{"id":18304,"date":"2023-08-15T23:55:02","date_gmt":"2023-08-15T20:55:02","guid":{"rendered":"https:\/\/kifarunix.com\/?p=18304"},"modified":"2024-03-10T10:42:24","modified_gmt":"2024-03-10T07:42:24","slug":"how-to-install-guacamole-on-debian-12","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/how-to-install-guacamole-on-debian-12\/","title":{"rendered":"How to Install Guacamole on Debian 12"},"content":{"rendered":"\n<p>This guide will take you through the steps you can use to install Guacamole on Debian 12. <a href=\"https:\/\/guacamole.apache.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Apache Guacamole<\/a>&nbsp;is a client-less HTML5 web based remote desktop gateway which provides remote access to servers and desktops through a web browser. It supports standard protocols like VNC, RDP, and SSH.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#installing-guacamole-on-debian-12\">Installing Guacamole on Debian 12<\/a><ul><li><a href=\"#install-guacamole-server-on-debian-12\">Install Guacamole Server on Debian 12<\/a><ul><li><a href=\"#run-system-update\">Run system Update<\/a><\/li><li><a href=\"#install-required-build-tools\">Install Required Build Tools<\/a><\/li><li><a href=\"#download-guacamole-source-code-tarball\">Download Guacamole Source Code Tarball<\/a><\/li><li><a href=\"#install-apache-guacamole-on-debian-12\">Install Apache Guacamole on Debian 12<\/a><\/li><li><a href=\"#running-guacamole-server-on-debian-12\">Running Guacamole-Server on Debian 12<\/a><\/li><\/ul><\/li><li><a href=\"#install-tomcat-servlet\">Install Tomcat Servlet<\/a><ul><li><a href=\"#install-tomcat-9-on-debian-12-by-building-from-archive\">Install Tomcat 9 on Debian 12 by Building from Archive<\/a><\/li><li><a href=\"#install-tomcat-9-on-debian-12-from-debian-11-repos\">Install Tomcat 9 on Debian 12 from Debian 11 repos<\/a><\/li><\/ul><\/li><li><a href=\"#install-guacamole-client-on-debian-12\">Install Guacamole Client on Debian 12<\/a><ul><li><a href=\"#download-and-install-guacamole-client-binary\">Download and Install Guacamole-client Binary<\/a><\/li><\/ul><\/li><li><a href=\"#configure-apache-guacamole-on-debian-12\">Configure Apache Guacamole on Debian 12<\/a><ul><li><a href=\"#configure-guacamole-server-connections\">Configure Guacamole Server Connections<\/a><\/li><li><a href=\"#configure-guacamole-authentication-method\">Configure Guacamole Authentication Method<\/a><\/li><\/ul><\/li><li><a href=\"#accessing-apache-guacamole-from-browser\">Accessing Apache Guacamole from Browser<\/a><\/li><li><a href=\"#setup-apache-guacamole-with-https\">Setup Apache Guacamole with HTTPS<\/a><\/li><li><a href=\"#how-to-fix-rdp-server-closed-refused-connection-security-negotiation-failed-wrong-security-type\">How to fix RDP server closed\/refused connection: Security negotiation failed (wrong security type?)<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"installing-guacamole-on-debian-12\">Installing Guacamole on Debian 12<\/h2>\n\n\n\n<p>Guacamole is made up of two parts;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>guacamole-server<\/code>, which provides the&nbsp;guacd&nbsp;proxy&nbsp;and all the native, server-side components required by Guacamole to connect to remote desktops.<\/li>\n\n\n\n<li><code>guacamole-client<\/code>&nbsp;which provides the client to be served by the servlet container which is usually&nbsp;<code>Tomcat<\/code>.<\/li>\n<\/ul>\n\n\n\n<p>You need to install both of these components to setup Apache Guacamole web-based remote desktop client.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-guacamole-server-on-debian-12\">Install Guacamole Server on Debian 12<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"run-system-update\">Run system Update<\/h4>\n\n\n\n<p>Ensure your system package cache is up-to-date;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">apt update<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-required-build-tools\">Install Required Build Tools<\/h4>\n\n\n\n<p>To install guacamole-server, you need to build it from the source. This, therefore, requires that you need install the required build tools before you can start to build guacamole-server component;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\napt install -y build-essential \\\n\tlibcairo2-dev \\\n\tlibjpeg62-turbo-dev \\\n\tlibpng-dev \\\n\tlibtool-bin \\\n        uuid-dev \\\n\tlibossp-uuid-dev \\\n\tlibavcodec-dev \\\n\tlibavformat-dev \\\n\tlibavutil-dev \\\n\tlibswscale-dev \\\n        freerdp2-dev \\\n\tlibpango1.0-dev \\\n\tlibssh2-1-dev \\\n\tlibvncserver-dev \\\n\tlibtelnet-dev \\\n\tlibwebsockets-dev \\\n\tlibssl-dev \\\n\tlibvorbis-dev \\\n\tlibwebp-dev \\\n\tlibpulse-dev \\\n        sudo \\\n        vim\n<\/code><\/pre>\n\n\n\n<p>A comprehensive description of these dependency tools is available on&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/guacamole.apache.org\/doc\/gug\/installing-guacamole.html#required-dependencies\" target=\"_blank\">required dependencies<\/a>&nbsp;section.