Ubuntu 18.04 with xRDP & XFCE4

For this, I'm using an Ubuntu 18.04 headless host machine. On the host, LXD 3.0 is installed and configured with a public network. No port forwarding is required, and this is left ans an exercise for the reader. Instead, you can also just install the software on the host machine, but still.

LXC-containers don't have overhead like KVM does. They do, however, share the kernel with the host.

Creating the container

lxc launch ubuntu:18.04 rdp
lxc exec rdp /bin/bash
echo 'network: {config: disabled}' > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
vim /etc/netplan/50-cloud-init.yaml
netplan apply # or just reboot to be sure.

For an example config with static IP-addresses:

network:
  version: 2
  ethernets:
    eth0:
      dhcp4: no
      dhcp6: no
      gateway4: '198.51.100.1'
      gateway6: '2001:db8::1'
      addresses:
        - '198.51.100.2/24'
        - '2001:db8::3389/32'
      nameservers:
        addresses:
          - '1.1.1.1'
          - '1.0.0.1'
          - '2606:4700:4700::1111'
          - '2606:4700:4700::1001'

Delete the default user

By default, OpenSSH Server is installed and configure to not allow password logins. However, the Ubuntu install does come with a passwordless user, and it's better to be safe than sorry:

userdel -r ubuntu

Installing the software

apt update
apt upgrade -y
apt install xrdp
apt install xfce4

Configure the window manager

Open /etc/xrdp/startwm.sh and comment out or remove the following lines:

test -x /etc/X11/Xsession && exec /etc/X11/Xsession
exec /bin/sh /etc/X11/Xsession

Instead, add this (and/or make sure it's above the two lines above, exec will end the script anyway):

exec /usr/bin/startxfce4

Add user accounts and configure them

useradd -m finalx
passwd finalx
echo xfce4-session > /home/finalx/.xsession
chown finalx:finalx /home/finalx/.xsession

Restart xRDP

systemctl restart xrdp

Logging in

Fire up your Remote Desktop Connection client (Windows 7/10 for example) and connect to the public IP. Setting up and configuring the firewall is left to the reader as well: You need to have port 3389/tcp open to where you wish to connect from.

The credentials you can use are that of the account you just created, or any other account that is present. If you wish to change the password, it's as easy as using passwd on the account.