Guacamole on FreeBSD

This describes how to install Guacamole on FreeBSD, including the NoAuth extension and adhoc sessions.

Installation

  1. Installing plain Guacamole on FreeBSD 10.3 or 11.0 is pretty easy:
    # cd /usr/ports/www/guacamole-client
    # make install client
    
  2. If you didn't change the default options, then net/guacamole-server and www/tomcat8 have also been installed. Enable both at system boot time:
    # echo 'guacd_enable="YES"' >> /etc/rc.conf
    # echo 'tomcat8_enable="YES"' >> /etc/rc.conf
    
  3. Create /usr/local/etc/guacamole/guacamole.properties:
    guacd-host: localhost
    guacd-port: 4822
    auth-provider: org.apache.guacamole.auth.noauth.NoAuthenticationProvider
    noauth-config: /usr/local/etc/guacamole/noauth-config.xml
    
  4. Create an empty noauth-config.xml, which is writeable by the Tomcat user:
    # touch /usr/local/etc/guacamole/noauth-config.xml
    # chown www /usr/local/etc/guacamole/noauth-config.xml
    
  5. Create the directory /usr/local/etc/guacamole/extensions
  6. Download the latest guacamole-auth-noauth-*.tar.gz from http://guacamole.incubator.apache.org/releases/
  7. Extract that archive, and copy the .jar file to /usr/local/etc/guacamole/extensions/
  8. Create /usr/local/apache-tomcat-8.0/bin/setenv.sh:
    #!/bin/sh
    
    export GUACAMOLE_HOME="/usr/local/etc/guacamole"
    
  9. Add both roles admin-gui and manager-gui to /usr/local/apache-tomcat-8.0/conf/tomcat-users.xml, and assign them to a user
  10. Start guacd and Tomcat:
    # /usr/local/etc/rc.d/guacd start
    # /usr/local/etc/rc.d/tomcat8 start
    
  11. Download guaca.war, and deploy it on your Tomcat, e.g. by browsing to http://localhost:8080/manager/html
  12. Now you can connect to any host without logging into Guacamole and without the need to configure the connection a priori, just by surfing to http://localhost:8080/guaca?hostname=SOMEHOST&protocol=ssh. Optionally, you may add username or port to the URL
  13. Please note that all connections are added to noauth-config.xml automatically, including optional passwords given in the URL! Also, no user has to authenticate to Guacamole in this setup. That might be a security risk.

Downloads

Bleeding edge: https://github.com/felixjogris/guaca