Install Guacamole (Incubator) from source on CentOS 7

This post was last updated on Feb 02, 2017. Changes made to make this guide current as of Guacamole Incubator 0.9.11 RC1.

This is my third Guacamole post! My first post was back in 2013 and was for last updated to Guac 0.9.5 on CentOS 6. My second post was in 2015, and last updated to Guac 0.9.9 on CentOS 7. Guac 0.9.9 was releasted on Dec 18, 2015 and there has been no stable release since then.

Why has there been no stable release since Dec 2015? Guacamole joined the Apache Incubator program, and development has been swift since then. Therefore, this post is for installing from source using the incubator github master branch. If you need a stable release, please use my previous guide. if you want to use the latest and greatest, read on!

I am installing the MySQL Authentication package which allows me to store connections and authentication information in a database, instead of a plain-text XML file. I am assuming that you are install as root, with SELinux and firewalld disabled (do this at your own risk! -- I run my Guac instance behind a reverse proxy so my Guac instance is not directly accessible from my WAN).

Let's Get Started!

1.) prerequisites:
yum -y install epel-release wget
wget -O /etc/yum.repos.d/home:felfert.repo
yum -y groupinstall "Development Tools"
yum -y install cairo-devel freerdp-devel git java-1.8.0-openjdk.x86_64 libguac libguac-client-rdp libguac-client-ssh libguac-client-vnc libjpeg-turbo-devel libpng-devel libssh2-devel libtelnet-devel libvncserver-devel libwebp-devel libvorbis-devel mariadb-server maven openssl-devel pango-devel pulseaudio-libs-devel terminus-fonts tomcat tomcat-admin-webapps tomcat-webapps uuid-devel
rpm -Uvh
yum -y install ffmpeg-devel

Above we are just installing adding the EPEL, Felfert, and nux-dextop repositories that contain the packages we need, and installing all our prereqs. Easy.

2.) guacd install
mkdir ~/guacamole && cd ~/guacamole
git clone
cd incubator-guacamole-server/
autoreconf -fi
./configure --with-init-dir=/etc/init.d
make && make install && ldconfig

Guacamole is delivered in two different pieces. The back-end is what we just installed above, from source, called guacd (or guacamole daemon). The other piece is the guacamole client, or web frontend. Install next.

3.) guacamole client
cd ~/guacamole
git clone
cd incubator-guacamole-client
mvn package
cp /root/guacamole/incubator-guacamole-client/guacamole/target/guacamole-0.9.*-incubating.war /var/lib/tomcat/webapps/guacamole.war

We now have the guacamole server daemon and the guacamole client installed. Next up is the MySQL Authentication piece, using MariaDB.

4.) mysql authentication
mkdir -p ~/guacamole/sqlauth && cd ~/guacamole/sqlauth
tar -zxf guacamole-auth-jdbc-0.9.11-incubating.tar.gz
tar -xvf mysql-connector-java-5.1.40.tar.gz
mkdir -p /usr/share/tomcat/.guacamole/{extensions,lib}
mv guacamole-auth-jdbc-0.9.11-incubating/mysql/guacamole-auth-jdbc-mysql-0.9.11-incubating.jar /usr/share/tomcat/.guacamole/extensions/
mv mysql-connector-java-5.1.40/mysql-connector-java-5.1.40-bin.jar /usr/share/tomcat/.guacamole/lib/

The above is downloading and prepping the guacamole-required pieces for db authentication.

5.) configure database
systemctl restart mariadb.service
mysqladmin -u root password MySQLRootPass
mysql -u root -p   # Enter above password
flush privileges;

Here we created the database and database user for guacd to use.

6.) extend database schema
cd ~/guacamole/sqlauth/guacamole-auth-jdbc-0.9.11-incubating/mysql/schema/
cat ./*.sql | mysql -u root -p guacdb   # Enter SQL root password set above

And here we extend the schema of the database we created.

7.) configure guacamole
mkdir -p /etc/guacamole/ && vi /etc/guacamole/

The above is creating our needed directories, and then creating the file. This file is what tomcat uses to know what port to talk to guacd on as well as how to access the database. Here is a basic file that will do what you need.

# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacdb
mysql-username: guacuser
mysql-password: guacpass

# Additional settings
mysql-default-max-connections-per-user: 0
mysql-default-max-group-connections-per-user: 0

This will configure guacamole to use the database and user that we created on the default port of 4822. Note, this is for internal communication only and is not the port that you will be accessing the web interface on.

And we have to create a symlink so Guacamole can find the config file:

ln -s /etc/guacamole/ /usr/share/tomcat/.guacamole/
8.) Cleanup

All that's left is a little housecleaning!

rm -rf ~/guacamole
systemctl enable tomcat.service && systemctl enable mariadb.service && chkconfig guacd on
systemctl reboot

Once your server boots, you'll have Guacamole running and ready to be used! Head on over to http://guac_server_ip:8080/guacamole to start using your new Guacamole server! default username and password are both 'guacadmin'.

If you're having trouble accessing the webpage for Guacamole, make sure you have configured firewalld (or disabled it) to allow access to port 8080.

Leave me some feedback!