├── .dockerignore ├── .gitignore ├── Dockerfile ├── LICENSE ├── README.md ├── build ├── desktop ├── log ├── start ├── supervisord.conf └── xrdp.ini ├── docker-compose.yml └── hooks └── build /.dockerignore: -------------------------------------------------------------------------------- 1 | /.git 2 | /home -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /home -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2019 FEROX YT EIRL, www.ferox.yt 2 | # Copyright (c) 2019 Jérémy WALTHER 3 | # See for details. 4 | 5 | FROM debian:buster 6 | 7 | LABEL maintainer="Jérémy WALTHER " 8 | 9 | # Install required packages to run 10 | RUN DEBIAN_FRONTEND=noninteractive apt-get update \ 11 | && DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --fix-missing --no-install-recommends \ 12 | ca-certificates \ 13 | curl \ 14 | dbus-x11 \ 15 | gnupg \ 16 | openssh-server \ 17 | sudo \ 18 | supervisor \ 19 | tigervnc-standalone-server \ 20 | vim \ 21 | xrdp \ 22 | && apt-get clean -y && apt-get clean -y && apt-get autoclean -y && rm -r /var/lib/apt/lists/* 23 | 24 | # Set default environment variables 25 | ENV FRX_APTGET_DISTUPGRADE= \ 26 | FRX_APTGET_INSTALL= \ 27 | FRX_CMD_INIT= \ 28 | FRX_CMD_START= \ 29 | FRX_LOG_PREFIX_MAXLEN=6 \ 30 | FRX_XRDP_CERT_SUBJ='/C=FX/ST=None/L=None/O=None/OU=None/CN=localhost' \ 31 | FRX_XRDP_USER_NAME=debian \ 32 | FRX_XRDP_USER_PASSWORD=ChangeMe \ 33 | FRX_XRDP_USER_SUDO=1 \ 34 | FRX_XRDP_USER_GID=1000 \ 35 | FRX_XRDP_USER_UID=1000 \ 36 | FRX_XRDP_USER_COPY_SA=0 \ 37 | TZ=Etc/UTC 38 | 39 | # Copy assets 40 | COPY build/log /usr/local/bin/frx-log 41 | COPY build/start /usr/local/sbin/frx-start 42 | COPY build/supervisord.conf /etc/supervisor/supervisord.conf 43 | COPY build/xrdp.ini /etc/xrdp/xrdp.ini 44 | 45 | # Configure installed packages 46 | RUN echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ALL \ 47 | && sed -e 's/^#\?\(PermitRootLogin\)\s*.*$/\1 no/' \ 48 | -e 's/^#\?\(PasswordAuthentication\)\s*.*$/\1 yes/' \ 49 | -e 's/^#\?\(PermitEmptyPasswords\)\s*.*$/\1 no/' \ 50 | -e 's/^#\?\(PubkeyAuthentication\)\s*.*$/\1 yes/' \ 51 | -i /etc/ssh/sshd_config \ 52 | && mkdir -p /run/sshd \ 53 | && mkdir -p /var/run/dbus \ 54 | && mkdir -p /frx/entrypoint.d \ 55 | && rm -f /etc/xrdp/cert.pem /etc/xrdp/key.pem /etc/xrdp/rsakeys.ini \ 56 | && rm -f /etc/ssh/ssh_host_* 57 | 58 | # Prepare default desktop if needed & version information 59 | ARG DOCKER_TAG 60 | ARG SOURCE_BRANCH 61 | ARG SOURCE_COMMIT 62 | COPY build/desktop /usr/local/sbin/frx-desktop 63 | RUN echo "[frxyt/xrdp:${DOCKER_TAG}] " > /frx/version \ 64 | && echo "[version: ${SOURCE_BRANCH}@${SOURCE_COMMIT}]" >> /frx/version \ 65 | && /usr/local/sbin/frx-desktop ${DOCKER_TAG} 66 | 67 | # Copy source files 68 | COPY Dockerfile LICENSE README.md /frx/ 69 | 70 | EXPOSE 22 71 | EXPOSE 3389 72 | 73 | VOLUME [ "/home" ] 74 | WORKDIR /home 75 | 76 | CMD [ "/usr/local/sbin/frx-start" ] -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 FEROX YT EIRL, www.ferox.yt 4 | Copyright (c) 2019 Jérémy WALTHER 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Docker