This documentation covers installation of Tomcat and Guacamole using the Glyptodon Enterprise packages, the common basis of all deployments of the software. Once Guacamole and Tomcat have been set up, a production deployment will also require:

If you do not already have a database server and reverse proxy ready (hosted or otherwise), and are not experienced with setting up those services, instructions are also provided for installing a local instance of MariaDB, installing a local instance of PostgreSQL, and for installing Nginx to provide SSL termination.

Apache Guacamole, the main software provided by Glyptodon Enterprise, is made up of multiple components and depends on multiple, external services (such as a database instance). The Glyptodon Enterprise packages automate much of this, providing binary versions of the Apache Guacamole stack that can be updated automatically. The other components will come from your OS' repository (CentOS / RHEL), from other services deployed on your network, or from third-party service providers, depending on your preferences.

A typical and minimal production deployment of Guacamole will involve the following:

  • The Guacamole web application, served by Apache Tomcat.
  • SSL termination that sits in front of Apache Tomcat.
  • The "guacd" service, used internally by the Guacamole web application.
  • A database, used by the Guacamole web application for authentication and storage.

Architectural diagram of a typical Apache Guacamole deployment.

Installation of Apache Guacamole will thus typically involve:

  1. Installing Tomcat and Guacamole.
  2. Installing a database like MariaDB or PostgreSQL, if no such database is already deployed.
  3. Configuring Guacamole to use your database.
  4. Installing and configuring a reverse proxy to provide SSL termination, if no such proxy is already deployed.

This initial guide will walk through the installation of Tomcat and Guacamole. Once Guacamole has been installed, you will still need to configure a database and deploy SSL termination. Additional guides are available which cover configuring Guacamole to use your database of choice and configuring your reverse proxy to provide SSL termination. If you do not yet have a database or do not yet have a reverse proxy, additional guides covering installation of those required services are available, as well.

Set up the YUM repository

If you have not already done so, the Glyptodon Enterprise YUM repository needs to be defined, such that the “yum” utility can find the various RPM packages which make up Glyptodon Enterprise.

The necessary repository definition file is distribution specific and can be viewed within your account information on the Glyptodon Enterprise website. Locate your Linux distribution within the "downloads" section of your Glyptodon Enterprise account, copy the contents of the file shown, and use a text editor to paste the contents into a new file within /etc/yum.repos.d:

$ sudo vi /etc/yum.repos.d/glyptodon.repo

This file should ultimately look like:

name=Glyptodon Enterprise

where “USERNAME” and “PASSWORD” are the repository credentials which were generated for you when your organization’s Glyptodon Enterprise account was created.

Install the @glyptodon-guacamole package group

Before installing Apache Guacamole on CentOS or RHEL 6, the EPEL repository must be enabled:

$ sudo yum install epel-release

Guacamole depends on libwebp, and though this is part of the CentOS and RHEL 7 repositories, it is not included in older versions.

Glyptodon Enterprise provides a @glyptodon-guacamole package group for convenience which installs all of the packages typically required for an Apache Guacamole deployment, and includes support for VNC, RDP, and SSH:

$ sudo yum install @glyptodon-guacamole

This will install the following key packages:

Package nameDescription
glyptodon-guacamoleThe Apache Guacamole web application
glyptodon-guacdThe Apache Guacamole proxy daemon
glyptodon-libguac-client-vncVNC support for guacd
glyptodon-libguac-client-rdpRDP support for guacd
glyptodon-libguac-client-sshSSH support for guacd

Deploy Guacamole under Tomcat

Apache Guacamole is a web application which is served through the Apache Tomcat application server. If you have not already installed Tomcat, you must do so prior to deploying Guacamole:

$ sudo yum install tomcat

Once Tomcat is installed, the “tomcat” system user must be added to the “guacamole” group, such that the Guacamole web application running under Tomcat will be able to read its own configuration files:

$ sudo usermod -aG guacamole tomcat

To deploy Guacamole to Tomcat, create a symbolic link from the web application’s guacamole.war file, located in /opt/glyptodon/share/guacamole, within /var/lib/tomcat/webapps:

$ sudo ln -s /opt/glyptodon/share/guacamole/guacamole.war /var/lib/tomcat/webapps/ROOT.war

Start Tomcat and guacd

Apache Guacamole is served by Tomcat and requires its proxy daemon service, “guacd”, in order to connect to remote desktops. Thus, both the "tomcat" and "guacd" services must be started for Guacamole to function, and should be configured to start automatically on boot:

$ sudo systemctl start guacd tomcat
$ sudo systemctl enable guacd tomcat

Congratulations! At this point, Apache Guacamole should be working, and a login screen should be visible if you visit http://HOSTNAME:8080/ with a web browser, where “HOSTNAME” is the hostname or IP address of your server.

Finalizing and moving to production

With Guacamole now installed, you can move forward with testing your deployment using /etc/guacamole/user-mapping.xml (the built-in authentication method intended for testing), or with adding the remaining layers normally required by a production deployment:

  1. A supported database: MySQL / MariaDB, PostgreSQL, and SQL Server are supported. If you do not already have a database deployed, or are unfamiliar with deploying databases, instructions are provided for installing a local instance of MariaDB and for installing a local instance of PostgreSQL.
  2. SSL termination: Apache HTTPD and Nginx are supported for this purpose. If you do not already have a reverse proxy in place, or are unfamiliar with installing and configuring a reverse proxy, instructions are provided for installing Nginx to provide SSL termination.