{"id":1291,"date":"2018-10-26T14:54:34","date_gmt":"2018-10-26T13:54:34","guid":{"rendered":"http:\/\/diablo.craem.net\/?p=1291"},"modified":"2018-10-26T14:54:34","modified_gmt":"2018-10-26T13:54:34","slug":"guacamole-debian-streetch-open-ldap-nginx","status":"publish","type":"post","link":"https:\/\/diablo.craem.net\/?p=1291","title":{"rendered":"guacamole debian streetch + open ldap + nginx"},"content":{"rendered":"

Otra entrada que es un apunte.
\nEn esta ocasi\u00f3n, instalaremos guacamole, como gateway de conexi\u00f3n a nuestros server y exponerlo a internet.
\nPartimos de una debian 9 pelada y instalamos las dependencias:
\n
\n# apt install tomcat8 libcairo2-dev libossp-uuid-dev libavcodec-dev libavutil-dev libswscale-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev libjpeg62-turbo-dev libpng-dev libpng16-16 git<\/code>
\n
\n<\/code>
\n# git clone git:\/\/github.com\/apache\/incubator-guacamole-server.git
\nautoreconf -fi
\n.\/configure --with-init-dir=\/etc\/init.d
\n# make
\n# make install
\n# ldconfig
\n# systemctl enable guacd
\n# \/etc\/init.d\/guacd start
\n<\/code>
\ncreamos el fichero guacamole.properties
\n
\n# nano \/etc\/guacamole\/guacamole.properties
\n<\/code>
\n
\n# Guacamole - Clientless Remote Desktop
\n# Copyright (C) 2010 Michael Jumper
\n#
\n# This program is free software: you can redistribute it and\/or modify
\n# it under the terms of the GNU Affero General Public License as published by
\n# the Free Software Foundation, either version 3 of the License, or
\n# (at your option) any later version.
\n#
\n# This program is distributed in the hope that it will be useful,
\n# but WITHOUT ANY WARRANTY; without even the implied warranty of
\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
\n# GNU Affero General Public License for more details.
\n#
\n# You should have received a copy of the GNU Affero General Public License
\n# along with this program. If not, see .<\/code>
\n<\/code><\/code>
\n# Hostname and port of guacamole proxy
\nguacd-hostname: localhost
\nguacd-port: 4822
\n<\/code><\/code>
\n# Auth provider class (authenticates user\/pass combination, needed if using the provided login screen)
\n<\/code><\/code>
\n# LDAP properties
\nldap-hostname: ldap.craem.net
\nldap-port: 389
\nldap-user-base-dn: DC=craem,DC=net
\nldap-search-bind-dn: CN=admin,DC=craem,DC=net
\nldap-search-bind-password: password
\nldap-config-base-dn: DC=craem,DC=net
\nldap-username-attribute: uid
\n
\n<\/code>
\n<\/code>
\nCreamos el enlace simb\u00f3lico para la app
\n
\n# ln -s \/etc\/guacamole\/ \/var\/lib\/tomcat8\/.guacamole
\n<\/code>
\nConfiguramos la parte cliente (la 0.9.14 es la \u00faltima a fecha 10\/2018):
\n
\n# wget httpss:\/\/sourceforge.net\/projects\/guacamole\/files\/current\/binary\/guacamole-0.9.14.war
\n# mv guacamole-0.9.14.war \/var\/lib\/tomcat8\/webapps\/guacamole.war
\n# service tomcat8 restart
\n<\/code>
\nAhora instalamos el cliente ldap
\n
\n# cd \/etc\/guacamole
\n# wget -c https:\/\/apache.org\/dyn\/closer.cgi?action=download&filename=guacamole\/0.9.14\/binary\/guacamole-auth-ldap-0.9.14.tar.gz
\n# service tomcat8 restart
\n<\/code>
\nAhora nos queda actualizar el schema de open ldap:
\n
\n# tar -zxvf guacamole-auth-ldap-0.9.14.tar.gz
\ncp guacamole-auth-ldap-0.9.14.jar \/etc\/guacamole\/
\n<\/code>