Image for XRDP, by [FEROX](https://ferox.yt) 2 | 3 | ![Docker Cloud Automated build](https://img.shields.io/docker/cloud/automated/frxyt/xrdp.svg) 4 | ![Docker Cloud Build Status](https://img.shields.io/docker/cloud/build/frxyt/xrdp.svg) 5 | ![Docker Pulls](https://img.shields.io/docker/pulls/frxyt/xrdp.svg) 6 | ![GitHub issues](https://img.shields.io/github/issues/frxyt/docker-xrdp.svg) 7 | ![GitHub last commit](https://img.shields.io/github/last-commit/frxyt/docker-xrdp.svg) 8 | 9 | This image packages XRDP and VNC. 10 | 11 | * Docker Hub: https://hub.docker.com/r/frxyt/xrdp 12 | * GitHub: https://github.com/frxyt/docker-xrdp 13 | 14 | ## Docker Hub Image 15 | 16 | **`frxyt/xrdp`** 17 | 18 | ### Supported tags 19 | 20 | * **`frxyt/xrdp:cinnamon`**: with [Cinnamon](http://developer.linuxmint.com/projects/cinnamon-projects.html) 21 | * ~~**`frxyt/xrdp:gnome`**: with [GNOME](https://www.gnome.org/)~~ 22 | * ~~**`frxyt/xrdp:kde`**: with [KDE](https://kde.org/)~~ 23 | * **`frxyt/xrdp:latest`**: *without any desktop, only XRDP with VNC* 24 | * **`frxyt/xrdp:lxde`**: with [LXDE](https://lxde.org/) 25 | * **`frxyt/xrdp:mate`**: with [MATE](https://mate-desktop.org/) 26 | * **`frxyt/xrdp:xfce`**: with [Xfce](https://www.xfce.org/) 27 | 28 | ## Usage 29 | 30 | ### Try it 31 | 32 | 1. Run an image with a pre-installed desktop: 33 | * Cinnamon: `docker run --rm -p 33890:3389 frxyt/xrdp:cinnamon` 34 | * ~~GNOME: `docker run --rm -p 33890:3389 frxyt/xrdp:gnome`~~ 35 | * ~~KDE: `docker run --rm -p 33890:3389 frxyt/xrdp:kde`~~ 36 | * LXDE: `docker run --rm -p 33890:3389 frxyt/xrdp:lxde` 37 | * MATE: `docker run --rm -p 33890:3389 frxyt/xrdp:mate` 38 | * Xfce: `docker run --rm -p 33890:3389 frxyt/xrdp:xfce` 39 | 1. Start a RDP client: 40 | * Windows: press `Win+R`, run `mstsc`, connect to: `localhost:33890` 41 | 1. Enter default credentials: user `debian`, password `ChangeMe` 42 | 1. Enjoy ! 43 | 44 | ### Configurable environment variables 45 | 46 | These environment variables can be overriden to change the default behavior of the image and adapt it to your needs: 47 | 48 | | Name | Default value | Example | Description 49 | | :------------------------| :-------------------------------------------------- | :----------------------------------------------- | :---------- 50 | | `FRX_APTGET_DISTUPGRADE` | ` ` *(Empty)* | `1` | Update installed packages 51 | | `FRX_APTGET_INSTALL` | ` ` *(Empty)* | `midori terminator` | Packages to install with `apt-get` 52 | | `FRX_CMD_INIT` | ` ` *(Empty)* | `echo 'Hello World !'` | Command to run before anything else 53 | | `FRX_CMD_START` | ` ` *(Empty)* | `echo 'Hello World !'