guacd.conf man page

/etc/guacamole/guacd.conf — Configuration file for guacd


/etc/guacamole/guacd.conf is the configuration file for the Guacamole proxy daemon used by the Guacamole web application and framework, guacd. Use of this file is entirely optional, and all of its options can be specified from the command line when running guacd. If you provide both the guacd.conf file and command line options, the command line options will take precedence.


guacd.conf is made up of sections, where each section contains a set of parameter/value pairs. The parameters available are dictated by the section in use, and parameters may only be specified within a section.

The beginning of each section is denoted with a section name in brackets, and each section ends implicitly with the beginning of a new section, or at the end of the file.


Contains parameters which control how guacd behaves as a server, from a network perspective.


Parameters which configure how guacd behaves as a daemon, such as what file should contain the PID, if any.


Parameters which control the SSL support of guacd, such as the certificate and private key used for encryption of the Guacamole protocol. This section and its parameters are only valid if guacd was built with SSL support.

Parameters within sections are written as a parameter name, followed by an equals sign, followed by the parameter value, all on one line. Comments may be placed anywhere, and consist of arbitrary text following a # symbol until end-of-line:

name = value # Some arbitrary comment text

Beware that it is the combination of the section name with the parameter name that makes up the fully qualified name of a parameter. Each parameter absolutely must be placed only within its proper section, or guacd.conf will fail to be parsed, and guacd will not start.

If special characters need to be placed within a parameter value, such as whitespace, #, ", or \, the entire value must be enclosed in double quotes, and each occurrence of " or \ within the value must be escaped with backslashes:

name = "quoted # value \\ with \" special characters"

Server Parameters

bind_host = HOSTNAME

Requires guacd to bind to a specific host when listening for connections. By default, guacd will bind to localhost only.

bind_port = PORT

Requires guacd to bind to a specific port when listening for connections. By default, guacd will bind to port 4822.

Daemon Parameters

log_level = LEVEL

Sets the maximum level at which guacd will log messages to syslog and, if running in the foreground, the console. Legal values are debug, info, warning, and error. The default value is info.

pid_file = FILE

Causes guacd to write its PID to the specified file upon startup. Note that guacd must have sufficient privileges to create or write this file, or it will fail to start. This parameter is typically needed for startup scripts, such that the script can report on the status of guacd and kill it if necessary.

SSL Parameters

If guacd was built with SSL support, then connections between the web application and guacd can be encrypted if an SSL certificate and key file are given.

When using a chain of certificates, you must append the additional certificates to your server certificate. This can be done easily with the standard cat command. Beware that the certificate for guacd must be the first certificate in the file.

server_certificate = CERTIFICATE FILE

Enables SSL/TLS using the given cerficiate file. Future connections to guacd will require SSL/TLS enabled in the client (the web application).

server_key = KEY FILE

Enables SSL/TLS using the given private key file. Future connections to guacd will require SSL/TLS enabled in the client (the web application).


# guacd.conf example


pid_file = /var/run/


bind_host = localhost
bind_port = 4822


server_certificate = /etc/ssl/certs/guacd.crt
server_key = /etc/ssl/private/guacd.key


Written by Michael Jumper <>

Referenced By


9 Jan 2017 version 0.9.11-incubating Guacamole