diff --git a/Dockerfile b/Dockerfile
index ccdeb33..d51d346 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,53 +1,72 @@
-FROM danielguerra/alpine-sdk:edge as builder
-MAINTAINER Daniel Guerra
+FROM alpine:3.23 as builder
+#FROM alpine as builder
+MAINTAINER Rich A Marino
+
+#meta container, we want fresh builds
+RUN apk update; \
+ apk add alpine-sdk sudo; \
+ addgroup sdk; \
+ adduser -G sdk -s /bin/sh -D sdk; \
+ echo "sdk:sdk"| /usr/sbin/chpasswd; \
+ echo "sdk ALL=(ALL) ALL" >> /etc/sudoers; \
+ chmod g+w /var/cache/distfiles/; \
+ sudo addgroup sdk abuild;
+USER sdk
+WORKDIR /tmp
+RUN git clone --depth 1 https://gitlab.alpinelinux.org/alpine/aports
+WORKDIR /home/sdk
RUN abuild-keygen -a -n
#RUN sed -i 's/pkgver=0\.9\.13/pkgver=0\.9\.10/' APKBUILD
#RUN abuild checksum
WORKDIR /tmp/aports
RUN git pull
+
WORKDIR /tmp/aports/community/xrdp
-RUN abuild fetch
-RUN abuild unpack
-RUN abuild deps
-RUN abuild prepare
-RUN abuild build
-RUN abuild rootpkg
+RUN abuild fetch; \
+ abuild unpack; \
+ abuild deps; \
+ abuild prepare; \
+ abuild build; \
+ abuild rootpkg;
+ARG PULSE_VER="17.0"
+ENV PULSE_VER=${PULSE_VER}
WORKDIR /tmp/aports/community/pulseaudio
-RUN abuild fetch
-RUN abuild unpack
-RUN abuild deps
-RUN abuild prepare
-RUN abuild build
-RUN abuild rootpkg
-WORKDIR /tmp/aports/community/pulseaudio/src/pulseaudio-13.0
+RUN abuild fetch; \
+ abuild unpack; \
+ abuild deps; \
+ abuild prepare; \
+ abuild build; \
+ abuild rootpkg;
+WORKDIR /tmp/aports/community/pulseaudio/src/pulseaudio-"${PULSE_VER}"
RUN cp ./output/config.h .
-WORKDIR /tmp/aports/testing/xorgxrdp
-RUN abuild fetch
-RUN abuild unpack
-RUN abuild deps
-RUN abuild prepare
-RUN abuild build
-RUN abuild rootpkg
+WORKDIR /tmp/aports/community/xorgxrdp
+RUN abuild fetch; \
+ abuild unpack; \
+ abuild deps; \
+ abuild prepare; \
+ abuild build; \
+ abuild rootpkg;
-ARG XRDPPULSE_VER="0.4"
+ARG XRDPPULSE_VER="0.6"
ENV XRDPPULSE_VER=${XRDPPULSE_VER}
+
RUN echo sdk | sudo -S ls && echo "echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing'>>/etc/apk/repositories" | sudo sh
RUN echo sdk | sudo -S apk update
RUN echo sdk | sudo -S apk add pulseaudio-dev xrdp-dev xorgxrdp-dev
WORKDIR /tmp
-RUN wget https://github.com/neutrinolabs/pulseaudio-module-xrdp/archive/v"${XRDPPULSE_VER}".tar.gz -O pulseaudio-module-xrdp-"${XRDPPULSE_VER}".tar.gz
+RUN wget https://github.com/neutrinolabs/pulseaudio-module-xrdp/archive/refs/tags/v"${XRDPPULSE_VER}".tar.gz -O pulseaudio-module-xrdp-"${XRDPPULSE_VER}".tar.gz
RUN tar -zxf pulseaudio-module-xrdp-"${XRDPPULSE_VER}".tar.gz
WORKDIR /tmp/pulseaudio-module-xrdp-"${XRDPPULSE_VER}"
RUN ./bootstrap
-RUN ./configure PULSE_DIR=/tmp/aports/community/pulseaudio/src/pulseaudio-13.0
+RUN ./configure PULSE_DIR=/tmp/aports/community/pulseaudio/src/pulseaudio-"${PULSE_VER}"
RUN make
RUN echo sdk | sudo -S make install
-RUN ls -al /tmp/pulseaudio-module-xrdp-0.4/src/.libs/module-xrdp-sink.so
-RUN ls -al /tmp/pulseaudio-module-xrdp-0.4/src/.libs/module-xrdp-source.so
