Introduction
Xrdp is an open source Remote Desktop Protocol server which uses RDP to present a Graphic User Interface to the client. In this we will help you to setup and configure a xrdp server with Let's Encrypt certificate.
Prerequisites
- Root user or a user with root privileges
- Working SSH connection on the server
Step 1 - Log in to your server
Open a terminal and log in to your server using SSH
$ ssh root@ip_address_or_domain
Step 2 - Install dependencies
$ apt-get install wget unzip curl socat git
Step 3 - Install Display Manager
If your server has already a display manager you can skip this step and proceed with step 4. In this article, we are installing Gnome since we have executed a test with Gnome. You are free to choose another display manager.
$ apt install gnome-session gdm3
Step 4 - Download automated Xrdp script
We are using a bash script written by Griffon he has written an automated installation script for Xrdp.
$ cd /tmp/
$ wget http://www.c-nergy.be/downloads/Std-Xrdp-Install-0.5.zip
Step 5 - Make the script executable
$ chmod +x Std-Xrdp-Install-0.5.sh
Step 6 - Run the Xrdp script
The xrdp script accepts two parameters, -s yes will fix the sound redirection within the xrdp session and the -g yes will implement the sound redirection fix and gdm lock screen fix within the Xrdp session.
$ ./Std-Xrdp-Install-0.5.sh -s yes -g yes
Step 7 - Create Xrdp user
$ adduser <username>
Step 8 - Add user to Xrdp group
$ usermod -G xrdp <username>
Step 9 - Reboot
Reboot the server to apply the new changes.
$ Reboot
Step 10 - Test Xrdp
You should now be able to use RDP client to connect to your server. You should see a pop up with a certificate warning.
Step 11 - Download Acme.sh
$ cd /tmp
$ git clone https://github.com/Neilpang/acme.sh.git
Step 12 - Advanced Installation
$ cd acme.sh
$ ./acme.sh --install \
$ --home /usr/local/acme.sh \
$ --certhome /var/www/letsencrypt/ \
$ --accountemail "hi@acme.sh"
Step 13 - Issue a certificate
$ acme.sh --issue -d example.com -w /home/wwwroot/example.com
Step 14 - Configure Xrdp to use Let's Encrypt certificate
Find the two lines certificate=& key_file= and edit these two lines with the path to the certificates which is issued in step 13.
$ nano /etc/xrdp/xrdp.ini
certificate=/usr/local/acme.sh/example.com/fullchain.cer
key_file=/usr/local/acme.sh/example.com/example.com.key
Step 15 - Restart Xrdp
Restart the xrdp service to apply the changes.
$ systemctl restart xrdp
Step 16 - Login via Xrdp
Log in via RDP to your server, rdp should not show you any warning. If you get any certificate issue the configuration was not successful and it should be debugged.
Conclusion
Congratulations, you should now have a working Xrdp server with a Let's Encrypt certificate.
Leave a Reply