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"download-guacamole-source-code-tarball\">Download Guacamole Source Code Tarball<\/h4>\n\n\n\n<p>To install Guacamole, we will build it from the source code. Hence download the latest source archive tarball from\u00a0<a href=\"https:\/\/guacamole.apache.org\/releases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Guacamole releases page<\/a>.<\/p>\n\n\n\n<p><a href=\"https:\/\/guacamole.apache.org\/releases\/1.5.4\/\" target=\"_blank\" rel=\"noreferrer noopener\">Apache Guacamole 1.5.4<\/a>&nbsp;is the latest release version as of this writing.<\/p>\n\n\n\n<p>You can simply run the command below to download Apache Guacamole 1.5.4.<\/p>\n\n\n\n<p>To make this easy, just set a variable for the current stable release version on the terminal.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">VER=1.5.4<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">wget https:\/\/downloads.apache.org\/guacamole\/$VER\/source\/guacamole-server-$VER.tar.gz<\/pre>\n\n\n\n<p>Once the download is done, extract the source tarball.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">tar xzf guacamole-server-$VER.tar.gz<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-apache-guacamole-on-debian-12\">Install Apache Guacamole on Debian 12<\/h4>\n\n\n\n<p>Navigate to guacamole server source code directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">cd guacamole-server-$VER<\/pre>\n\n\n\n<p>Run the&nbsp;<code>configure<\/code>&nbsp;script to check if any required dependency is missing and to adapt Guacamole server to your system.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">.\/configure --with-systemd-dir=\/etc\/systemd\/system\/<\/pre>\n\n\n\n<p>For more configure options, run,&nbsp;<code>.\/configure --help<\/code>.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>...\n------------------------------------------------\nguacamole-server version 1.5.4\n------------------------------------------------\n\n   Library status:\n\n     freerdp2 ............ yes\n     pango ............... yes\n     libavcodec .......... yes\n     libavformat.......... yes\n     libavutil ........... yes\n     libssh2 ............. yes\n     libssl .............. yes\n     libswscale .......... yes\n     libtelnet ........... yes\n     libVNCServer ........ yes\n     libvorbis ........... yes\n     libpulse ............ yes\n     libwebsockets ....... yes\n     libwebp ............. yes\n     wsock32 ............. no\n\n   Protocol support:\n\n      Kubernetes .... yes\n      RDP ........... yes\n      SSH ........... yes\n      Telnet ........ yes\n      VNC ........... yes\n\n   Services \/ tools:\n\n      guacd ...... yes\n      guacenc .... yes\n      guaclog .... yes\n\n   FreeRDP plugins: \/usr\/lib\/x86_64-linux-gnu\/freerdp2\n   Init scripts: no\n   Systemd units: \/etc\/systemd\/system\/\n\nType \"make\" to compile guacamole-server.\n<\/code><\/pre>\n\n\n\n<p>Pay attention to out of the&nbsp;<code>configure<\/code>&nbsp;script. If there is any unmet required dependency, fix before you can proceed.<\/p>\n\n\n\n<p>Compile and install Guacamole Server on Debian 12;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">make<\/pre>\n\n\n\n<p>If the make command fails with the error below;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>...\n<strong>video.c: In function \u2018guacenc_video_alloc\u2019:\nvideo.c:64:22: error: assignment discards \u2018const\u2019 qualifier from pointer target type [-Werror=discarded-qualifiers]\n   64 |     container_format = container_format_context->oformat;\n      |                      ^\nvideo.c:67:22: error: initialization discards \u2018const\u2019 qualifier from pointer target type [-Werror=discarded-qualifiers]\n   67 |     AVCodec* codec = avcodec_find_encoder_by_name(codec_name);\n      |                      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~\ncc1: all warnings being treated as errors\nmake[2]: *** [Makefile:1126: guacenc-video.o] Error 1<\/strong>\nmake[2]: Leaving directory '\/root\/guacamole-server-1.5.4\/src\/guacenc'\nmake[1]: *** [Makefile:544: all-recursive] Error 1\nmake[1]: Leaving directory '\/root\/guacamole-server-1.5.4'\n<\/code><\/pre>\n\n\n\n<p>The&nbsp;<code>guacenc<\/code>&nbsp;utility is used to translate screen recordings into video, depends on FFmpeg. It is an optional dependency, so you can choose to disable it. Hence, rerun the configure command with the <strong><code>--disable-guacenc<\/code><\/strong> option;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/configure --with-systemd-dir=\/etc\/systemd\/system\/ --disable-guacenc<\/code><\/pre>\n\n\n\n<p>After that, execute the make command again.