+RUN ls -al /tmp/pulseaudio-module-xrdp-"${XRDPPULSE_VER}"/src/.libs/module-xrdp-sink.so
+RUN ls -al /tmp/pulseaudio-module-xrdp-"${XRDPPULSE_VER}"/src/.libs/module-xrdp-source.so
# RUN STOP
@@ -58,17 +77,18 @@ RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing">>/etc/apk/repositor
RUN apk --update --no-cache add \
alpine-conf \
bash \
- chromium \
dbus \
faenza-icon-theme \
- firejail \
libpulse \
openssh \
paper-gtk-theme \
paper-icon-theme \
pavucontrol \
+ pkgconf \
+ openssl \
pulseaudio \
pulseaudio-utils \
+ pulseaudio-dev \
pulsemixer \
setxkbmap \
slim \
@@ -77,12 +97,7 @@ RUN apk --update --no-cache add \
thunar-volman \
ttf-freefont \
util-linux \
- vim \
- wireshark \
- vlc-qt \
xauth \
- xf86-input-keyboard \
- xf86-input-mouse \
xf86-input-synaptics \
xfce4 \
xfce4-pulseaudio-plugin \
@@ -90,25 +105,127 @@ RUN apk --update --no-cache add \
xinit \
xorg-server \
xorgxrdp \
+ xterm \
xrdp \
+ dcron \
+ git \
+ gvim \
+ librewolf \
+ netsurf \
+ vim \
+ chicago95 \
+ chicago95-fonts \
+ chicago95-icons \
&& rm -rf /tmp/* /var/cache/apk/*
-# RUN rm -rf /usr/lib/pulse-13.0/modules
-COPY --from=builder /usr/lib/pulse-13.0/modules /usr/lib/pulse-13.0/modules
-COPY --from=builder /tmp/pulseaudio-module-xrdp-0.4/src/.libs /tmp/libs
-WORKDIR /tmp/libs
-COPY --from=builder /tmp/pulseaudio-module-xrdp-0.4/build-aux/install-sh /bin
-RUN install-sh -c -d '/usr/lib/pulse-13.0/modules'
+COPY --from=builder /tmp/pulseaudio-module-xrdp-0.6/src/.libs/module-xrdp-sink.so /tmp/module-xrdp-sink.so
+COPY --from=builder /tmp/pulseaudio-module-xrdp-0.6/src/.libs/module-xrdp-source.so /tmp/module-xrdp-source.so
-#COPY --from=builder /home/sdk/packages/testing/x86_64/firefox.apk /tmp/firefox.apk
-RUN ldconfig -n /usr/lib/pulse-13.0/modules
-RUN ls $(pkg-config --variable=modlibexecdir libpulse)
+# Install them into whatever dir this pulseaudio expects
+RUN PULSE_MODDIR="$(pkg-config --variable=modlibexecdir libpulse)" \
+ && mkdir -p "$PULSE_MODDIR" \
+ && install -m 755 /tmp/module-xrdp-sink.so "$PULSE_MODDIR/module-xrdp-sink.so" \
+ && install -m 755 /tmp/module-xrdp-source.so "$PULSE_MODDIR/module-xrdp-source.so" \
+ && rm /tmp/module-xrdp-sink.so /tmp/module-xrdp-source.so
RUN mkdir -p /var/log/supervisor
+
# add scripts/config
ADD etc /etc
ADD bin /bin
+# Disable XFCE compositing (improved RDP performance)
+RUN mkdir -p /etc/xdg/xfce4/xfconf/xfce-perchannel-xml \
+ && cat > /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfwm4.xml << 'EOF'
+
+
+
+
+
+
+
+EOF
+
+# Disable wallpaper
+RUN mkdir -p /etc/xdg/xfce4/xfconf/xfce-perchannel-xml \
+ && cat > /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml << 'EOF'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+EOF
+
+
+RUN mkdir -p /etc/xdg/xfce4/xfconf/xfce-perchannel-xml \
+ && cat > /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml << 'EOF'
+
+
+
+
+
+
+
+
+EOF
+
+#remove .xsession
+RUN rm -f /etc/skel/.xsession
+
+RUN cat > /etc/xrdp/startwm.sh << 'EOF' \
+ && chmod 755 /etc/xrdp/startwm.sh
+#!/bin/sh
+
+# Load system and user profiles (for PATH, locale, etc.)
