diff --git a/1-setup.sh b/1-setup.sh
index d054610..fa2834e 100644
--- a/1-setup.sh
+++ b/1-setup.sh
@@ -9,13 +9,14 @@
 # To install latest snapshot:
 # wget https://raw.githubusercontent.com/itiligent/Guacamole-Setup/main/1-setup.sh && chmod +x 1-setup.sh && ./1-setup.sh
 
-# If something isn't working? # tail -f /var/log/syslog /var/log/tomcat*/*.out /var/log/mysql/*.log
+# If something isn't working? 
+# tail -f /var/log/syslog /var/log/tomcat*/*.out /var/log/mysql/*.log guac-setup/guacamole_${GUAC_VERSION}_setup.log
 
-# This whole install routine could be collated into one huge script, but it is far easer to manage and maintan by
+# This whole install routine could be collated into one huge script, but it is far easier to manage and maintain by
 # breaking up the different stages of the install into at least 4 separate scripts as follows...
 # 1-setup.sh is a central script that manages all inputs, options and sequences other included 'install' scripts.
 # 2-install-guacamole is the main guts of the whole build. This script downloads and builds Guacamole from source.
-# 3-install-nginx.sh automatically installs and configues Nginx to work as an http port 80 front end to Gaucamole
+# 3-install-nginx.sh automatically installs and configures Nginx to work as an http port 80 front end to Guacamole
 # 4a-install-self-signed-nginx.sh sets up the new Nginx/Guacamole front end with self signed SSL certificates.
 # 4b-install-ssl-letsencrypt-nginx.sh sets up Nginx with public SSL certificates from LetsEncrypt.
 
@@ -25,18 +26,9 @@ clear
 GREY='\033[0;37m'
 DGREY='\033[0;90m'
 GREYB='\033[1;37m'
-RED='\033[0;31m'
 LRED='\033[0;91m'
-GREEN='\033[0;32m'
 LGREEN='\033[0;92m'
-YELLOW='\033[0;33m'
 LYELLOW='\033[0;93m'
-BLUE='\033[0;34m'
-LBLUE='\033[0;94m'
-CYAN='\033[0;36m'
-LCYAN='\033[0;96m'
-MAGENTA='\033[0;35m'
-LMAGENTA='\033[0;95m'
 NC='\033[0m' #No Colour
 
 # Check to see if previous build/install files exist, stop and check to be safe.
@@ -47,7 +39,7 @@ echo
 	echo -e "                    ${LGREEN}Powered by Guacamole"
 	echo
 	echo
-	echo -e "${RED}Possible previous temp files detected in current build path. Please review and remove old 'guacamole-*' & 'mysql-connector-java-*' files before proceeding.${GREY}" 1>&2
+	echo -e "${LRED}Possible previous temp files detected in current build path. Please review and remove old 'guacamole-*' & 'mysql-connector-java-*' files before proceeding.${GREY}" 1>&2
 	echo
 exit 1
 fi
@@ -74,8 +66,21 @@ GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guac
 # MySQL Connector/J version
 MYSQLJCON="8.0.30"
 
-# Apache Tomcat version. You will need to check the correct version for your particular distro.
-TOMCAT_VERSION="tomcat9"
+# Check for the latest version of Tomcat currently supported by the Linux distro
+if [[ $( apt-cache show tomcat10 2> /dev/null | egrep "Version: 10" | wc -l ) -gt 0 ]]; then
+	TOMCAT_VERSION="tomcat10"
+elif [[ $( apt-cache show tomcat9 2> /dev/null | egrep "Version: 9" | wc -l ) -gt 0 ]]; then
+	TOMCAT_VERSION="tomcat9"
+elif [[ $( apt-cache show tomcat8 2> /dev/null | egrep "Version: 8.[5-9]" | wc -l ) -gt 0 ]]; then
+	TOMCAT_VERSION="tomcat8"
+elif [[ $( apt-cache show tomcat7 2> /dev/null | egrep "Version: 8" | wc -l ) -gt 0 ]]; then
+	TOMCAT_VERSION="tomcat7"
+else
+	# Default to current version
+	TOMCAT_VERSION="tomcat9"
+fi
+# Override Apache Tomcat version here.
+# TOMCAT_VERSION="tomcat9"
 
 # Install log Location
 LOG_LOCATION="${DOWNLOAD_DIR}/guacamole_${GUAC_VERSION}_setup.log"
@@ -94,7 +99,7 @@ LIBPNG=""
 # Get the default route interface IP
 DEFAULT_IP=$(ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1)
 
-# Get an intital search suffix for use as a starting default local dns domain prompt value, we change this later
+# Get an initial dns search suffix for use as a starting default for a local dns domain prompt value, we can update this later
 DOMAIN_SEARCH_SUFFIX=$(grep search /etc/resolv.conf | grep -v "#" | sed  's/'search[[:space:]]'//')
 
 #######################################################################################################################
@@ -102,27 +107,27 @@ DOMAIN_SEARCH_SUFFIX=$(grep search /etc/resolv.conf | grep -v "#" | sed  's/'sea
 #######################################################################################################################
 SERVER_NAME=""						# Preferred server hostname
 LOCAL_DOMAIN=""						# Local DNS space in use
-INSTALL_MYSQL=""					# Install locally true/false
-SECURE_MYSQL=""						# Apply mysql secure configurarion tool
+INSTALL_MYSQL=""					# Install locally (true/false)
+SECURE_MYSQL=""						# Apply mysql secure configuration tool (true/false)
 MYSQL_HOST=""						# leave blank for localhost default, only specify for remote servers
 MYSQL_PORT=""						# If blank default is 3306
 GUAC_DB=""							# If blank default is guacamole_db
 GUAC_USER=""						# if blank default is guacamole_user
 GUAC_PWD=""							# Should not be blank as this may break some aspects of install
 MYSQL_ROOT_PWD=""					# Should not be blank as this may break some aspects of install
-INSTALL_TOTP=""						# TOTP MFA extension
-INSTALL_DUO=""						# DUO MFA extension (cant be installed simultaneously with TOTP)
-INSTALL_LDAP=""						# Active Directory extension
-INSTALL_NGINX=""					# Install and configure Guacamole behind Nginx reverse proxy (http port 80 only)
+INSTALL_TOTP=""						# TOTP MFA extension (true/false)
+INSTALL_DUO=""						# DUO MFA extension (cant be installed simultaneously with TOTP, true/false)
+INSTALL_LDAP=""						# Active Directory extension (true/false)
+INSTALL_NGINX=""					# Install and configure Guacamole behind Nginx reverse proxy (http port 80 only, true/false)
 PROXY_SITE=""						# Local DNS name for reverse proxy and self signed ssl certificates
-SELF_SIGN=""						# Add self signed SSL support to Nginx (Let's Encrypt not available)
-CERT_COUNTRY="AU"					# 2 coutry charater code only, must not be blank
+SELF_SIGN=""						# Add self signed SSL support to Nginx (Let's Encrypt not available with this, true/false)
+CERT_COUNTRY="AU"					# 2 country character code only, must not be blank
 CERT_STATE="Victoria"				# Optional to change, must not be blank
 CERT_LOCATION="Melbourne"			# Optional to change, must not be blank
 CERT_ORG="Itiligent"				# Optional to change, must not be blank
 CERT_OU="I.T."						# Optional to change, must not be blank
 CERT_DAYS="3650"					# Number of days until self signed certificate expiry
-LETS_ENCRYPT=""						# Add Lets Encrypt public SSL support for Nginx (self signed SSL certs not available)
+LETS_ENCRYPT=""						# Add Lets Encrypt public SSL support for Nginx (self signed SSL certs not available with this, true/false)
 LE_DNS_NAME=""						# Public DNS name to bind with Lets Encrypt certificates
 LE_EMAIL=""							# Webmaster/admin email for Lets Encrypt
 BACKUP_EMAIL=""						# Email address for backup notifications
@@ -140,10 +145,10 @@ mkdir -p $DB_BACKUP_DIR
 mkdir -p $TMP_DIR
 
 #######################################################################################################################
-# Download github setup scripts. To prevent overwrite, comment out lines of any scripts you have edited. ##############
+# Download GitHub setup scripts. To prevent overwrite, comment out lines of any scripts you have edited. ##############
 #######################################################################################################################
 
-# Download config scripts and setup items from github
+# Download config scripts and setup items from GitHub
 cd $DOWNLOAD_DIR
 echo
 echo -e "${GREY}Downloading setup files...${DGREY}"
@@ -151,11 +156,12 @@ wget -q --show-progress ${GITHUB}2-install-guacamole.sh -O 2-install-guacamole.s
 wget -q --show-progress ${GITHUB}3-install-nginx.sh -O 3-install-nginx.sh
 wget -q --show-progress ${GITHUB}4a-install-ssl-self-signed-nginx.sh -O 4a-install-ssl-self-signed-nginx.sh
 wget -q --show-progress ${GITHUB}4b-install-ssl-letsencrypt-nginx.sh -O 4b-install-ssl-letsencrypt-nginx.sh
-# Grab Guacamole manually run add on scripts
+# Grab Guacamole manual add on/upgrade scripts
 wget -q --show-progress ${GITHUB}add-auth-duo.sh -O add-auth-duo.sh
 wget -q --show-progress ${GITHUB}add-auth-ldap.sh -O add-auth-ldap.sh
 wget -q --show-progress ${GITHUB}add-auth-totp.sh -O add-auth-totp.sh
 wget -q --show-progress ${GITHUB}add-smtp-relay-o365.sh -O add-smtp-relay-o365.sh
+wget -q --show-progress ${GITHUB}upgrade-guac.sh -O upgrade-guac.sh
 # Grab backup and security hardening scripts
 wget -q --show-progress ${GITHUB}backup-guac.sh -O backup-guac.sh
 wget -q --show-progress ${GITHUB}add-ssl-guac-gaucd.sh -O add-ssl-guac-gaucd.sh
@@ -173,7 +179,7 @@ echo -e "                    ${LGREEN}Powered by Guacamole"
 echo
 echo
 
-# For convenience & sanity check, diplay status of preset script options at start of install
+# For convenience & sanity check, display status of preset script options at start of install
 echo -e "${GREY}Enabled non-interactive presets are listed below, blank entries will prompt."
 echo -e "${DGREY}Server host name\t= ${GREY}${SERVER_NAME}"
 echo -e "${DGREY}Local DNS Domain\t= ${GREY}${LOCAL_DOMAIN}"
@@ -203,12 +209,13 @@ echo -e "${DGREY}Let's Encrypt email\t= ${GREY}${LE_EMAIL}${GREY}"
 echo -e "${DGREY}Backup notify email\t= ${GREY}${BACKUP_EMAIL}${GREY}"
 echo -e "${DGREY}Days to keep backups\t= ${GREY}${BACKUP_RETENTION}${GREY}"
 
-# Pause to optionally customise downloaded scripts before any install actions
+# Pause to optionally customise downloaded scripts before any actual install actions
 echo
-echo -e "${LYELLOW}Ctrl+Z now to exit if you wish to set any above options for an unattended install."
-echo -e "${LYELLOW}After editing the setup script, you must always run it locally (not as sudo) i.e ./1-setup.sh (not from the web link)."
+echo -e "${LYELLOW}Ctrl+Z now to exit if you wish to edit any 1-setup.sh options for an unattended install."
+echo -e "${LYELLOW}After editing, you must always run it locally (and not as sudo) i.e ./1-setup.sh (not from the link)."
+echo -e "${LYELLOW}Comment out download links if you wish to prevent re-downloading scripts at each run. "
 
