Linux Desktop In a Container

Reading time ~7 minutes

Linux Desktop In a Container

Linux Desktop In a Container

Installing a Linux desktop in a Docker container and accessing it from a browser seems like something that is impossible. However it works. The tool that enables access to desktop from a browser is Guacamole. Not only can you access the desktop, but you can also share it with other people, in watch-only or collaborate mode. This may be very useful for teaching or collaboration.

1 Installation

1.1 Making The Container

1.2 Installing Additional Packages

You can go inside the docker container and install other packages with apt, like this:

cd /var/ds/desk.example.org/
ds shell
apt install ubuntu-edu-preschool ubuntu-edu-primary firefox
exit

However, in case you rebuild the server (for example with ds remake), you will have to install them again manually. To install them automatically on each rebuild, create a file like /var/ds/desk.example.org/packages with a content like this:

RUN DEBIAN_FRONTEND=noninteractive \
    apt install --yes \
        ubuntu-edu-preschool \
        ubuntu-edu-primary \
        firefox

See also packages.sample.

1.3 Accessing It From a Wi-Fi LAN

If the container is in a laptop and there is no wi-fi access point around to enable the connection/communication with other laptops, we can start a hotspot like this:

cd desktop/misc/
./hotspot.sh start test-hotspot pass1234

Or like this:

cd /var/ds/desk.example.org/
ds hotspot start test-hotspot pass1234

Afterwards the server can be accessed on https://10.42.0.1:444/guac/

Note: If you have a firewall, make sure that the port 444 is allowed. For example like this: ufw allow 444.

Note: Depending on the type on the wireless card or the driver that it has, the hotspot may not always work. In this case the most easy way to create a hotspot is with an Android or iPhone.

1.4 Getting a Letsencrypt SSL Certificate

For this to work, you need to have the container installed on a machine with a public IP (for example on a VPS on the cloud), and to have a domain name for this IP. You also have to set the proper DOMAIN variable on settings.sh (before building the container) and also a proper GMAIL_ADDRESS (or a SMTP_DOMAIN).

The letsencrypt SSL certificate will be managed by the container wsproxy, so this one should be installed as well: https://gitlab.com/docker-scripts/wsproxy#installation

If the desktop container is built after installation of wsproxy, it will try automatically to get a SSL cert as well. Otherwise you can get one manually like this:

cd /var/ds/desk.example.org/
ds @wsproxy get-ssl-cert user@example.org desk.example.org

Note: It is important that the domain is a real one and it is configured properly, otherwise getting a ssl-cert will fail.

2 Usage

2.1 Managing User Accounts

The file accounts.txt contains a list of accounts in the form username:password, which are created automatically when the container is created. But they can also be re-created any time with a command like this:

ds inject users.sh create accounts.txt
# or
ds shell
/app/scripts/users.sh create accounts.txt

There are other commands and options available from the script users.sh, which can be used to export, import, backup and restore user accounts: ds inject users.sh --help

In particular, there are shortcuts for making a backup of user accounts and restoring them:

ds backup
ds restore backup/users-20190417.tgz

2.2 Other Commands

ds help
ds stop
ds start
ds shell
ds remake

2.3 Using Guacamole

Guacamole allows desktop access to the server from a web browser. Everything runs on the server and the client does not consume any resources, except for a browser tab. This is very convenient because:

  • It does not require installation of any additional tools or applications on the client, except a web browser.
  • It is cross-platform and universal, the desktop can be accessed from any system, on any architecture.

2.3.1 Accessing User Account From a Browser

Any user that has an account on the server can access the desktop of the server from a web browser. He can do it like this:

  • Open https://10.42.0.1:444/guac/ (replace 10.42.0.1 with the IP or name of the server).
  • Click on the button Login without a username and password.
  • Click on the RDP connection.
  • Give the username and password of the account, for example (user1,pass1).

2.3.2 Teacher Sharing His Screen With The Students

This is useful when the teacher wants to demonstrate to the students how to do something, for example how to write a program.

To be able to share the screen of his account, the teacher should enter in Guacamole with the username student or admin (and the corresponding password).

Then he should go to his account by clicking on the RDP connection and giving the username and password of his account. Afterwards he should follow these steps:

  • Press Ctrl+Alt+Shift to open the Guacamole panel on the left side.
  • Click on the Share menu of the top and then on Watch.
  • Right-click on the link that is displayed and copy it.
  • Open https://10.42.0.1:444/chat/ in another tab and share the link with the students.
  • Once the students open in browser the link of the shared Guacamole session, they will be able to see the desktop of the teacher and what he is doing.

2.3.3 Students Collaborating With The Teacher And With Each-Other

The students can share their desktop too with the teacher and with other students. This is useful when a student is stuck and needs some help (for example he cannot find a bug in the program) or when the students are working in pairs or in groups.

To be able to share his desktop a student should login in Guacamole with the username student. Then he should follow the same steps as above, except that he should select Collaborate from the menu of Share, instead of Watch. The difference is that with Collaborate both parties (or all of them) can use the keyboard and mouse to work together, instead of just watching what the other person does.

Then they can use https://10.42.0.1:444/chat/ to share the link of the guacamole session with the others (or maybe use email or other communication means).

2.3.4 Sharing Files With Each-Other

On the Guacamole left panel (Ctrl+Alt+Shift) click on Shared Drive. This is a shared directory on the server where everyone can upload and download files. This may be useful for distributing lecture materials, for collecting homeworks, etc.

3 Alternative Installations

The preferred way is to install it in a Docker container (as described above). However it is possible to install it on a VirtualBox machine and on a real machine as well.

3.1 Install In a VirtualBox Machine (With Vagrant)

  • Install virtualbox and vagrant: https://www.vagrantup.com/. In bionic (ubuntu-18.04 and its derivatives), they can be installed like this: apt install virtualbox virtualbox-qt vagrant
  • Get the code: git clone https://gitlab.com/docker-scripts/desktop
  • Customize:
    cd desktop/
    vim settings.sh
    cd vagrant/
    vim settings.sh
    vim pre-config.sh
    vim post-config.sh
    
  • Start installation and configuration with: vagrant up. This will also run install.sh inside the virtual machine.
  • When installation is finished open: https://127.0.0.1:444/guac/
  • To stop and start the virtual machine use vagrant halt and vagrant up. Other vagrant commands that can be used are: vagrant ssh, vagrant destroy, vagrant --help, etc.

3.2 Install In a Real Machine

  • Get the code: git clone https://gitlab.com/docker-scripts/desktop
  • Change GUAC_PASS: cd desktop ; vim settings.sh
  • Check also vagrant/pre-config.sh and vagrant/post-config.sh
  • Start installation: misc/install.sh
  • After installation is done open in browser: https://127.0.0.1/guac/

These scripts should be used on a machine that has a fresh installation of Ubuntu-18.04 or a derivative of it (preferably LinuxMint-19).

This machine is supposed to be a dedicated desktop server, not your laptop or a machine that is used for something else as well. It can also be a virtual machine that you manage manually (not with vagrant commands, as explained above).

Date: 2019-04-17

Author: Dashamir Hoxha

Created: 2019-04-17 Wed 16:33

Emacs 25.2.2 (Org mode 8.2.10)

Validate

Ad-Hoc Computer Lab

Ad-Hoc Computer LabAd-Hoc Computer LabTable of Contents1. Introduction2. There Is No Computer Lab2.1. Build a Wi-Fi LAN2.2. Install a Vir...… Continue reading

LTSP Scenarios

Published on December 21, 2018

LTSP Use Cases

Published on December 01, 2018