joyanhui/debian-i3-xrdp-novnc 公开的搭建过程

未使用Dockerfile 是因为搭建过程略微复杂，如果另外打包出来rootfs 也没有什么意义。所以干脆公开过程。

本文可能存在滞后，未经过严格整理和核对,所有历史命令，你在下述文件中均可以看到

1
2
3
4
docker exec -it dt  lxc exec dt cat /root/.bash_history
docker exec -it dt  lxc exec dt cat /home/yanhui/.bash_history
docker exec -it dt  lxc exec dt cat /home/yanhui/.zsh_history
docker exec -it dt cat /root/.ash_history

宿主用alpine

1
2
3
docker run -itd --restart=always   --name test --hostname test  --privileged=true \
   -p 333:3389 -p 2221:2222 -p 2222:2222 -p 888:8080   -p 6900-6905:5900-5905     -v /mnt:/mnt \
   alpine:3.18.2

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
docker exec -it test /bin/sh

sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories
apk add tzdata
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo "Asia/Shanghai" > /etc/timezone
apk del tzdata

apk add openssh lxd lxd-client lxcfs dbus


sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

echo "session optional pam_cgfs.so -c freezer,memory,name=systemd,unified" >> /etc/pam.d/system-login
echo "lxc.idmap = u 0 100000 65536" >> /etc/lxc/default.conf
echo "lxc.idmap = g 0 100000 65536" >> /etc/lxc/default.conf
echo "root:100000:65536" >> /etc/subuid
echo "root:100000:65536" >> /etc/subgid
echo "systemd_container=yes">> /etc/conf.d/lxc

1
2
3
4
5
6
7
8
# 处理 启动文件
echo "root:1" | chpasswd  # alpine的root密码改为1
# lxc lxd lxcfs dbus
echo "/usr/sbin/sshd -D" > /boot.sh
echo "lxd &" >> /boot.sh
echo "lxc start dt " >> /boot.sh
echo "tail -f /dev/null" >> /boot.sh
chmod +x /boot.sh

1
2
3
4
5
6
7
lxd &
lxd init # 全部默认 除了自动更新那个
lxc launch images:debian/12 dt
# 这个错误不影响 ERROR  [2023-07-06T21:40:35+08:00] balance: Unable to set cpuset                 err="setting cgroup item for the container failed" name=dt value="0,1,10,11,2,3,4,5,6,7,8,9"
lxc config set dt security.privileged true #特权
lxc config get dt security.privileged #检查
lxc info dt

1
2
3
4
5
6
7
8
# 处理端口映射
lxc config device add dt xrdp proxy listen=tcp:0.0.0.0:3389 connect=tcp:127.0.0.1:3389
lxc config device add dt sshd proxy listen=tcp:0.0.0.0:22 connect=tcp:127.0.0.1:2222
lxc config device add dt novnc proxy listen=tcp:0.0.0.0:8080 connect=tcp:127.0.0.1:8080
lxc config device add dt vnc0 proxy listen=tcp:0.0.0.0:5900 connect=tcp:127.0.0.1:5900
lxc config device add dt vnc1 proxy listen=tcp:0.0.0.0:5901 connect=tcp:127.0.0.1:5901
lxc config device add dt sshd proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22
# 删除 lxc config device remove dt sshd

1
2
# 挂载目录
lxc config device add dt sda1 disk source=/mnt/sda1 path=/mnt/sda1 # 挂载目录

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
# debian内处理
lxc exec dt /bin/bash
 sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
apt update&&apt upgrade
# 基础
apt install -y wget curl nano  openssh-server unzip sudo zsh
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# 桌面
apt install i3 openbox
# 错误不影响 Failed to try-restart systemd-binfmt.service: Unit systemd-binfmt.service is masked.
# 字体
apt install fonts-jetbrains-mono fonts-noto-color-emoji
mkdir -p /usr/share/fonts/WindowsFonts && cd /usr/share/fonts/WindowsFonts
wget -c  https://ghproxy.com/https://raw.githubusercontent.com/joyanhui/file.leiyanhui.com/windows_font/msyh.ttc
fc-cache -f
dpkg-reconfigure locales # zh_CN.UTF-8
# 常用组件 状态了 图片查看壁纸 终端 任务切换和运行 shell pythone的模块
apt install -y polybar feh dunst alacritty rofi zsh python3-requests
# 浏览器和文件管理器
apt install -y firefox-esr thunar # 不需要可以自己删除 ，占用硬盘400多M
# thunar网络访问 nas所需要组件
apt install -y gvfs gvfs-backends gvfs-fuse sshfs # 占用硬盘61M openbox下无法使用
# 中文输入法
#apt install -y fcitx5-chinese-addons # 740M
# 远程
apt install -y xrdp tigervnc-standalone-server novnc python3-websockify supervisor # 194M
# 编译 xrdp 声音
apt install -y pulseaudio
apt install -y build-essential dpkg-dev libpulse-dev git autoconf libtool # 此部分组建谨慎删除
apt install -y lsb-release  doxygen
git clone https://github.com/neutrinolabs/pulseaudio-module-xrdp.git # 基于v0.7
cd pulseaudio-module-xrdp
scripts/install_pulseaudio_sources_apt.sh  # debian12 用这，另外一个是scripts/install_pulseaudio_sources_apt_wrapper.sh 不兼容debian12
./bootstrap && ./configure PULSE_DIR=~/pulseaudio.src
make && make install
# 验证
ls $(pkg-config --variable=modlibexecdir libpulse) | grep xrdp # module-xrdp-sink.so 和 module-xrdp-source.so 就是成功了