-# Now prompt for sudo to get ready for a hostname change or so both sudo and non sudo functions can access tmp setup files
+# Now prompt for sudo to get ready for a hostname change, then while we are here also set perms for sudo and non sudo access to tmp setup files
 echo -e "${LGREEN}"
 sudo chmod -R 770 $TMP_DIR
 sudo chown -R $SUDO_USER:root $TMP_DIR
@@ -218,10 +225,9 @@ sudo chown -R $SUDO_USER:root $TMP_DIR
 # Begin install menu prompts ##########################################################################################
 #######################################################################################################################
 
-# We need a default hostname available to apply even if we do not want to change the hostname. This approach allows the
+# We need a default hostname value available to apply even if we do not want to change the hostname. This approach allows the
 # user to simply hit enter at the prompt without this creating a blank entry into the /etc/hosts file.
-# Hostnames and matching DNS entries are essential for implementing SSL succesfully.
-echo
+# hostnames and matching DNS entries are essential for implementing SSL successfully.
 if [[ -z ${SERVER_NAME} ]]; then
 	echo -e "${LYELLOW}Update Linux system HOSTNAME [Enter to keep: ${HOSTNAME}]${LGREEN}"
 	read -p "                        Enter new HOSTNAME : " SERVER_NAME
@@ -241,11 +247,9 @@ if [[ -z ${SERVER_NAME} ]]; then
 		sudo systemctl restart systemd-hostnamed &>> ${LOG_LOCATION}
 	fi
 
-
-echo
 if [[ -z ${LOCAL_DOMAIN} ]]; then
-	echo -e "${LYELLOW}Update Linux LOCAL DNS DOMAIN [Enter to keep: .${DOMAIN_SEARCH_SUFFIX}]${LGREEN}"
-	read -p "                        Enter LOCAL DOMAIN NAME: " LOCAL_DOMAIN
+	echo -e "${LYELLOW}Update Linux LOCAL DNS DOMAIN [Enter to keep: ${DOMAIN_SEARCH_SUFFIX}]${LGREEN}"
+	read -p "                        Enter FULL LOCAL DOMAIN NAME: " LOCAL_DOMAIN
 	if [[ "${LOCAL_DOMAIN}" = "" ]]; then
 		LOCAL_DOMAIN=$DOMAIN_SEARCH_SUFFIX
 		fi
@@ -272,7 +276,7 @@ if [[ -z ${LOCAL_DOMAIN} ]]; then
 		sudo systemctl restart systemd-hostnamed &>> ${LOG_LOCATION}
 	fi
 
-# After updateing the hostname and domain names, we can now use a refreshed value for the local FQDN.
+# After updating the hostname and domain names, we can now use a refreshed starting value for the local FQDN.
 DEFAULT_FQDN=$SERVER_NAME.$LOCAL_DOMAIN
 
 clear
@@ -284,10 +288,10 @@ echo -e "                    ${LGREEN}Powered by Guacamole"
 echo
 echo
 
-echo -e "${LGREEN}MySQL setup options:${GREY}"
 # Prompt the user to install MySQL, default of yes
+echo -e "${LGREEN}MySQL setup options:${GREY}"
 if [[ -z ${INSTALL_MYSQL} ]]; then
-	echo -e -n "SQL: Install MySQL? (for a remote MySQL Server select 'n') (y/n) [default y]: ${GREY}"
+	echo -e -n "SQL: Install MySQL? (for a remote MySQL Server select 'n') [y/n] [default y]: ${GREY}"
 	read PROMPT
 	if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
 	INSTALL_MYSQL=false
@@ -298,7 +302,7 @@ fi
 
 # Prompt the user to apply the Mysql secure installation locally
 if [ -z ${SECURE_MYSQL} ] && [ "${INSTALL_MYSQL}" = true ]; then
-	echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to LOCAL db? (y/n) [default y]: ${GREY}"
+	echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to LOCAL db? [y/n] [default y]: ${GREY}"
 	read PROMPT
 	if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
 	SECURE_MYSQL=false
@@ -309,7 +313,7 @@ fi
 
 # Prompt the user to apply the Mysql secure installation to remote db
 if [ -z ${SECURE_MYSQL} ] && [ "${INSTALL_MYSQL}" = false ]; then
-	echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to REMOTE db? (y/n) [default n]: ${GREY}"
+	echo -e -n "${GREY}SQL: Apply MySQL secure installation settings to REMOTE db? [y/n] [default n]: ${GREY}"
 	read PROMPT
 	if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
 	SECURE_MYSQL=true
@@ -358,7 +362,7 @@ if [ -z "${GUAC_PWD}" ]; then
 	read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL ${GUAC_USER} password: " PROMPT2
 	echo
 	[ "${GUAC_PWD}" = "${PROMPT2}" ] && [ "${GUAC_PWD}" != "" ] && [ "${PROMPT2}" != "" ] && break
-	echo -e "${RED}Passwords don't match or can't be null. Please try again.${GREY}" 1>&2
+	echo -e "${LRED}Passwords don't match or can't be null. Please try again.${GREY}" 1>&2
 	done
 fi
 
@@ -370,7 +374,7 @@ if [ -z "${MYSQL_ROOT_PWD}" ]; then
 	read -s -p "SQL: Confirm ${MYSQL_HOST}'s MySQL root password: " PROMPT2
 	echo
 	[ "${MYSQL_ROOT_PWD}" = "${PROMPT2}" ] && [ "${MYSQL_ROOT_PWD}" != "" ] && [ "${PROMPT2}" != "" ] && break
-	echo -e "${RED}Passwords don't match or can't be null. Please try again.${GREY}" 1>&2
+	echo -e "${LRED}Passwords don't match or can't be null. Please try again.${GREY}" 1>&2
 	done
 fi
 
@@ -379,9 +383,9 @@ if [[ -z ${BACKUP_EMAIL} ]]; then
 	while true; do
 	read -p "SQL: Enter email address for SQL backup messages [Enter to skip]: " BACKUP_EMAIL
 	[ "${BACKUP_EMAIL}" = "" ] || [ "${BACKUP_EMAIL}" != "" ] && break
-	# Rather than allow a blank value, uncomment to alternately force user to enter an explicit value instead
+	# Rather than allow a blank value, un-comment to alternately force user to enter an explicit value instead
 	# [ "${BACKUP_EMAIL}" != "" ] && break
-	# echo -e "${RED}You must enter an email address. Please try again.${GREY}" 1>&2
+	# echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2
 	done
 fi
 
@@ -391,10 +395,10 @@ BACKUP_EMAIL="backup-email@yourdomain.com"
 fi
 
 echo
-echo -e "${LGREEN}Guacamole authentication extension options:${GREY}"
 # Prompt the user if they would like to install TOTP MFA, default of no
+echo -e "${LGREEN}Guacamole authentication extension options:${GREY}"
 if [[ -z "${INSTALL_TOTP}" ]] && [[ "${INSTALL_DUO}" != true ]]; then
-	echo -e -n "AUTH: Install TOTP? (choose 'n' if you want Duo) (y/n)? [default n]: "
+	echo -e -n "AUTH: Install TOTP? (choose 'n' if you want Duo) [y/n]? [default n]: "
 	read PROMPT
 	if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
 	INSTALL_TOTP=true
@@ -406,7 +410,7 @@ fi
 
 # Prompt the user if they would like to install Duo MFA, default of no
 if [[ -z "${INSTALL_DUO}" ]] && [[ "${INSTALL_TOTP}" != true ]]; then
-	echo -e -n "${GREY}AUTH: Install Duo? (y/n) [default n]: "
+	echo -e -n "${GREY}AUTH: Install Duo? [y/n] [default n]: "
 	read PROMPT
 	if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
 	INSTALL_DUO=true
@@ -418,13 +422,13 @@ fi
 
 # We can't install TOTP and Duo at the same time (option not supported by Guacamole)
 if [[ "${INSTALL_TOTP}" = true ]] && [[ "${INSTALL_DUO}" = true ]]; then
-	echo -e "${RED}GUAC MFA: TOTP and Duo cannot be installed at the same time.${GREY}" 1>&2
+	echo -e "${LRED}GUAC MFA: TOTP and Duo cannot be installed at the same time.${GREY}" 1>&2
 	exit 1
 fi
 
 # Prompt the user if they would like to install Duo MFA, default of no
 if [[ -z "${INSTALL_LDAP}" ]]; then
-	echo -e -n "${GREY}AUTH: Install LDAP? (y/n) [default n]: "
+	echo -e -n "${GREY}AUTH: Install LDAP? [y/n] [default n]: "
 	read PROMPT
 	if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
 	INSTALL_LDAP=true
@@ -434,10 +438,10 @@ if [[ -z "${INSTALL_LDAP}" ]]; then
 fi
 
 echo
-echo -e "${LGREEN}Nginx reverse proxy options:${GREY}"
 # Prompt for Guacamole front end reverse proxy option
+echo -e "${LGREEN}Nginx reverse proxy options:${GREY}"
 if [[ -z ${INSTALL_NGINX} ]]; then
-	echo -e -n "REV PROXY: Protect Gucamole behind Nginx reverse proxy (y/n)? [default y]: "
+	echo -e -n "REV PROXY: Protect Guacamole behind Nginx reverse proxy [y/n]? [default y]: "
 	read PROMPT
 	if [[ ${PROMPT} =~ ^[Nn]$ ]]; then
 	INSTALL_NGINX=false
@@ -451,9 +455,9 @@ if [[ -z ${PROXY_SITE} ]] && [[ "${INSTALL_NGINX}" = true ]]; then
 	while true; do
 	read -p "REV PROXY: Enter proxy local DNS name? [Enter to use ${DEFAULT_FQDN}]: " PROXY_SITE
 	[ "${PROXY_SITE}" = "" ] || [ "${PROXY_SITE}" != "" ] && break
-	# Rather than allow the default value below, uncomment to alternately force user to enter an explicit name instead
+	# Rather than allow the default value below, un-comment to alternately force user to enter an explicit name instead
 	# [ "${PROXY_SITE}" != "" ] && break
-	# echo -e "${RED}You must enter a proxy site DNS name. Please try again.${GREY}" 1>&2
+	# echo -e "${LRED}You must enter a proxy site DNS name. Please try again.${GREY}" 1>&2
 	done
 fi
 
@@ -465,7 +469,7 @@ fi
 # Prompt for self signed SSL reverse proxy option
 if [[ -z ${SELF_SIGN} ]] && [[ "${INSTALL_NGINX}" = true ]]; then
 	# Prompt the user to see if they would like to install self signed SSL support for Nginx, default of no
-	echo -e -n "REV PROXY: Add self signed SSL support to Nginx? (y/n)? (choose 'n' for Let's Encrypt)[default n]: "
+	echo -e -n "REV PROXY: Add self signed SSL support to Nginx? [y/n]? (choose 'n' for Let's Encrypt)[default n]: "
 	read PROMPT
 	if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
 	SELF_SIGN=true
@@ -474,7 +478,7 @@ if [[ -z ${SELF_SIGN} ]] && [[ "${INSTALL_NGINX}" = true ]]; then
 	fi
 fi
 
