=====Guacamole=====

===== Introduction =====

Guacamole is remote desktop software, which allows any client to connect to it with only a HTML5 browser. No plugins, client software or any other headaches required!

===== Set up a webinar demo machine =====

These brief instructions show how to set up Guacamole on a remote server, so that it can be used as a demo machine, controllable and viewable by anyone with a web browser. I use this to perform remote demonstrations of web-based software. The instructions assume that a Debian Jessie system is used, with Apache already installed.

* Install required packages:

''apt-get install xfce4 chromium guacamole-tomcat x11vnc xrdp libguac-client-rdp0''

* Configure Apache as a proxy to Tomcat (and Guacamole)

  <VirtualHost _default_:443>
    ProxyPass       /  http://localhost:8080/guacamole/ flushpackets=on
    ProxyPassReverse / http://localhost:8080/guacamole/
    ProxyPassReverseCookiePath /guacamole/ /
    SSLEngine on
    SSLCertificateFile  /etc/ssl/certs/mycert.pem
    SSLCertificateKeyFile /etc/ssl/private/mykey.key
  </VirtualHost>

  * Add an RDP user to the Guacamole user config (/etc/guacamole/user-mapping.xml)

  <authorize username="myuser" password="mypass">
    <protocol>rdp</protocol>
    <param name="hostname">localhost</param>
    <param name="port">3389</param>
    <param name="password">rdp_pass</param>
  </authorize>

Edit a connection to /etc/xrdp/xrdp.ini

  [xrdp0]
  name=My connection
  lib=libvnc.so
  username=
  password=vnc_pass # or "ask"
  ip=127.0.0.1
  port=5900

''%%systemctl restart xrdp.service%%''

Add a normal user to run X as:

''%%useradd -m -g users -s /bin/bash andrew%%''

Reconfigure X to allow any user to start it:

''%%dpkg-reconfigure x11-common%%''

If running Debian Stretch, then also instal xserver-xorg-legacy:

  # Fixes the following error:
  # parse_vt_settings: Cannot open /dev/tty0 (Permission denied)
  apt-get install xserver-xorg-legacy

Change to the normal user and start the required X services:

  su andrew
  x11vnc -storepasswd # As configured in /etc/xrdp/xrdp.ini
  startx &
  x11vnc -noncache -usepw -display :0 -rfbport 5900 -shared

It should now be possible to browse to the site configured in Apache, login to Guacamole, and see a standard XFCE desktop. Chromium (or Iceweasal/Firefox) can be launched from the applications menu.

===== Enabling Apache Portable Runtime (APR) =====

I don't know how much difference it makes (or whether it makes any difference in this environment), but APR is recommended for Tomcat to "provide superior scalability, performance, and better integration with native server technologies". It can be enabled by uncommenting the following section in /etc/tomcat8/server.xml:

<html><Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /></html>

And installing libtcnative-1:

''%%apt-get install libtcnative-1%%''

====== Links: ======

http://askubuntu.com/questions/235905/use-xrdp-to-connect-to-desktop-session

https://gist.github.com/jeffersonmartin/8236574

https://community.hpcloud.com/article/using-windows-rdp-access-your-ubuntu-instance

http://guac-dev.org/doc/gug/configuring-guacamole.html#rdp

http://askubuntu.com/questions/304017/how-to-set-up-remote-desktop-sharing-through-ssh

http://www.filegott.se/prd/index.php/how-tos/19-how-to-setup-guacamole-in-linux-ubuntu