diff --git a/README.md b/README.md
index d375fbc..8a3ee18 100644
--- a/README.md
+++ b/README.md
@@ -1,16 +1,18 @@
+
+
# guac-install
-Script for installing Guacamole 1.1.0 on Ubuntu 16.04 or newer with MySQL. It should also work on pure Debian 7, 8, and 9. **It seems Debian 10 is not working right now**
+Script for installing Guacamole 1.1.0 on Ubuntu 16.04 or newer (optionally with MySQL by default). It should also work on pure Debian 7, 8, and 9. **It seems Debian 10 is not working right now**
Run script, enter MySQL Root Password and Guacamole User password. Guacamole User is used to connect to the Guacamole Database.
-The script attempts to install tomcat8 if the available version is 8.5.x or newer, if tomcat8 is only 8.0.x it will fall back to tomcat7. If you want to manually specify a tomcat version there's a commented out line you can modify at line #73. Have at it.
+The script attempts to install tomcat8 if the available version is 8.5.x or newer, if tomcat8 is only 8.0.x it will fall back to tomcat7. If you want to manually specify a tomcat version there's a commented out line you can modify. Have at it.
If you're looking to also have NGINX / Let's Encrypt / HTTPS click [HERE](https://github.com/bigredthelogger/guacamole)
## MFA/2FA
-By default the script will not install MFA support (QR code for Google/Microsoft Authenticator, Duo Mobile, etc. or Duo Push), if you do want MFA support you need to specify the `-t` or `--totp` or for Duo `-o` or `--duo` flags on the command line. Or modify the script variable `installTOTP=true` or `installDuo=true`
+By default the script will not install MFA support (QR code for Google/Microsoft Authenticator, Duo Mobile, etc. or Duo Push), if you do want MFA support you need to specify the `-t` or `--totp` or for Duo `-d` or `--duo` flags on the command line. Or modify the script variables `installTOTP=true` or `installDuo=true`.
## How to Run:
@@ -28,26 +30,71 @@ Interactive (asks for passwords):
./guac-install.sh
-Non-Interactive (passwords provided via cli):
+Non-Interactive (values provided via cli):
./guac-install.sh --mysqlpwd password --guacpwd password
OR
-./guac-install.sh -m password -g password
+./guac-install.sh -r password -gp password
-Once installation is done you can access guacamole by browsing to: http://:8080/guacamole/
+Once installation is done you can access Guacamole by browsing to: http://:8080/guacamole/
The default credentials are guacadmin as both username and password. Please change them or disable guacadmin after install!
# guac-upgrade
-Script for upgrading currently installed Guacamole instance (previously installed via this script/guide)
+Script for upgrading currently installed Guacamole instance (previously installed via this script/guide). This will also now update the TOTP or Duo extensions if used.
If looks for the tomcat folder in /etc/ (E.G. `/etc/tomcat7` or `/etc/tomcat8`) hopefully that works to identify the correct tomcat version/path :smile: I'm open to suggestions/pull requests for a cleaner method.
+## All Switches
+
+Install MySQL:
+
+-i or --installmysql
+
+Do *NOT* install MySQL:
+
+-n or --nomysql
+
+MySQL Host:
+
+-h or --mysqlhost
+
+MySQL Port:
+
+-p or --mysqlport
+
+MySQL Root Password:
+
+-r or --mysqlpwd
+
+Guacamole Database:
+
+-db or --guacdb
+
+Guacamole User:
+
+-gu or --guacuser
+
+Guacamole User Password:
+
+-gp or --guacpwd
+
+Install TOTP:
+
+-t or --totp
+
+Install Duo:
+
+-d or --duo
+
+NOTE: Only the switches for MySQL Host, MySQL Port and Guacamole Database are available in the upgrade script.
+
## WARNING
-I don't think this script is working anymore. Way too many reports that 0.9.14 -> 1.0.0 are not working. I don't know why.
+- Upgrading from 0.9.14 -> 1.1.0 has not been tested, only 1.0.0 -> 1.1.0.
+- Switches have changed and additional ones have been added!