-# Optional prompt to assign the self sign SSL certficate a custom expiry date, uncomment to force a manual entry
+# Optional prompt to assign the self sign SSL certificate a custom expiry date, un-comment to force a manual entry
 #if [ "${SELF_SIGN}" = true ]; then
 #	read - p "PROXY: Enter number of days till SSL certificate expires [default 3650]: " CERT_DAYS
 #fi
@@ -486,7 +490,7 @@ fi
 
 # Prompt for Let's Encrypt SSL reverse proxy configuration option
 if [[ -z ${LETS_ENCRYPT} ]] && [[ "${INSTALL_NGINX}" = true ]] && [[ "${SELF_SIGN}" = "false" ]]; then
-	echo -e -n "REV PROXY: Add Let's Encrypt SSL support to Nginx reverse proxy (y/n) [default n]: ${GREY}"
+	echo -e -n "REV PROXY: Add Let's Encrypt SSL support to Nginx reverse proxy [y/n] [default n]: ${GREY}"
 	read PROMPT
 	if [[ ${PROMPT} =~ ^[Yy]$ ]]; then
 	LETS_ENCRYPT=true
@@ -500,7 +504,7 @@ if [[ -z ${LE_DNS_NAME} ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
 	while true; do
 	read -p "REV PROXY: Enter the FQDN for your public proxy site : " LE_DNS_NAME
 	[ "${LE_DNS_NAME}" != "" ] && break
-	echo -e "${RED}You must enter a public DNS name. Please try again.${GREY}" 1>&2
+	echo -e "${LRED}You must enter a public DNS name. Please try again.${GREY}" 1>&2
 	done
 fi
 
@@ -509,7 +513,7 @@ if [[ -z ${LE_EMAIL} ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
 	while true; do
 	read -p "REV PROXY: Enter the email address for Let's Encrypt notifications : " LE_EMAIL
 	[ "${LE_EMAIL}" != "" ] && break
-	echo -e "${RED}You must enter an email address. Please try again.${GREY}" 1>&2
+	echo -e "${LRED}You must enter an email address. Please try again.${GREY}" 1>&2
 	done
 fi
 
@@ -519,26 +523,27 @@ fi
 #######################################################################################################################
 
 # Ubuntu and Debian each require different dependency packages. Below works ok from Ubuntu 18.04 / Debian 10 and above.
-# To adapt this script to other distros, research the correct library package names and reference these with the varible
-# names assigned here. See https://guacamole.apache.org/doc/gug/installing-guacamole.html for dependecy info.
+# To adapt this script to other distros, research the correct library package names and reference these with the variable
+# names assigned here. See https://guacamole.apache.org/doc/gug/installing-guacamole.html for dependency info.
 echo -e "${GREY}Checking linux distro specific dependencies..."
 if [[ $OS_FLAVOUR == "ubuntu" ]] || [[ $OS_FLAVOUR == "ubuntu"* ]]; then # potentially expand out distro choices here
 	JPEGTURBO="libjpeg-turbo8-dev"
 	LIBPNG="libpng-dev"
+	# Just in case this repo is not added by default in the distro
 	sudo add-apt-repository -y universe &>> ${LOG_LOCATION}
-	elif [[ $OS_FLAVOUR == "debian" ]] || [[ $OS_FLAVOUR == "raspbian" ]] ; then # expand distro choices here if req
+	elif [[ $OS_FLAVOUR == "debian" ]] || [[ $OS_FLAVOUR == "raspbian" ]] ; then # expand distro choices here if required
 	JPEGTURBO="libjpeg62-turbo-dev"
 	LIBPNG="libpng-dev"
 fi
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 else
 	echo -e "${LGREEN}OK${GREY}"
 fi
 
 # Because the below scripts may be run manually after install, we need to sync them
-# with our global variables or any setup prompt choices we make. This way we can run them
+# with our global variables or any setup prompt choices we made. This way we can run them
 # later and they will all work as a set without any manual changes.
 sed -i "s|MYSQL_HOST=|MYSQL_HOST='${MYSQL_HOST}'|g" $DOWNLOAD_DIR/backup-guac.sh
 sed -i "s|MYSQL_PORT=|MYSQL_PORT='${MYSQL_PORT}'|g" $DOWNLOAD_DIR/backup-guac.sh
@@ -548,47 +553,53 @@ sed -i "s|GUAC_DB=|GUAC_DB='${GUAC_DB}'|g" $DOWNLOAD_DIR/backup-guac.sh
 sed -i "s|DB_BACKUP_DIR=|DB_BACKUP_DIR='${DB_BACKUP_DIR}'|g" $DOWNLOAD_DIR/backup-guac.sh
 sed -i "s|BACKUP_EMAIL=|BACKUP_EMAIL='${BACKUP_EMAIL}'|g" $DOWNLOAD_DIR/backup-guac.sh
 sed -i "s|BACKUP_RETENTION=|BACKUP_RETENTION='${BACKUP_RETENTION}'|g" $DOWNLOAD_DIR/backup-guac.sh
-sed -i "s|GUAC_VERSION=|GUAC_VERSION='${GUAC_VERSION}'|g" $DOWNLOAD_DIR/add-auth-duo.sh
-sed -i "s|GUAC_VERSION=|GUAC_VERSION='${GUAC_VERSION}'|g" $DOWNLOAD_DIR/add-auth-ldap.sh
-sed -i "s|GUAC_VERSION=|GUAC_VERSION='${GUAC_VERSION}'|g" $DOWNLOAD_DIR/add-auth-totp.sh
-sed -i "s|TOMCAT_VERSION=|TOMCAT_VERSION='${TOMCAT_VERSION}'|g" $DOWNLOAD_DIR/add-auth-duo.sh
-sed -i "s|TOMCAT_VERSION=|TOMCAT_VERSION='${TOMCAT_VERSION}'|g" $DOWNLOAD_DIR/add-auth-ldap.sh
-sed -i "s|TOMCAT_VERSION=|TOMCAT_VERSION='${TOMCAT_VERSION}'|g" $DOWNLOAD_DIR/add-auth-totp.sh
-sed -i "s|TOMCAT_VERSION=|TOMCAT_VERSION='${TOMCAT_VERSION}'|g" $DOWNLOAD_DIR/add-fail2ban.sh
 sed -i "s|CERT_COUNTRY=|CERT_COUNTRY='${CERT_COUNTRY}'|g" $DOWNLOAD_DIR/add-ssl-guac-gaucd.sh
 sed -i "s|CERT_STATE=|CERT_STATE='${CERT_STATE}'|g" $DOWNLOAD_DIR/add-ssl-guac-gaucd.sh
 sed -i "s|CERT_LOCATION=|CERT_LOCATION='${CERT_LOCATION=}'|g" $DOWNLOAD_DIR/add-ssl-guac-gaucd.sh
 sed -i "s|CERT_ORG=|CERT_ORG='${CERT_ORG}'|g" $DOWNLOAD_DIR/add-ssl-guac-gaucd.sh
 sed -i "s|CERT_OU=|CERT_OU='${CERT_OU}'|g" $DOWNLOAD_DIR/add-ssl-guac-gaucd.sh
-# As dynamic web links may contain "&" characters, GUAC_SOURCE_LINK is fixed to parse "&" with sed correctly
-FIXED_LINK=$(sed 's/\&/\\&/g' <<< $GUAC_SOURCE_LINK)
-sed -i "s|GUAC_SOURCE_LINK=|GUAC_SOURCE_LINK='${FIXED_LINK}'|g" $DOWNLOAD_DIR/add-auth-duo.sh
-sed -i "s|GUAC_SOURCE_LINK=|GUAC_SOURCE_LINK='${FIXED_LINK}'|g" $DOWNLOAD_DIR/add-auth-ldap.sh
-sed -i "s|GUAC_SOURCE_LINK=|GUAC_SOURCE_LINK='${FIXED_LINK}'|g" $DOWNLOAD_DIR/add-auth-totp.sh
-
-# Pass the relevant variable selections to child install scripts below
-# (This is a more robust method than export, which is unreliable in this instance)
-COLOUR_VAR="GREY=$GREY DGREY=$DGREY GREYB=$GREYB RED=$RED LRED=$LRED GREEN=$GREEN LGREEN=$LGREEN YELLOW=$YELLOW LYELLOW=$LYELLOW BLUE=$BLUE LBLUE=$LBLUECYAN=$CYAN LCYAN=$LCYAN MAGENTA=$MAGENTA LMAGENTA=$LMAGENTA NC=$NC"
-GUAC_VAR="JPEGTURBO=$JPEGTURBO LIBPNG=$LIBPNG GUAC_VERSION=$GUAC_VERSION MYSQLJCON=$MYSQLJCON GUAC_SOURCE_LINK=$GUAC_SOURCE_LINK TOMCAT_VERSION=$TOMCAT_VERSION LOG_LOCATION=$LOG_LOCATION INSTALL_MYSQL=$INSTALL_MYSQL SECURE_MYSQL=$SECURE_MYSQL MYSQL_HOST=$MYSQL_HOST MYSQL_PORT=$MYSQL_PORT GUAC_DB=$GUAC_DB GUAC_USER=$GUAC_USER GUAC_PWD=$GUAC_PWD MYSQL_ROOT_PWD=$MYSQL_ROOT_PWD INSTALL_TOTP=$INSTALL_TOTP INSTALL_DUO=$INSTALL_DUO INSTALL_LDAP=$INSTALL_LDAP BACKUP_EMAIL=$BACKUP_EMAIL"
-NGINX_VAR="TOMCAT_VERSION=$TOMCAT_VERSION LOG_LOCATION=$LOG_LOCATION GUAC_URL=$GUAC_URL PROXY_SITE=$PROXY_SITE"
-SELF_SIGN_VAR="DOWNLOAD_DIR=$DOWNLOAD_DIR TMP_DIR=$TMP_DIR TOMCAT_VERSION=$TOMCAT_VERSION LOG_LOCATION=$LOG_LOCATION GUAC_URL=$GUAC_URL PROXY_SITE=$PROXY_SITE CERT_COUNTRY=$CERT_COUNTRY CERT_STATE=$CERT_STATE CERT_LOCATION=$CERT_LOCATION CERT_ORG=$CERT_ORG CERT_OU=$CERT_OU" 
-LE_VAR="DOWNLOAD_DIR=$DOWNLOAD_DIR TOMCAT_VERSION=$TOMCAT_VERSION LOG_LOCATION=$LOG_LOCATION PROXY_SITE=$PROXY_SITE GUAC_URL=$GUAC_URL LE_DNS_NAME=$LE_DNS_NAME LE_EMAIL=$LE_EMAIL"
+
+# Export the relevant variable selections to child install scripts below
+export BACKUP_EMAIL=$BACKUP_EMAIL
+export CERT_COUNTRY=$CERT_COUNTRY
+export CERT_LOCATION="${CERT_LOCATION}"
+export CERT_ORG="${CERT_ORG}"
+export CERT_OU="${CERT_OU}"
+export CERT_STATE="${CERT_STATE}"
+export DOWNLOAD_DIR="${DOWNLOAD_DIR}"
+export GUAC_DB=$GUAC_DB
+export GUAC_PWD="${GUAC_PWD}"
+export GUAC_SOURCE_LINK=$GUAC_SOURCE_LINK
+export GUAC_URL=$GUAC_URL
+export GUAC_USER=$GUAC_USER
+export GUAC_VERSION=$GUAC_VERSION
+export INSTALL_DUO=$INSTALL_DUO
+export INSTALL_LDAP=$INSTALL_LDAP
+export INSTALL_MYSQL=$INSTALL_MYSQL
+export INSTALL_TOTP=$INSTALL_TOTP
+export JPEGTURBO=$JPEGTURBO
+export LE_DNS_NAME=$LE_DNS_NAME
+export LE_EMAIL=$LE_EMAIL
+export LIBPNG=$LIBPNG
+export LOG_LOCATION=$LOG_LOCATION
+export MYSQL_HOST=$MYSQL_HOST
+export MYSQL_PORT=$MYSQL_PORT
+export MYSQL_ROOT_PWD="${MYSQL_ROOT_PWD}"
+export MYSQLJCON=$MYSQLJCON
+export PROXY_SITE=$PROXY_SITE
+export SECURE_MYSQL=$SECURE_MYSQL
+export TMP_DIR=$TMP_DIR
+export TOMCAT_VERSION=$TOMCAT_VERSION
 