+[ -r /etc/profile ] && . /etc/profile
+[ -r "$HOME/.profile" ] && . "$HOME/.profile"
+
+# Make sure we have an XDG runtime dir (needed by pulseaudio and friends)
+if [ -z "$XDG_RUNTIME_DIR" ]; then
+ export XDG_RUNTIME_DIR=/tmp/xdg-runtime-$UID
+ mkdir -p "$XDG_RUNTIME_DIR"
+ chmod 700 "$XDG_RUNTIME_DIR"
+fi
+
+# Start a per-user dbus session (if not already running)
+if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then
+ eval "$(dbus-launch --sh-syntax --exit-with-session)" || echo "dbus-launch failed" >&2
+fi
+
+# Start PulseAudio for this RDP session
+pulseaudio --start --exit-idle-time=-1 || echo "pulseaudio failed to start" >&2
+
+# If the user has their own X session script, hand off to it.
+# Using "exec" means we *never* come back here if it succeeds.
+if [ -x "$HOME/.xsession" ]; then
+ "$HOME/.xsession"
+fi
+
+if [ -x "$HOME/.xinitrc" ]; then
+ exec "$HOME/.xinitrc"
+fi
+
+# Fallback: no user script, so start the default DE
+exec startxfce4
+xterm
+EOF
+
# prepare user alpine
RUN addgroup alpine \
&& adduser -G alpine -s /bin/sh -D alpine \
@@ -118,6 +235,13 @@ RUN addgroup alpine \
# prepare xrdp key
RUN xrdp-keygen xrdp auto
+# XRDP config tweaks
+RUN sed -i 's/bitmap_compression=true/bitmap_compression=false/' /etc/xrdp/xrdp.ini \
+ && sed -i 's/security_layer=negotiate/security_layer=tls/' /etc/xrdp/xrdp.ini
+
+# Make startwm.sh executable by alpine user.
+RUN chmod 755 /etc/xrdp
+
EXPOSE 3389 22
VOLUME ["/etc/ssh"]
ENTRYPOINT ["/bin/docker-entrypoint.sh"]
diff --git a/Readme.md b/Readme.md
index 5809f71..c61e467 100644
--- a/Readme.md
+++ b/Readme.md
@@ -4,8 +4,6 @@ Alpine linux xrdp server with xfce4 rdp server with vlc and chromium.
The xrdp audio is working and everything runs unprivileged.
Sessions run in firejail for security. Chromium sandbox is disabled.
-
-
# Start the server
```bash
@@ -28,3 +26,23 @@ docker exec -ti rdp passwd alpine
```bash
docker exec -ti rdp adduser myuser
```
+
+# Run shell inside for management
+```bash
+docker exec -ti rdp /bin/sh
+```
+
+# Building
+cd to this directory.
+```
+docker build --tag 'alpine-xfce4-xrdp' .
+```
+Run the built container:
+```
+docker run -d --name rdp --shm-size=1g -p 3389:3389 'alpine-xfce4-xrdp'
+```
+Run the built in container with RAMdisks to boost performance on spinning disk systems:
+```
+docker run -d --tmpfs /tmp:rw,size=1G --tmpfs /run:rw,size=64m --tmpfs /home/alpine/.cache:rw,size=1G --name rdp --shm-size=1g -p 33389:3389 'alpine-xfce4-xrdp'
+```
+
diff --git a/bin/docker-entrypoint.sh b/bin/docker-entrypoint.sh
index 6bfaf45..87bdd87 100755
--- a/bin/docker-entrypoint.sh
+++ b/bin/docker-entrypoint.sh
@@ -33,12 +33,11 @@ fi
mkdir -p /var/run/sshd
# generate machine-id
-uuidgen > /etc/machine-id
+dbus-uuidgen > /etc/machine-id
# set keyboard for all sh users
echo "export QT_XKB_CONFIG_ROOT=/usr/share/X11/locale" >> /etc/profile
-
source /etc/profile
exec "$@"
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..9572ffa
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,14 @@
+version: '3.4'
+
+services:
+ alpine-xfce4-xrdp:
+ image: alpine-xfce4-xrdp:17
+ hostname: alpine-xfce4-xrdp
+ shm_size: '1gb'
+ devices:
+ - /dev/fuse
+ build:
+ context: .