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>make<\/code><\/pre>\n\n\n\n<p>Then install Guacamole;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">make install<\/pre>\n\n\n\n<p>Next, run the&nbsp;<strong><code>ldconfig<\/code><\/strong>&nbsp;command to create the necessary links and cache to the most recent shared libraries found in the guacamole server directory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ldconfig<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"running-guacamole-server-on-debian-12\">Running Guacamole-Server on Debian 12<\/h4>\n\n\n\n<p>Reload systemd configuration files and start and enable guacd (Guacamole Daemon) to run on boot after the installation.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl daemon-reload<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl enable --now guacd<\/pre>\n\n\n\n<p>To check the status;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl status guacd<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf guacd.service - Guacamole Server\n     Loaded: loaded (\/etc\/systemd\/system\/guacd.service; enabled; preset: enabled)\n     Active: active (running) since Thu 2024-01-11 11:01:21 EST; 6s ago\n       Docs: man:guacd(8)\n   Main PID: 22109 (guacd)\n      Tasks: 1 (limit: 1099)\n     Memory: 10.2M\n        CPU: 10ms\n     CGroup: \/system.slice\/guacd.service\n             \u2514\u250022109 \/usr\/local\/sbin\/guacd -f\n\nJan 11 11:01:21 debian systemd[1]: Started guacd.service - Guacamole Server.\nJan 11 11:01:21 debian guacd[22109]: Guacamole proxy daemon (guacd) version 1.5.4 started\nJan 11 11:01:21 debian guacd[22109]: guacd[22109]: INFO:        Guacamole proxy daemon (guacd) version 1.5.4 started\nJan 11 11:01:21 debian guacd[22109]: guacd[22109]: INFO:        Listening on host ::1, port 4822\nJan 11 11:01:21 debian guacd[22109]: Listening on host ::1, port 4822\n<\/code><\/pre>\n\n\n\n<p>If you noticed, guacd is listening on IPv6 localhost address (<strong><em>Listening on host ::1, port 4822<\/em><\/strong>). This is probably because your hosts file is like;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat \/etc\/hosts<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n127.0.0.1\tlocalhost\n127.0.1.1\tdebian\n\n# The following lines are desirable for IPv6 capable hosts\n<strong>::1     localhost ip6-localhost ip6-loopback<\/strong>\nff02::1 ip6-allnodes\nff02::2 ip6-allrouters\n<\/code><\/pre>\n\n\n\n<p>See the line above! If you proceed with this in place, you will end up not being able to connect to your remote end points with such an error;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tomcat9&#91;28149]: 15:47:52.938 &#91;http-nio-8080-exec-5] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: java.net.ConnectException: Connection refused<\/code><\/pre>\n\n\n\n<p>Thus, comment out the IPv6 line on hosts file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i '\/^::1\/s\/^\/#\/g' \/etc\/hosts<\/code><\/pre>\n\n\n\n<p>Restart Guacamole server;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart guacd<\/code><\/pre>\n\n\n\n<p>Confirm status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status guacd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf guacd.service - Guacamole Server\n     Loaded: loaded (\/etc\/systemd\/system\/guacd.service; enabled; preset: enabled)\n     Active: active (running) since Thu 2024-01-11 11:02:33 EST; 3s ago\n       Docs: man:guacd(8)\n   Main PID: 22172 (guacd)\n      Tasks: 1 (limit: 1099)\n     Memory: 10.0M\n        CPU: 9ms\n     CGroup: \/system.slice\/guacd.service\n             \u2514\u250022172 \/usr\/local\/sbin\/guacd -f\n\nJan 11 11:02:33 debian systemd[1]: Started guacd.service - Guacamole Server.\nJan 11 11:02:33 debian guacd[22172]: Guacamole proxy daemon (guacd) version 1.5.4 started\nJan 11 11:02:33 debian guacd[22172]: guacd[22172]: INFO:        Guacamole proxy daemon (guacd) version 1.5.4 started\nJan 11 11:02:33 debian guacd[22172]: Listening on host 127.0.0.1, port 4822\nJan 11 11:02:33 debian guacd[22172]: guacd[22172]: INFO:        Listening on host 127.0.0.1, port 4822\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ss -altnp | grep :4822<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>LISTEN 0      5          127.0.0.1:4822      0.0.0.0:*    users:((\"guacd\",pid=22172,fd=4))<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-tomcat-servlet\">Install Tomcat Servlet<\/h3>\n\n\n\n<p>Apache Tomcat is used to serve guacamole client content to users that connects to guacamole server via the web browser. To install Tomcat 9 on Debian 12, you can build it from archive or install from the Debian 11 repos. This is because, Debian 12 ships with Tomcat 10 by default. Guacamole doesn&#8217;t support Tomcat 10 yet.