 # Run the Guacamole install script
-sudo $GUAC_VAR $COLOUR_VAR ./2-install-guacamole.sh
+sudo -E ./2-install-guacamole.sh
 if [ $? -ne 0 ]; then
-	echo -e "${RED}2-install-guacamole.sh FAILED. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}2-install-guacamole.sh FAILED. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}Guacamole installation complete\n- Visit: http://${PROXY_SITE}:8080/guacamole\n- Default login (user/pass): guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
 fi
 
-# Duo Settings reminder - If Duo is selected you can't login to Guacamole at all until this extension is fully configured
-if [ $INSTALL_DUO == "true" ]; then
-	echo -e "${YELLOW}Reminder: Duo requires extra account specific config before you can log in to Guacamole."
-	echo -e "See https://guacamole.apache.org/doc/${GUAC_VERSION}/gug/duo-auth.html"
-fi
-
 # Add a Guacamole database backup (mon-fri 12:00am) into cron
 crontab -l > cron_1
 	# Remove existing entry to allow multiple runs
@@ -606,28 +617,32 @@ rm cron_1
 
 ### Install Nginx reverse proxy front end to Guacamole if option is selected
 if [ "${INSTALL_NGINX}" = true ]; then
-	sudo $NGINX_VAR $COLOUR_VAR ./3-install-nginx.sh
+	sudo -E ./3-install-nginx.sh
 	echo -e "${LGREEN}Nginx installation complete\n- Site changed to : http://${PROXY_SITE}\n- Default login (user/pass): guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
 	fi
 
-
 ### Apply self signed SSL certificates to Nginx reverse proxy if option is selected
 if [[ "${INSTALL_NGINX}" = true ]] && [[ "${SELF_SIGN}" = true ]]; then
-	sudo -E $SELF_SIGN_VAR $COLOUR_VAR ./4a-install-ssl-self-signed-nginx.sh ${PROXY_SITE} ${CERT_DAYS}
+sudo -E ./4a-install-ssl-self-signed-nginx.sh ${PROXY_SITE} ${CERT_DAYS}
 echo -e "${LGREEN}Self signed certificates successfully created and configured for Nginx \n- Site changed to : ${LYELLOW}https:${LGREEN}//${PROXY_SITE}\n- Default login (user/pass): guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
 fi
 
-
 ### Apply Let's Encrypt SSL certificates to Nginx reverse proxy if option is selected
 if [[ "${INSTALL_NGINX}" = true ]] && [[ "${LETS_ENCRYPT}" = true ]]; then
-	sudo -E $LE_VAR $COLOUR_VAR ./4b-install-ssl-letsencrypt-nginx.sh
+	sudo -E ./4b-install-ssl-letsencrypt-nginx.sh
 echo -e "${LGREEN}Let's Encrypt SSL successfully configured for Nginx \n- Site changed to : ${LYELLOW}https:${LGREEN}//${LE_DNS_NAME}\n- Default login (user/pass): guacadmin/guacadmin\n${LYELLOW}***Be sure to change the password***${GREY}"
 fi
 
+# Duo Settings reminder - If Duo is selected you can't login to Guacamole at all until this extension is fully configured
+if [ $INSTALL_DUO == "true" ]; then
+	echo
+	echo -e "${LYELLOW}Reminder: Duo requires extra account specific config before you can log in to Guacamole."
+	echo -e "See https://guacamole.apache.org/doc/${GUAC_VERSION}/gug/duo-auth.html"
+fi
 
 # Final tidy up
 echo
-echo -e "${LGREEN}Finally, 1-setup.sh was moved to ${USER_HOME_DIR}/guacamole."
+echo -e "${LGREEN}FYI, 1-setup.sh was moved to ${USER_HOME_DIR}/guacamole."
 mv $USER_HOME_DIR/1-setup.sh $DOWNLOAD_DIR
 sudo rm -R $TMP_DIR
 
diff --git a/2-install-guacamole.sh b/2-install-guacamole.sh
index 9b71281..b114634 100644
--- a/2-install-guacamole.sh
+++ b/2-install-guacamole.sh
@@ -12,20 +12,10 @@
 GREY='\033[0;37m'
 DGREY='\033[0;90m'
 GREYB='\033[1;37m'
-RED='\033[0;31m'
 LRED='\033[0;91m'
-GREEN='\033[0;32m'
 LGREEN='\033[0;92m'
-YELLOW='\033[0;33m'
 LYELLOW='\033[0;93m'
-BLUE='\033[0;34m'
-LBLUE='\033[0;94m'
-CYAN='\033[0;36m'
-LCYAN='\033[0;96m'
-MAGENTA='\033[0;35m'
-LMAGENTA='\033[0;95m'
 NC='\033[0m' #No Colour
-
 clear
 
 #Script branding header
@@ -59,7 +49,7 @@ export DEBIAN_FRONTEND=noninteractive
 sudo apt-get update -qq &>> ${LOG_LOCATION}
 sudo apt-get upgrade -qq -y &>> ${LOG_LOCATION}
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -72,7 +62,7 @@ apt-get -qq -y install ${JPEGTURBO} ${LIBPNG} ufw htop pwgen wget crudini build-
 libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev libpulse-dev libssl-dev \
 libvorbis-dev libwebp-dev ghostscript ${MYSQL} ${TOMCAT_VERSION} &>> ${LOG_LOCATION}
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -80,10 +70,10 @@ fi
 
 # Install Postfix with default settings for smtp email relay
 echo
-echo -e "${GREY}Installing SMTP email for backup email notifications, for SMTP realy with Office365, see separate configuration script..."
+echo -e "${GREY}Installing SMTP email for backup email notifications, see separate SMTP relay configuration script..."
 DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y &>> ${LOG_LOCATION}
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -95,7 +85,7 @@ echo
 echo -e "${GREY}Downloading Guacamole source files..."
 wget -q --show-progress -O guacamole-server-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed to download guacamole-server-${GUAC_VERSION}.tar.gz" 1>&2
+	echo -e "${LRED}Failed to download guacamole-server-${GUAC_VERSION}.tar.gz" 1>&2
 	echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${GUAC_VERSION}.tar.gz${GREY}"
 	exit 1
 	else
@@ -106,7 +96,7 @@ echo -e "${LGREEN}Downloaded guacamole-server-${GUAC_VERSION}.tar.gz${GREY}"
 # Download Guacamole Client
 wget -q --show-progress -O guacamole-${GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed to download guacamole-${GUAC_VERSION}.war" 1>&2
+	echo -e "${LRED}Failed to download guacamole-${GUAC_VERSION}.war" 1>&2
 	echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${GUAC_VERSION}.war${GREY}"
 	exit 1
 fi
@@ -115,7 +105,7 @@ echo -e "${LGREEN}Downloaded guacamole-${GUAC_VERSION}.war${GREY}"
 # Download Guacamole authentication extensions
 wget -q --show-progress -O guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2
+	echo -e "${LRED}Failed to download guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz" 1>&2
 	echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz"
 	exit 1
 	else
@@ -127,7 +117,7 @@ echo -e "${LGREEN}Downloaded guacamole-auth-jdbc-${GUAC_VERSION}.tar.gz${GREY}"
 if [ "${INSTALL_TOTP}" = true ]; then
 	wget -q --show-progress -O guacamole-auth-totp-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz
 	if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed to download guacamole-auth-totp-${GUAC_VERSION}.tar.gz" 1>&2
+	echo -e "${LRED}Failed to download guacamole-auth-totp-${GUAC_VERSION}.tar.gz" 1>&2
 	echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz"
 	exit 1
 	else
@@ -140,7 +130,7 @@ fi
 if [ "${INSTALL_DUO}" = true ]; then
 	wget -q --show-progress -O guacamole-auth-duo-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz
 	if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed to download guacamole-auth-duo-${GUAC_VERSION}.tar.gz" 1>&2
+	echo -e "${LRED}Failed to download guacamole-auth-duo-${GUAC_VERSION}.tar.gz" 1>&2
 	echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz"
 	exit 1
 	else
@@ -153,7 +143,7 @@ fi
 if [ "${INSTALL_LDAP}" = true ]; then
 	wget -q --show-progress -O guacamole-auth-ldap-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz
 	if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed to download guacamole-auth-ldap-${GUAC_VERSION}.tar.gz" 1>&2
+	echo -e "${LRED}Failed to download guacamole-auth-ldap-${GUAC_VERSION}.tar.gz" 1>&2
 	echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${GUAC_VERSION}.tar.gz"
 	exit 1
 	else
@@ -165,7 +155,7 @@ fi
 # Download MySQL connector/j
 wget -q --show-progress -O mysql-connector-java-${MYSQLJCON}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-${MYSQLJCON}.tar.gz
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed to download mysql-connector-java-${MYSQLJCON}.tar.gz" 1>&2
+	echo -e "${LRED}Failed to download mysql-connector-java-${MYSQLJCON}.tar.gz" 1>&2
 	echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-${MYSQLJCON}}.tar.gz${GREY}"
 	exit 1
 	else
@@ -220,7 +210,7 @@ fi
 echo -e "${GREY}Running Make and building the Guacamole-Server application..."
 make &>> ${LOG_LOCATION}
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -230,7 +220,7 @@ fi
 echo -e "${GREY}Installing Guacamole-Server..."
 make install &>> ${LOG_LOCATION}
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -250,7 +240,7 @@ ln -sf /etc/guacamole/guacamole.war /var/lib/${TOMCAT_VERSION}/webapps/
 echo -e "${GREY}Moving mysql-connector-java-${MYSQLJCON}.jar (/etc/guacamole/lib/mysql-connector-java.jar)..."
 mv -f mysql-connector-java-${MYSQLJCON}/mysql-connector-java-${MYSQLJCON}.jar /etc/guacamole/lib/mysql-connector-java.jar
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -296,11 +286,11 @@ if [ "${INSTALL_DUO}" = true ]; then
 	echo -e "${YELLOW}Duo is installed, it will need to be configured via guacamole.properties${GREY}"
 fi
 