` | Command to run before starting services 54 | | `FRX_LOG_PREFIX_MAXLEN` | `6` | `10` | Maximum length of prefix displayed in logs 55 | | `FRX_XRDP_CERT_SUBJ` | `/C=FX/ST=None/L=None/O=None/OU=None/CN=localhost` | `/C=FR/ST=67/L=SXB/O=FRXYT/OU=IT/CN=xrdp.frx.yt` | XRDP certificate subject 56 | | `FRX_XRDP_USER_NAME` | `debian` | `john.doe` | Default user name 57 | | `FRX_XRDP_USER_PASSWORD` | `ChangeMe` | `myNOTsecretPassword` | Default user password 58 | | `FRX_XRDP_USER_SUDO` | `1` | `0` | Add default user to `sudoers` if set to `1` 59 | | `FRX_XRDP_USER_GID` | `1000` | `33` | Default user ID (UID) 60 | | `FRX_XRDP_USER_UID` | `1000` | `33` | Default user group ID (GID) 61 | | `FRX_XRDP_USER_COPY_SA` | `0` | `1` | Copy default icons to desktop if set to `1` 62 | | `TZ` | `Etc/UTC` | `Europe/Paris` | Default time zone 63 | 64 | ### Example 65 | 66 | #### Basic example 67 | 68 | To run this image, you can use this sample `docker-compose.yml` file: 69 | 70 | ```yaml 71 | php: 72 | image: frxyt/xrdp:xfce 73 | environment: 74 | - FRX_XRDP_USER_NAME=john.doe 75 | - FRX_XRDP_USER_PASSWORD=MyPassword 76 | ports: 77 | - "22000:22" 78 | - "3389:3389" 79 | volumes: 80 | - ./home:/home:rw 81 | ``` 82 | 83 | #### Full PHP development environment with Apache, MySQL, DBeaver and VS Code 84 | 85 | 1. Create this `docker-compose.yml` file: 86 | ```yaml 87 | version: '3.7' 88 | 89 | services: 90 | xrdp: 91 | image: frxyt/xrdp:xfce 92 | environment: 93 | - | 94 | FRX_CMD_INIT=curl -sSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /usr/share/keyrings/packages.microsoft.gpg 95 | echo "deb [arch=amd64 signed-by=/usr/share/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/vscode stable main" > /etc/apt/sources.list.d/ vscode.list 96 | curl -sSL https://dbeaver.io/debs/dbeaver.gpg.key | apt-key add - 97 | echo "deb https://dbeaver.io/debs/dbeaver-ce /" > /etc/apt/sources.list.d/dbeaver.list 98 | - | 99 | FRX_APTGET_INSTALL=apache2 libapache2-mod-php 100 | code 101 | dbeaver-ce 102 | default-mysql-server php-mysql php-pdo 103 | firefox-esr 104 | php php-bcmath php-cli php-common php-curl php-gd php-json php-mbstring php-pear php-xdebug php-xml php-zip 105 | - | 106 | FRX_CMD_START= 107 | rm -f /var/run/apache2/apache2.pid 108 | echo "UPDATE mysql.user SET Password=PASSWORD('root') WHERE User='root'; FLUSH PRIVILEGES;" > /etc/mysql/init.sql 109 | echo -e "[program:apache2]\ncommand=/usr/sbin/apache2ctl -DFOREGROUND" > /etc/supervisor/conf.d/apache2.conf 110 | echo -e "[program:mysqld]\ncommand=/usr/bin/mysqld_safe --init-file=/etc/mysql/init.sql" > /etc/supervisor/conf.d/mysqld.conf 111 | ports: 112 | - "22000:22" 113 | - "33890:3389" 114 | ``` 115 | 1. Run `docker-compose up` 116 | 117 | ### Execute custom scripts upon startup 118 | 119 | You can copy your executable scripts in `/frx/entrypoint.d/` and they'll be executed in alphabetical order right before `supervisor` is started. 120 | 121 | ### Start custom process in background 122 | 123 | You can use `supervisor` to start them and place all the services you need as `.conf` files in `/etc/supervisor/conf.d/`. 124 | 125 | ## Build 126 | 127 | ```sh 128 | docker build -f Dockerfile -t frxyt/xrdp:latest . 129 | ``` 130 | 131 | ## License 132 | 133 | This project and images are published under the [MIT License](LICENSE). 