Re: graphical session in LXC automatically started at boot and reachable via VNC/RDP/X2GO

To: debian-user@lists.debian.org
Cc: Ma_Sys.ma@web.de
Subject: Re: graphical session in LXC automatically started at boot and reachable via VNC/RDP/X2GO
From: Yvan Masson <yvan@masson-informatique.fr>
Date: Wed, 30 Dec 2020 20:33:42 +0100
Message-id: <[🔎] 812fa7d3-bb7f-b148-a510-c955d7138f68@masson-informatique.fr>
In-reply-to: <[🔎] cone.1609283460.684404.2930.1000@masysma-18>
References: <[🔎] 21eb168f-4fcf-dd27-505a-bf866a6773b3@masson-informatique.fr> <[🔎] cone.1609283460.684404.2930.1000@masysma-18>

Le 30/12/2020 à 00:11, Linux-Fan a écrit :

Yvan Masson writes:
Hi list,
I need to run a graphical software called Noethys that also listens onsome TCP port. It:
1. needs to be reachable from the network during work hours
2. needs to be accessible remotely a few times per day, mainly by aWindows workstation on the LAN
[...]
I am facing the following difficulties/questions:
- running a normal X11 server in a container does not work because itwould need to access some special files in /dev/, so it needs extrasetup in the container and this scares me a bit
I tried that unsuccessfully a few times, too. My take: Containers arenot for virtualizing graphics. I use VMs or even more lightweight thingslike `firejail` or `chroot` for "normal X11 server" purposes.
- however, after installing xrdp and x2go servers in the container, Ican successfully connect remotely with these respective protocolswithout any particular setup. I would really like to find a way toautomatically start a X11 session at boot in same way xrdp or x2go doit (I would then stick with this protocol)
VNC in containers works for me :) It does pretty much work as youdescribed, i.e. starting the things automatically. I currently use ascript [1], but had I known before that systemd supports containers, Iwould have possibly chosen to run it inside the container for servicemanagement (avoids writing one's own logic to detect stopped servicesetc.).
Has someone already done something similar? What would be your advice?
Yes, see [1]. I did it in Docker (i.e. not LXC) and it seems to workjust fine. Some ideas:
* Make sure to consider software upgrades for the containers. I do somesort of peridoic unattended-upgrades _inside_ the container [2], but "bestpractice"
   would suggest to re-create the containers all of the time (to have them
   mostly stateless, that is).
* Consider encrypting your VNC/X11 traffic. SSH was already suggested inthe
   thread and is newly officially available for Windows clients, too!

[1] https://github.com/m7a/lo-megasync/blob/master/megasync_ctrl.sh

[2] https://masysma.lima-city.de/32/trivial_automatic_update.xhtml

[...]

HTH
Linux-Fan

öö


Thanks for your answers!

I did a few tests, it is indeed not straightforward to run X11 in a LXCcontainer… Indeed, applying security updates in the container is mandatory.

What I did not understand from your answers (sorry maybe I missedsomething) is how to start the graphical session automatically when thecontainer starts, so that the software can be started and listening onthe network, and then later someone can attach to this session withVNC/RDP/X2GO. It seems your script Linux-Fan starts a VNC server, butdoes it start a session in it?

Reply to:

Follow-Ups:
- Re: graphical session in LXC automatically started at boot and reachable via VNC/RDP/X2GO
  - From: Linux-Fan <Ma_Sys.ma@web.de>

References:
- graphical session in LXC automatically started at boot and reachable via VNC/RDP/X2GO
  - From: Yvan Masson <yvan@masson-informatique.fr>
- Re: graphical session in LXC automatically started at boot and reachable via VNC/RDP/X2GO
  - From: Linux-Fan <Ma_Sys.ma@web.de>

Prev by Date: Re: mdadm usage
Next by Date: Re: mdadm usage
Previous by thread: Re: graphical session in LXC automatically started at boot and reachable via VNC/RDP/X2GO
Next by thread: Re: graphical session in LXC automatically started at boot and reachable via VNC/RDP/X2GO
Index(es):
- Date
- Thread