" password="PASSWORD">
<protocol>vnc</protocol>
<param name="hostname">localhost</param>
<param name="port">5900</param>
<param name="password">VNCPASS</param>
</authorize>
<!-- Another user, but using md5 to hash the password
(example below uses the md5 hash of "PASSWORD") -->
<authorize
username="USERNAME2"
password="319f4d26e3c536b5dd871bb2c52e3178"
encoding="md5">
<!-- First authorized connection -->
<connection name="localhost">
<protocol>vnc</protocol>
<param name="hostname">localhost</param>
<param name="port">5901</param>
<param name="password">VNCPASS</param>
</connection>
<!-- Second authorized connection -->
<connection name="otherhost">
<protocol>vnc</protocol>
<param name="hostname">otherhost</param>
<param name="port">5900</param>
<param name="password">VNCPASS</param>
</connection>
</authorize>
</user-mapping>
启动服务
CentOS:
~ # service tomcat restart
Redirecting to /bin/systemctl start tomcat.service
~ # /etc/init.d/guacd restart
Stopping guacd: SUCCESS
Starting guacd: guacd[14622]: INFO: Guacamole proxy daemon (guacd) version 1.1.0 started
SUCCESS
Ubuntu:
~ # systemctl enable tomcat9
~ # service tomcat9 restart
~ # /etc/init.d/guacd restart
Stopping guacd: SUCCESS
Starting guacd: guacd[14622]: INFO: Guacamole proxy daemon (guacd) version 1.1.0 started
SUCCESS
访问远程服务
使用浏览器访问 http://192.168.1.139:8080/guacamole/
,使用 user-mapping.xml
定义的账号登录,即可看到名下的所有连接:
点击即可自动连接。注意防火墙要开放相应端口。
第三方服务
如果觉得上面服务搭建麻烦,可以使用现成的第三方服务。
1、微软开发者:https://guacrdp.microsoft.com/guacamole/#/client/TXkgVmlydHVhbCBNYWNoaW5lAGMAbm9hdXRo?ip=服务器 IP 地址&username=服务器系统账号&password=服务器系统密码
;
参考文章:
1、《guacamole 0.9.13安装与配置》
2、《Apache Guacamole 1.1.0》
3、《Guacamole Manual》
4、《Apache Guacamole教程之安装部署》