134 | 135 | ``` 136 | MIT License 137 | 138 | Copyright (c) 2019 FEROX YT EIRL, www.ferox.yt 139 | Copyright (c) 2019 Jérémy WALTHER 140 | 141 | Permission is hereby granted, free of charge, to any person obtaining a copy 142 | of this software and associated documentation files (the "Software"), to deal 143 | in the Software without restriction, including without limitation the rights 144 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 145 | copies of the Software, and to permit persons to whom the Software is 146 | furnished to do so, subject to the following conditions: 147 | 148 | The above copyright notice and this permission notice shall be included in all 149 | copies or substantial portions of the Software. 150 | 151 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 152 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 153 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 154 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 155 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 156 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 157 | SOFTWARE. 158 | ``` -------------------------------------------------------------------------------- /build/desktop: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (c) 2019 FEROX YT EIRL, www.ferox.yt 4 | # Copyright (c) 2019 Jérémy WALTHER 5 | # See for details. 6 | 7 | # Make sure requested tag is a valid desktop name 8 | [[ -z "$1" ]] && exit 0; 9 | [[ "$1" =~ cinnamon|gnome|kde|lxde|mate|xfce ]] || exit 0; 10 | 11 | # Update APT cache 12 | DEBIAN_FRONTEND=noninteractive apt-get update 13 | 14 | case $1 in 15 | *cinnamon*) 16 | echo "Installing Cinnamon ..." 17 | DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --fix-missing --no-install-recommends task-cinnamon-desktop 18 | echo "cinnamon" > /etc/skel/.xsession 19 | echo "[OK]";; 20 | *gnome*) 21 | echo "Installing GNOME ..." 22 | DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --fix-missing --no-install-recommends task-gnome-desktop 23 | echo "gnome-session" > /etc/skel/.xsession 24 | echo "[OK]";; 25 | *kde*) 26 | echo "Installing KDE ..." 27 | DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --fix-missing --no-install-recommends task-kde-desktop 28 | echo "startkde" > /etc/skel/.xsession 29 | echo "[OK]";; 30 | *lxde*) 31 | echo "Installing LXDE ..." 32 | DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --fix-missing --no-install-recommends task-lxde-desktop 33 | echo "startlxde" > /etc/skel/.xsession 34 | echo "[OK]";; 35 | *mate*) 36 | echo "Installing MATE ..." 37 | DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --fix-missing --no-install-recommends task-mate-desktop 38 | echo "mate-session" > /etc/skel/.xsession 39 | echo "[OK]";; 40 | *xfce*) 41 | echo "Installing Xfce ..." 42 | DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --fix-missing --no-install-recommends task-xfce-desktop 43 | echo "startxfce4" > /etc/skel/.xsession 44 | echo "[OK]";; 45 | esac 46 | 47 | # Clean APT cache 48 | apt-get clean -y && apt-get clean -y && apt-get autoclean -y && rm -r /var/lib/apt/lists/* -------------------------------------------------------------------------------- /build/log: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (c) 2019 FEROX YT EIRL, www.ferox.yt 4 | # Copyright (c) 2019 Jérémy WALTHER 5 | # See for details. 