On Sat, Nov 8, 2025 at 6:36 PM Jon Gerdes <[email protected]> wrote:
> Hi > > What Nick said: the docs do make decent recommendations with regards > setting up and proxying the Tomcat app. You might also look into general > security advice with regards Tomcat and host based firewalls. > > I keep a pdf dump of my Guacamole installation docs here: > https://github.com/gerdesj/Various which notes some security measures. > I will be updating that doc withing the next week or so for 1.6.0 but you > may find some handy advice anyway. > > Note that Guacamole requires an older version of Tomcat etc. If you run > it on Ubuntu, you are stuck with LTS 22.04 for now. That LTS is still > supported until 2027 so all good. To get some more patches you will need a > Canonical account, which is free for five machines even for commercial > use. If you do that, you will pass security audits via the likes of Nessus. > > Just one note on this - it is true that Guacamole does not currently run under Tomcat 10.x or 11.x, and that many Linux distributions are moving away from providing packages for those platforms. However, Tomcat 9.x is still receiving at least security updates. Provided you keep up with installing updates to Tomcat 9.x, you should be okay from that perspective. The Tomcat install is pretty simple, so not having packages shouldn't be too big a deal, even if it is slightly annoying. Hopefully we'll be able to move toward the Jakarta EE namespace along with the AngularJS to Angular migration over the next few months. -Nick >
