Guacamole on FreeBSD

This describes how to install Guacamole on FreeBSD, including the NoAuth extension and adhoc sessions.


  1. Installing plain Guacamole on FreeBSD 10.3 or 11.0 is pretty easy:
    # cd /usr/ports/www/guacamole-client
    # make install client
  2. If you didn't change the default options, then net/guacamole-server and www/tomcat8 have also been installed. Enable both at system boot time:
    # echo 'guacd_enable="YES"' >> /etc/rc.conf
    # echo 'tomcat8_enable="YES"' >> /etc/rc.conf
  3. Create /usr/local/etc/guacamole/
    guacd-host: localhost
    guacd-port: 4822
    auth-provider: org.apache.guacamole.auth.noauth.NoAuthenticationProvider
    noauth-config: /usr/local/etc/guacamole/noauth-config.xml
  4. Create an empty noauth-config.xml, which is writeable by the Tomcat user:
    # touch /usr/local/etc/guacamole/noauth-config.xml
    # chown www /usr/local/etc/guacamole/noauth-config.xml
  5. Create the directory /usr/local/etc/guacamole/extensions
  6. Download the latest guacamole-auth-noauth-*.tar.gz from
  7. Extract that archive, and copy the .jar file to /usr/local/etc/guacamole/extensions/
  8. Create /usr/local/apache-tomcat-8.0/bin/
    export GUACAMOLE_HOME="/usr/local/etc/guacamole"
  9. Add both roles admin-gui and manager-gui to /usr/local/apache-tomcat-8.0/conf/tomcat-users.xml, and assign them to a user
  10. Start guacd and Tomcat:
    # /usr/local/etc/rc.d/guacd start
    # /usr/local/etc/rc.d/tomcat8 start
  11. Download guaca.war, and deploy it on your Tomcat, e.g. by browsing to http://localhost:8080/manager/html
  12. Now you can connect to any host without logging into Guacamole and without the need to configure the connection a priori, just by surfing to http://localhost:8080/guaca?hostname=SOMEHOST&protocol=ssh. Optionally, you may add username or port to the URL
  13. Please note that all connections are added to noauth-config.xml automatically, including optional passwords given in the URL! Also, no user has to authenticate to Guacamole in this setup. That might be a security risk.


Bleeding edge: