LinuxCommandLibrary

guacd

Guacamole proxy daemon for remote access

TLDR

Bind to a specific port on localhost

$ guacd -b [127.0.0.1] -l [4823]
copy

Start in debug mode, keeping the process in the foreground
$ guacd -f -L [debug]
copy

Start with TLS support
$ guacd -C [my-cert.crt] -K [my-key.pem]
copy

Write the PID to a file
$ guacd -p [path/to/file.pid]
copy

SYNOPSIS

guacd [-b ADDRESS] [-f] [-F FILE] [-L FILE] [-l LEVEL] [-p PORT] [-V] [-h]

PARAMETERS

-b, --bind=ADDRESS
    Bind server to the given ADDRESS (default: 0.0.0.0)

-f, --foreground
    Run in foreground; do not daemonize

-F, --pidfile=FILE
    Write daemon PID to FILE

-L, --logfile=FILE
    Write all log messages to FILE

-l, --log-level=LEVEL
    Set logging verbosity: debug, info, warn, or error (default: info)

-p, --port=PORT
    Listen on PORT (default: 4822)

-V, --version
    Print version information and exit

-h, --help
    Display usage summary and exit

DESCRIPTION

guacd is the core server daemon of Apache Guacamole, a clientless remote desktop gateway. It acts as a high-performance proxy, facilitating HTML5-based access to remote desktops and servers via standard protocols like VNC, RDP, SSH, Telnet, and Kubernetes. Running as a standalone daemon, guacd listens on a configurable TCP port (default 4822) for connections from Guacamole web clients, typically hosted in Tomcat.

The daemon handles authentication, instruction parsing, and tunneling of graphical or text-based sessions without requiring client-side software installation. It supports dynamic configuration and extensibility through modules for custom authentication or protocols. guacd is lightweight, secure by design (no direct exposure of backend credentials), and scalable for enterprise use.

Common deployments pair guacd with a Guacamole frontend in Apache Tomcat, using a database backend for user management. It's widely used in VDI, remote support, and cloud environments for browser-based access.

CAVEATS

guacd must run as root or with CAP_NET_BIND_SERVICE for ports < 1024. Defaults to localhost binding in some configs for security; expose explicitly. No built-in config file parsing on command lineā€”use guacd.conf(5) via service managers.

CONFIGURATION

Supports guacd.conf(5) for daemon-wide settings like [daemon] and [guac-prox], loaded automatically if present in standard paths (/etc/guacamole/).

SECURITY NOTE

Always firewall port 4822; use TLS frontend proxy. Supports libguac SSL/TLS encryption for tunnels.

HISTORY

Developed as part of Apache Guacamole (formerly Glyptodon), first released in 2011. Became Apache Top-Level Project in 2016. guacd evolved from a Java-based prototype to native C for performance, with ongoing releases adding protocol support like RDP audio and SFTP.

SEE ALSO

guacamole(7), guacd.conf(5)

Copied to clipboard