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-tomcat-9-on-debian-12-by-building-from-archive\">Install Tomcat 9 on Debian 12 by Building from Archive<\/h4>\n\n\n\n<p>Follow the link below to learn how to install Tomcat 9 on Debian 12 by building from Tomcat archive.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-install-tomcat-9-on-debian-12\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Install Tomcat 9 on Debian 12<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-tomcat-9-on-debian-12-from-debian-11-repos\">Install Tomcat 9 on Debian 12 from Debian 11 repos<\/h4>\n\n\n\n<p> Install the Debian 11 repos temporarily as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"deb http:\/\/deb.debian.org\/debian\/ bullseye main\" &gt; \/etc\/apt\/sources.list.d\/bullseye.list <\/code><\/pre>\n\n\n\n<p>Then install Tomcat9;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">apt install tomcat9 tomcat9-admin tomcat9-common tomcat9-user -y<\/pre>\n\n\n\n<p>Remove the Debian 11 repos;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i 's\/^\/#\/' \/etc\/apt\/sources.list.d\/bullseye.list <\/code><\/pre>\n\n\n\n<p>Tomcat9 is started and enabled to run on system boot upon installation. Check the status by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl status tomcat9.service<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf tomcat9.service - Apache Tomcat 9 Web Application Server\n     Loaded: loaded (\/lib\/systemd\/system\/tomcat9.service; enabled; preset: enabled)\n     Active: active (running) since Thu 2024-01-11 11:11:34 EST; 34s ago\n       Docs: https:\/\/tomcat.apache.org\/tomcat-9.0-doc\/index.html\n    Process: 24423 ExecStartPre=\/usr\/libexec\/tomcat9\/tomcat-update-policy.sh (code=exited, status=0\/SUCCESS)\n   Main PID: 24427 (java)\n      Tasks: 30 (limit: 1099)\n     Memory: 107.3M\n        CPU: 3.672s\n     CGroup: \/system.slice\/tomcat9.service\n             \u2514\u250024427 \/usr\/lib\/jvm\/default-java\/bin\/java -Djava.util.logging.config.file=\/var\/lib\/tomcat9\/conf\/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager ->\n\nJan 11 11:11:35 debian tomcat9[24427]: Deployment of deployment descriptor [\/etc\/tomcat9\/Catalina\/localhost\/manager.xml] has finished in [569] ms\nJan 11 11:11:35 debian tomcat9[24427]: Deploying deployment descriptor [\/etc\/tomcat9\/Catalina\/localhost\/host-manager.xml]\nJan 11 11:11:35 debian tomcat9[24427]: The path attribute with value [\/host-manager] in deployment descriptor [\/etc\/tomcat9\/Catalina\/localhost\/host-manager.xml] has been ignored\nJan 11 11:11:36 debian tomcat9[24427]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs w>\nJan 11 11:11:36 debian tomcat9[24427]: Deployment of deployment descriptor [\/etc\/tomcat9\/Catalina\/localhost\/host-manager.xml] has finished in [306] ms\nJan 11 11:11:36 debian tomcat9[24427]: Deploying web application directory [\/var\/lib\/tomcat9\/webapps\/ROOT]\nJan 11 11:11:36 debian tomcat9[24427]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs w>\nJan 11 11:11:36 debian tomcat9[24427]: Deployment of web application directory [\/var\/lib\/tomcat9\/webapps\/ROOT] has finished in [315] ms\nJan 11 11:11:36 debian tomcat9[24427]: Starting ProtocolHandler [\"http-nio-8080\"]\nJan 11 11:11:36 debian tomcat9[24427]: Server startup in [1220] milliseconds\n<\/code><\/pre>\n\n\n\n<p>Apache Tomcat listens on port 8080\/tcp by default;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ss -altnp | grep :8080<\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>LISTEN 0      100                *:8080            *:*    users:((\"java\",pid=24427,fd=37))<\/code><\/pre>\n\n\n\n<p>To allow external access to the serverlet, open the serverlet port 8080\/tcp on UFW, <strong>if at all UFW is installed and enabled<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ufw allow 8080\/tcp<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-guacamole-client-on-debian-12\">Install Guacamole Client on Debian 12<\/h3>\n\n\n\n<p><strong>guacamole-client<\/strong>&nbsp;contains provides web application that will serve the HTML5 Guacamole client to users that connect to your server.&nbsp;The web application will then connect to&nbsp;<strong>guacd<\/strong>&nbsp;on behalf of connected users in order to serve them any remote desktop they are authorized to access.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"download-and-install-guacamole-client-binary\">Download and Install Guacamole-client Binary<\/h4>\n\n\n\n<p>Create Guacamole configuration directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mkdir \/etc\/guacamole<\/pre>\n\n\n\n<p>Guacamole client can be installed from source code or from ready binary. Binary installation is used in this demo.