6 | 7 | # Get prefix of supervisor 8 | printf -v LOG_PREFIX "%-${FRX_LOG_PREFIX_MAXLEN}.${FRX_LOG_PREFIX_MAXLEN}s" ${SUPERVISOR_PROCESS_NAME} 9 | 10 | # Append prefix to stdout & stderr 11 | exec 1> >( perl -ne '$| = 1; print "'"${LOG_PREFIX}"' | $_"' >&1 ) 12 | exec 2> >( perl -ne '$| = 1; print "'"${LOG_PREFIX}"' | $_"' >&2 ) 13 | 14 | # Run command 15 | exec "$@" -------------------------------------------------------------------------------- /build/start: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (c) 2019 FEROX YT EIRL, www.ferox.yt 4 | # Copyright (c) 2019 Jérémy WALTHER 5 | # See for details. 6 | 7 | # Display version 8 | cat /frx/version 9 | echo 10 | 11 | # Execute requested command if needed 12 | if [ -n "${FRX_CMD_INIT}" ]; then 13 | echo "Executing command : '${FRX_CMD_INIT}' ..." 14 | source <(echo "${FRX_CMD_INIT}") 15 | unset FRX_CMD_INIT 16 | fi 17 | 18 | # Run apt-get upgrade & install asked packages if needed 19 | [[ "${FRX_APTGET_DISTUPGRADE}" == '1' || -n "${FRX_APTGET_INSTALL}" ]] && DEBIAN_FRONTEND=noninteractive apt-get update -y 20 | [[ "${FRX_APTGET_DISTUPGRADE}" == '1' ]] && DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y 21 | [[ -n "${FRX_APTGET_INSTALL}" ]] && DEBIAN_FRONTEND=noninteractive apt-get install -y --fix-missing --no-install-recommends ${FRX_APTGET_INSTALL} 22 | unset FRX_APTGET_UPGRADE FRX_APTGET_INSTALL 23 | 24 | # Create user if it doesn't exist 25 | if ! id -u ${FRX_XRDP_USER_NAME} > /dev/null 2>&1; then 26 | echo -n "Creating user '${FRX_XRDP_USER_NAME}' ... " 27 | # Create user 28 | /usr/sbin/groupadd -g ${FRX_XRDP_USER_GID} ${FRX_XRDP_USER_NAME} 29 | [[ -d "/home/${FRX_XRDP_USER_NAME}" ]] \ 30 | && /usr/sbin/useradd -g ${FRX_XRDP_USER_GID} -s /bin/bash -u ${FRX_XRDP_USER_UID} ${FRX_XRDP_USER_NAME} \ 31 | || /usr/sbin/useradd -g ${FRX_XRDP_USER_GID} -ms /bin/bash -u ${FRX_XRDP_USER_UID} ${FRX_XRDP_USER_NAME} 32 | # Set password 33 | echo ${FRX_XRDP_USER_NAME}:${FRX_XRDP_USER_PASSWORD} | /usr/sbin/chpasswd 34 | # Add user to sudo if needed 35 | [[ "${FRX_XRDP_USER_SUDO}" == '1' ]] && /usr/sbin/adduser ${FRX_XRDP_USER_NAME} sudo > /dev/null 36 | # Copy default desktop icons if needed 37 | [[ "${FRX_XRDP_USER_COPY_SA}" == '1' ]] \ 38 | && mkdir -p /home/${FRX_XRDP_USER_NAME}/Desktop \ 39 | && cp /usr/share/applications/*.desktop /home/${FRX_XRDP_USER_NAME}/Desktop \ 40 | && chown ${FRX_XRDP_USER_UID}:${FRX_XRDP_USER_GID} -R /home/${FRX_XRDP_USER_NAME}/Desktop 41 | echo "[OK]" 42 | fi 43 | 44 | # Clear user ENV variables 45 | unset FRX_XRDP_USER_NAME FRX_XRDP_USER_PASSWORD FRX_XRDP_USER_SUDO FRX_XRDP_USER_GID FRX_XRDP_USER_UID FRX_XRDP_USER_COPY_SA 46 | 47 | # Adjust TimeZone 48 | echo "Setting time zone to: '${TZ}' ..." 