## How to Run:
@@ -65,6 +112,6 @@ Interactive (asks for passwords):
./guac-upgrade.sh
-Non-Interactive (password provided via cli):
+Non-Interactive (MySQL root password provided via cli):
./guac-upgrade.sh --mysqlpwd password
diff --git a/guac-install-server.sh b/guac-install-server.sh
index 3ddbf34..7333fa6 100644
--- a/guac-install-server.sh
+++ b/guac-install-server.sh
@@ -32,7 +32,7 @@ fi
apt update
apt -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavutil-dev \
libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \
-libvorbis-dev libwebp-dev jq curl wget libtool-bin
+libvorbis-dev libwebp-dev jq curl wget libtool-bin libwebsockets-dev
# If apt fails to run completely the rest of this isn't going to work...
if [ $? != 0 ]
diff --git a/guac-install.sh b/guac-install.sh
index 81e1e3f..6c3d4d8 100644
--- a/guac-install.sh
+++ b/guac-install.sh
@@ -17,93 +17,149 @@ NC='\033[0m' # No Color
# Log Location
LOG="/tmp/guacamole_${GUACVERSION}_build.log"
-# Default : Do not install TOTP/Duo
-installTOTP=false
-installDuo=false
+# Initialize variable values
+installTOTP=""
+installDuo=""
+
+installMySQL=""
+mysqlHost=""
+mysqlPort=""
+mysqlRootPwd=""
+
+guacDb=""
+guacUser=""
+guacPwd=""
-# Prompt the user if they would like to install MFA, default of no
PROMPT=""
-echo -e -n "${CYAN}(!)${NC} Do you want to use TOTP? (y/N): "
-read PROMPT
-echo ""
-if [[ $PROMPT =~ ^[Yy]$ ]]; then installTOTP=true; fi
-
-echo -e -n "${CYAN}(!)${NC} Do you want to use Duo? (y/N): "
-read PROMPT
-echo ""
-if [[ $PROMPT =~ ^[Yy]$ ]]; then installDuo=true; fi
# Get script arguments for non-interactive mode
while [ "$1" != "" ]; do
case $1 in
- -m | --mysqlpwd )
- shift
- mysqlpwd="$1"
+ # Install MySQL selection
+ -i | --installmysql )
+ installMySQL=true
;;
- -g | --guacpwd )
+ -n | --nomysql )
+ installMySQL=false
+ ;;
+
+ # MySQL server/root information
+ -h | --mysqlhost )
+ shift
+ mysqlHost="$1"
+ ;;
+ -p | --mysqlport )
+ shift
+ mysqlPort="$1"
+ ;;
+ -r | --mysqlpwd )
+ shift
+ mysqlRootPwd="$1"
+ ;;
+
+ # Guac database/user information
+ -db | --guacdb )
+ shift
+ guacDb="$1"
+ ;;
+ -gu | --guacuser )
+ shift
+ guacUser="$1"
+ ;;
+ -gp | --guacpwd )
shift
guacpwd="$1"
;;
- -u | --mysqluser )
- shift
- mysqluser="$1"
- ;;
- -d | --database )
- shift
- DB="$1"
- ;;
+
+ # MFA selection
-t | --totp )
installTOTP=true
;;
- -o | --duo )
+ -d | --duo )
installDuo=true
esac
shift
done
+if [[ -z $installTOTP ]]; then
+ # Prompt the user if they would like to install MFA, default of no
+ echo -e -n "${CYAN}(!)${NC} Would you like to install TOTP? (y/N): "
+ read PROMPT
+ if [[ $PROMPT =~ ^[Yy]$ ]]; then installTOTP=true; else installTOTP=false; fi
+fi
+
+if [[ -z $installDuo ]]; then
+ echo -e -n "${CYAN}(!)${NC} Would you like to install Duo (configuration values must be set after install in guacamole.properties)? (y/N): "
+ read PROMPT
+ if [[ $PROMPT =~ ^[Yy]$ ]]; then installDuo=true; else installDuo=false; fi
+fi
+
+if [[ -z $installMySQL ]]; then
+ # Prompt the user to see if they would like to install MySQL, default of yes
+ echo -e -n "${CYAN}(!)${NC} Would you like to install MySQL? (Y/n): "
+ read PROMPT
+ if [[ $PROMPT =~ ^[Nn]$ ]]; then installMySQL=false; else installMySQL=true; fi
+fi
+
+if [ "$installMySQL" = false ]; then
+ # We need to get additional values
+ read -p "Enter MySQL server hostname or IP: " mysqlHost
+ read -p "Enter MySQL server port [3306]: " mysqlPort
+ read -p "Enter Guacamole database name [guacamole_db]: " guacDb
+ read -p "Enter Guacamole user [guacamole_user]: " guacUser
+fi
+
+# Get MySQL Root password and Guacamole User password
+echo
+while true
+do
+ read -s -p "Enter a MySQL ROOT Password: " mysqlRootPwd
+ echo
+ read -s -p "Confirm MySQL ROOT Password: " PROMPT2
+ echo
+ [ "$mysqlRootPwd" = "$PROMPT2" ] && break
+ echo "Passwords don't match. Please try again."