<\/p>\n\n\n\n<p>Download Guacamole-client from&nbsp;<a href=\"https:\/\/guacamole.apache.org\/releases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Guacamole releases page<\/a>&nbsp;for the respective latest version (v1.5.4 as of this writing) and store it in the configuration directory created above.<\/p>\n\n\n\n<p>To download the current release version, v1.5.4 as of this writing, simply run the command below;<\/p>\n\n\n\n<p>Similarly, we use the same client version variable;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">VER=1.5.4<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">wget \\\nhttps:\/\/downloads.apache.org\/guacamole\/$VER\/binary\/guacamole-$VER.war \\\n-O \/etc\/guacamole\/guacamole.war<\/pre>\n\n\n\n<p>Create a symbolic link of the guacamole client to Tomcat webapps directory as shown below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ln -s \/etc\/guacamole\/guacamole.war \/var\/lib\/tomcat9\/webapps\/<\/pre>\n\n\n\n<p>If you build Tomcat from Tomcat source, then;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ln -s \/etc\/guacamole\/guacamole.war \/opt\/tomcat9\/webapps\/<\/code><\/pre>\n\n\n\n<p>Restart Tomcat and Guacamole server to deploy the new web application;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl restart tomcat9 guacd<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-apache-guacamole-on-debian-12\">Configure Apache Guacamole on Debian 12<\/h3>\n\n\n\n<p>Guacamole has two major configuration files;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code><strong>\/etc\/guacamole<\/strong><\/code>&nbsp;which is referenced by the&nbsp;<code>GUACAMOLE_HOME<\/code>&nbsp;environment variable<\/li>\n\n\n\n<li><code><strong>\/etc\/guacamole\/guacamole.properties<\/strong><\/code>&nbsp;which is the main configuration file used by Guacamole and its extensions.<\/li>\n<\/ul>\n\n\n\n<p>There are also guacamole extensions and libraries configurations. You need to create the directories for these configs;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mkdir \/etc\/guacamole\/{extensions,lib}<\/pre>\n\n\n\n<p>Set the guacamole home directory environment variable and add it to&nbsp;<code><strong>\/etc\/default\/tomcat9<\/strong><\/code>&nbsp;configuration file.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">echo \"GUACAMOLE_HOME=\/etc\/guacamole\" &gt;&gt; \/etc\/default\/tomcat9<\/pre>\n\n\n\n<p>If you build Tomcat from Tomcat source, then;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"GUACAMOLE_HOME=\/etc\/guacamole\" &gt;&gt; \/etc\/profile.d\/tomcat9.sh<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-guacamole-server-connections\">Configure Guacamole Server Connections<\/h4>\n\n\n\n<p>To define how Guacamole connects to&nbsp;<code>guacd<\/code>, create the&nbsp;<code>guacamole.properties<\/code>&nbsp;file under&nbsp;<code><strong>\/etc\/guacamole<\/strong><\/code>&nbsp;directory with the following content.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>cat &gt; \/etc\/guacamole\/guacamole.properties &lt;&lt; EOL\nguacd-hostname: 127.0.0.1\nguacd-port: 4822\nuser-mapping:   \/etc\/guacamole\/user-mapping.xml\nauth-provider:  net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider\nEOL\n<\/code><\/pre>\n\n\n\n<p>The configuration above is explained below;<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><code>guacd-hostname: localhost<\/code>: This line sets the hostname of the Guacamole daemon (guacd) to &#8220;localhost.&#8221; The Guacamole daemon is responsible for handling remote desktop connections.<\/li>\n\n\n\n<li><code>guacd-port: 4822<\/code>: This line specifies the port number (4822) on which the Guacamole daemon (<code>guacd<\/code>) is listening for connections.<\/li>\n\n\n\n<li><code>user-mapping: \/etc\/guacamole\/user-mapping.xml<\/code>: This line specifies the path to the user mapping configuration file (<code>user-mapping.xml<\/code>). This file defines how users are authenticated and which remote desktop connections they can access.<\/li>\n\n\n\n<li><code>auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider<\/code>: This line sets the authentication provider to be used for user authentication. In this case, the BasicFileAuthenticationProvider is used, which means authentication will be based on user credentials defined in the <code>user-mapping.xml<\/code> file.<\/li>\n<\/ol>\n\n\n\n<p>Next, link the Guacamole configurations directory to Tomcat servlet directory as shown below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ln -s \/etc\/guacamole \/usr\/share\/tomcat9\/.guacamole<\/pre>\n\n\n\n<p>Similarly, if you build Tomcat from Tomcat source, then;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ln -s \/etc\/guacamole \/opt\/tomcat9\/.guacamole<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-guacamole-authentication-method\">Configure Guacamole Authentication Method<\/h4>\n\n\n\n<p>There are different authentication methods supported by Guacamole;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reading credentials from XML file (<em>default<\/em>).