🥑

Setup Marrano

TOT des de root

mkdir -p /etc/guacamole/lib /etc/guacamole/extensions

apt install tomcat9

mysql -u root -p

create database guacamole;

create user 'guacamoleuser'@'localhost' identified by 'XXXXXXXXXXXXX';

grant select,insert,update,delete on guacamole.* to 'guacamoleuser'@'localhost';

flush privileges;

quit;

apt install git freerdp2-dev build-essential autoconf libtool m4 libpng-dev libjpeg-dev libcairo-dev libossp-uuid-dev libtelnet-dev libpango1.0-dev libssh2-1-dev libwebp-dev libvncserver-dev libpulse-dev libvorbis-dev libavcodec-dev libswscale-dev libwebsockets-dev

nano /etc/apt/sources.list.d/temp-debian-stretch.list

deb http://deb.debian.org/debian/ stretch main

apt update

apt install libmysql-java default-jdk

rm /etc/apt/sources.list.d/temp-debian-stretch.list

apt update

ln -s /usr/share/java/mysql-connector-java.jar /etc/guacamole/lib/

DESCARREGAR http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.1.0/binary/guacamole-auth-jdbc-1.1.0.tar.gz

(no es pot fer wget pq és una redirecció de merda)

COPIAR el fitxer a /home/jon

cd /home/jon

tar -xzvf guacamole-auth-jdbc-1.1.0.tar.gz

mv guacamole-auth-jdbc-1.1.0/mysql/guacamole-auth-jdbc-mysql-1.1.0.jar /etc/guacamole/extensions/

cat guacamole-auth-jdbc-1.1.0/mysql/schema/*.sql | mysql -u root -p guacamole

git clone git://github.com/apache/guacamole-server.git

cd guacamole-server

autoreconf -fi

./configure --with-init-dir=/etc/init.d

make

make install

ldconfig

AL TANTO canviar port d'airsonic (el 8080 és de tomcat), al .conf d'apache i a /etc/default/airsonic descomentar PORT=, i allow ufw del nou port. Restart servei apache2, airsonic, i tomcat9

DESCARREGAR http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.1.0/binary/guacamole-1.1.0.war

(no es pot fer wget pq és una redirecció de merda)

COPIAR el fitxer a /home/jon

cd /home/jon

cp guacamole-1.1.0.war /var/lib/tomcat9/webapps/

ln -s /var/lib/tomcat9/webapps/guacamole-1.1.0 /var/lib/tomcat9/webapps/guacamole

chown -R tomcat:tomcat /var/lib/tomcat9/webapps/

nano /etc/guacamole/guacamole.properties

mysql-hostname: localhost

mysql-port: 3306

mysql-database: guacamole

mysql-username: guacamoleuser

mysql-password: XXXXXXXXXXXXXXXXXXXXXXXXX

nano /etc/guacamole/user-mapping.xml

<user-mapping>

<authorize

username="jon"

password="186f6f59yt1aa2ca335456668c2e36a7"

encoding="md5" >

</connection>

<param name="password">XXXXXXXXXXXXXXXXXXX</param>

</connection>

</authorize>

</user-mapping>

update-rc.d guacd defaults

systemctl start guacd

nano /etc/apache2/sites-available/guacamole.conf

ServerName g.woonaval.eu

ServerAdmin woonaval@gmail.com

ErrorLog ${APACHE_LOG_DIR}/error.log

CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

a2ensite guacamole.conf

(crear entrada dns g.woonaval.eu)

certbot --apache -d g.woonaval.eu

nano /etc/apache2/sites-available/guacamole-le-ssl.conf

SSLEngine On

SSLProtocol +TLSv1.2 -all

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

Header always append X-Frame-Options SAMEORIGIN

Protocols h2 http/1.1

ServerName g.woonaval.eu

ServerAdmin woonaval@gmail.com

ErrorLog ${APACHE_LOG_DIR}/error.log

CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine On

RedirectMatch 301 ^(.*)$ /guacamole

ProxyPass /guacamole http://127.0.0.1:8080/guacamole

ProxyPassReverse /guacamole http://127.0.0.1:8080/guacamole

RequestHeader set X-Forwarded-Proto "https"

SSLCertificateFile /etc/letsencrypt/live/g.woonaval.eu/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/g.woonaval.eu/privkey.pem

Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>

</IfModule>

FIX RDP:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]

Change “SecurityLayer” value to 1

Verify “UserAuthentication” value is 0

No Comments

ADD COMMENT

🥑

No Comments

Report Page