49 | ln -snf "/usr/share/zoneinfo/${TZ}" /etc/localtime 50 | echo "${TZ}" > /etc/timezone 51 | dpkg-reconfigure -f noninteractive tzdata 52 | 53 | # Generate server keys 54 | [[ ! -e /etc/xrdp/rsakeys.ini ]] \ 55 | && echo "Generating XRDP RSA keys ..." \ 56 | && xrdp-keygen xrdp /etc/xrdp/rsakeys.ini \ 57 | && chown xrdp:xrdp /etc/xrdp/rsakeys.ini \ 58 | && chmod 400 /etc/xrdp/rsakeys.ini 59 | [[ ! -e /etc/xrdp/cert.pem || ! -e /etc/xrdp/key.pem ]] \ 60 | && echo "Generating XRDP RSA certificate ..." \ 61 | && openssl req -x509 -newkey rsa:4096 -nodes -keyout /etc/xrdp/key.pem -out /etc/xrdp/cert.pem -days 3650 -subj "${FRX_XRDP_CERT_SUBJ}" \ 62 | && chown xrdp:xrdp /etc/xrdp/cert.pem /etc/xrdp/key.pem \ 63 | && chmod 400 /etc/xrdp/cert.pem /etc/xrdp/key.pem 64 | [[ ! -e /etc/ssh/ssh_host_ecdsa_key || ! -e /etc/ssh/ssh_host_ecdsa_key.pub ]] \ 65 | && echo "Generating SSH host ECDSA key ..." \ 66 | && ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key < /dev/null \ 67 | && chmod 400 /etc/ssh/ssh_host_ecdsa_key && chmod 444 /etc/ssh/ssh_host_ecdsa_key.pub 68 | [[ ! -e /etc/ssh/ssh_host_ed25519_key || ! -e /etc/ssh/ssh_host_ed25519_key.pub ]] \ 69 | && echo "Generating SSH host ED25519 key ..." \ 70 | && ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key < /dev/null \ 71 | && chmod 400 /etc/ssh/ssh_host_ed25519_key && chmod 444 /etc/ssh/ssh_host_ed25519_key.pub 72 | [[ ! -e /etc/ssh/ssh_host_rsa_key || ! -e /etc/ssh/ssh_host_rsa_key.pub ]] \ 73 | && echo "Generating SSH host RSA key ..." \ 74 | && ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key < /dev/null \ 75 | && chmod 400 /etc/ssh/ssh_host_rsa_key && chmod 444 /etc/ssh/ssh_host_rsa_key.pub 76 | unset FRX_XRDP_CERT_SUBJ 77 | 78 | # Execute requested command if needed 79 | if [ -n "${FRX_CMD_START}" ]; then 80 | echo "Executing command : '${FRX_CMD_START}' ..." 81 | source <(echo "${FRX_CMD_START}") 82 | unset FRX_CMD_START 83 | fi 84 | 85 | # Execute customs scripts if needed 86 | for exe in $(find /frx/entrypoint.d -executable ! -type d | sort); do 87 | echo "Executing entrypoint : '${exe}' ..." 88 | /bin/bash ${exe} 89 | done 90 | 91 | # Start supervisor 92 | /usr/bin/supervisord -c /etc/supervisor/supervisord.conf -------------------------------------------------------------------------------- /build/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | logfile=/var/log/supervisor.log 3 | pidfile=/var/run/supervisord.pid 4 | childlogdir=/var/log/supervisor 5 | nodaemon=true 6 | user=root 7 | 8 | [program:dbus] 9 | command=/usr/local/bin/frx-log /usr/bin/dbus-daemon --system --nofork --nopidfile 10 | stdout_logfile=/dev/fd/1 11 | stdout_logfile_maxbytes=0 12 | stderr_logfile=/dev/fd/2 13 | stderr_logfile_maxbytes=0 14 | 15 | [program:sesman] 16 | command=/usr/local/bin/frx-log /usr/sbin/xrdp-sesman --nodaemon 17 | stdout_logfile=/dev/fd/1 18 | stdout_logfile_maxbytes=0 19 | stderr_logfile=/dev/fd/2 20 | stderr_logfile_maxbytes=0 21 | 22 | [program:sshd] 23 | command=/usr/local/bin/frx-log /usr/sbin/sshd -D 24 | stdout_logfile=/dev/fd/1 25 | stdout_logfile_maxbytes=0 26 | stderr_logfile=/dev/fd/2 27 | stderr_logfile_maxbytes=0 28 | 29 | [program:xrdp] 30 | command=/usr/local/bin/frx-log /usr/sbin/xrdp --nodaemon 31 | user=xrdp 32 | stdout_logfile=/dev/fd/1 33 | stdout_logfile_maxbytes=0 34 | stderr_logfile=/dev/fd/2 35 | stderr_logfile_maxbytes=0 