How to use the command guacd (with examples)

The guacd command is the Apache Guacamole proxy daemon. It is a support loader for client plugins to interface between the Guacamole protocol and any arbitrary remote desktop protocol such as RDP, VNC, or Others. This article will illustrate different use cases of the guacd command.

Use case 1: Bind to a specific port on localhost

Code:

guacd -b 127.0.0.1 -l 4823

Motivation: Binding the guacd daemon to a specific port on localhost can be useful when you want to restrict the access to guacd only from the local machine. This provides an additional layer of security by limiting the access to guacd to only the local system.

Explanation:

• -b: Specifies the IP address to bind to.
• 127.0.0.1: The IP address to bind to is set to 127.0.0.1, which is the loopback IP address. This restricts the access to guacd to the localhost only.
• -l: Specifies the port to listen on.
• 4823: The port 4823 is set as the listening port for guacd.

Example output:

Binding guacd to 127.0.0.1:4823

Use case 2: Start in debug mode, keeping the process in the foreground

Code:

guacd -f -L debug

Motivation: Starting guacd in debug mode while keeping the process in the foreground is helpful during the development and troubleshooting process. It allows you to see the debug logs and any errors or warnings directly in the terminal without the need to check log files.

Explanation:

• -f: Causes the guacd process to remain in the foreground instead of detaching and running as a background process.
• -L: Specifies the log level.
• debug: Sets the log level to debug, which provides detailed information useful for debugging purposes.

Example output:

[guacd] INFO: Listening on UNIX socket '/tmp/guacd.sock'.
[guacd] DEBUG: Initialized user directory.
[guacd] DEBUG: Initialized protocol registry.
[guacd] DEBUG: Initialized user access manager.
...

Use case 3: Start with TLS support

Code:

guacd -C my-cert.crt -K my-key.pem

Motivation: Starting guacd with TLS support is essential when you want to secure the communication between the Guacamole client and the guacd server. By enabling TLS, all the transmitted data will be encrypted, providing an additional layer of security.

Explanation:

• -C: Specifies the path to the server SSL certificate file.
• my-cert.crt: The path to the server SSL certificate file is set to my-cert.crt.
• -K: Specifies the path to the server SSL private key file.
• my-key.pem: The path to the server SSL private key file is set to my-key.pem.

Example output:

Starting guacd with TLS support using the provided certificate and key.

Use case 4: Write the PID to a file

Code:

guacd -p path/to/file.pid

Motivation: Writing the PID of the guacd process to a file can be beneficial when you need to manage or monitor the running guacd process. The PID file can be used to track the process and perform actions such as restarting or stopping the process.

Explanation:

• -p: Specifies the path to the PID file.
• path/to/file.pid: The path to the PID file is set to path/to/file.pid.

Example output:

The PID of the guacd process has been written to path/to/file.pid.

Conclusion:

The guacd command provides several options for configuring and customizing the Apache Guacamole proxy daemon. The examples in this article demonstrate different use cases such as binding to a specific port, starting in debug mode, enabling TLS support, and writing the PID to a file. Understanding these use cases will enable you to optimize and enhance your guacd configuration based on your specific requirements.