Advanced configuration for the Guacd service
/etc/guacamole/guacd.confis the configuration file for Apache Guacamole's proxy daemon, guacd. Editing this file is not normally required unless the circumstances of your deployment require internal communications to be encrypted (not just public-facing communication), the guacd service needs to listen on an external interface or non-standard port, or you need to increase logging verbosity to assist with debugging unexpected behavior.
guacd.conffile is read only during service startup, and changes to
guacd.confwill take effect only after restarting the guacd service.
guacd.conffile is organized within three distinct sections, each section having special meaning to guacd and containing only parameters specific to that section:
The beginning of each section is denoted with a section name in brackets, and each section ends implicitly with the beginning of a new section, or at the end of the file.
Parameters names and values
Parameters within sections are written as a parameter name, followed by an equals sign, followed by the parameter value, all on one line.
name = value
If special characters need to be placed within a parameter value, such as whitespace, #, ", or \, the entire value must be enclosed in double quotes, and each occurrence of " or \ within the value must be escaped with backslashes:
name = "quoted # value \\ with \" special characters"
Comments may be placed anywhere, including at the end of a parameter, and consist of arbitrary text following a # symbol until end-of-line:
# Arbitrary comment
name = value # Another arbitrary comment
The parameters within the "server" section define the hostname/address and port that the guacd service should listen on. By default, the guacd service will listen at port 4822 on localhost, and thus will accept connections from a local instance of Guacamole only. If these values are changed, the Guacamole web application will need to be reconfigured to match by editing
The parameters within the "daemon" section control how guacd operates as a daemon, in particular the level at which messages should be logged. Greater logging verbosity may be desired if unexpected behavior is encountered.
guacd can be configured to communicate with the web application using SSL/TLS. If a certificate and key are specified, guacd will require SSL/TLS for all connections from the web application, and the web application will need to be reconfigured to match by editing
/etc/guacamole/guacamole.properties. If the certificate cannot be verified by Java against well-known CA certificates, the certificate will also need to be added to Java's truststore.
By default, internal communication between guacd and the web application is not encrypted.