+ dockerfile: ./Dockerfile
+ ports:
+ - "3389:3389"
diff --git a/etc/pulse/default.pa b/etc/pulse/default.pa
new file mode 100644
index 0000000..2ebc8eb
--- /dev/null
+++ b/etc/pulse/default.pa
@@ -0,0 +1,8 @@
+load-module module-native-protocol-unix
+load-module module-default-device-restore
+load-module module-rescue-streams
+load-module module-always-sink
+load-module module-suspend-on-idle
+load-module module-xrdp-sink
+load-module module-xrdp-source
+
diff --git a/etc/supervisor/conf.d/crond.conf b/etc/supervisor/conf.d/crond.conf
new file mode 100644
index 0000000..8cc3a0f
--- /dev/null
+++ b/etc/supervisor/conf.d/crond.conf
@@ -0,0 +1,9 @@
+[program:crond]
+command=/usr/sbin/crond -f -l 2
+user=root
+autostart=true
+autorestart=true
+priority=300
+stdout_logfile=/var/log/crond.log
+stderr_logfile=/var/log/crond.err
+
diff --git a/etc/xrdp/pulse/default.pa b/etc/xrdp/pulse/default.pa
deleted file mode 100644
index 43b41b6..0000000
--- a/etc/xrdp/pulse/default.pa
+++ /dev/null
@@ -1,11 +0,0 @@
-.nofail
-.fail
-load-module module-augment-properties
-load-module module-always-sink
-.ifexists /usr/lib/pulse-13.0/modules/module-xrdp-sink.so
-load-module /usr/lib/pulse-13.0/modules/module-xrdp-sink
-.endif
-.ifexists /usr/lib/pulse-13.0/modules/module-xrdp-source.so
-load-module /usr/lib/pulse-13.0/modules/module-xrdp-source
-.endif
-load-module module-native-protocol-unix
diff --git a/etc/xrdp/startwm.sh b/etc/xrdp/startwm.sh
deleted file mode 100755
index 1ce3cba..0000000
--- a/etc/xrdp/startwm.sh
+++ /dev/null
@@ -1,111 +0,0 @@
-#!/usr/bin/env bash
-#
-# This script is an example. You might need to edit this script
-# depending on your distro if it doesn't work for you.
-#
-# Uncomment the following line for debug:
-# exec xterm
-
-
-# Execution sequence for interactive login shell - pseudocode
-#
-# IF /etc/profile is readable THEN
-# execute ~/.bash_profile
-# END IF
-# IF ~/.bash_profile is readable THEN
-# execute ~/.bash_profile
-# ELSE
-# IF ~/.bash_login is readable THEN
-# execute ~/.bash_login
-# ELSE
-# IF ~/.profile is readable THEN
-# execute ~/.profile
-# END IF
-# END IF
-# END IF
-pre_start()
-{
- if [ -r /etc/profile ]; then
- . /etc/profile
- fi
- if [ -r ~/.bash_profile ]; then
- . ~/.bash_profile
- else
- if [ -r ~/.bash_login ]; then
- . ~/.bash_login
- else
- if [ -r ~/.profile ]; then
- . ~/.profile
- fi
- fi
- fi
- return 0
-}
-
-# When loging out from the interactive shell, the execution sequence is:
-#
-# IF ~/.bash_logout exists THEN
-# execute ~/.bash_logout
-# END IF
-post_start()
-{
- if [ -r ~/.bash_logout ]; then
- . ~/.bash_logout
- fi
- return 0
-}
-
-#start the window manager
-wm_start()
-{
- if [ -r /etc/default/locale ]; then
- . /etc/default/locale
- export LANG LANGUAGE
- fi
-
- # debian
- if [ -r /etc/X11/Xsession ]; then
- pre_start
- . /etc/X11/Xsession
- post_start
- exit 0
- fi
-
- # el
- if [ -r /etc/X11/xinit/Xsession ]; then
- pre_start
- . /etc/X11/xinit/Xsession
- post_start
- exit 0
- fi
-
- # suse
- if [ -r /etc/X11/xdm/Xsession ]; then
- # since the following script run a user login shell,
- # do not execute the pseudo login shell scripts
- . /etc/X11/xdm/Xsession
- exit 0
- fi
-
- pre_start
- xterm
- post_start
-}
-
-#. /etc/environment
-#export PATH=$PATH
-#export LANG=$LANG
-
-# change PATH to be what your environment needs usually what is in
-# /etc/environment
-#PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"
-#export PATH=$PATH
-
-# for PATH and LANG from /etc/environment
-# pam will auto process the environment file if /etc/pam.d/xrdp-sesman
-# includes
-# auth required pam_env.so readenv=1
-
-firejail xfce4-session
-
-exit 1