# 用户名
useradd -ms /bin/bash  yanhui
echo "yanhui:1" | chpasswd
usermod -G sudo yanhui
#loginctl enable-linger yanhui # 允许此用户推出登陆后 他的用户服务依旧执行
# 服务处理 vnc 和 novnc
# 处理用户  ======== start
su yanhui && cd ~
# vnc 密码
vncpasswd
# 默认shell 从 bash转zsh
echo "zsh" >> ~/.bashrc
# xrdp 默认桌面
echo i3 >/home/yanhui/.xsession
# 壁纸 2张
mkdir ~/bg && cd ~/bg
wget https://raw.githubusercontent.com/joyanhui/file.leiyanhui.com/dwm-wallpaper/green.jpg
wget https://raw.githubusercontent.com/joyanhui/file.leiyanhui.com/dwm-wallpaper/bing-jurenzhilu.jpg
# zsh
cd ~
wget https://github.com/joyanhui/oh-my-zsh/archive/refs/heads/main.zip -O main.zip
unzip main.zip && mv oh-my-zsh-main/.oh-my-zsh  .
cp oh-my-zsh-main/.zshrc .&& rm main.zip && rm -rf oh-my-zsh-main/
# i3 配置文件 参考：https://github.com/joyanhui/i3w
# polybar 配置文件 参考：https://github.com/joyanhui/i3w
# dunst 配置文件 参考：https://github.com/joyanhui/i3w
# alacritty 配置文件 参考：https://github.com/joyanhui/i3w
# rofi 配置文件 参考：https://github.com/joyanhui/i3w
# openbox 配置文件 参考：https://github.com/joyanhui/i3w
# user-dirs.dirs 配置文件 参考：https://github.com/joyanhui/i3w
echo "openbox" > ~/.vnc/xstartup && chmod +x ~/.vnc/xstartup  # 配置vnc桌面为openbox
# 处理用户  ======== end
exit # 退回到root
# 配置vnc


# 参考  /lib/systemd/system/tigervncserver@.service
cat > /etc/systemd/system/vncserver@0.service << \EOF
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target
[Service]
Type=forking
User=yanhui
Group=yanhui
WorkingDirectory=/home/yanhui
PIDFile=/home/yanhui/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -geometry 1900x930 -localhost no :%i
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.target
EOF
# novnc
cat > /etc/supervisor/conf.d/novnc.conf  << \EOF
[program:novnc]
command= /usr/bin/websockify   -D --web=/usr/share/novnc/  8080 localhost:5900
user=yanhui
autorestart=true
priority=999
EOF
supervisorctl update
ln -s /usr/share/novnc/vnc.html /usr/share/novnc/index.html # 首页
systemctl daemon-reload
systemctl enable vncserver@0

#  清理
rm  -rf /root/pulseaudio* # xrdp  历史文件
#rm  /root/.bash_history
#rm /home/yanhui/.bash_history
#rm /home/yanhui/.zsh_history
apt autoremove && apt autoclean && apt clean

alpine 入口启动文件

1
2
3
4

# 清理
rm -rf /var/cache/apk/*
#rm -rf ~/.ash_history

‍

备份 docker

1
2
3
4
5
6
7
8
docker stop test2
docker export test2 > 3.tar

docker import  1.tar test2
docker stop test2 && docker rm test2 && docker rmi test2
docker run -itd --restart=always   --name test2 --hostname test2  --privileged=true  \
  -p 333:3389 -p 222:2222  -p 888:8080   -p 6900-6905:5900-5905     -v /mnt:/mnt \
  test2  sh /boot.sh

‍

推送到 hub.docker.com

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
docker logout
docker login
# 推送到阿里云 容器镜像
# docker login --username=你的用户邮箱 registry.cn-地区.aliyuncs.com
datename=$(date +%Y%m%d%H%M%S)
docker tag test2 joyanhui/debian-i3-xrdp-novnc
docker tag test2 joyanhui/debian-i3-xrdp-novnc:a-lxd-d-$(datename)

docker push  joyanhui/debian-i3-xrdp-novnc:a-lxd-d-${datename}
docker push  joyanhui/debian-i3-xrdp-novnc