## guacamole 아키텍쳐
## guacamole vm images 다운로드 :
http://www.greenreedtech.com/virtual-appliances/guacamole-appliance-0-9-6/
## guacamole 설치 하기 참고 문서 :
http://djjproject.tistory.com/124
http://blog.djjproject.com/131
https://gist.github.com/martezr/e1815ac30cccea1ef130
## guacamole 계정 정보
VM Information
OS: Ubuntu 14.04
CPUs: 4 (2)
RAM: 2048 MB (1024 MB)
Disk: 40GB (Thin Provisioned)
Credentials(Console)
Ubuntu Base Image
Username: greenrt
Password: greenrt
Root Password: greenrt
MySQL
Username: guacamole
Password: greenrt
Root Password: greenrt
Guacamole Web Interface
URL: https://appliance_ip_address/guacamole/
* 주의 : 끝에 / 까지 붙혀야 접근이 가능하다.
Username: guacadmin
Password: guacadmin -> mhk****
mapoo / mhk****
## guacamole 80 port 로 변경, ssl 미적용 하기(guacamole-appliance-0-9-6 버전을 통해 적용)
## nginx greenrt@guacamole:~$ sudo vi /etc/nginx/sites-enabled/default server { #listen 443 ssl; 아래처럼 수정 listen 80; server_name guacamole.localdomain.local; # This part is for SSL config only #ssl on; 아래처럼 수정 ssl off; ## 방화벽 추가 greenrt@guacamole:~$ sudo ufw status Status: active To Action From -- ------ ---- 443 ALLOW Anywhere 22 ALLOW Anywhere 443 (v6) ALLOW Anywhere (v6) 22 (v6) ALLOW Anywhere (v6) ## nginx 서비스 restart greenrt@guacamole:~$ sudo ufw allow http Status: active To Action From -- ------ ---- 443 ALLOW Anywhere 22 ALLOW Anywhere 80 ALLOW Anywhere 443 (v6) ALLOW Anywhere (v6) 22 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) greenrt@guacamole:~$ sudo service nginx restart
https://mapoo.net/guacamole/#/login/
->
공유기에서 외부포트 8080, 내부포트 80 으로 포트포워딩 설정.
## nginx 설정 전문
greenrt@guacamole:~$ sudo vi /etc/nginx/sites-enabled/default # ANOTHER SERVER LISTENING ON PORT 443 (SSL) to secure the Guacamole traffic and proxy the requests to Tomcat7 server { #listen 443 ssl; listen 80; server_name guacamole.localdomain.local; # This part is for SSL config only ssl off; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; ssl_session_cache shared:SSL:10m; ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL'; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_stapling on; ssl_stapling_verify on; ssl_prefer_server_ciphers on; # ssl_dhparam /etc/ssl/certs/dhparam.pem; # Found below settings to be performing best but it will work with your own tcp_nodelay on; tcp_nopush off; sendfile on; client_body_buffer_size 10K; client_header_buffer_size 1k; client_max_body_size 8m; large_client_header_buffers 2 1k; client_body_timeout 12; client_header_timeout 12; keepalive_timeout 15; send_timeout 10; # HINT: You might want to enable access_log during the testing! access_log off; # Don't turn ON proxy_buffering!; this will impact the line quality proxy_buffering off; proxy_redirect off; # Enabling websockets using the first 3 lines; Check /var/log/tomcat8/catalina.out while testing; guacamole will show you a fallback message if websockets fail to work. proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Just something that was advised by someone from the dev team; worked fine without it too. proxy_cookie_path /guacamole/ /; location / { # I am running the Tomcat7 and Guacamole on the local server proxy_pass http://localhost:8080; break; } }
아래는 추가적인 설정(참고)
reenrt@guacamole:~$ sudo service tomcat7 restart greenrt@guacamole:~$ sudo service guacd restart greenrt@guacamole:~$ sudo vi /etc/tomcat7/server.xml