+ echo
+done
+echo
+while true
+do
+ read -s -p "Enter a Guacamole User Database Password: " guacPwd
+ echo
+ read -s -p "Confirm Guacamole User Database Password: " PROMPT2
+ echo
+ [ "$guacPwd" = "$PROMPT2" ] && break
+ echo "Passwords don't match. Please try again."
+ echo
+done
+echo
+
+if [ "$installMySQL" = true ]; then
+ # Seed MySQL install values
+ debconf-set-selections <<< "mysql-server mysql-server/root_password password $mysqlRootPwd"
+ debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $mysqlRootPwd"
+fi
+
+# Checking if mysql host given
+if [ -z "$mysqlHost" ]; then
+ mysqlHost="localhost"
+fi
+
+# Checking if mysql port given
+if [ -z "$mysqlPort" ]; then
+ mysqlPort="3306"
+fi
+
# Checking if mysql user given
-if [ -z "$mysqluser" ]; then
- mysqluser="guacamole_user"
+if [ -z "$guacUser" ]; then
+ guacUser="guacamole_user"
fi
# Checking if database name given
-if [ -z "$DB" ]; then
- DB="guacamole_db"
+if [ -z "$guacDb" ]; then
+ guacDb="guacamole_db"
fi
-# Get MySQL root password and Guacamole User password
-if [ -n "$mysqlpwd" ] && [ -n "$guacpwd" ]; then
- mysqlrootpassword=$mysqlpwd
- guacdbuserpassword=$guacpwd
-else
- echo
- while true
- do
- read -s -p "Enter a MySQL ROOT Password: " mysqlrootpassword
- echo
- read -s -p "Confirm MySQL ROOT Password: " password2
- echo
- [ "$mysqlrootpassword" = "$password2" ] && break
- echo "Passwords don't match. Please try again."
- echo
- done
- echo
- while true
- do
- read -s -p "Enter a Guacamole User Database Password: " guacdbuserpassword
- echo
- read -s -p "Confirm Guacamole User Database Password: " password2
- echo
- [ "$guacdbuserpassword" = "$password2" ] && break
- echo "Passwords don't match. Please try again."
- echo
- done
- echo
-fi
-
-debconf-set-selections <<< "mysql-server mysql-server/root_password password $mysqlrootpassword"
-debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $mysqlrootpassword"
-
# Ubuntu and Debian have different package names for libjpeg
# Ubuntu and Debian versions have differnet package names for libpng-dev
# Ubuntu 18.04 does not include universe repo by default
@@ -142,10 +198,13 @@ else
TOMCAT="tomcat7"
fi
-if [ -z $(command -v mysql) ]; then
- MYSQL="mysql-server mysql-client mysql-common mysql-utilities"
+MYSQL=""
+if [ "$installMySQL" = true ]; then
+ if [ -z $(command -v mysql) ]; then
+ MYSQL="mysql-server mysql-client mysql-common mysql-utilities"
+ fi
else
- MYSQL=""
+ MYSQL="mysql-client"
fi
# Uncomment to manually force a tomcat version
@@ -198,6 +257,7 @@ if [ $? -ne 0 ]; then
exit 1
fi
echo -e "${GREEN}Downloaded guacamole-auth-jdbc-${GUACVERSION}.tar.gz${NC}"
+
# Download Guacamole authentication extensions
if [ "$installTOTP" = true ]; then
# TOTP
@@ -225,6 +285,7 @@ if [ "$installDuo" = true ]; then
echo -e "${GREEN}Downloading complete.${NC}"
tar -xzf guacamole-auth-duo-${GUACVERSION}.tar.gz
fi
+
# Extract Guacamole files
tar -xzf guacamole-server-${GUACVERSION}.tar.gz
tar -xzf guacamole-auth-jdbc-${GUACVERSION}.tar.gz
@@ -289,24 +350,19 @@ fi
# Configure guacamole.properties
rm -f /etc/guacamole/guacamole.properties