<\/li>\n\n\n\n<li>Database authentication<\/li>\n\n\n\n<li>LDAP authentication<\/li>\n\n\n\n<li>Retrieving secrets from a vault<\/li>\n\n\n\n<li>Duo two-factor authentication<\/li>\n\n\n\n<li>TOTP two-factor authentication<\/li>\n\n\n\n<li>HTTP header authentication<\/li>\n\n\n\n<li>Encrypted JSON authentication<\/li>\n\n\n\n<li>CAS Authentication<\/li>\n\n\n\n<li>OpenID Connect Authentication<\/li>\n\n\n\n<li>SAML Authentication<\/li>\n\n\n\n<li>RADIUS Authentication<\/li>\n<\/ul>\n\n\n\n<p>Guacamole\u2019s default authentication method reads all users and connections from a single file called&nbsp;<code>user-mapping.xml<\/code>. We enabled basic authentication in the configuration above.<\/p>\n\n\n\n<p>In this file,you need to define the&nbsp;<strong>users allowed to access Guacamole web UI<\/strong>,<strong>&nbsp;the servers to connect to<\/strong>&nbsp;and&nbsp;<strong>the method of connection<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-pullquote has-small-font-size\"><blockquote><p><strong>NOTE: Storing sensitive information like passwords or connection details in plain text within the user-mapping.xml file can be a security risk, especially if the file is accessible to unauthorized users. If you are using Guacamole Over Internet, I recommend that you avoid the use of user-mapping.xml file for storing credentials. Also, ensure that HTTPS is implemented. Security starts from you!<\/strong><\/p><\/blockquote><\/figure>\n\n\n\n<p>You can choose to use other authentication methods below;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/kifarunix.com\/configure-totp-two-factor-authentication-on-apache-guacamole\/\">Configure TOTP Two-Factor Authentication on Apache Guacamole<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/kifarunix.com\/configure-guacamole-mysql-database-authentication\/\">Configure Guacamole MySQL Database Authentication<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/kifarunix.com\/setup-apache-guacamole-openldap-authentication\/\">Setup Apache Guacamole OpenLDAP Authentication<\/a><\/li>\n<\/ul>\n\n\n\n<p>For the purposes of local testing, we will be using this method, however!<\/p>\n\n\n\n<p>To begin with, generate the MD5 hash of passwords for the user to be used for logging into Guacamole web user interface.<\/p>\n\n\n\n<p><strong>Replace your password, <code>&lt;password&gt;<\/code><\/strong>, <strong>accordingly<\/strong>;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">echo -n &lt;password&gt; | openssl md5<\/pre>\n\n\n\n<p>For example, where <strong>password<\/strong> is my password.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo -n <strong>password<\/strong> | openssl md5<\/code><\/pre>\n\n\n\n<p>Output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>MD5(stdin)= 5f4dcc3b5aa765d61d8327deb882cf99<\/code><\/pre>\n\n\n\n<p>or<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">printf '%s' password | md5sum<\/pre>\n\n\n\n<p>Output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>5f4dcc3b5aa765d61d8327deb882cf99  -<\/code><\/pre>\n\n\n\n<p>Be sure to replace&nbsp;<strong>password<\/strong>&nbsp;with your strong password.<\/p>\n\n\n\n<p>Next, create the default user authentication file,&nbsp;<code><strong>user-mapping.xml<\/strong><\/code>&nbsp;with the following contents.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/etc\/guacamole\/user-mapping.xml<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n&lt;user-mapping>\n        \n    &lt;!-- Per-user authentication and config information -->\n\n    &lt;!-- A user using md5 to hash the password\n         guacadmin user and its md5 hashed password below is used to \n             login to Guacamole Web UI-->\n    &lt;authorize \n            username=\"guacadmin\"\n            password=\"5f4dcc3b5aa765d61d8327deb882cf99\"\n            encoding=\"md5\">\n\n        &lt;!-- First authorized Remote connection -->\n        &lt;connection name=\"Ubuntu 22\">\n            &lt;protocol>ssh&lt;\/protocol>\n            &lt;param name=\"hostname\">192.168.58.37&lt;\/param>\n            &lt;param name=\"port\">22&lt;\/param>\n        &lt;\/connection>\n\n        &lt;!-- Second authorized remote connection -->\n        &lt;connection name=\"Windows 10\">\n            &lt;protocol>rdp&lt;\/protocol>\n            &lt;param name=\"hostname\">192.168.56.121&lt;\/param>\n            &lt;param name=\"port\">3389&lt;\/param>\n            &lt;param name=\"username\">kifarunix&lt;\/param>\n            &lt;param name=\"ignore-cert\">true&lt;\/param>\n        &lt;\/connection>\n\n    &lt;\/authorize>\n\n&lt;\/user-mapping>\n<\/code><\/pre>\n\n\n\n<p>If you don&#8217;t specify the username and password in the file, you will be prompted to provide them while attempting to login, which I consider it a bit secure.