-echo -e "${GREY}Applying branded Guacamole login page and favicons."
+echo -e "${GREY}Applying branded Guacamole login page and favicons..."
 # For details on how to brand Guacamole, see https://github.com/Zer0CoolX/guacamole-customize-loginscreen-extension
 sudo mv branding.jar /etc/guacamole/extensions
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -311,7 +301,7 @@ fi
 echo -e "${GREY}Restarting Tomcat service & enable at boot..."
 service ${TOMCAT_VERSION} restart
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed${GREY}" 1>&2
+	echo -e "${LRED}Failed${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -329,7 +319,7 @@ if [ "${INSTALL_MYSQL}" = true ]; then
 	service mysql restart
 fi
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed${GREY}" 1>&2
+	echo -e "${LRED}Failed${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -375,7 +365,7 @@ fi
 fi
 fi
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed${GREY}" 1>&2
+	echo -e "${LRED}Failed${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -398,8 +388,8 @@ SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME='${GUAC_DB
 # Execute SQL code
 MYSQL_RESULT=$( echo ${SQLCODE} | mysql -u root -D information_schema -h ${MYSQL_HOST} -P ${MYSQL_PORT} )
 if [[ $MYSQL_RESULT != "" ]]; then
-	echo -e "${RED}It appears there is already a MySQL database (${GUAC_DB}) on ${MYSQL_HOST}${GREY}" 1>&2
-	echo -e "${RED}Try:    mysql -e 'DROP DATABASE ${GUAC_DB}'${GREY}" 1>&2
+	echo -e "${LRED}It appears there is already a MySQL database (${GUAC_DB}) on ${MYSQL_HOST}${GREY}" 1>&2
+	echo -e "${LRED}Try:    mysql -e 'DROP DATABASE ${GUAC_DB}'${GREY}" 1>&2
 	#exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -414,8 +404,8 @@ SELECT COUNT(*) FROM mysql.user WHERE user = '${GUAC_USER}';"
 # Execute SQL code
 MYSQL_RESULT=$( echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT} | grep '0' )
 if [[ $MYSQL_RESULT == "" ]]; then
-	echo -e "${RED}It appears there is already a MySQL user (${GUAC_USER}) on ${MYSQL_HOST}${GREY}" 1>&2
-	echo -e "${RED}Try:    mysql -e \"DROP USER '${GUAC_USER}'@'${GUAC_USERHost}'; FLUSH PRIVILEGES;\"${GREY}" 1>&2
+	echo -e "${LRED}It appears there is already a MySQL user (${GUAC_USER}) on ${MYSQL_HOST}${GREY}" 1>&2
+	echo -e "${LRED}Try:    mysql -e \"DROP USER '${GUAC_USER}'@'${GUAC_USERHost}'; FLUSH PRIVILEGES;\"${GREY}" 1>&2
 	#exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -437,7 +427,7 @@ echo ${SQLCODE} | mysql -u root -D mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT}
 echo -e "${GREY}Adding database tables..."
 cat guacamole-auth-jdbc-${GUAC_VERSION}/mysql/schema/*.sql | mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT}
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed${GREY}" 1>&2
+	echo -e "${LRED}Failed${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -452,7 +442,7 @@ bind_host = 0.0.0.0
 bind_port = 4822
 EOF
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -465,7 +455,7 @@ systemctl enable guacd
 service guacd stop 2>/dev/null
 service guacd start
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -478,7 +468,7 @@ rm -rf guacamole-*
 rm -rf mysql-connector-java-*
 unset MYSQL_PWD
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -488,10 +478,10 @@ fi
 # Apply Secure MySQL installation settings
 if [ "${SECURE_MYSQL}" = true ]; then
 echo -e "${GREY}Applying mysql_secure_installation settings...${GREY}"
-printf "${MYSQL_ROOT_PWD}\n n\n n\n y\n y\n y\n y\n y\n" | mysql_secure_installation -u root --password="${MYSQL_ROOT_PWD}" &>> ${LOG_LOCATION}
+printf "${MYSQL_ROOT_PWD}\n n\n n\n y\n y\n y\n y\n y\n" | sudo mysql_secure_installation &>> ${LOG_LOCATION}
 fi
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
diff --git a/3-install-nginx.sh b/3-install-nginx.sh
index 527146a..5a0f17a 100644
--- a/3-install-nginx.sh
+++ b/3-install-nginx.sh
@@ -11,18 +11,9 @@
 GREY='\033[0;37m'
 DGREY='\033[0;90m'
 GREYB='\033[1;37m'
-RED='\033[0;31m'
 LRED='\033[0;91m'
-GREEN='\033[0;32m'
 LGREEN='\033[0;92m'
-YELLOW='\033[0;33m'
 LYELLOW='\033[0;93m'
-BLUE='\033[0;34m'
-LBLUE='\033[0;94m'
-CYAN='\033[0;36m'
-LCYAN='\033[0;96m'
-MAGENTA='\033[0;35m'
-LMAGENTA='\033[0;95m'
 NC='\033[0m' #No Colour
 
 echo
@@ -53,7 +44,7 @@ server {
 }
 EOF
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -70,7 +61,7 @@ unlink /etc/nginx/sites-enabled/default
 echo -e "${GREY}Configuring Apache Tomcat valve for pass through of client IPs to Guacamole logs...${GREY}"
 sudo sed -i '/pattern="%h %l %u %t &quot;%r&quot; %s %b"/a        \        <!-- Allow host IP to pass through to guacamole.-->\n        <Valve className="org.apache.catalina.valves.RemoteIpValve"\n               internalProxies="127\.0\.0\.1|0:0:0:0:0:0:0:1"\n               remoteIpHeader="x-forwarded-for"\n               remoteIpProxiesHeader="x-forwarded-by"\n               protocolHeader="x-forwarded-proto" />' /etc/$TOMCAT_VERSION/server.xml
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -82,7 +73,7 @@ sudo sed -i '/client_max_body_size/d' /etc/nginx/nginx.conf # remove this line i
 sudo sed -i "/Basic Settings/a \        client_max_body_size 100000000M;" /etc/nginx/nginx.conf # Add the larger file transfer size
 echo -e "${GREY}Boosting Nginx's 'maximum body size' parameter to support file transfers > 100 TB through the proxy...${GREY}"
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -91,13 +82,14 @@ fi
 
 # Bind guacd to localhost and force all Guacamole connections via reverse proxy
 echo -e "${GREY}Binding guacd to 127.0.0.1 port 4822..."
+cp /etc/guacamole/guacd.conf /etc/guacamole/guacd.conf.bak
 cat > /etc/guacamole/guacd.conf <<- "EOF"
 [server]
 bind_host = 127.0.0.1
 bind_port = 4822
 EOF
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 else
 	echo -e "${LGREEN}OK${GREY}"
@@ -113,7 +105,7 @@ sudo ufw allow 80/tcp > /dev/null 2>&1
 sudo ufw allow 443/tcp > /dev/null 2>&1
 echo "y" | sudo ufw enable > /dev/null 2>&1
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -126,7 +118,7 @@ sudo systemctl restart $TOMCAT_VERSION
 sudo systemctl restart guacd
 sudo systemctl restart nginx
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
diff --git a/4a-install-ssl-self-signed-nginx.sh b/4a-install-ssl-self-signed-nginx.sh
index dcee7b9..efdb41e 100644
--- a/4a-install-ssl-self-signed-nginx.sh
+++ b/4a-install-ssl-self-signed-nginx.sh
@@ -7,26 +7,13 @@
 # April 2023
 #######################################################################################################################
 
-# To run manually and regenerate certificates, this script must be run in the current user enviroment [-E switch]
-# to provide certifacate outputs correctly. Runing just as sudo will save certs to sudo's home path
-# sudo -E ./4a-install-ssl-self-signed-nginx.sh [your-dns-name.local] [3650]
-
 # Prepare text output colours
 GREY='\033[0;37m'
 DGREY='\033[0;90m'
 GREYB='\033[1;37m'
-RED='\033[0;31m'
 LRED='\033[0;91m'
-GREEN='\033[0;32m'
 LGREEN='\033[0;92m'
-YELLOW='\033[0;33m'
 LYELLOW='\033[0;93m'
-BLUE='\033[0;34m'
-LBLUE='\033[0;94m'
-CYAN='\033[0;36m'
-LCYAN='\033[0;96m'
-MAGENTA='\033[0;35m'
-LMAGENTA='\033[0;95m'
 NC='\033[0m' #No Colour
 
 echo
@@ -34,30 +21,41 @@ echo
 echo -e "${LGREEN}Setting up self signed SSL certificates for Nginx...${GREY}"
 echo
 
-# Hack to assist with displaying "$" symbols and " ' quotes in a (cut/pasteable) bash screen output format for Nginx configs
-SHOWASTEXT1='$mypwd'
-SHOWASTEXT2='"Cert:\LocalMachine\Root"'
-
-# Discover all IPv4 interfaces addresses to bind to new SSL certficates
-	echo -e "${GREY}Discovering the default route interface and DNS names to bind with the new SSL certificate..."
-	# Dump interface info and copy this output to a temp file
-	DUMP_IPS=$(ip -o addr show up primary scope global | while read -r num dev fam addr rest; do echo ${addr%/*}; done)
-	echo $DUMP_IPS > $TMP_DIR/dump_ips.txt
+# Setup script cmd line arguments for proxy site and certificate days
+SSLNAME=$1
+SSLDAYS=$2
 
-	# Filter out anything but numerical characters, then add output to a temporary list
-	grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" $TMP_DIR/dump_ips.txt > $TMP_DIR/ip_list.txt
+#######################################################################################################################
+# If you wish to add/regenerate self signed SSL to a pre-existing Nginx install, this script can be adapted to be run 
+# standalone. To run as standalone, simply un-comment this entire section and provide the desired variable 
+# values to complete the reconfiguration of Nginx.
+
+# Variable inputs
+#TOMCAT_VERSION="tomcat9" # Not needed for general SSL install(if Guacamole not present, also comment the tomcat restart)
+#DOWNLOAD_DIR=$(eval echo ~${SUDO_USER})
+#LOG_LOCATION="${DOWNLOAD_DIR}/ssl_install.log"
+#TMP_DIR=/tmp
+#GUAC_URL=http://localhost:8080/guacamole/ # substitute for whatever url that nginx is proxying
+#CERT_COUNTRY="AU" # must be two letter code!
+#CERT_STATE="Victoria"
+#CERT_LOCATION="Melbourne"
+#CERT_ORG="Itiligent"
+#CERT_OU="I.T. dept"
+#PROXY_SITE=$SSLNAME
+
+# To run manually or to regenerate SSL certificates, this script must be run in the current user enviroment [-E switch]
+# Be aware that runing this script just as sudo will save certs to sudo's home path with incorrect permissions, 
+# plus the custom certifcate install instructions shown after running will be invalid. 
+
+# e.g. sudo -E ./4a-install-ssl-self-signed-nginx.sh proxy-site-name 3650
 
-	# Separate each row in the temporary ip_list.txt file and further split each single row into a separate new temp file for each individual IP address found
-	sed -n '1p' $TMP_DIR/ip_list.txt > $TMP_DIR/1st_ip.txt
-	#sed -n '2p' $TMP_DIR/ip_list.txt > $TMP_DIR/2nd_ip.txt # uncomment for 2nd interface
-	#sed -n '3p' $TMP_DIR/ip_list.txt > $TMP_DIR/3rd_ip.txt # uncomment for 3rd interface etc
+#######################################################################################################################
 
-	# Assign each individual IP address temp file a discreet variable for use in the certificate parameters setup
-	IP1=$(cat $TMP_DIR/1st_ip.txt)
-	#IP2=$(cat $TMP_DIR/2nd_ip.txt) # uncomment for 2nd interface
-	#IP3=$(cat $TMP_DIR/3rd_ip.txt) # uncomment for 3rd interface etc
+# Discover IPv4 interface
+echo -e "${GREY}Discovering the default route interface and Proxy DNS name to bind with the new SSL certificate..."
+DEFAULT_IP=$(ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | head -n 1 | awk '/inet/ {print $2}' | cut -d'/' -f1)
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -88,7 +86,7 @@ subjectAltName      = @alt_names
 
