Feature : Could you please add Google-chrome as second browser to this image

[sam0104]

Please add google-chrome as second browser . I tried to install but it seems it is conflicting with firefox and chrome is not working on browser

[danielguerra69]

I think I can create a chromium branch. For now its better to use : https://github.com/danielguerra69/ubuntu-xrdp-docker In this you have xrdp and docker combined You can run a chromium container there for instance this one https://github.com/jlund/docker-chrome-pulseaudio

Check:

https://github.com/danielguerra69/alpine-chromium

there I use this command to start chromium:

chromium-browser --no-sandbox --disable-gpu

[danielguerra69]

I did some checking and have a sollution for you for now. You have to run the container in privileged in order to use /sbin/init

docker run --name xrdp -d -p 3389:3389 --shm-size 1G --privileged danielguerra/ubuntu-xrdp /sbin/init

After this you can apt install chromium-browser and run it straight away without any problems

[sam0104]

Thanks Daniel. I tested it and it is working for chromium browser. I am little concern about security for running it with --privileged mode as give full access to host VM.

https://serverfault.com/questions/824809/chrome-under-docker-cap-sys-admin-vs-privileged

Also I found we may use cap-sys-admin instead or --privileged mode but both allow host machine access including kernel parameter changes if docker user managed to switch to root.

I am also looking for more secure solution where no need to start container in --privileged mode but chrome just work fine. Something like a security profile for chrome only ( reference https://github.com/jlund/docker-chrome-pulseaudio/issues/8 )

If you have some better solution please suggest. Thanks Sam

[danielguerra69]

This seems to be working too, instead of privileged add these options -d --tmpfs /tmp --tmpfs /run -v /sys/fs/cgroup:/sys/fs/cgroup:ro

[sam0104]

I tried with this command and then install chromium using command apt install chromium-browser but I am not able to open chromium browser but I can see it is already installed. May be I am missing something in docker command ? docker run -d --tmpfs /tmp --tmpfs /run -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name xrdp-host --hostname xrdp-host --shm-size 1g -p 3389:3389 -p 2222:22

[danielguerra69]

Have you tried to do: service udev start And then start chrome

[sam0104]

/etc/init.d/udev start

• udev does not support containers, not started seems udev is not supported

[sam0104]

Here is the full command . Here is it creating container and it is running but I am not able to RDP if I use /sbin/init at the end of the command

docker run --name xrdp -d -p 3389:3389 --shm-size 1G --tmpfs /tmp --tmpfs /run -v /sys/fs/cgroup:/sys/fs/cgroup:ro jumphost-ubuntu-test:v1.2 /sbin/init

[danielguerra69]

I noticed , the privileged and the non privileged behave different. Start in privileged init and do a ps aux. And in the non privileged you have to start your services manually. I think this method will do the best (non privilleged): docker run -d --name xrdp -p 3389:3389 danielguerra/ubuntu-xrdp docker exec -ti xrdp sudo apt install chromium-browser Then start your xrdp session and start a terminal. Run chromium-browser --no-sandbox You can see in the terminal output it wants udev but its not working.

[danielguerra69]

I have created a sample ubuntu init server check: https://hub.docker.com/r/danielguerra/ubuntu-init/ or on github https://github.com/danielguerra69/ubuntu-init

[sam0104]

Thanks Daniel. I will test this. Regarding the image danielguerra/ubuntu-xrdp I found one issue. if I am trying to copy and paste using while connected using remote desktop paste option is not working. Do you have any idea ?

[sam0104]

Please ignore above copy/paste issue. It is working fine. I was trying to copy something from /home/ubuntu/myfolder to /opt which was not working as it was permission issue but while I try to copy to /tmp or Desktop it is working fine. I guess it is the permission issue.

