## guacamole 아키텍쳐
## guacamole vm images 다운로드 :
http://www.greenreedtech.com/virtual-appliances/guacamole-appliance-0-9-6/
## guacamole 설치 하기 참고 문서 :
http://djjproject.tistory.com/124
http://blog.djjproject.com/131
https://gist.github.com/martezr/e1815ac30cccea1ef130
## guacamole 계정 정보
VM Information
OS: Ubuntu 14.04
CPUs: 4 (2)
RAM: 2048 MB (1024 MB)
Disk: 40GB (Thin Provisioned)
Credentials(Console)
Ubuntu Base Image
Username: greenrt
Password: greenrt
Root Password: greenrt
MySQL
Username: guacamole
Password: greenrt
Root Password: greenrt
Guacamole Web Interface
URL: https://appliance_ip_address/guacamole/
* 주의 : 끝에 / 까지 붙혀야 접근이 가능하다.
Username: guacadmin
Password: guacadmin -> mhk****
mapoo / mhk****
## guacamole 80 port 로 변경, ssl 미적용 하기(guacamole-appliance-0-9-6 버전을 통해 적용)
## nginx
greenrt@guacamole:~$ sudo vi /etc/nginx/sites-enabled/default
server {
#listen 443 ssl; 아래처럼 수정
listen 80;
server_name guacamole.localdomain.local;
# This part is for SSL config only
#ssl on; 아래처럼 수정
ssl off;
## 방화벽 추가
greenrt@guacamole:~$ sudo ufw status
Status: active
To Action From
-- ------ ----
443 ALLOW Anywhere
22 ALLOW Anywhere
443 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
## nginx 서비스 restart
greenrt@guacamole:~$ sudo ufw allow http
Status: active
To Action From
-- ------ ----
443 ALLOW Anywhere
22 ALLOW Anywhere
80 ALLOW Anywhere
443 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
greenrt@guacamole:~$ sudo service nginx restart
https://mapoo.net/guacamole/#/login/
->
공유기에서 외부포트 8080, 내부포트 80 으로 포트포워딩 설정.
## nginx 설정 전문
greenrt@guacamole:~$ sudo vi /etc/nginx/sites-enabled/default
# ANOTHER SERVER LISTENING ON PORT 443 (SSL) to secure the Guacamole traffic and proxy the requests to Tomcat7
server {
#listen 443 ssl;
listen 80;
server_name guacamole.localdomain.local;
# This part is for SSL config only
ssl off;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:10m;
ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_stapling on;
ssl_stapling_verify on;
ssl_prefer_server_ciphers on;
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Found below settings to be performing best but it will work with your own
tcp_nodelay on;
tcp_nopush off;
sendfile on;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 2 1k;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
# HINT: You might want to enable access_log during the testing!
access_log off;
# Don't turn ON proxy_buffering!; this will impact the line quality
proxy_buffering off;
proxy_redirect off;
# Enabling websockets using the first 3 lines; Check /var/log/tomcat8/catalina.out while testing; guacamole will show you a fallback message if websockets fail to work.
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Just something that was advised by someone from the dev team; worked fine without it too.
proxy_cookie_path /guacamole/ /;
location / {
# I am running the Tomcat7 and Guacamole on the local server
proxy_pass http://localhost:8080;
break;
}
}
아래는 추가적인 설정(참고)
reenrt@guacamole:~$ sudo service tomcat7 restart greenrt@guacamole:~$ sudo service guacd restart greenrt@guacamole:~$ sudo vi /etc/tomcat7/server.xml