 [alt_names]
 DNS.1               = $PROXY_SITE
-IP.1                = $IP1
+IP.1                = $DEFAULT_IP
 EOF
 # Add IP.2 & IP.3 into the above cat <<EOF as needed.
 #IP.2                = $IP3
@@ -101,10 +99,6 @@ EOF
 DIR_SSL_CERT="/etc/nginx/ssl/cert"
 DIR_SSL_KEY="/etc/nginx/ssl/private"
 
-# Setup SSL certificate variables
-SSLNAME=$1
-SSLDAYS=$2
-
 # Make directories to place SSL Certificate if they don't exist
 if [[ ! -d $DIR_SSL_KEY ]]; then
 	sudo mkdir -p $DIR_SSL_KEY
@@ -122,7 +116,7 @@ echo
 echo "{$GREY}Creating a new Nginx SSL Certificate ..."
 openssl req -x509 -nodes -newkey rsa:2048 -keyout $SSLNAME.key -out $SSLNAME.crt -days $SSLDAYS -config $TMP_DIR/cert_attributes.txt
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -138,7 +132,7 @@ fi
 	sudo openssl pkcs12 -export -out $SSLNAME.pfx -inkey $SSLNAME.key -in $SSLNAME.crt -password pass:1234
 	sudo chmod 0774 $SSLNAME.pfx
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -146,10 +140,10 @@ if [ $? -ne 0 ]; then
 fi
 
 # Backup the current Nginx config before update
-cp /etc/nginx/sites-enabled/${PROXY_SITE} $DOWNLOAD_DIR/${PROXY_SITE}-nginx.bak
 echo -e "${GREY}Backing up previous Nginx proxy to $DOWNLOAD_DIR/$PROXY_SITE-nginx.bak"
+cp /etc/nginx/sites-enabled/${PROXY_SITE} $DOWNLOAD_DIR/${PROXY_SITE}-nginx.bak
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -198,13 +192,16 @@ server {
 }
 EOF
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
 	echo
 fi
 
+# Hack to assist with displaying "$" symbols and " ' quotes in a (cut/pasteable) bash screen output format for Nginx configs
+SHOWASTEXT1='$mypwd'
+SHOWASTEXT2='"Cert:\LocalMachine\Root"'
 
 printf "${GREY}+-------------------------------------------------------------------------------------------------------------
 ${LGREEN}+ WINDOWS CLIENT SELF SIGNED SSL BROWSER CONFIG - SAVE THIS BEFORE CONTINUING!${GREY}
@@ -236,7 +233,7 @@ sudo systemctl restart $TOMCAT_VERSION
 sudo systemctl restart guacd
 sudo systemctl restart nginx
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 else
 	echo -e "${LGREEN}OK${GREY}"
diff --git a/4b-install-ssl-letsencrypt-nginx.sh b/4b-install-ssl-letsencrypt-nginx.sh
index a8b5bd3..8ace052 100644
--- a/4b-install-ssl-letsencrypt-nginx.sh
+++ b/4b-install-ssl-letsencrypt-nginx.sh
@@ -11,18 +11,9 @@
 GREY='\033[0;37m'
 DGREY='\033[0;90m'
 GREYB='\033[1;37m'
-RED='\033[0;31m'
 LRED='\033[0;91m'
-GREEN='\033[0;32m'
 LGREEN='\033[0;92m'
-YELLOW='\033[0;33m'
 LYELLOW='\033[0;93m'
-BLUE='\033[0;34m'
-LBLUE='\033[0;94m'
-CYAN='\033[0;36m'
-LCYAN='\033[0;96m'
-MAGENTA='\033[0;35m'
-LMAGENTA='\033[0;95m'
 NC='\033[0m' #No Colour
 
 echo
@@ -30,16 +21,61 @@ echo
 echo -e "${LGREEN}Installing Let's Encrypt SSL configuration for Nginx...${GREY}"
 echo
 
+#######################################################################################################################
+# If you wish to add/regenerate self signed SSL to a pre-existing Nginx install, this script can be adapted to be run 
+# standalone. To run as standalone, simply un-comment this entire section and provide the desired variable 
+# values to complete the reconfiguration of Nginx.
+
+# Variable inputs
+#TOMCAT_VERSION="tomcat9" # Not be needed for genreral SSL install SSL (i.e. where Guacamole not present)
+#DOWNLOAD_DIR=$(eval echo ~${SUDO_USER})
+#LOG_LOCATION="${DOWNLOAD_DIR}/ssl_install.log"
+#GUAC_URL=http://localhost:8080/guacamole/ # substitute for whatever url that nginx is proxying
+
+# Find the existing nginx site name
+#echo -e "${GREY}Discovering exising proxy sites to configure with SSL...${GREY}"
+#for file in "/etc/nginx/sites-enabled"/*
+#do
+#PROXY_SITE="${file##*/}"
+#done
+#if [ $? -ne 0 ]; then
+#	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+#	exit 1
+#	else
+#	echo -e "${LGREEN}OK${GREY}"
+#fi
+#echo
+# Prompt for the FQDN of the new Let's encrypt certificate
+#while true
+#do
+#echo -e "${LGREEN}"
+#read -p "Enter the public FQDN for your proxy site: " LE_DNS_NAME
+#echo
+# [ "${LE_DNS_NAME}" != "" ] && break
+#done
+
+# Prompt for the admin/webmaster email for Let's encrypt certificate notifications
+#while true
+#do
+#echo -e "${LGREEN}"
+#read -p "Enter the email address for Let's Encrypt notifications : " LE_EMAIL
+#echo
+# [ "${LE_EMAIL}" != "" ] && break
+#done
+#echo -e "${GREY}"
+
+#######################################################################################################################
+
 # Install nginx
 apt-get update -qq &>> ${LOG_LOCATION}
 apt-get install nginx certbot python3-certbot-nginx -qq -y &>> ${LOG_LOCATION}
 
 # Backup the current Nginx config
-	cp /etc/nginx/sites-enabled/${PROXY_SITE}  $DOWNLOAD_DIR/${PROXY_SITE}-nginx.bak
 	echo
 	echo -e "${GREY}Backing up previous Nginx proxy to $DOWNLOAD_DIR/$PROXY_SITE-nginx.bak"
+	cp /etc/nginx/sites-enabled/${PROXY_SITE}  $DOWNLOAD_DIR/${PROXY_SITE}-nginx.bak
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 else
 	echo -e "${LGREEN}OK${GREY}"
@@ -67,7 +103,7 @@ server {
 }
 EOL
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -82,7 +118,7 @@ certbot --nginx -n -d $LE_DNS_NAME --email $LE_EMAIL --agree-tos --redirect --hs
 echo -e 
 echo -e "${GREY}Let's Encrypt successfully installed, but check for any errors above (DNS & firewall are the usual culprits).${GREY}"
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -104,7 +140,7 @@ echo "${MINUTE} ${HOUR} * * * /usr/bin/certbot renew --quiet --pre-hook 'service
 crontab cron_1
 rm cron_1
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
@@ -117,7 +153,7 @@ sudo systemctl restart $TOMCAT_VERSION
 sudo systemctl restart guacd
 sudo systemctl restart nginx
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}OK${GREY}"
diff --git a/add-auth-duo.sh b/add-auth-duo.sh
index ee82f3d..f00e4e4 100644
--- a/add-auth-duo.sh
+++ b/add-auth-duo.sh
@@ -10,18 +10,9 @@
 GREY='\033[0;37m'
 DGREY='\033[0;90m'
 GREYB='\033[1;37m'
-RED='\033[0;31m'
 LRED='\033[0;91m'
-GREEN='\033[0;32m'
 LGREEN='\033[0;92m'
-YELLOW='\033[0;33m'
 LYELLOW='\033[0;93m'
-BLUE='\033[0;34m'
-LBLUE='\033[0;94m'
-CYAN='\033[0;36m'
-LCYAN='\033[0;96m'
-MAGENTA='\033[0;35m'
-LMAGENTA='\033[0;95m'
 NC='\033[0m' #No Colour
 
 clear
@@ -31,10 +22,9 @@ if ! [ $( id -u ) = 0 ]; then
 	echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
 	exit 1
 fi
-
-GUAC_VERSION=
-TOMCAT_VERSION=
-GUAC_SOURCE_LINK=
+TOMCAT_VERSION=$(ls /etc/ | grep tomcat)
+GUAC_VERSION=$(grep -oP 'Guacamole.API_VERSION = "\K[0-9\.]+' /var/lib/${TOMCAT_VERSION}/webapps/guacamole/guacamole-common-js/modules/Version.js)
+GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GUAC_VERSION}"
 
 echo
 wget -q --show-progress -O guacamole-auth-duo-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${GUAC_VERSION}.tar.gz
diff --git a/add-auth-ldap.sh b/add-auth-ldap.sh
index a8612eb..90df8ea 100644
--- a/add-auth-ldap.sh
+++ b/add-auth-ldap.sh
@@ -10,18 +10,9 @@
 GREY='\033[0;37m'
 DGREY='\033[0;90m'
 GREYB='\033[1;37m'
-RED='\033[0;31m'
 LRED='\033[0;91m'
-GREEN='\033[0;32m'
 LGREEN='\033[0;92m'
-YELLOW='\033[0;33m'
 LYELLOW='\033[0;93m'
-BLUE='\033[0;34m'
-LBLUE='\033[0;94m'
-CYAN='\033[0;36m'
-LCYAN='\033[0;96m'
-MAGENTA='\033[0;35m'
-LMAGENTA='\033[0;95m'
 NC='\033[0m' #No Colour
 
 clear
@@ -34,9 +25,9 @@ if ! [ $( id -u ) = 0 ]; then
 	exit 1
 fi
 
-GUAC_VERSION=
-TOMCAT_VERSION=
-GUAC_SOURCE_LINK=
+TOMCAT_VERSION=$(ls /etc/ | grep tomcat)
+GUAC_VERSION=$(grep -oP 'Guacamole.API_VERSION = "\K[0-9\.]+' /var/lib/${TOMCAT_VERSION}/webapps/guacamole/guacamole-common-js/modules/Version.js)
+GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GUAC_VERSION}"
 
 echo
 echo -e "${LYELLOW}Have you updated this script to reflect your Active Directory settings?${NC}"
diff --git a/add-auth-totp.sh b/add-auth-totp.sh
index 0a6202f..41aa0b6 100644
--- a/add-auth-totp.sh
+++ b/add-auth-totp.sh
@@ -10,18 +10,9 @@
 GREY='\033[0;37m'
 DGREY='\033[0;90m'
 GREYB='\033[1;37m'
-RED='\033[0;31m'
 LRED='\033[0;91m'
-GREEN='\033[0;32m'
 LGREEN='\033[0;92m'
-YELLOW='\033[0;33m'
 LYELLOW='\033[0;93m'
-BLUE='\033[0;34m'
-LBLUE='\033[0;94m'
-CYAN='\033[0;36m'
-LCYAN='\033[0;96m'
-MAGENTA='\033[0;35m'
-LMAGENTA='\033[0;95m'
 NC='\033[0m' #No Colour
 
