Xfce on Xrdp on Fedora 26

Introduction

This post will demonstrate how to set up a Fedora installation to act as a terminal server that serves desktops over RDP. This will allow Windows computers to connect to it, as well as a GNU/Linux system running xfreerdp clients.
These instructions should be easy to follow on any RHEL-based distros, and easily adapted to others. The copy-paste segments have been tested on Fedora 26 but the accompanying instructions should guide you in deploying a terminal server on a broad range of GNU/Linux environments.

How to set up xrdp on Fedora

Ensure your desktop environment is installed. For CentOS 7 that would be something similar to yum groupinstall “Server with gui” or yum groupinstall xfce.
Install the components necessary for rdp and vnc. When the rdp server allows a user to connect, the user connects to a X windows session in VNC.

yum -y install xrdp tigervnc-server

Set up a firewall rule for the RDP port.

tf=/lib/firewalld/services/xrdp.xml; touch "${tf}"; chmod 0644 "${tf}"
cat <<EOF >"${tf}"
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Remote Desktop Protocol (RDP)</short>
  <description>A RDP service that serves X desktop sessions. Using this allows a Windows client to connect using the built-in mstsc utility!</description>
  <port protocol="tcp" port="3389"/>
</service>
EOF
firewall-cmd --reload
firewall-cmd --permanent --add-service=xrdp
firewall-cmd --reload

Running xfce or any arbitrary DE

On Fedora, for xfce specifically you need to make sure that X clients are told to run xfce. The vnc services will try to start a window manager, but as of the time of this writing xfce is not included in the list, so it will fail out (or run gnome, if it’s present).
The file to inspect is /etc/X11/xinit/Xclients, or the per-user settings at ~/.Xclients. For the etc file, it should be fairly obvious how to add to it. Additionally, make sure the file is executable!

For Fedora 26 and xfce, you can inspect this patch file, and then either run the patch statement or make the changes yourself manually.

# for all users
tf=/etc/X11/xinit/Xclients.patch; touch "${tf}"; chmod 0644 "${tf}";
cat <<'EOFPATCH' >"${tf}"
--- /etc/X11/xinit/Xclients	2017-02-12 00:38:18.000000000 -0500
+++ /etc/X11/xinit/Xclients.new	2017-10-14 08:12:34.340524791 -0400
@@ -12,6 +12,7 @@
 MSESSION="$(type -p mate-session)"
 STARTKDE="$(type -p startkde)"
 STARTLXDE="$(type -p startlxde)"
+STARTXFCE="$(type -p startxfce4)"
 
 # check to see if the user has a preferred desktop
 PREFERRED=
@@ -25,6 +26,8 @@
 	PREFERRED="$STARTKDE"
     elif [ "$DESKTOP" = "LXDE" ]; then
 	PREFERRED="$STARTLXDE"
+    elif [ "$DESKTOP" = "XFCE" ]; then
+	PREFERRED="$STARTXFCE"
     fi
 fi
 
@@ -44,6 +47,9 @@
 elif [ -n "$STARTLXDE" ]; then
     # if neither GNOME nor KDE then LXDE
     exec "$STARTLXDE"
+elif [ -n "$STARTXFCE" ]; then
+    # if none of the above, try XFCE.
+    exec "$STARTXFCE"
 fi
 
 # We should also support /etc/X11/xinit/Xclients.d scripts
EOFPATCH
patch -p1 /etc/X11/xinit/Xclients < /etc/X11/xinit/Xclients.patch

And for the individual users (I have yet to test to see if the normal order of resolution of the X files lets this actually override it for the user):

tf=~/.Xclients; touch "${tf}"; chmod 0700 "${tf}";
cat <<EOF > "${tf}"
exec /usr/bin/startxfce4
EOF

And that’s it! A sample xfreerdp statement to connect to this service could be:

xfreerdp /sec-rdp /cert-tofu /size:1520x820 /bpp:16 /v:192.168.1.76 -z /disp /audio-mode:0 /wallpaper /themes /u:bgstack15
Screenshot of session manager login screen in vnc in xrdp
Login screen after connecting to xrdp service

References

Weblinks

  1. Using the patch utility https://docs.moodle.org/dev/How_to_create_a_patch#Creating_a_patch_using_diff
  2. update file /etc/X11/xinit/Xclients https://docs-old.fedoraproject.org/en-US/Fedora/13/html/Deployment_Guide/s1-x-runlevels.html
  3. https://forum.xfce.org/viewtopic.php?id=8261
  4. General xrdp guide https://hostpresto.com/community/tutorials/using-a-desktop-environment-on-a-centos-7-vps/
  5. Notes about cinnamon on CentOS 7 https://www.techbrown.com/install-cinnamon-2-6-on-fedora-22-centos-7-rhel-7.shtml
  6. xrdp on centos 7 http://idroot.net/tutorials/how-to-install-xrdp-on-centos-7/
  7. http://www.itzgeek.com/how-tos/linux/centos-how-tos/install-xrdp-on-centos-7-rhel-7.html
Advertisements

Cinnamon on VNC on CentOS 7

Overview

This document describes how to install Cinnamon desktop environment on CentOS 7 for use in VNC. Basically, you can take a headless server and turn it into a virtual desktop controller.

Caveats

Limitations of this design prevent this from scaling up past so many users, so this would be best suited for home or small office use.
VNC uses no security. Consider alternatives or additions to this process when security is a consideration.

Installing Cinnamon for VNC

Installing the components

Install the vnc server.

yum install tigervnc-server tigervnc vnc

Install the desktop environment.

yum install cinnamon

Install any applications to be used.

yum install firefox gnome-terminal

Configuring the components

For each user that uses a virtual desktop on this host, you will need a separate systemd service, as well as a vnc password which is separate from the regular user password. Also set up the xstartup file for vnc.

tu=bgstack15
tn=1
sudo cp -p /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@\:${tn}.service
sed -r -i -e "s//${tu}/g;' /etc/systemd/system/vncserver@\:${tn}.service
systemctl enable vncserver@\:${tn}.service
firewall-cmd --permanent --add-port 59$( printf '%02i' "${tn}")/tcp
printf "For user ${tu} please provide new "
su - ${tu} -c vncpasswd
tf=~/.vnc/xstartup
test -f "${tf}" && \cp -p "${tf}" "${tf}.$( date "+%Y-%m-%dT%H%M%S" )"; touch "${tf}"; chmod 0755 "${tf}"
cat <<EOF > "${tf}"
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
exec /usr/bin/cinnamon-session
EOF
systemctl start vncserver@\:${tn}.service

Connecting to the desktop

On a client, run

vncviewer hostname:1