touch /etc/guacamole/guacamole.properties
-echo "mysql-hostname: localhost" >> /etc/guacamole/guacamole.properties
-echo "mysql-port: 3306" >> /etc/guacamole/guacamole.properties
-echo "mysql-database: ${DB}" >> /etc/guacamole/guacamole.properties
-echo "mysql-username: ${mysqluser}" >> /etc/guacamole/guacamole.properties
-echo "mysql-password: ${guacdbuserpassword}" >> /etc/guacamole/guacamole.properties
+echo "mysql-hostname: ${mysqlHost}" >> /etc/guacamole/guacamole.properties
+echo "mysql-port: ${mysqlPort}" >> /etc/guacamole/guacamole.properties
+echo "mysql-database: ${guacDb}" >> /etc/guacamole/guacamole.properties
+echo "mysql-username: ${guacUser}" >> /etc/guacamole/guacamole.properties
+echo "mysql-password: ${guacPwd}" >> /etc/guacamole/guacamole.properties
+# Output Duo configuration settings but comment them out for now
+echo "# duo-api-hostname: " >> /etc/guacamole/guacamole.properties
+echo "# duo-integration-key: " >> /etc/guacamole/guacamole.properties
+echo "# duo-secret-key: " >> /etc/guacamole/guacamole.properties
+echo "# duo-application-key: " >> /etc/guacamole/guacamole.properties
if [ "$installDuo" = true ]; then
- echo "duo-api-hostname: " >> /etc/guacamole/guacamole.properties
- echo "duo-integration-key: " >> /etc/guacamole/guacamole.properties
- echo "duo-secret-key: " >> /etc/guacamole/guacamole.properties
- echo "duo-application-key: " >> /etc/guacamole/guacamole.properties
- echo -e "${BLUE}Duo is installed, it will need to be configured via guacamole.properties!${NC}"
-else
- # Still output the values, but comment them out
- echo "# duo-api-hostname: " >> /etc/guacamole/guacamole.properties
- echo "# duo-integration-key: " >> /etc/guacamole/guacamole.properties
- echo "# duo-secret-key: " >> /etc/guacamole/guacamole.properties
- echo "# duo-application-key: " >> /etc/guacamole/guacamole.properties
+ echo -e "${YELLOW}Duo is installed, it will need to be configured via guacamole.properties!${NC}"
fi
# restart tomcat
@@ -320,21 +376,30 @@ else
echo -e "${GREEN}OK${NC}"
fi
-# Create guacamole_db and grant $mysqluser permissions to it
+# Create $guacDb and grant $guacUser permissions to it
# SQL code
+guacUserHost="localhost"
+
+if [[ "$mysqlHost" != "localhost" ]]; then
+ guacUserHost="%"
+ echo -e "${YELLOW}MySQL Guacamole user is set to accept login from any host, please change this for security reasons if possible.${NC}"
+fi
+
SQLCODE="
-create database ${DB};
-create user if not exists '${mysqluser}'@'localhost' identified by \"${guacdbuserpassword}\";
-GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO '${mysqluser}'@'localhost';
+create database ${guacDb};
+create user if not exists '${guacUser}'@'${guacUserHost}' identified by \"${guacPwd}\";
+GRANT SELECT,INSERT,UPDATE,DELETE ON ${guacDb}.* TO '${guacUser}'@'${guacUserHost}';
flush privileges;"
+export MYSQL_PWD=${mysqlRootPwd}
+
# Execute SQL code
-echo ${SQLCODE} | mysql -u root -p${mysqlrootpassword}
+echo ${SQLCODE} | mysql -u root -h ${mysqlHost} -P ${mysqlPort}
# Add Guacamole schema to newly created database
echo -e "Adding db tables..."
