Xrdp with Let’s Encrypt on Ubuntu 18.04

Estimated reading time: 1 min

Introduction

Xrdp is an open source Remote Desktop Protocol server which uses RDP to present a Graphic User Interface to the client. In this we will help you to setup and configure a xrdp server with Let's Encrypt certificate.

Prerequisites

  • Root user or a user with root privileges
  • Working SSH connection on the server

Step 1 - Log in to your server

Open a terminal and log in to your server using SSH

$ ssh root@ip_address_or_domain

Step 2 - Install dependencies

$ apt-get install wget unzip curl socat git

Step 3 - Install Display Manager

If your server has already a display manager you can skip this step and proceed with step 4. In this article, we are installing Gnome since we have executed a test with Gnome. You are free to choose another display manager.

$ apt install gnome-session gdm3

Step 4 - Download automated Xrdp script

We are using a bash script written by Griffon he has written an automated installation script for Xrdp.

$ cd /tmp/
$ wget http://www.c-nergy.be/downloads/Std-Xrdp-Install-0.5.zip

Step 5 - Make the script executable

$ chmod +x Std-Xrdp-Install-0.5.sh

Step 6 - Run the Xrdp script

The xrdp script accepts two parameters, -s yes will fix the sound redirection within the xrdp session and the -g yes will implement the sound redirection fix and gdm lock screen fix within the Xrdp session.

$ ./Std-Xrdp-Install-0.5.sh -s yes -g yes

Step 7 - Create Xrdp user

$ adduser <username>

Step 8 - Add user to Xrdp group

$ usermod -G xrdp <username>

Step 9 - Reboot

Reboot the server to apply the new changes.

$ Reboot

Step 10 - Test Xrdp

You should now be able to use RDP client to connect to your server. You should see a pop up with a certificate warning.
Certificate warning

Step 11 - Download Acme.sh

$ cd /tmp
$ git clone https://github.com/Neilpang/acme.sh.git

Step 12 - Advanced Installation

$ cd acme.sh
$ ./acme.sh --install  \
$ --home /usr/local/acme.sh \
$ --certhome /var/www/letsencrypt/ \
$ --accountemail  "hi@acme.sh"

Step 13 -  Issue a certificate

$ acme.sh --issue -d example.com -w /home/wwwroot/example.com

Step 14 - Configure Xrdp to use Let's Encrypt certificate

Find the two lines certificate=& key_file= and edit these two lines with the path to the certificates which is issued in step 13.

$ nano /etc/xrdp/xrdp.ini
certificate=/usr/local/acme.sh/example.com/fullchain.cer
key_file=/usr/local/acme.sh/example.com/example.com.key

Step 15 - Restart Xrdp

Restart the xrdp service to apply the changes.

$ systemctl restart xrdp

Step 16 - Login via Xrdp

Log in via RDP to your server, rdp should not show you any warning. If you get any certificate issue the configuration was not successful and it should be debugged.

Conclusion

Congratulations, you should now have a working Xrdp server with a Let's Encrypt certificate.

Was this article helpful?
Dislike 0
Views: 87

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *