Dockerfile

FROM public.ecr.aws/ubuntu/ubuntu:22.04

LABEL authors="Satish Gaikwad<satish@satishweb.com>"

ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update

# Disable auto installation of recommended packages, too many unwanted packages gets installed without this
RUN apt-config dump | grep -we Recommends -e Suggests | sed s/1/0/ | tee /etc/apt/apt.conf.d/999norecommend

# Install basic system packages
RUN apt-get install -y \
    ca-certificates \
    software-properties-common \
    && apt-get clean

# Install desktop environment and other system tools
RUN apt-get update && apt-get -y install \
    xorg \
    xfce4 \
    supervisor \
    vim \
    openssh-server \
    nano \
    xubuntu-desktop \
    xubuntu-artwork \
    xubuntu-default-settings \
    xserver-xorg-video-all \
    xserver-xorg-video-dummy \
    xfonts-cyrillic \
    xfonts-100dpi \
    xfonts-75dpi \
    mesa-utils \
    libxcb-icccm4 \
    libxcb-image0 \
    libxcb-keysyms1 \
    libxcb-render-util0 \
    xsel \
    mesa-utils-extra \
    xfonts-scalable \
    xorgxrdp \
    dbus-x11 \
    kmod \
    python3-pip \
    python3-dev \
    python3-venv \
    rsync \
    build-essential \
    pkg-config \
    procps \
    xfce4-appmenu-plugin \
    xfce4-datetime-plugin \
    xfce4-goodies \
    xfce4-terminal \
    xfce4-taskmanager \
    desktop-file-utils \
    fonts-dejavu \
    less \
    multitail \
    fonts-noto \
    fonts-noto-color-emoji \
    fonts-ubuntu \
    menu \
    menu-xdg \
    net-tools \
    xdg-utils \
    xfonts-base \
    xinput \
    xutils \
    xz-utils \
    zenity \
    git \
    zip \
    bash \
    bash-completion \
    binutils \
    file \
    iputils-ping \
    pavucontrol \
    pciutils \
    psmisc \
    fakeroot \
    fuse \
    xfonts-base \
    xterm \
    sudo \
    wget \
    curl \
    gpg-agent \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*deb

# for reticulum and other development
RUN apt-get update && apt-get -y install \
    openjdk-17-jdk cmake autoconf autotools-dev \
    automake libtool libltdl-dev libffi-dev python3-openssl libssl-dev \
    sphinx python3-sphinx-copybutton texlive-full latexmk \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*deb

RUN apt-get update && apt-get -y install xrdp \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*deb

## XRDP Config
RUN printf '%s\n' 'session required pam_env.so readenv=1' >> /etc/pam.d/xrdp-sesman
# send xrdp services output to stdout
RUN ln -sf /dev/stdout /var/log/xrdp.log
RUN ln -sf /dev/stdout /var/log/xrdp-sesman.log

# Disable forking, new cursors and enable high tls ciphers for xrdp
RUN sed -i "\
  s/fork=true/fork=false/g; \
  s/\#tls_ciphers=HIGH/tls_ciphers=HIGH/g; \
  s/^new_cursors=true/new_cursors=false/g \
" /etc/xrdp/xrdp.ini

# Disable root login and syslog logging for xrdp-sesman
RUN sed -i "\
  s/AllowRootLogin=true/AllowRootLogin=false/g; \
  s/EnableSyslog=1/EnableSyslog=0/g \
" /etc/xrdp/sesman.ini

# Disable light-locker
RUN ln -s /usr/bin/true /usr/bin/light-locker
COPY files/supervisor.xrdp.conf /etc/supervisor/conf.d/
# Remove annoying multiple auth popups after rdp login
COPY files/46-allow-update-repo.pkla /etc/polkit-1/localauthority/50-local.d/46-allow-update-repo.pkla
# Allow all users to start xserver
RUN echo 'allowed_users=anybody' > /etc/X11/Xwrapper.config
RUN chmod g+w /etc/xrdp
RUN chmod u+s /usr/sbin/xrdp-sesman
RUN chmod u+s /usr/sbin/xrdp

# Install firefox and get rid of snapd
RUN add-apt-repository -y ppa:mozillateam/ppa && \
    apt-get -y update && \
    apt-get -y upgrade && \
    apt-get -y purge snapd ;\
    apt-get -y install firefox-esr && \
    apt-get clean

## User Config
RUN useradd -d /home/guest -s /bin/bash -c "Guest User" guest
# Add xrdp user to ssl-cert to allow access to cert files generated by system
RUN usermod -a -G ssl-cert xrdp
# Allow guest to be sudo to install any new packages
RUN usermod -a -G sudo guest
RUN echo '%guest ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
RUN mkdir /home/guest
RUN echo 'guest:guest' | chpasswd
# Copy xsessionrc file as template inside.
# Docker entrypint script will copy this file into guest home dir.
COPY files/xsessionrc /xsessionrc

RUN chown -Rf guest:guest /home/guest/

# DBus config
RUN mkdir -p /var/run/dbus
RUN chown messagebus:messagebus /var/run/dbus
RUN dbus-uuidgen > /var/lib/dbus/machine-id

COPY docker-entrypoint /docker-entrypoint

EXPOSE 3389

ENTRYPOINT ["/docker-entrypoint"]
CMD [ "/usr/bin/supervisord", "-n" ]