## guacamole 아키텍쳐

guacamole-architecture

 

## guacamole vm images 다운로드 :

http://www.greenreedtech.com/virtual-appliances/guacamole-appliance-0-9-6/

 

## guacamole 설치 하기 참고 문서 :

http://djjproject.tistory.com/124

http://blog.djjproject.com/131

https://gist.github.com/martezr/e1815ac30cccea1ef130

 

 

## guacamole 계정 정보
VM Information
OS: Ubuntu 14.04
CPUs: 4 (2)
RAM: 2048 MB (1024 MB)
Disk: 40GB (Thin Provisioned)

Credentials(Console)
Ubuntu Base Image
Username: greenrt
Password: greenrt
Root Password: greenrt

MySQL
Username: guacamole
Password: greenrt
Root Password: greenrt

Guacamole Web Interface
URL: https://appliance_ip_address/guacamole/
* 주의 : 끝에 / 까지 붙혀야 접근이 가능하다.
Username: guacadmin
Password: guacadmin -> mhk****
mapoo / mhk****

 

## guacamole 80 port 로 변경, ssl 미적용 하기(guacamole-appliance-0-9-6 버전을 통해 적용)

## nginx 
greenrt@guacamole:~$ sudo vi /etc/nginx/sites-enabled/default

server {
    #listen 443 ssl; 아래처럼 수정
    listen 80;

    server_name     guacamole.localdomain.local;

# This part is for SSL config only
    #ssl on;  아래처럼 수정
    ssl off;


## 방화벽 추가
greenrt@guacamole:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
443                        ALLOW       Anywhere
22                         ALLOW       Anywhere
443 (v6)                   ALLOW       Anywhere (v6)
22 (v6)                    ALLOW       Anywhere (v6)


## nginx 서비스 restart
greenrt@guacamole:~$ sudo ufw allow http
Status: active

To                         Action      From
--                         ------      ----
443                        ALLOW       Anywhere
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
443 (v6)                   ALLOW       Anywhere (v6)
22 (v6)                    ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)


greenrt@guacamole:~$ sudo service nginx restart

https://mapoo.net/guacamole/#/login/

->

guacamole

공유기에서 외부포트 8080, 내부포트 80 으로 포트포워딩 설정.

 

## nginx 설정 전문

greenrt@guacamole:~$ sudo vi /etc/nginx/sites-enabled/default
# ANOTHER SERVER LISTENING ON PORT 443 (SSL) to secure the Guacamole traffic and proxy the requests to Tomcat7
server {
    #listen 443 ssl;
    listen 80;

    server_name     guacamole.localdomain.local;

# This part is for SSL config only
    ssl off;
    ssl_certificate      /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key  /etc/nginx/ssl/nginx.key;
    ssl_session_cache shared:SSL:10m;
    ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_prefer_server_ciphers on;
#    ssl_dhparam /etc/ssl/certs/dhparam.pem;

# Found below settings to be performing best but it will work with your own
    tcp_nodelay    on;
    tcp_nopush     off;
    sendfile       on;
    client_body_buffer_size 10K;
    client_header_buffer_size 1k;
    client_max_body_size 8m;
    large_client_header_buffers 2 1k;
    client_body_timeout 12;
    client_header_timeout 12;
    keepalive_timeout 15;
    send_timeout 10;

# HINT: You might want to enable access_log during the testing!
    access_log off;

# Don't turn ON proxy_buffering!; this will impact the line quality
    proxy_buffering off;
    proxy_redirect  off;

# Enabling websockets using the first 3 lines; Check /var/log/tomcat8/catalina.out while testing; guacamole will show you a fallback message if websockets fail to work.
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

# Just something that was advised by someone from the dev team; worked fine without it too.
    proxy_cookie_path /guacamole/ /;

    location / {
            # I am running the Tomcat7 and Guacamole on the local server
            proxy_pass http://localhost:8080;
            break;

    }
}

 

 

아래는 추가적인 설정(참고)

reenrt@guacamole:~$ sudo service tomcat7 restart

greenrt@guacamole:~$ sudo service guacd restart

greenrt@guacamole:~$ sudo vi /etc/tomcat7/server.xml

 

 

 

guacamole

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다