\nDentro de la carpeta schema<\/em>, tenemos la parte de openldap que hemos de incorporar en nuestro server… lo copiamos e importamos
\n
\nroot@ldap:\/usr\/src# ldapadd -Q -Y EXTERNAL -H ldapi:\/\/\/ -f guacConfigGroup.ldif
\nadding new entry \"cn=guacConfigGroup,cn=schema,cn=config\"<\/code>
\n<\/code><\/code>
\nroot@ldap:\/usr\/src#ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:\/\/\/ -b cn=schema,cn=config dn
\ndn: cn=schema,cn=config
\n<\/code><\/code>
\ndn: cn={0}core,cn=schema,cn=config
\n<\/code><\/code>
\ndn: cn={1}cosine,cn=schema,cn=config
\n<\/code><\/code>
\ndn: cn={2}nis,cn=schema,cn=config
\n<\/code><\/code>
\ndn: cn={3}inetorgperson,cn=schema,cn=config
\n<\/code><\/code>
\ndn: cn={4}zarafa,cn=schema,cn=config
\n<\/code><\/code>
\ndn: cn={5}radius,cn=schema,cn=config
\n<\/code><\/code>
\ndn: cn={6}guacConfigGroup,cn=schema,cn=config
\n<\/code><\/code>
\nroot@ldap:\/usr\/src#
\n
\n<\/code>
\n<\/code>
\nAhora nos queda crear los objetos de nuestros servers…… creamos un fichero, por ejemplo, entrada.ldif
\n
\ndn: cn=zeus,ou=maquines,dc=craem,dc=net
\nobjectClass: guacConfigGroup
\nobjectClass: groupOfNames
\ncn: zeus
\nguacConfigProtocol: ssh
\nguacConfigParameter: hostname=192.168.1.2
\nguacConfigParameter: port=22
\nguacConfigParameter: security=ssh
\nmember: cn=Angel Elena,cn=craem_users,dc=craem,dc=net
\n<\/code>
\nGuardamos cambios e importamos el fichero:
\n
\n# ldapadd -x -D cn=admin,dc=goufone,dc=local -W -f entrada.ldif
\n<\/code>
\nEl siguiente paso, es a\u00f1adir el ngix y certbot para hacer de reverse proxy e incorporar el certificado:
\n
\n# apt-get install nginx<\/code>
\n<\/code><\/code>
\ncreamos el fichero
\n# nano \/etc\/nginx\/sites-available\/guacamole
\n<\/code><\/code>
\ny a\u00f1adimos:
\n<\/code><\/code>
\nserver {
\nlisten 80;
\nlisten [::]:80;
\nserver_name guacamole;
\n<\/code><\/code>
\nlocation \/ {
\nproxy_pass https:\/\/127.0.0.1:8080\/guacamole\/;
\nproxy_buffering off;
\nproxy_https_version 1.1;
\nproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
\nproxy_set_header Upgrade $https_upgrade;
\nproxy_set_header Connection $https_connection;
\naccess_log off;
\n}
\n
\n<\/code>
\n}
\n<\/code>
\nY creamos el enlace simb\u00f3lico en \/etc\/nginx\/sites-enabled
\nReiniciamos el nginx y ya tenemos el servicio preparado \ud83d\ude09
\nvamos al navegador … https:\/\/guacamole\"\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Otra entrada que es un apunte. En esta ocasi\u00f3n, instalaremos guacamole, como gateway de conexi\u00f3n a nuestros server y exponerlo a internet. Partimos de una debian 9 pelada y instalamos las dependencias: # apt install tomcat8 libcairo2-dev libossp-uuid-dev libavcodec-dev libavutil-dev libswscale-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev libjpeg62-turbo-dev libpng-dev libpng16-16 git # […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[58,85,102,126],"class_list":["post-1291","post","type-post","status-publish","format-standard","hentry","category-linux","tag-debian","tag-guacamole","tag-linux-2","tag-nginx"],"_links":{"self":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/1291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1291"}],"version-history":[{"count":0,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/1291\/revisions"}],"wp:attachment":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}