<\/p>\n\n\n\n<p>If you need to explicitly define usernames and passwords in the configuration file, add the parameters;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;param name=\"username\"&gt;<strong>USERNAME<\/strong>&lt;\/param&gt;\n&lt;param name=\"password\"&gt;<strong>PASSWORD&lt;\/param&gt;<\/strong><\/code><\/pre>\n\n\n\n<p>Save and exit the configuration file.<\/p>\n\n\n\n<p>Restart both Tomcat and guacd to effect the changes.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl restart tomcat9 guacd<\/pre>\n\n\n\n<p>Be sure to check the syslog,&nbsp;<code>\/var\/log\/syslog<\/code>&nbsp;or&nbsp;<code>\/var\/log\/tomcat9\/<\/code>&nbsp;log files for any issues.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"accessing-apache-guacamole-from-browser\">Accessing Apache Guacamole from Browser<\/h3>\n\n\n\n<p>Apache Guacamole server is now setup. You can access it from web browser using the address&nbsp;<code><strong>http:\/\/server-IP:8080\/guacamole<\/strong><\/code>.<a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-login-page.png\"><\/a><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1054\" height=\"633\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-login.png\" alt=\"Install Guacamole on Debian 12\" class=\"wp-image-10400\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-login.png?v=1631384185 1054w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/09\/guacamole-login-768x461.png?v=1631384185 768w\" sizes=\"(max-width: 1054px) 100vw, 1054px\" \/><\/figure><\/div>\n\n\n<p>Use the credentials for the user whom you generated an MD5 hash for its password above.<\/p>\n\n\n\n<p>Upon successful login, you get to Apache Guacamole web dashboard and you should be able to see the added connections.<a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-connections.png\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1473\" height=\"493\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/guacamole-dashboard.png\" alt=\"\" class=\"wp-image-18357\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/guacamole-dashboard.png?v=1692128504 1473w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/guacamole-dashboard-768x257.png?v=1692128504 768w\" sizes=\"(max-width: 1473px) 100vw, 1473px\" \/><\/figure>\n\n\n\n<p>Click on a connection to name to initiate remote login.<\/p>\n\n\n\n<p>For example, to ssh into Ubuntu 22 server, just click on the connection name. This will get you a login prompt;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1459\" height=\"880\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/remote-server-via-guacamole.png\" alt=\"\" class=\"wp-image-18359\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/remote-server-via-guacamole.png?v=1692130255 1459w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/remote-server-via-guacamole-768x463.png?v=1692130255 768w\" sizes=\"(max-width: 1459px) 100vw, 1459px\" \/><\/figure>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-remote-ssh-login.png\"><\/a><\/p>\n\n\n\n<p>To login to Windows 10 via RDP, just click on Windows 10, enter the login credentials and proceed to the desktop.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1471\" height=\"963\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/windows-10-guacamole-rdp.png\" alt=\"\" class=\"wp-image-18366\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/windows-10-guacamole-rdp.png?v=1692131910 1471w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/windows-10-guacamole-rdp-768x503.png?v=1692131910 768w\" sizes=\"(max-width: 1471px) 100vw, 1471px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"setup-apache-guacamole-with-https\">Setup Apache Guacamole with HTTPS<\/h3>\n\n\n\n<p>Follow the guide below to learn how to configure Apache Guacamole with HTTPS;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-guacamole-ssl-tls-with-nginx-reverse-proxy\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Guacamole SSL\/TLS with Nginx Reverse Proxy<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"how-to-fix-rdp-server-closed-refused-connection-security-negotiation-failed-wrong-security-type\"><a href=\"#fix-rdp-security-negotiation-failed\">How to fix RDP server closed\/refused connection: Security negotiation failed (wrong security type?)<\/a><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-win7-rdp.png\"><\/a><\/h3>\n\n\n\n<p>If you encounter <strong>CONNECTION ERROR<\/strong>, and upon checking the logs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>journalctl -f -u guacd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nAug 15 16:31:53 debian guacd[28423]: Loading keymap \"en-us-qwerty\"\nAug 15 16:31:53 debian guacd[28423]: guacd[28423]: INFO:        Loading keymap \"en-us-qwerty\"\nAug 15 16:31:53 debian guacd[28423]: RDP server closed\/refused connection: Security negotiation failed (wrong security type?)