🥑
Setup Marrano
TOT des de root
mkdir -p /etc/guacamole/lib /etc/guacamole/extensions
apt install tomcat9
mysql -u root -p
create database guacamole;
create user 'guacamoleuser'@'localhost' identified by 'XXXXXXXXXXXXX';
grant select,insert,update,delete on guacamole.* to 'guacamoleuser'@'localhost';
flush privileges;
quit;
apt install git freerdp2-dev build-essential autoconf libtool m4 libpng-dev libjpeg-dev libcairo-dev libossp-uuid-dev libtelnet-dev libpango1.0-dev libssh2-1-dev libwebp-dev libvncserver-dev libpulse-dev libvorbis-dev libavcodec-dev libswscale-dev libwebsockets-dev
nano /etc/apt/sources.list.d/temp-debian-stretch.list
deb http://deb.debian.org/debian/ stretch main
apt update
apt install libmysql-java default-jdk
rm /etc/apt/sources.list.d/temp-debian-stretch.list
apt update
ln -s /usr/share/java/mysql-connector-java.jar /etc/guacamole/lib/
DESCARREGAR http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.1.0/binary/guacamole-auth-jdbc-1.1.0.tar.gz
(no es pot fer wget pq Ă©s una redirecciĂł de merda)
COPIAR el fitxer a /home/jon
cd /home/jon
tar -xzvf guacamole-auth-jdbc-1.1.0.tar.gz
mv guacamole-auth-jdbc-1.1.0/mysql/guacamole-auth-jdbc-mysql-1.1.0.jar /etc/guacamole/extensions/
cat guacamole-auth-jdbc-1.1.0/mysql/schema/*.sql | mysql -u root -p guacamole
git clone git://github.com/apache/guacamole-server.git
cd guacamole-server
autoreconf -fi
./configure --with-init-dir=/etc/init.d
make
make install
ldconfig
AL TANTO canviar port d'airsonic (el 8080 Ă©s de tomcat), al .conf d'apache i a /etc/default/airsonic descomentar PORT=, i allow ufw del nou port. Restart servei apache2, airsonic, i tomcat9
DESCARREGAR http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.1.0/binary/guacamole-1.1.0.war
(no es pot fer wget pq Ă©s una redirecciĂł de merda)
COPIAR el fitxer a /home/jon
cd /home/jon
cp guacamole-1.1.0.war /var/lib/tomcat9/webapps/
ln -s /var/lib/tomcat9/webapps/guacamole-1.1.0 /var/lib/tomcat9/webapps/guacamole
chown -R tomcat:tomcat /var/lib/tomcat9/webapps/
nano /etc/guacamole/guacamole.properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole
mysql-username: guacamoleuser
mysql-password: XXXXXXXXXXXXXXXXXXXXXXXXX
nano /etc/guacamole/user-mapping.xml
<user-mapping>
<authorize
username="jon"
password="186f6f59yt1aa2ca335456668c2e36a7"
encoding="md5" >
<connection name="SSH-NUC1">
<protocol>ssh</protocol>
<param name="hostname">192.168.1.200</param>
<param name="port">22</param>
</connection>
<connection name="RDP-NUC">
<protocol>rdp</protocol>
<param name="hostname">192.168.1.199</param>
<param name="port">3389</param>
<param name="ignore-cert">true</param>
<param name="color-depth">24</param>
<param name="security">tls</param>
<param name="enable-wallpaper">true</param>
<param name="username">jon</param>
<param name="password">XXXXXXXXXXXXXXXXXXX</param>
</connection>
</authorize>
</user-mapping>
update-rc.d guacd defaults
systemctl start guacd
nano /etc/apache2/sites-available/guacamole.conf
<VirtualHost *:80>
ServerName g.woonaval.eu
ServerAdmin woonaval@gmail.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
a2ensite guacamole.conf
(crear entrada dns g.woonaval.eu)
certbot --apache -d g.woonaval.eu
nano /etc/apache2/sites-available/guacamole-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
SSLEngine On
SSLProtocol +TLSv1.2 -all
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always append X-Frame-Options SAMEORIGIN
Protocols h2 http/1.1
ServerName g.woonaval.eu
ServerAdmin woonaval@gmail.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RedirectMatch 301 ^(.*)$ /guacamole
ProxyPass /guacamole http://127.0.0.1:8080/guacamole
ProxyPassReverse /guacamole http://127.0.0.1:8080/guacamole
RequestHeader set X-Forwarded-Proto "https"
SSLCertificateFile /etc/letsencrypt/live/g.woonaval.eu/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/g.woonaval.eu/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
FIX RDP:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
Change “SecurityLayer” value to 1
Verify “UserAuthentication” value is 0
Â
No Comments
ADD COMMENT
 Back to top