[Debian] blog 範例 二
#Guacamole 功能 –
它允許您從Web瀏覽器訪問遠程桌面。客戶端上不需要安裝其他軟件。
支持標準協議,如VNC,RDP,SSH和Kubernetes。
VNC會話可以圖形方式記錄。
通過CAS,OpenID Connect或SAML 2.0進行單點登錄
局域網喚醒
輕鬆管理多個遠程桌面會話。
支持TOTP兩因素認證。
支持剪貼板(複製和粘貼)以及通過SFTP傳輸文件。
支持音頻輸入和輸出
和更多。
Guacamole 本身不是遠程桌面協議。它是遠程桌面和客戶端之間的代理,因此可以在Web瀏覽器中顯示和控制遠程桌面。
#Step 01 – Build the Guacamole Server From Source
apt install build-essential libcairo2-dev libjpeg62-turbo-dev libpng-dev libtool-bin libossp-uuid-dev libvncserver-dev freerdp2-dev libssh2-1-dev libtelnet-dev libwebsockets-dev libpulse-dev libvorbis-dev libwebp-dev libssl-dev libpango1.0-dev libswscale-dev libavcodec-dev libavutil-dev libavformat-dev
下載
wget http://mirror.cc.columbia.edu/pub/software/apache/guacamole/1.3.0/source/guacamole-server-1.3.0.tar.gz
解壓縮
tar -xvf guacamole-server-1.3.0.tar.gz
進入解壓縮目錄
cd guacamole-server-1.3.0
設定建立環境
./configure --with-init-dir=/etc/init.d
./configure --with-init-dir=/etc/init.d --enable-allow-freerdp-snapshots
編譯環境
make
安裝
make install
更新系統的已安裝庫的緩存。
ldconfig
重新載入 System's,以便它可以guacd在/etc/init.d/目錄中找到(Guacamole代理守護程序)服務。
systemctl daemon-reload
systemctl start guacd
systemctl enable guacd
systemctl status guacd
確認服務是否正常
ss -lnpt | grep guacd
#Step 02 – 安裝Guacamole Web應用程序
Guacamole Web應用程序是用Java編寫的,因此我們需要安裝Java Servlet容器,例如Apache Tomcat。
apt install tomcat9 tomcat9-admin tomcat9-common tomcat9-user
Apache Tomcat will listen on port 8080, as can been shown with:
ss -lnpt | grep java
download the Guacamole web application.
wget https://downloads.apache.org/guacamole/1.3.0/binary/guacamole-1.3.0.war
將文件移至Web應用程序目錄(/var/lib/tomcat9/webapps)並同時重命名文件(刪除版本號)。
mv guacamole-1.2.0.war /var/lib/tomcat9/webapps/guacamole.war
Restart Tomcat and guacd.
systemctl restart tomcat9 guacd
#Step 03 –
#Step 04 –
wget http://us.mirrors.quenda.co/apache/guacamole/1.3.0/binary/guacamole-1.3.0.war
mkdir /etc/guacamole
cp guacamole-1.3.0.war /etc/guacamole/guacamole.war
ln -s /etc/guacamole/guacamole.war /var/lib/tomcat9/webapps/
mkdir /etc/guacamole/{extensions,lib}
echo "GUACAMOLE_HOME=/etc/guacamole" | tee -a /etc/default/tomcat9
安裝資料庫
apt install mariadb-server mariadb-client
建立資料庫
mysql -p
CREATE DATABASE guacamole_db;
CREATE USER 'guacamole_user'@'localhost' IDENTIFIED BY 'passw0rd';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';
FLUSH PRIVILEGES;
quit;
wget http://apache.mirror.digionline.de/guacamole/1.3.0/binary/guacamole-auth-jdbc-1.3.0.tar.gz
tar vfx guacamole-auth-jdbc-1.3.0.tar.gz
匯入資料庫
cat guacamole-auth-jdbc-1.3.0/mysql/schema/*.sql | mysql -u root -p guacamole_db
cp guacamole-auth-jdbc-1.3.0/mysql/guacamole-auth-jdbc-mysql-1.3.0.jar /etc/guacamole/extensions/
JDBC driver installieren
wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-8.0.13.tar.gz
tar xvzf mysql-connector-java-8.0.13.tar.gz
cp mysql-connector-java-8.0.13/mysql-connector-java-8.0.13.jar /etc/guacamole/lib/
#Step 05 – Configurate Guacamole
Configurate Guacamole
vim /etc/guacamole/guacamole.properties
# Hostname and Guacamole server port
guacd-hostname: localhost
guacd-port: 4822
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: passw0rd
###################
systemctl restart tomcat9
#Step 06 –
設定 nginx
server {
listen 80;
listen [::]:80;
server_name guacamole.example.com;
access_log /var/log/nginx/guac_access.log;
error_log /var/log/nginx/guac_error.log;
location / {
proxy_pass http://127.0.0.1:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_cookie_path /guacamole/ /;
}
}
or
location /guacamole/ {
proxy_pass http://127.0.0.1:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
#proxy_cookie_path /guacamole/ /;
}
nginx -t
systemctl reload nginx
location /guacamole/ {
proxy_pass http://HOSTNAME:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
access_log off;
}
# 若要使用其它路径
location /new-path/ {
proxy_pass http://HOSTNAME:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_cookie_path /guacamole/ /new-path/;
access_log off;
}
#Step 07 –
>数据库权限
CREATE DATABASE guacamole ;
CREATE USER 'guacamole'@'192.168.1.%' IDENTIFIED BY 'guacamole ';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole.* TO 'guacamole'@'192.168.1.%';
FLUSH PRIVILEGES;
>呼出/隐藏面板 Ctrl + Alt + Shift 或 在屏幕上向左滑动
>传输文件 SSH 启用SFTP功能 需要指定远程服务器上的一个文件夹
SFTP -> Enable SFTP
SFTP -> File browser root directory #设置一个文件上传下载的工作目录
>传输文件 RDP 虚拟磁盘驱动器
注意 驱动器目录为guacd服务器上的一个目录,该目录需guacd的用户可读写
Device Redirection -> Enable drive
Device Redirection -> Drive name #挂载到windows中的远程磁盘名称
Device Redirection -> Drive path #guacd服务器上的一个目录
Device Redirection -> Automatically create drive #若上步指定的目录不存在 则自动创建
>操作记录 SSH
将操作记录到文件 并可回放
文件记录存放于guacd服务器上
Typescript -> Typescript path #存放目录
Typescript -> Typescript name #文件名
Typescript -> Automatically create typescript path #若指定的目录不存在则自动创建
回放方法:
scriptreplay filename.timing filename #filename是Typescript name设置的值
filename.timing 记录操作的时点点偏移量
filename 是记录屏幕内容 保留字体颜色
>操作记录 RDP
生成视频文件
需要guacenc实用程序 该程序依赖ffmpeg libavcodec libavutil libswscale
生成filename.m4v文件命令
guacenc filename
guaclog filename
# 登录到容器内
docker exec -it my-guacamole bash
#Step 08 –
#Step 09 –
#Step 10 –
沒有留言:
張貼留言