For my hamradio adventures I use a graphical Debian workstation to log QSOs and do digital modes like FT8 and WSPR. In the past, this workstation ran on a thin client I bought cheap from Marktplaats. Later on I converted it to a virtual machine which ran on my Proxmox host. I connected with RDP to login to the graphical desktop. It worked a bit slow and certainly when updating the graphical elements on the screen. But it proved its purpose for a couple of years.
This week I build a new graphical workstation, but now running as a container on the Proxmox host. And this time it uses the on-board GPU for hardware acceleration. And this all works now a bit faster. I use xrdp to be able to login from my laptop on the system and I enabled playing sound from the container on my local machine using a module for xrdp and Pipewire running on the container as the audio server.
The container has 3 GB RAM and 20 GB disk space. Also two vCPUs were added to the mix. I used as a template for the container debian-12-standard_12.7_amd64.tar.zst. The container is unprivileged!
To speed up the graphical updates, I’m using the GPU to accelerate this the hardware way. To be able to do this, you have to passthrough the devices in /dev which gives access to the GPU. First I looked up the contents of /dev/dri on the Proxmox host:
The needed device files are /dev/dri/card0 and /dev/dri/renderD128. Also take a look at the GID’s of these devices. I did two greps:
cat /etc/group | grep video
cat /etc/group | grep render
The GID for video is 44 and for render it’s 104. You need these numbers for passing through both devices. In the Proxmox GUI I configured this in the passthrough settings (Resources: Add – Device Passthrough):
and
After installation I updated the container with:
apt update
apt upgradeNext I created a user which I will use normally. In my case this is ‘alexanderl’. I added the sudo package to be able to do root tasks:
apt install sudo
useradd -m -s /bin/bash alexanderl
usermod -aG sudo,adm alexanderl
passwd alexanderlAfter doing this, I rebooted the LXC container. Next step was installing the Gnome software and a step to generate a locale. I choose the en_US.utf8 locale. Enter these commands:
dpkg-reconfigure locales
apt install gnomeThe second step takes some time, as more than 3 gigabyte of software is installed on the system. But this gives you a quite complete graphical workstation. Go out for a walk or take a coffee!
When this has been done, we are going to add XRDP. This makes it possible to login on the workstation from another pc or notebook. On Windows and Mac you can use Remote Desktop (or Windows App as its going to be called in the future; on the Mac at least). On Linux, you have applications like xfreedesktop.
I choose not to install the packaged version of xrdp, but compile it for source. This because I want hardware acceleration to be enabled and I also want to add a module to be able to route the audio playing on the workstation to the local notebook using the RDP session.
From GitHub I downloaded the latest versions of xrdp, xorgxrdp and pipewire-module-xrdp on the container. In this case:
https://github.com/neutrinolabs/xrdp/releases/download/v0.10.3/xrdp-0.10.3.tar.gz
https://github.com/neutrinolabs/xorgxrdp/releases/download/v0.10.4/xorgxrdp-0.10.4.tar.gz
https://github.com/neutrinolabs/pipewire-module-xrdp/archive/refs/tags/v0.1.tar.gz
I do al this as the user alexanderl. I created a folder named src in /home/alexanderl and first untarred the xrdp file:
cd /home/alexanderl/src
tar zxvf /home/alexanderl/downloads/xrdp-0.10.3.tar.gzBefore compiling the source code, we need to install some extra packages on the container. You need to add the non-free and non-free-firmware repositories to every line in /etc/apt/sources.list. It should look like this:
After this is done, please run:
sudo apt update
sudo apt install build-essential autoconf automake libtool pkg-config
sudo apt install libssl-dev libimlib2-dev libpam0g-dev libfuse3-dev libfdk-aac-dev libopus-dev libmp3lame-dev libx264-dev libxfixes-dev libxrandr-dev nasmGo to the XRDP source directory and run these commands to compile the software:
cd /home/alexanderl/src/xrdp-0.10.3
./bootstrap
./configure --with-systemdsystemunitdir=/usr/lib/systemd/system --enable-ibus --enable-ipv6 --enable-jpeg --enable-fuse --enable-mp3lame --enable-fdkaac --enable-opus --enable-rfxcodec --enable-painter --enable-pixman --enable-utmp -with-imlib2 --with-freetype2 --enable-x264 --enable-glamor
make
sudo make install–enable-glamor is what enables the hardware acceleration.
Next is building the xorgxrdp source:
cd /home/alexanderl/src
tar zxvf /home/alexanderl/downloads/xorgxrdp-0.10.4.tar.gz
cd xorgxdp-0.10.4
sudo apt install xserver-xorg-dev libgbm-dev libepoxy-dev
./bootstrap
./configure --enable-glamor
make
sudo make installAnd last but not least is building the module to enable audio through a RDP session. That requires these steps:
cd /home/alexanderl/src
tar zxvf /home/alexanderl/downloads/v0.1.tar.gz
cd pipewire-module-xrdp-0.1
sudo apt install libpipewire-0.3-dev libspa-0.2-dev
make
sudo make installThat concludes building the necessary source code. Now, we are going to configure xrdp. The author recommends to run XRDP as a non-root user. We will take care of this:
sudo adduser --system --group --no-create-home --disabled-password --disabled-login --home /run/xrdp xrdpXRDP will run as a user called xrdp.
Next is editing the file /etc/xrdp/xrdp.ini. Uncomment two lines to look like this:
Save and exit.
Now uncomment this line in /etc/xrdp/sesman.ini:
SessionSockdirGroup=xrdpMake two files readable for the user xrdp:
sudo chmod 640 /etc/xrdp/rsakeys.ini
sudo chown root:xrdp /etc/xrdp/rsakeys.iniOne of the last steps is creating a SSL certificate and make it readable for the xrdp user. Follow these steps:
sudo make-ssl-cert generate-default-snakeoil
sudo ln -sf /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/xrdp/cert.pem
sudo ln -sf /etc/ssl/private/ssl-cert-snakeoil.key /etc/xrdp/key.pem
sudo usermod -a -G ssl-cert xrdpAnd we reached the final step, letting X Windows know it should run Gnome in its session. Do this as the user where you are going to log in with in GUI. Here it’s ‘alexanderl’
echo gnome-session > ~/.xsessionFinished! Reboot the container and try to log in using Remote Desktop on your local notebook or pc:
Does it work? And how does it perform? Let me know in the comments…