 clear
@@ -32,9 +23,9 @@ if ! [ $( id -u ) = 0 ]; then
 	exit 1
 fi
 
-GUAC_VERSION=
-TOMCAT_VERSION=
-GUAC_SOURCE_LINK=
+TOMCAT_VERSION=$(ls /etc/ | grep tomcat)
+GUAC_VERSION=$(grep -oP 'Guacamole.API_VERSION = "\K[0-9\.]+' /var/lib/${TOMCAT_VERSION}/webapps/guacamole/guacamole-common-js/modules/Version.js)
+GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GUAC_VERSION}"
 
 echo
 wget -q --show-progress -O guacamole-auth-totp-${GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${GUAC_VERSION}.tar.gz
diff --git a/add-fail2ban.sh b/add-fail2ban.sh
index d9d4cd1..3472d1c 100644
--- a/add-fail2ban.sh
+++ b/add-fail2ban.sh
@@ -10,18 +10,9 @@
 GREY='\033[0;37m'
 DGREY='\033[0;90m'
 GREYB='\033[1;37m'
-RED='\033[0;31m'
 LRED='\033[0;91m'
-GREEN='\033[0;32m'
 LGREEN='\033[0;92m'
-YELLOW='\033[0;33m'
 LYELLOW='\033[0;93m'
-BLUE='\033[0;34m'
-LBLUE='\033[0;94m'
-CYAN='\033[0;36m'
-LCYAN='\033[0;96m'
-MAGENTA='\033[0;35m'
-LMAGENTA='\033[0;95m'
 NC='\033[0m' #No Colour
 
 clear
@@ -37,7 +28,7 @@ FAIL2BAN_BASE=""
 FAIL2BAN_GUAC=""
 FAIL2BAN_NGINX=""
 FAIL2BAN_SSH=""
-TOMCAT_VERSION=
+TOMCAT_VERSION=$(ls /etc/ | grep tomcat)
 
 #Clean up from any previous runs
 rm -f /tmp/fail2ban.conf
diff --git a/add-smtp-relay-o365.sh b/add-smtp-relay-o365.sh
index b063b2a..eb95ff2 100644
--- a/add-smtp-relay-o365.sh
+++ b/add-smtp-relay-o365.sh
@@ -15,7 +15,7 @@
 GREY='\033[0;37m'
 DGREY='\033[0;90m'
 GREYB='\033[1;37m'
-RED='\033[0;31m'
+LRED='\033[0;91m'
 LGREEN='\033[0;92m'
 LYELLOW='\033[0;93m'
 NC='\033[0m' #No Colour
@@ -42,7 +42,7 @@ echo -e "${GREY}Installing Postfix with non-interactive defaults..."
 sudo apt update -qq > /dev/null 2>&1
 DEBIAN_FRONTEND="noninteractive" apt-get install postfix mailutils -qq -y > /dev/null 2>&1
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Postfix install failed. ${GREY}" 1>&2
+	echo -e "${LRED}Postfix install failed. ${GREY}" 1>&2
 	exit 1
 else
 	echo -e "${LGREEN}OK${GREY}"
@@ -80,7 +80,7 @@ smtp_generic_maps = hash:/etc/postfix/generic
 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 EOF
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Postfix restart failed. ${GREY}" 1>&2
+	echo -e "${LRED}Postfix restart failed. ${GREY}" 1>&2
 	exit 1
 else
 	echo -e "${LGREEN}OK${GREY}"
@@ -111,7 +111,7 @@ sudo postmap /etc/postfix/generic
 echo -e "${GREY}Restarting Postfix..."
 sudo service postfix restart
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Postfix restart failed. ${GREY}" 1>&2
+	echo -e "${LRED}Postfix restart failed. ${GREY}" 1>&2
 	exit 1
 else
 	echo -e "${LGREEN}OK${GREY}"
diff --git a/add-ssl-guac-gaucd.sh b/add-ssl-guac-gaucd.sh
index f8f4ea3..e8c9c29 100644
--- a/add-ssl-guac-gaucd.sh
+++ b/add-ssl-guac-gaucd.sh
@@ -10,18 +10,9 @@
 GREY='\033[0;37m'
 DGREY='\033[0;90m'
 GREYB='\033[1;37m'
-RED='\033[0;31m'
 LRED='\033[0;91m'
-GREEN='\033[0;32m'
 LGREEN='\033[0;92m'
-YELLOW='\033[0;33m'
 LYELLOW='\033[0;93m'
-BLUE='\033[0;34m'
-LBLUE='\033[0;94m'
-CYAN='\033[0;36m'
-LCYAN='\033[0;96m'
-MAGENTA='\033[0;35m'
-LMAGENTA='\033[0;95m'
 NC='\033[0m' #No Colour
 
 CERT_COUNTRY=
diff --git a/backup-guac.sh b/backup-guac.sh
index 1d7aaa7..1cd8c0a 100644
--- a/backup-guac.sh
+++ b/backup-guac.sh
@@ -10,18 +10,9 @@
 GREY='\033[0;37m'
 DGREY='\033[0;90m'
 GREYB='\033[1;37m'
-RED='\033[0;31m'
 LRED='\033[0;91m'
-GREEN='\033[0;32m'
 LGREEN='\033[0;92m'
-YELLOW='\033[0;33m'
 LYELLOW='\033[0;93m'
-BLUE='\033[0;34m'
-LBLUE='\033[0;94m'
-CYAN='\033[0;36m'
-LCYAN='\033[0;96m'
-MAGENTA='\033[0;35m'
-LMAGENTA='\033[0;95m'
 NC='\033[0m' #No Colour
 
