[Globals] ; xrdp.ini file version number ini_version=1 ; fork a new process for each incoming connection fork=true ; ports to listen on, number alone means listen on all interfaces ; 0.0.0.0 or :: if ipv6 is configured ; space between multiple occurrences ; ; Examples: ; port=3389 ; port=unix://./tmp/xrdp.socket ; port=tcp://.:3389 127.0.0.1:3389 ; port=tcp://:3389 *:3389 ; port=tcp://:3389 192.168.1.1:3389 ; port=tcp6://.:3389 ::1:3389 ; port=tcp6://:3389 *:3389 ; port=tcp6://{}:3389 {FC00:0:0:0:0:0:0:1}:3389 ; port=vsock://: port=3389 ; 'port' above should be connected to with vsock instead of tcp ; use this only with number alone in port above ; prefer use vsock://: above use_vsock=false ; regulate if the listening socket use socket option tcp_nodelay ; no buffering will be performed in the TCP stack tcp_nodelay=true ; regulate if the listening socket use socket option keepalive ; if the network connection disappear without close messages the connection will be closed tcp_keepalive=true ; set tcp send/recv buffer (for experts) #tcp_send_buffer_bytes=32768 #tcp_recv_buffer_bytes=32768 ; security layer can be 'tls', 'rdp' or 'negotiate' ; for client compatible layer security_layer=negotiate ; minimum security level allowed for client for classic RDP encryption ; use tls_ciphers to configure TLS encryption ; can be 'none', 'low', 'medium', 'high', 'fips' crypt_level=high ; X.509 certificate and private key ; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 ; note this needs the user xrdp to be a member of the ssl-cert group, do with e.g. ;$ sudo adduser xrdp ssl-cert certificate= key_file= ; set SSL protocols ; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3' ssl_protocols=TLSv1.2, TLSv1.3 ; set TLS cipher suites #tls_ciphers=HIGH ; Section name to use for automatic login if the client sends username ; and password. If empty, the domain name sent by the client is used. ; If empty and no domain name is given, the first suitable section in ; this file will be used. autorun= allow_channels=true allow_multimon=true bitmap_cache=true bitmap_compression=true bulk_compression=true #hidelogwindow=true max_bpp=32 new_cursors=true ; fastpath - can be 'input', 'output', 'both', 'none' use_fastpath=both ; when true, userid/password *must* be passed on cmd line #require_credentials=true ; You can set the PAM error text in a gateway setup (MAX 256 chars) #pamerrortxt=change your password according to policy at http://url ; ; colors used by windows in RGB format ; blue=009cb5 grey=dedede #black=000000 #dark_grey=808080 #blue=08246b #dark_blue=08246b #white=ffffff #red=ff0000 #green=00ff00 #background=626c72 ; ; configure login screen ; ; Login Screen Window Title ls_title={{ xrdp_ls_title }} ; top level window background color in RGB format ls_top_window_bg_color={{ xrdp_ls_top_window_bg_color }} ; width and height of login screen ls_width={{ xrdp_ls_width }} ls_height={{ xrdp_ls_height }} ; login screen background color in RGB format ls_bg_color={{ xrdp_ls_bg_color }} ; optional background image filename (bmp format). #ls_background_image= ; logo ; full path to bmp-file or file in shared folder ls_logo_filename=/usr/local/share/xrdp/{{ xrdp_ls_logo_filename }} ls_logo_x_pos={{ xrdp_ls_logo_x_pos }} ls_logo_y_pos={{ xrdp_ls_logo_y_pos }} ; for positioning labels such as username, password etc ls_label_x_pos={{ xrdp_ls_label_x_pos }} ls_label_width={{ xrdp_ls_label_width }} ; for positioning text and combo boxes next to above labels ls_input_x_pos={{ xrdp_ls_input_x_pos }} ls_input_width={{ xrdp_ls_input_width }} ; y pos for first label and combo box ls_input_y_pos={{ xrdp_ls_input_y_pos }} ; OK button ls_btn_ok_x_pos={{ xrdp_ls_btn_ok_x_pos }} ls_btn_ok_y_pos={{ xrdp_ls_btn_ok_y_pos }} ls_btn_ok_width=85 ls_btn_ok_height=30 ; Cancel button ls_btn_cancel_x_pos={{ xrdp_ls_btn_cancel_x_pos }} ls_btn_cancel_y_pos={{ xrdp_ls_btn_cancel_y_pos }} ls_btn_cancel_width=85 ls_btn_cancel_height=30 [Logging] LogFile=xrdp.log LogLevel=DEBUG EnableSyslog=true SyslogLevel=DEBUG ; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug [Channels] ; Channel names not listed here will be blocked by XRDP. ; You can block any channel by setting its value to false. ; IMPORTANT! All channels are not supported in all use ; cases even if you set all values to true. ; You can override these settings on each session type ; These settings are only used if allow_channels=true rdpdr=true rdpsnd=true drdynvc=true cliprdr=true rail=true xrdpvr=true tcutils=true ; for debugging xrdp, in section xrdp1, change port=-1 to this: #port=/tmp/.xrdp/xrdp_display_10 ; for debugging xrdp, add following line to section xrdp1 #chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210 ; ; Session types ; ; Some session types such as Xorg, X11rdp and Xvnc start a display server. ; Startup command-line parameters for the display server are configured ; in sesman.ini. See and configure also sesman.ini. [LightBurn] name=LightBurn lib=libxup.so username={{ lightburn_user }} password={{ lightburn_pass }} ip=127.0.0.1 port=-1 code=20 [Estlcam] name=Estlcam lib=libxup.so username={{ estlcam_user }} password={{ estlcam_pass }} ip=127.0.0.1 port=-1 code=20 [Xorg] name=Xorg lib=libxup.so username=ask password=ask ip=127.0.0.1 port=-1 code=20 #[Xvnc] #name=Xvnc #lib=libvnc.so #username=ask #password=ask #ip=127.0.0.1 #port=-1 ##xserverbpp=24 ##delay_ms=2000 #[vnc-any] #name=vnc-any #lib=libvnc.so #ip=ask #port=ask5900 #username=na #password=ask ##pamusername=asksame ##pampassword=asksame ##pamsessionmng=127.0.0.1 ##delay_ms=2000 #[neutrinordp-any] #name=neutrinordp-any #lib=libxrdpneutrinordp.so #ip=ask #port=ask3389 #username=ask #password=ask ; You can override the common channel settings for each session type #channel.rdpdr=true #channel.rdpsnd=true #channel.drdynvc=true #channel.cliprdr=true #channel.rail=true #channel.xrdpvr=true