\nAug 15 16:31:53 debian guacd[28423]: guacd[28423]: INFO:        RDP server closed\/refused connection: Security negotiation failed (wrong security type?)\nAug 15 16:31:53 debian guacd[28423]: guacd[28423]: INFO:        User \"@7de1f381-34cf-4e08-8df0-66a5048c6f65\" disconnected (0 users remain)\nAug 15 16:31:53 debian guacd[28423]: guacd[28423]: INFO:        Last user of connection \"$c9f11e3a-cc25-40c9-b6d2-c015773f7262\" disconnected\nAug 15 16:31:53 debian guacd[28423]: User \"@7de1f381-34cf-4e08-8df0-66a5048c6f65\" disconnected (0 users remain)\nAug 15 16:31:53 debian guacd[28423]: Last user of connection \"$c9f11e3a-cc25-40c9-b6d2-c015773f7262\" disconnected\nAug 15 16:31:53 debian guacd[28360]: Connection \"$c9f11e3a-cc25-40c9-b6d2-c015773f7262\" removed.\nAug 15 16:31:53 debian guacd[28360]: guacd[28360]: INFO:        Connection \"$c9f11e3a-cc25-40c9-b6d2-c015773f7262\" removed.\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>Aug 15 16:31:53 debian guacd&#91;28423]: RDP server closed\/refused connection: Security negotiation failed (wrong security type?)<\/strong><\/code><\/pre>\n\n\n\n<p>Then fix it as follows;<\/p>\n\n\n\n<p>Guacamole server (guacd) service runs as user&nbsp;<strong><code>daemon<\/code><\/strong>&nbsp;by default.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ps aux | grep -v grep| grep guacd<\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>daemon     28360  0.0  0.7 247892 15548 ?        Ss   16:29   0:00 \/usr\/local\/sbin\/guacd -f<\/code><\/pre>\n\n\n\n<p>Create a <strong>guacd<\/strong> system user account which can be used to run guacd instead of running as <strong>daemon<\/strong> user.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">useradd -M -d \/var\/lib\/guacd\/ -r -s \/sbin\/nologin -c \"Guacd User\" guacd<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">mkdir \/var\/lib\/guacd<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">chown -R guacd: \/var\/lib\/guacd<\/pre>\n\n\n\n<p>Next, update the Guacd service user;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sed -i 's\/daemon\/guacd\/' \/etc\/systemd\/system\/guacd.service<\/pre>\n\n\n\n<p>Reload systemd daemon;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl daemon-reload<\/pre>\n\n\n\n<p>Restart Guacd Service;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl restart guacd<\/pre>\n\n\n\n<p>At this point, RDP should work without any issues.<\/p>\n\n\n\n<p>You can now add more connections to your Guacamole. Check <a href=\"https:\/\/guacamole.apache.org\/doc\/gug\/configuring-guacamole.html#connection-configuration\" target=\"_blank\" rel=\"noreferrer noopener\">Guacamole connections page<\/a> on how to configure. That marks the end of our guide on how to install Guacamole on Debian 12.<\/p>\n\n\n\n<p>Related guides;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-apache-guacamole-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Apache Guacamole on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/setup-apache-guacamole-openldap-authentication\/\" target=\"_blank\" rel=\"noreferrer noopener\">Setup Apache Guacamole OpenLDAP Authentication<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-guacamole-ssl-tls-with-nginx-reverse-proxy\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Guacamole SSL\/TLS with Nginx Reverse Proxy<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-enable-rdp-ssh-file-transfer-over-guacamole\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Enable RDP\/SSH File Transfer Over Guacamole<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This guide will take you through the steps you can use to install Guacamole on Debian 12. Apache Guacamole&nbsp;is a client-less HTML5 web based remote<\/p>\n","protected":false},"author":10,"featured_media":12174,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,917,214],"tags":[7178,7177],"class_list":["post-18304","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-guacamole","category-remote-desktop","tag-debian-12-guacamole","tag-install-apache-guacamole-on-debian","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/18304"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=18304"}],"version-history":[{"count":23,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/18304\/revisions"}],"predecessor-version":[{"id":20837,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/18304\/revisions\/20837"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/12174"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=18304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=18304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=18304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}