36 | 37 | [include] 38 | files = /etc/supervisor/conf.d/*.conf -------------------------------------------------------------------------------- /build/xrdp.ini: -------------------------------------------------------------------------------- 1 | [Globals] 2 | ; xrdp.ini file version number 3 | ini_version=1 4 | 5 | ; fork a new process for each incoming connection 6 | fork=true 7 | ; tcp port to listen 8 | port=3389 9 | ; 'port' above should be connected to with vsock instead of tcp 10 | use_vsock=false 11 | ; regulate if the listening socket use socket option tcp_nodelay 12 | ; no buffering will be performed in the TCP stack 13 | tcp_nodelay=true 14 | ; regulate if the listening socket use socket option keepalive 15 | ; if the network connection disappear without close messages the connection will be closed 16 | tcp_keepalive=true 17 | #tcp_send_buffer_bytes=32768 18 | #tcp_recv_buffer_bytes=32768 19 | 20 | ; security layer can be 'tls', 'rdp' or 'negotiate' 21 | ; for client compatible layer 22 | security_layer=negotiate 23 | ; minimum security level allowed for client 24 | ; can be 'none', 'low', 'medium', 'high', 'fips' 25 | crypt_level=high 26 | ; X.509 certificate and private key 27 | ; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 28 | certificate=/etc/xrdp/cert.pem 29 | key_file=/etc/xrdp/key.pem 30 | ; set SSL protocols 31 | ; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3' 32 | ssl_protocols=TLSv1.2, TLSv1.3 33 | ; set TLS cipher suites 34 | #tls_ciphers=HIGH 35 | 36 | ; Section name to use for automatic login if the client sends username 37 | ; and password. If empty, the domain name sent by the client is used. 38 | ; If empty and no domain name is given, the first suitable section in 39 | ; this file will be used. 40 | autorun= 41 | 42 | allow_channels=true 43 | allow_multimon=true 44 | bitmap_cache=true 45 | bitmap_compression=true 46 | bulk_compression=true 47 | #hidelogwindow=true 48 | max_bpp=32 49 | new_cursors=true 50 | ; fastpath - can be 'input', 'output', 'both', 'none' 51 | use_fastpath=both 52 | ; when true, userid/password *must* be passed on cmd line 53 | #require_credentials=true 54 | ; You can set the PAM error text in a gateway setup (MAX 256 chars) 55 | #pamerrortxt=change your password according to policy at http://url 56 | 57 | ; 58 | ; colors used by windows in RGB format 59 | ; 60 | blue=009cb5 61 | grey=dedede 62 | #black=000000 63 | #dark_grey=808080 64 | #blue=08246b 65 | #dark_blue=08246b 66 | #white=ffffff 67 | #red=ff0000 68 | #green=00ff00 69 | #background=626c72 70 | 71 | ; 72 | ; configure login screen 73 | ; 74 | 75 | ; Login Screen Window Title 76 | #ls_title=My Login Title 77 | 78 | ; top level window background color in RGB format 79 | ls_top_window_bg_color=009cb5 80 | 81 | ; width and height of login screen 82 | ls_width=350 83 | ls_height=430 84 | 85 | ; login screen background color in RGB format 86 | ls_bg_color=dedede 87 | 88 | ; optional background image filename (bmp format). 