-cat guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/*.sql | mysql -u root -p${mysqlrootpassword} ${DB}
+cat guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/*.sql | mysql -u root -D ${guacDb} -h ${mysqlHost} -P ${mysqlPort}
if [ $? -ne 0 ]; then
echo -e "${RED}Failed${NC}"
exit 1
@@ -343,6 +408,7 @@ else
fi
# Ensure guacd is started
+echo -e "${BLUE}Starting guacamole...${NC}"
service guacd start
# Cleanup
@@ -355,5 +421,6 @@ if [ $? -ne 0 ]; then
else
echo -e "${GREEN}OK${NC}"
fi
+unset MYSQL_PWD
echo -e "${BLUE}Installation Complete\nhttp://localhost:8080/guacamole/\nDefault login guacadmin:guacadmin\nBe sure to change the password.${NC}"
diff --git a/guac-upgrade.sh b/guac-upgrade.sh
index 0828a0d..306d42c 100644
--- a/guac-upgrade.sh
+++ b/guac-upgrade.sh
@@ -14,34 +14,60 @@ GREEN='\033[0;32m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color
-# Try to get database from /etc/guacamole/guacamole.properties
-DATABASE=$(grep -oP 'mysql-database:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
-MYSQL_SERVER=$(grep -oP 'mysql-hostname:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
+# Try to get host and database from /etc/guacamole/guacamole.properties
+mysqlHost=$(grep -oP 'mysql-hostname:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
+mysqlPort=$(grep -oP 'mysql-port:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
+guacDb=$(grep -oP 'mysql-database:\K.*' /etc/guacamole/guacamole.properties | awk '{print $1}')
# Get script arguments for non-interactive mode
while [ "$1" != "" ]; do
case $1 in
- -m | --mysqlpwd )
+ -h | --mysqlhost )
shift
- mysqlpwd="$1"
+ mysqlHost="$1"
+ ;;
+ -p | --mysqlport )
+ shift
+ mysqlPort="$1"
+ ;;
+ -r | --mysqlpwd )
+ shift
+ mysqlrootpwd="$1"
;;
esac
shift
done
-# Get MySQL root password
-if [ -n "$mysqlpwd" ]; then
- mysqlrootpassword=$mysqlpwd
- export MYSQL_PWD=${mysqlrootpassword}
- mysql -u root -h ${MYSQL_SERVER} ${DATABASE} -e"quit" || exit
+# Get MySQL host
+if [ -z "$mysqlHost" ]; then
+ read -p "Enter MySQL Host [localhost]: " mysqlHost
+ echo
+ if [ -z "$mysqlHost" ]; then
+ mysqlHost="localhost"
+ fi
+fi
+
+# Get MySQL port
+if [ -z "$mysqlPort" ]; then
+ read -p "Enter MySQL Port [3306]: " mysqlPort
+ echo
+ if [ -z "$mysqlPort" ]; then
+ mysqlPort="3306"
+ fi
+fi
+
+if [ -n "$mysqlRootPwd" ]; then
+ export MYSQL_PWD=${mysqlRootPwd}
+ mysql -u root -D ${guacDb} -h ${mysqlHost} -P ${mysqlPort} -e"quit" || exit
else
+ # Get MySQL root password
echo
while true
do
- read -s -p "Enter MySQL ROOT Password: " mysqlrootpassword
- export MYSQL_PWD=${mysqlrootpassword}
+ read -s -p "Enter MySQL ROOT Password: " mysqlRootPwd
+ export MYSQL_PWD=${mysqlRootPwd}
echo
- mysql -u root -h ${MYSQL_SERVER} ${DATABASE} -e"quit" && break
+ mysql -u root -D ${guacDb} -h ${mysqlHost} -P ${mysqlPort} -e"quit" && break
echo
done
echo
@@ -116,8 +142,8 @@ for FILE in ${UPGRADEFILES[@]}
do
FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)')
if [[ $(echo -e "${FILEVERSION}\n${OLDVERSION}" | sort -V | head -n1) == ${OLDVERSION} && ${FILEVERSION} != ${OLDVERSION} ]]; then
- echo "Patching ${DATABASE} with ${FILE}"
- mysql -u root -h ${MYSQL_SERVER} ${DATABASE} < guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/upgrade/${FILE}
+ echo "Patching ${guacDb} with ${FILE}"
+ mysql -u root -D ${guacDb} -h ${mysqlHost} -P ${mysqlPort} < guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/upgrade/${FILE}
fi
done
@@ -166,7 +192,8 @@ for file in /etc/guacamole/extensions/guacamole-auth-duo*.jar; do
fi
done
-# Start tomcat
+# Start tomcat and Guacamole
+echo -e "${BLUE}Starting tomcat and guacamole...${NC}"
service ${TOMCAT} start
service guacd start