Introduction
Xrdp is an open source Remote Desktop Protocol server which uses RDP to present a Graphic User Interface to the client. In this we will help you to setup and configure a xrdp server with Let’s Encrypt certificate.
Prerequisites
Root user or a user with root privileges
Working SSH connection on the server
Step 1 – Log in to your server
Open a terminal and log in to your server using SSH
ssh root@ip_address_or_domain
Step 2 – Install dependencies
apt-get install wget unzip curl socat git
Step 3 – Install Display Manager
If your server has already a display manager you can skip this step and proceed with step 4. In this article, we are installing Gnome since we have executed a test with Gnome. You are free to choose another display manager.
apt install gnome-session gdm3
Step 4 – Download automated Xrdp script
We are using a bash script written by Griffon he has written an automated installation script for Xrdp.
mkdir -p /tmp/xrdp
cd /tmp/
wget http://www.c-nergy.be/downloads/Std-Xrdp-Install-0.5.zip
unzip Std-Xrdp-Install-0.5.zip -d /tmp/xrdp
cd /tmp/xrdp
Step 5 – Make the script executable
chmod +x Std-Xrdp-Install-0.5.sh
Step 6 – Run the Xrdp script
The xrdp script accepts two parameters, -s yes will fix the sound redirection within the xrdp session and the -g yes will implement the sound redirection fix and gdm lock screen fix within the Xrdp session.
./Std-Xrdp-Install-0.5.sh -s yes -g yes
Step 7 – Create Xrdp user
adduser <username>
Step 8 – Add user to Xrdp group
usermod -G xrdp <username>
Step 9 – Reboot
Reboot the server to apply the new changes.
reboot
Step 10 – Test Xrdp
You should now be able to use RDP client to connect to your server. You should see a pop up with a certificate warning.
Step 11 – Download Acme.sh
cd /tmp git clone https://github.com/Neilpang/acme.sh.git
Step 12 – Advanced Installation
cd acme.sh ./acme.sh --install --home /usr/local/acme.sh --certhome /var/www/letsencrypt/ --accountemail "[email protected]"
Step 13 – Issue a certificate
acme.sh --issue -d example.com -w /home/wwwroot/example.com
Step 14 – Configure Xrdp to use Let’s Encrypt certificate
Find the two lines certificate=& key_file= and edit these two lines with the path to the certificates which is issued in step 13.
nano /etc/xrdp/xrdp.ini
certificate=/usr/local/acme.sh/example.com/fullchain.cer key_file=/usr/local/acme.sh/example.com/example.com.key
Step 15 – Restart Xrdp
Restart the xrdp service to apply the changes.
systemctl restart xrdp
Step 16 – Login via Xrdp
Log in via RDP to your server, rdp should not show you any warning. If you get any certificate issue the configuration was not successful and it should be debugged.
Conclusion
Congratulations, you should now have a working Xrdp server with a Let’s Encrypt certificate.
forgot the unzip step before chmod +x Std-Xrdp-Install-0.5.sh
Thanks, I have updated the unzip.
Can't get the certificate part to work./.acme.sh.
The certifcate are generated, but xrdp isn't picking it up.
While trying to follow these steps, i wasnt able to install to /usr/local/acme.sh
Instead i used –install –home /home/
ls -l of the folder containing the certificates: ssl-cert 4399 okt 24 18:34 ca.cer ssl-cert 6737 okt 24 18:34 fullchain.cer ssl-cert 2338 okt 24 18:34 .freeddns.org.cer ssl-cert 572 okt 24 18:34 .freeddns.org.conf ssl-cert 1054 okt 24 18:33 .freeddns.org.csr ssl-cert 207 okt 24 18:33 .freeddns.org.csr.conf ssl-cert 1675 okt 24 17:28 .freeddns.org.key
-rw-rw-r– 1
-rw-r–r– 1
-rw-r–r– 1
-rw-rw-r– 1
-rw-rw-r– 1
-rw-rw-r– 1
-rw-r—– 1
under xrdp.ini/.acme.sh/.freeddns.org/fullchain.cer/.acme.sh/.freeddns.org/ .freeddns.org.key
;certificate=/home/
;key_file=/home/
Any advise?
I would like to advise you under which user xrdp runs at. Most probably this is a permission issue. Also check logfiles. Unfortunately I'm unable to provide exact instructions as to which logfiles should be checked, these instructions are old.