89 | #ls_background_image= 90 | 91 | ; logo 92 | ; full path to bmp-file or file in shared folder 93 | ls_logo_filename= 94 | ls_logo_x_pos=55 95 | ls_logo_y_pos=50 96 | 97 | ; for positioning labels such as username, password etc 98 | ls_label_x_pos=30 99 | ls_label_width=65 100 | 101 | ; for positioning text and combo boxes next to above labels 102 | ls_input_x_pos=110 103 | ls_input_width=210 104 | 105 | ; y pos for first label and combo box 106 | ls_input_y_pos=220 107 | 108 | ; OK button 109 | ls_btn_ok_x_pos=142 110 | ls_btn_ok_y_pos=370 111 | ls_btn_ok_width=85 112 | ls_btn_ok_height=30 113 | 114 | ; Cancel button 115 | ls_btn_cancel_x_pos=237 116 | ls_btn_cancel_y_pos=370 117 | ls_btn_cancel_width=85 118 | ls_btn_cancel_height=30 119 | 120 | [Logging] 121 | LogFile=xrdp.log 122 | LogLevel=DEBUG 123 | EnableSyslog=true 124 | SyslogLevel=DEBUG 125 | ; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug 126 | 127 | [Channels] 128 | ; Channel names not listed here will be blocked by XRDP. 129 | ; You can block any channel by setting its value to false. 130 | ; IMPORTANT! All channels are not supported in all use 131 | ; cases even if you set all values to true. 132 | ; You can override these settings on each session type 133 | ; These settings are only used if allow_channels=true 134 | rdpdr=true 135 | rdpsnd=true 136 | drdynvc=true 137 | cliprdr=true 138 | rail=true 139 | xrdpvr=true 140 | tcutils=true 141 | 142 | ; for debugging xrdp, in section xrdp1, change port=-1 to this: 143 | #port=/tmp/.xrdp/xrdp_display_10 144 | 145 | ; for debugging xrdp, add following line to section xrdp1 146 | #chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210 147 | 148 | 149 | ; 150 | ; Session types 151 | ; 152 | 153 | ; Some session types such as Xorg, X11rdp and Xvnc start a display server. 154 | ; Startup command-line parameters for the display server are configured 155 | ; in sesman.ini. See and configure also sesman.ini. 156 | [Xvnc] 157 | name=Xvnc 158 | lib=libvnc.so 159 | username=ask 160 | password=ask 161 | ip=127.0.0.1 162 | port=-1 163 | #xserverbpp=24 164 | #delay_ms=2000 165 | 166 | ; You can override the common channel settings for each session type 167 | #channel.rdpdr=true 168 | #channel.rdpsnd=true 169 | #channel.drdynvc=true 170 | #channel.cliprdr=true 171 | #channel.rail=true 172 | #channel.xrdpvr=true -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.7' 2 | 3 | services: 4 | xrdp: 5 | image: frxyt/xrdp:latest 6 | build: 7 | #args: 8 | # - DOCKER_TAG=xfce 9 | context: . 10 | ports: 11 | - "22000:22" 12 | - "33890:3389" 13 | volumes: 14 | - ./home:/home:rw -------------------------------------------------------------------------------- /hooks/build: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (c) 2019 FEROX YT EIRL, www.ferox.yt 4 | # Copyright (c) 2019 Jérémy WALTHER 5 | # See for details. 6 | 7 | docker build \ 8 | --build-arg DOCKER_TAG=${DOCKER_TAG} \ 9 | --build-arg SOURCE_BRANCH=${SOURCE_BRANCH} \ 10 | --build-arg SOURCE_COMMIT=${SOURCE_COMMIT} \ 11 | -f ${DOCKERFILE_PATH} -t ${IMAGE_NAME} . --------------------------------------------------------------------------------