Le 30/12/2020 à 00:11, Linux-Fan a écrit :
Yvan Masson writes:

Hi list,

I need to run a graphical software called Noethys that also listens on some TCP port. It:
1. needs to be reachable from the network during work hours
2. needs to be accessible remotely a few times per day, mainly by a Windows workstation on the LAN


I am facing the following difficulties/questions:
- running a normal X11 server in a container does not work because it would need to access some special files in /dev/, so it needs extra setup in the container and this scares me a bit

I tried that unsuccessfully a few times, too. My take: Containers are not for virtualizing graphics. I use VMs or even more lightweight things like `firejail` or `chroot` for "normal X11 server" purposes.

- however, after installing xrdp and x2go servers in the container, I can successfully connect remotely with these respective protocols without any particular setup. I would really like to find a way to automatically start a X11 session at boot in same way xrdp or x2go do it (I would then stick with this protocol)

VNC in containers works for me :) It does pretty much work as you described, i.e. starting the things automatically. I currently use a script [1], but had I known before that systemd supports containers, I would have possibly chosen to run it inside the container for service management (avoids writing one's own logic to detect stopped services etc.).

Has someone already done something similar? What would be your advice?

Yes, see [1]. I did it in Docker (i.e. not LXC) and it seems to work just fine. Some ideas:

* Make sure to consider software upgrades for the containers. I do some sort   of peridoic unattended-upgrades _inside_ the container [2], but "best practice"
   would suggest to re-create the containers all of the time (to have them
   mostly stateless, that is).

* Consider encrypting your VNC/X11 traffic. SSH was already suggested in the
   thread and is newly officially available for Windows clients, too!

[1] https://github.com/m7a/lo-megasync/blob/master/megasync_ctrl.sh

[2] https://masysma.lima-city.de/32/trivial_automatic_update.xhtml




Thanks for your answers!

I did a few tests, it is indeed not straightforward to run X11 in a LXC container… Indeed, applying security updates in the container is mandatory.

What I did not understand from your answers (sorry maybe I missed something) is how to start the graphical session automatically when the container starts, so that the software can be started and listening on the network, and then later someone can attach to this session with VNC/RDP/X2GO. It seems your script Linux-Fan starts a VNC server, but does it start a session in it?

Reply via email to