Guacamole is remote desktop software, which allows any client to connect to it with only a HTML5 browser. No plugins, client software or any other headaches required!
These brief instructions show how to set up Guacamole on a remote server, so that it can be used as a demo machine, controllable and viewable by anyone with a web browser. I use this to perform remote demonstrations of web-based software. The instructions assume that a Debian Jessie system is used, with Apache already installed.
* Install required packages:
apt-get install xfce4 chromium guacamole-tomcat x11vnc xrdp libguac-client-rdp0
* Configure Apache as a proxy to Tomcat (and Guacamole)
<VirtualHost _default_:443> ProxyPass / http://localhost:8080/guacamole/ flushpackets=on ProxyPassReverse / http://localhost:8080/guacamole/ ProxyPassReverseCookiePath /guacamole/ / SSLEngine on SSLCertificateFile /etc/ssl/certs/mycert.pem SSLCertificateKeyFile /etc/ssl/private/mykey.key </VirtualHost>
<authorize username="myuser" password="mypass"> <protocol>rdp</protocol> <param name="hostname">localhost</param> <param name="port">3389</param> <param name="password">rdp_pass</param> </authorize>
Edit a connection to /etc/xrdp/xrdp.ini
[xrdp0] name=My connection lib=libvnc.so username= password=vnc_pass # or "ask" ip=127.0.0.1 port=5900
systemctl restart xrdp.service
Add a normal user to run X as:
useradd -m -g users -s /bin/bash andrew
Reconfigure X to allow any user to start it:
If running Debian Stretch, then also instal xserver-xorg-legacy:
# Fixes the following error: # parse_vt_settings: Cannot open /dev/tty0 (Permission denied) apt-get install xserver-xorg-legacy
Change to the normal user and start the required X services:
su andrew x11vnc -storepasswd # As configured in /etc/xrdp/xrdp.ini startx & x11vnc -noncache -usepw -display :0 -rfbport 5900 -shared
It should now be possible to browse to the site configured in Apache, login to Guacamole, and see a standard XFCE desktop. Chromium (or Iceweasal/Firefox) can be launched from the applications menu.
I don't know how much difference it makes (or whether it makes any difference in this environment), but APR is recommended for Tomcat to “provide superior scalability, performance, and better integration with native server technologies”. It can be enabled by uncommenting the following section in /etc/tomcat8/server.xml:
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
And installing libtcnative-1:
apt-get install libtcnative-1