[danielguerra69]

the user ubuntu has sudo rights. Do the same you tried to copy but with "sudo" in front of it. btw paste/copy inside the rdp in xfce-terminal v c

[sam0104]

Now I connected to xrdp container using Microsoft remote desktop from my Windows laptop and just trying to copy and paste files but I am getting this error. I tried to copy to /tmp still same error. Is there a way to copy and paste files or directories from local laptop ( Windows ) to xrdp container like we do on Windows servers . Directly copy file and paste it to remote desktop session .

NOTE : I am able to copy from xrdp session to Windows laptop using Microsoft remote desktop connection but not from Windows ----> xrdp xfce session Please find the attached error snapshot.

[danielguerra69]

Ok I understand you problem. The branch ubuntu 18.04 uses is 0.9.5, the fix seems to be in 0.9.6 https://github.com/neutrinolabs/xrdp/issues/220 https://github.com/neutrinolabs/xrdp/commit/9e310fbe067c48921761e223f9fd9602498f4a08 I will test it in the devel branch/tag. I'll tell you when its ready to test

[sam0104]

Thanks for the information. I will wait for final testes master branch.

[sam0104]

Could you please confirm if Lock Screen is working for you. I can see it is activated but when I click on Lock screen nothing is happening. It seems lock screen is not working on xrdp session. Is there any configuration I need to change for make it work ?

[danielguerra69]

I just added a new devel branch. For file shares you need to add a share (redirection in ms rdp) in your rdp client.

Chromium and fuse (fileshare) need privileged. So run it like this.

docker run -ti --privileged -p 3389:3389 --name xrdp danielguerra/ubuntu-xrdp:devel

If it all goes well the share apears in your home dir, thinclient_drives

There is an option to run it with less privileges but then you need to restart xrdp and xrdp-sesman manually (don't know why, remove the init.d script first, then start, than manually start xrdp and xrdp-session).

docker run -ti --cap-add=SYS_ADMIN --device /dev/fuse --volume /sys/fs/cgroup:/sys/fs/cgroup:ro --volume /sys/fs/fuse:/sys/fs/fuse --volume /dev/hugepages:/dev/hugepages -p 3389:3389 --name xrdp danielguerra/ubuntu-xrdp:devel

[sam0104]

I just tested with --privileged from my mac with Microsoft remote desktop client and drive mapping is working fine but I am still not able to copy any file from
my Mac book drive to docker container ( ubuntu ) using copy --paste. but I can copy any file from container ( ubuntu ) to my mac book drive using copy and paste ( direct copy paste without drive map )

While I login I can see xrdp icon and ned to provide Session , username and password but your old version docker image directly login to the desktop session without showing xrdp screen , which was expected .

[danielguerra69]

That's not how it works you are using it wrong. In your rdp client edit your current host and add a redirection dir. Then connect to your xrdp and login. If everything went well you see in your home thinclient_drives the map you shared as redirection dir. Only in this share you can copy/paste and see it in both machines. So if you want to copy from your mac to your xrdp, you have to copy the files to the redirection map, and in your xrdp you can see the files too and copy it from whitin the xrdp session to the place you want the files.

[sam0104]

Thanks I will test again drive map and copy paste and provide you my results. Could you please look why I am getting different login screen on the development version on image. Last production version of image I am able to directly login to Desktop and it never ask for separate xrdp screen and login fail for display 0 screen.

[danielguerra69]

Did it all work ??

[sam0104]

I tested from Mac remote desktop and it worked fine. From Windows remote desktop I need to test today and confirm.

[sam0104]

Hi Daniel, I really like your docker image and testing for development environment. Is it possible to add license file with GNU or open source license details. without license file I can't use it in test lab as per legal issues. Please add a license file .

[danielguerra69]

yes it should

[sam0104]

Hi Daniel, Just a reminder. If you could add a license file information with open source license then it will be easy for use. Like you have already for other git repo ( https://github.com/danielguerra69/docker-openldap/blob/master/LICENSE )

[danielguerra69]

Added !

[sam0104]

Thanks Daniel. I am also working on xrdp with systemctl replacing supervisor with 2FA as added feature based on same concept .