guacd
Guacamole proxy daemon for remote access
TLDR
Bind to a specific port on localhost
Start in debug mode, keeping the process in the foreground
Start with TLS support
Write the PID to a file
SYNOPSIS
guacd [options]
PARAMETERS
-b address
Bind guacd to the specified address. If not specified, guacd will bind to all available interfaces.
-l logfile
Specify the file to which guacd will log messages. If not specified, guacd will log to syslog.
-L level
Specify the logging level. Valid values are "error", "warning", "info", "debug", and "trace".
-p port
Specify the port on which guacd will listen for connections. The default port is 4822.
-u user
Specify the user to run guacd as after startup. This option requires root privileges to be used effectively.
-g group
Specify the group to run guacd as after startup. This option requires root privileges to be used effectively.
-f
Run guacd in the foreground. This option disables daemonization.
-t
Test mode. Exit after initialization.
-d
Enable core dumps. Useful for debugging.
-C certificate
Path to certificate to use for SSL encryption. Must be used in conjunction with -K.
-K key
Path to private key to use for SSL encryption. Must be used in conjunction with -C.
DESCRIPTION
guacd is the Guacamole proxy daemon. It acts as an intermediary between the Guacamole web application and remote desktops or other remote access servers.
It receives client connections from the Guacamole web application and translates client input into the remote desktop protocol being used.
It also receives output from the remote desktop or other remote access server and renders this output as a stream of graphics and audio which is then sent to the Guacamole web application for rendering in the client's browser.
Essentially, guacd allows users to access remote desktops through a web browser without needing to install any client software on their local machine. It supports multiple protocols, including VNC, RDP, and SSH. Proper configuration of guacd and the Guacamole web application are crucial for secure and efficient remote access.
SECURITY CONSIDERATIONS
guacd handles sensitive data, including user credentials and remote desktop content. It is critical to properly secure guacd to prevent unauthorized access. This includes:
1. Using strong authentication methods in the Guacamole web application.
2. Configuring guacd to run with minimal privileges.
3. Keeping guacd and its dependencies up to date.
4. Limiting network access to guacd.
TROUBLESHOOTING
Common issues with guacd include:
1. Connection failures: Verify network connectivity and firewall rules.
2. Performance problems: Check resource usage and optimize Guacamole configuration.
3. Authentication errors: Review user credentials and authentication settings.
Logs generated by guacd (using the -l option) are invaluable for diagnosing problems.
HISTORY
guacd is part of the Apache Guacamole project, which was originally developed by Glyptodon LLC. The Guacamole project aims to provide a clientless remote desktop gateway. guacd's development has been focused on stability, performance, and security, with regular updates to support new protocols and address vulnerabilities. Its usage has grown significantly as organizations increasingly adopt web-based remote access solutions.
Early versions of Guacamole required more complex setup and configuration, but the project has evolved to provide easier deployment and management.
SEE ALSO
guacamole(1), sshd(8), xrdp(8)