 clear
@@ -49,13 +40,13 @@ echo
 mysqldump -h ${MYSQL_HOST} \
 -P ${MYSQL_PORT} \
 -u ${GUAC_USER} \
--p${GUAC_PWD} \
+-p"${GUAC_PWD}" \
 ${GUAC_DB} \
  --single-transaction --quick --lock-tables=false > \
 ${DB_BACKUP_DIR}${GUAC_DB}-${TODAY}.sql
 SQLFILE=${DB_BACKUP_DIR}${GUAC_DB}-${TODAY}.sql
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Backup failed.${GREY}" 1>&2
+	echo -e "${LRED}Backup failed.${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}Backup completed ok.${GREY}"
@@ -64,7 +55,7 @@ fi
 gzip -f ${SQLFILE}
 # Error check and email alerts
 if [ $? -ne 0 ]; then
-	echo -e "${RED}Backup failed.${GREY}" 1>&2
+	echo -e "${LRED}Backup failed.${GREY}" 1>&2
 	exit 1
 	else
 	echo -e "${LGREEN}${GUAC_DB} backup was successfully copied to ${DB_BACKUP_DIR}"
diff --git a/upgrade-guac.sh b/upgrade-guac.sh
new file mode 100644
index 0000000..472d4ea
--- /dev/null
+++ b/upgrade-guac.sh
@@ -0,0 +1,350 @@
+#!/bin/bash
+######################################################################################################################
+# Guacamole appliance upgrade script
+# For Ubuntu / Debian / Raspian
+# David Harrop
+# April 2023
+#######################################################################################################################
+
+#######################################################################################################################
+# Initial enviromment setup ###########################################################################################
+#######################################################################################################################
+
+clear
+
+# Prepare text output colours
+GREY='\033[0;37m'
+DGREY='\033[0;90m'
+GREYB='\033[1;37m'
+LRED='\033[0;91m'
+LGREEN='\033[0;92m'
+LYELLOW='\033[0;93m'
+NC='\033[0m' #No Colour
+
+if ! [ $( id -u ) = 0 ]; then
+	echo
+	echo -e "${LGREEN}Please run this script as sudo or root${NC}" 1>&2
+	exit 1
+fi
+
+#Setup download and temp directory paths
+USER_HOME_DIR=$(eval echo ~${SUDO_USER})
+DOWNLOAD_DIR=$USER_HOME_DIR/guac-setup/upgrade
+
+# Script branding header
+echo
+	echo -e "${GREYB}Itiligent Virtual Desktop Appliance UPGRADE"
+	echo -e "                    ${LGREEN}Powered by Guacamole"
+	echo
+
+# Setup directory locations
+mkdir -p $DOWNLOAD_DIR
+
+# Version of Guacamole to upgrade to
+NEW_GUAC_VERSION="1.5.1"
+
+# Get the currently installed Tomcat version.
+TOMCAT_VERSION=$(ls /etc/ | grep tomcat)
+
+# Get the currently installed Guacamole version
+OLD_GUAC_VERSION=$(grep -oP 'Guacamole.API_VERSION = "\K[0-9\.]+' /var/lib/${TOMCAT_VERSION}/webapps/guacamole/guacamole-common-js/modules/Version.js)
+
+# Set preferred Apache CDN download link
+GUAC_SOURCE_LINK="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${NEW_GUAC_VERSION}"
+# Set preferred Apache CDN download link
+
+# Install log Location
+LOG_LOCATION="${DOWNLOAD_DIR}/guacamole_${NEW_GUAC_VERSION}_upgrade.log"
+
+# Non interactive silent setup options - add true/false or specific values
+MYSQL_HOST=""					# leave blank for localhost default, only specify for remote servers
+MYSQL_PORT=""					# If blank default is 3306
+GUAC_DB=""					# If blank default is guacamole_db
+GUAC_USER=""					# if blank default is guacamole_user
+GUAC_PWD=""					# Should not be blank as this may break some aspects of install
+MYSQL_ROOT_PWD=""				# Should not be blank as this may break some aspects of install
+
+echo
+# For convenience & sanity check, display status of preset script options at start of install
+echo -e "${GREY}Enabled non-interactive presets listed below, blank entries will prompt. Ctrl+x to stop/edit"
+echo -e "${DGREY}Current Guacamole version\t= ${GREY}${OLD_GUAC_VERSION}"
+echo -e "${DGREY}Guacamole upgrade version\t= ${GREY}${NEW_GUAC_VERSION}"
+echo -e "${DGREY}MySQL hostname/IP\t\t= ${GREY}${MYSQL_HOST}"
+echo -e "${DGREY}MySQL port\t\t\t= ${GREY}${MYSQL_PORT}"
+echo -e "${DGREY}Guacamole db name\t\t= ${GREY}${GUAC_DB}"
+echo -e "${DGREY}Guacamole db user name\t\t= ${GREY}${GUAC_USER}"
+echo -e "${DGREY}Guacamole user pwd\t\t= ${GREY}${GUAC_PWD}"
+echo -e "${DGREY}MySQL root pwd\t\t\t= ${GREY}${MYSQL_ROOT_PWD}${GREY}"
+echo
+
+#######################################################################################################################
+# Prompt inputs #######################################################################################################
+#######################################################################################################################
+
+# Get MySQL Hostname or IP
+if [ -z "${MYSQL_HOST}" ]; then
+	read -s -p "Enter MySQL server hostname or IP [localhost]: " MYSQL_HOST
+	echo
+fi
+
+# Get MySQL Port
+if [ -z "${MYSQL_PORT}" ]; then
+	read -s -p "Enter MySQL server port [3306]: " MYSQL_PORT
+	echo
+fi
+
+# Get MySQL database name
+if [ -z "${GUAC_DB}" ]; then
+	read -s -p "Enter Guacamole database name [guacamole_db]: " GUAC_DB
+	echo
+fi
+
+# Get MySQL user name 
+if [ -z "${GUAC_USER}" ]; then
+	read -s -p "Enter Guacamole user name [guacamole_user]: " GUAC_USER
+	echo
+fi
+
+# Get Guacamole User password, confirm correct password entry and prevent blank passwords
+if [ -z "${GUAC_PWD}" ]; then
+	read -s -p "Enter MySQL guacamole_user password: " GUAC_PWD
+	echo
+fi
+
+# Get MySQL root password
+if [ -z "${MYSQL_ROOT_PWD}" ]; then
+	read -s -p "Enter MySQL root password: " MYSQL_ROOT_PWD
+	echo
+fi
+
+
+# Set prompt input defaults if values not given
+
+# Checking if a mysql host given, if not set a default
+if [ -z "${MYSQL_HOST}" ]; then
+	MYSQL_HOST="localhost"
+fi
+
+# Checking if a mysql port given, if not set a default
+if [ -z "${MYSQL_PORT}" ]; then
+	MYSQL_PORT="3306"
+fi
+
+# Checking if a database name given, if not set a default
+if [ -z "${GUAC_DB}" ]; then
+	GUAC_DB="guacamole_db"
+fi
+
+# Checking if a mysql user given, if not set a default
+if [ -z "${GUAC_USER}" ]; then
+	GUAC_USER="guacamole_user"
+fi
+
+#######################################################################################################################
+# Start upgrade actions  ##############################################################################################
+#######################################################################################################################
+
+sudo apt-get upgrade -qq -y
+
+# Stop tomcat and guacd
+systemctl stop ${TOMCAT_VERSION} 
+systemctl stop guacd
+
+cd $DOWNLOAD_DIR
+
+echo
+echo -e "${GREY}Beggining Guacamole ${OLD_GUAC_VERSION} to ${NEW_GUAC_VERSION} upgrade..."
+wget -q --show-progress -O guacamole-${NEW_GUAC_VERSION}.war ${GUAC_SOURCE_LINK}/binary/guacamole-${NEW_GUAC_VERSION}.war
+if [ $? -ne 0 ]; then
+	echo -e "${LRED}Failed to download guacamole-${NEW_GUAC_VERSION}.war" 1>&2
+	echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-${NEW_GUAC_VERSION}.war${GREY}"
+	exit 1
+	else
+	rm /etc/guacamole/guacamole.war
+	mv -f guacamole-${NEW_GUAC_VERSION}.war /etc/guacamole/guacamole.war
+fi
+echo -e "${LGREEN}Upgraded Guacamole client to version ${NEW_GUAC_VERSION}${GREY}"
+
+
+# Download and upgrade Guacamole SQL authentication extension
+wget -q --show-progress -O guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz
+if [ $? -ne 0 ]; then
+	echo -e "${LRED}Failed to download guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz" 1>&2
+	echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz"
+	exit 1
+	else
+	tar -xzf guacamole-auth-jdbc-${NEW_GUAC_VERSION}.tar.gz
+	rm /etc/guacamole/extensions/guacamole-auth-jdbc-*.jar
+	mv -f guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/guacamole-auth-jdbc-mysql-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/
+fi
+echo -e "${LGREEN}Upgraded Guacamole SQL jdbc to version ${NEW_GUAC_VERSION}${GREY}"
+
+# Download Guacamole Server
+wget -q --show-progress -O guacamole-server-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/source/guacamole-server-${NEW_GUAC_VERSION}.tar.gz
+if [ $? -ne 0 ]; then
+	echo -e "${LRED}Failed to download guacamole-server-${NEW_GUAC_VERSION}.tar.gz" 1>&2
+	echo -e "${GUAC_SOURCE_LINK}/source/guacamole-server-${NEW_GUAC_VERSION}.tar.gz${GREY}"
+	exit 1
+	else
+	tar -xzf guacamole-server-${NEW_GUAC_VERSION}.tar.gz
+fi
+echo -e "${LGREEN}Downloaded guacamole-server-${NEW_GUAC_VERSION}.tar.gz${GREY}"
+
+# Make and install guacd (Guacamole-Server)
+cd guacamole-server-${NEW_GUAC_VERSION}/
+echo
+echo -e "${GREY}Compiling Guacamole-Server ${NEW_GUAC_VERSION} from source with with GCC $( gcc --version | head -n1 | grep -oP '\)\K.*' | awk '{print $1}' ), this might take a few minutes...${GREY}"
+# Fix for warnings see #222 https://github.com/MysticRyuujin/guac-install/issues/222
+export CFLAGS="-Wno-error"
+# Configure Guacamole Server source
+./configure --with-systemd-dir=/etc/systemd/system &>> ${LOG_LOCATION}
+if [ $? -ne 0 ]; then
+	echo "Failed to configure guacamole-server"
+	echo "Trying again with --enable-allow-freerdp-snapshots"
+	./configure --with-systemd-dir=/etc/systemd/system --enable-allow-freerdp-snapshots
+	if [ $? -ne 0 ]; then
+	echo "Failed to configure guacamole-server - again"
+	exit
+	fi
+	else
+	echo -e "${LGREEN}OK${GREY}"
+	echo
+fi
+
+echo -e "${GREY}Running Make and building the upgraded Guacamole-Server application..."
+make &>> ${LOG_LOCATION}
+if [ $? -ne 0 ]; then
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	exit 1
+	else
+	echo -e "${LGREEN}OK${GREY}"
+	echo
+fi
+
+echo -e "${GREY}Installing the upgraded Guacamole-Server..."
+make install &>> ${LOG_LOCATION}
+if [ $? -ne 0 ]; then
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	exit 1
+	else
+	echo -e "${LGREEN}OK${GREY}"
+	echo
+fi
+ldconfig
+
+cd ..
+
+# Get list of SQL Upgrade Files
+echo -e "${GREY}Upgrading MySQL Schema..."
+UPGRADEFILES=($(ls -1 guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/ | sort -V))
+
+# Compare SQL Upgrage Files against old version, apply upgrades as needed
+for FILE in ${UPGRADEFILES[@]}
+do
+FILEVERSION=$(echo ${FILE} | grep -oP 'upgrade-pre-\K[0-9\.]+(?=\.)')
+if [[ $(echo -e "${FILEVERSION}\n${OLD_GUAC_VERSION}" | sort -V | head -n1) == ${OLD_GUAC_VERSION} && ${FILEVERSION} != ${OLD_GUAC_VERSION} ]]; then
+	echo "Patching ${GUAC_DB} with ${FILE}"
+	mysql -u root -D ${GUAC_DB} -h ${MYSQL_HOST} -P ${MYSQL_PORT} < guacamole-auth-jdbc-${NEW_GUAC_VERSION}/mysql/schema/upgrade/${FILE} &>> ${LOG_LOCATION}
+	fi
+done
+if [ $? -ne 0 ]; then
+	echo -e "${LRED}SQL upgrade failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	exit 1
+	else
+	echo -e "${LGREEN}OK${GREY}"
+	echo
+fi
+
+# Check for DUO extension and upgrade if found
+for file in /etc/guacamole/extensions/guacamole-auth-duo*.jar; do
+if [[ -f $file ]]; then
+	echo -e "${LGREEN}DUO authentication extension was found, upgrading...${GREY}"
+	rm /etc/guacamole/extensions/guacamole-auth-duo*.jar &>> ${LOG_LOCATION}
+		wget -q --show-progress -O guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz
+		if [ $? -ne 0 ]; then
+		echo -e "${LRED}Failed to download guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz" 1>&2
+		echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz"
+		exit 1
+		fi
+		tar -xzf guacamole-auth-duo-${NEW_GUAC_VERSION}.tar.gz &>> ${LOG_LOCATION}
+		mv -f guacamole-auth-duo-${NEW_GUAC_VERSION}/guacamole-auth-duo-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>> ${LOG_LOCATION}
+		echo -e "${LGREEN}Upgraded DUO extension to version ${NEW_GUAC_VERSION}${GREY}"
+		echo
+	break
+	fi
+done
+
+# Check for LDAP extension and upgrade if found
+for file in /etc/guacamole/extensions/guacamole-auth-ldap*.jar; do
+if [[ -f $file ]]; then
+	echo -e "${LGREEN}LDAP authentication extension was found, upgrading...${GREY}"
+	rm /etc/guacamole/extensions/guacamole-auth-ldap*.jar &>> ${LOG_LOCATION}
+		wget -q --show-progress -O guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz 
+		if [ $? -ne 0 ]; then
+		echo -e "${LRED}Failed to download guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz" 1>&2
+		echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz"
+		exit 1
+		fi
+		tar -xzf guacamole-auth-ldap-${NEW_GUAC_VERSION}.tar.gz &>> ${LOG_LOCATION}
+		mv -f guacamole-auth-ldap-${NEW_GUAC_VERSION}/guacamole-auth-ldap-${NEW_GUAC_VERSION}.jar /etc/guacamole/extensions/ &>> ${LOG_LOCATION}
+		echo -e "${LGREEN}Upgraded LDAP extension to version ${NEW_GUAC_VERSION}${GREY}"
+		echo
+	break
+	fi
+done
+
+# Check for TOTP extension and upgrade if found
+for file in /etc/guacamole/extensions/guacamole-auth-totp*.jar; do
+if [[ -f $file ]]; then
+	echo -e "${LGREEN}TOTP authentication extension was found, upgrading...${GREY}"
+	rm /etc/guacamole/extensions/guacamole-auth-totp*.jar &>> ${LOG_LOCATION}
+		wget -q --show-progress -O guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz ${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz 
+		if [ $? -ne 0 ]; then
+		echo -e "${LRED}Failed to download guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz" 1>&2
+		echo -e "${GUAC_SOURCE_LINK}/binary/guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz"
+		exit 1
+		fi
+		tar -xzf guacamole-auth-totp-${NEW_GUAC_VERSION}.tar.gz &>> ${LOG_LOCATION}
+		mv -f guacamole-auth-totp-${NEW_GUAC_VERSION}/guacamole-auth-totp-${GUAC_VERSION}.jar /etc/guacamole/extensions/ &>> ${LOG_LOCATION}
+		echo -e "${LGREEN}Upgraded TOTP extension to version ${NEW_GUAC_VERSION}${GREY}"
+		echo
+	break
+	fi
+done
+
+# Fix for #196 see https://github.com/MysticRyuujin/guac-install/issues/196
+mkdir -p /usr/sbin/.config/freerdp
+chown daemon:daemon /usr/sbin/.config/freerdp
+
+# Fix for #197 see https://github.com/MysticRyuujin/guac-install/issues/197
+mkdir -p /var/guacamole
+chown daemon:daemon /var/guacamole
+
+# Bring guacd and Tomcat back up
+echo -e "${GREY}Starting guacd and Tomcat services..."
+systemctl enable guacd
+systemctl start guacd
+systemctl start ${TOMCAT_VERSION}
+if [ $? -ne 0 ]; then
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	exit 1
+	else
+	echo -e "${LGREEN}OK${GREY}"
+	echo
+fi
+
+# Cleanup
+echo -e "${GREY}Cleanup install files...${GREY}"
+rm -rf guacamole-*
+unset MYSQL_PWD
+if [ $? -ne 0 ]; then
+	echo -e "${LRED}Failed. See ${LOG_LOCATION}${GREY}" 1>&2
+	exit 1
+	else
+	echo -e "${LGREEN}OK${GREY}"
+	echo
+fi
+
+# Done
+printf "${LGREEN}Guacamole ${NEW_GUAC_VERSION} upgrade complete! \n${NC}"
+echo -e ${NC}