noby
/
ansible
forked from infra/ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
ansible/roles/xrdp_apphost/templates/xrdp.ini.j2

333 lines
9.9 KiB
Django/Jinja
Raw Blame History

{{ ansible_managed | comment(decoration = '; ') }}
[Globals]
; xrdp.ini file version number
ini_version=1
; fork a new process for each incoming connection
fork=true
; ports to listen on, number alone means listen on all interfaces
; 0.0.0.0 or :: if ipv6 is configured
; space between multiple occurrences
; ALL specified interfaces must be UP when xrdp starts, otherwise xrdp will fail to start
;
; Examples:
; port=3389
; port=unix://./tmp/xrdp.socket
; port=tcp://.:3389 127.0.0.1:3389
; port=tcp://:3389 *:3389
; port=tcp://<any ipv4 format addr>:3389 192.168.1.1:3389
; port=tcp6://.:3389 ::1:3389
; port=tcp6://:3389 *:3389
; port=tcp6://{<any ipv6 format addr>}:3389 {FC00:0:0:0:0:0:0:1}:3389
; port=vsock://<cid>:<port>
port=3389
; 'port' above should be connected to with vsock instead of tcp
; use this only with number alone in port above
; prefer use vsock://<cid>:<port> above
use_vsock=false
; regulate if the listening socket use socket option tcp_nodelay
; no buffering will be performed in the TCP stack
tcp_nodelay=true
; regulate if the listening socket use socket option keepalive
; if the network connection disappear without close messages the connection will be closed
tcp_keepalive=true
; set tcp send/recv buffer (for experts)
#tcp_send_buffer_bytes=32768
#tcp_recv_buffer_bytes=32768
; security layer can be 'tls', 'rdp' or 'negotiate'
; for client compatible layer
security_layer=negotiate
; minimum security level allowed for client for classic RDP encryption
; use tls_ciphers to configure TLS encryption
; can be 'none', 'low', 'medium', 'high', 'fips'
crypt_level=high
; X.509 certificate and private key
; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
; note this needs the user xrdp to be a member of the ssl-cert group, do with e.g.
;$ sudo adduser xrdp ssl-cert
certificate=
key_file=
; set SSL protocols
; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
ssl_protocols=TLSv1.2, TLSv1.3
; set TLS cipher suites
#tls_ciphers=HIGH
; concats the domain name to the user if set for authentication with the separator
; for example when the server is multi homed with SSSd
#domain_user_separator=@
; The following options will override the keyboard layout settings.
; These options are for DEBUG and are not recommended for regular use.
#xrdp.override_keyboard_type=0x04
#xrdp.override_keyboard_subtype=0x01
#xrdp.override_keylayout=0x00000409
; Section name to use for automatic login if the client sends username
; and password. If empty, the domain name sent by the client is used.
; If empty and no domain name is given, the first suitable section in
; this file will be used.
autorun=
allow_channels=true
allow_multimon=true
bitmap_cache=true
bitmap_compression=true
bulk_compression=true
#hidelogwindow=true
max_bpp=32
new_cursors=true
; fastpath - can be 'input', 'output', 'both', 'none'
use_fastpath=both
; when true, userid/password *must* be passed on cmd line
#require_credentials=true
; when true, the userid will be used to try to authenticate
#enable_token_login=true
; You can set the PAM error text in a gateway setup (MAX 256 chars)
#pamerrortxt=change your password according to policy at http://url
;
; colors used by windows in RGB format
;
blue=009cb5
grey=dedede
#black=000000
#dark_grey=808080
#blue=08246b
#dark_blue=08246b
#white=ffffff
#red=ff0000
#green=00ff00
#background=626c72
;
; configure login screen
;
; Login Screen Window Title
ls_title={{ xrdp_ls_title }}
; top level window background color in RGB format
ls_top_window_bg_color={{ xrdp_ls_top_window_bg_color }}
; width and height of login screen
;
; The default height allows for about 5 fields to be comfortably displayed
; above the buttons at the bottom. To display more fields, make <ls_height>
; larger, and also increase <ls_btn_ok_y_pos> and <ls_btn_cancel_y_pos>
; below
;
ls_width={{ xrdp_ls_width }}
ls_height={{ xrdp_ls_height }}
; login screen background color in RGB format
ls_bg_color={{ xrdp_ls_bg_color }}
; optional background image filename. BMP format is always supported,
; but other formats will be supported if xrdp is build with imlib2
; The transform can be one of the following:-
; none : No transformation. Image is placed in bottom-right corner
; of the screen.
; scale : Image is scaled to the screen size. The image aspect
; ratio is not preserved.
; zoom : Image is scaled to the screen size. The image aspect
; ratio is preserved by clipping the image.
#ls_background_image=
#ls_background_transform=none
; logo
; full path to file or file in shared folder. BMP format is always supported,
; but other formats will be supported if xrdp is build with imlib2
; For transform values, see 'ls_background_transform'. The logo width and
; logo height are ignored for a transform of 'none'.
ls_logo_filename=/usr/local/share/xrdp/{{ xrdp_ls_logo_filename }}
#ls_logo_transform=none
#ls_logo_width=240
#ls_logo_height=140
ls_logo_x_pos={{ xrdp_ls_logo_x_pos }}
ls_logo_y_pos={{ xrdp_ls_logo_y_pos }}
; for positioning labels such as username, password etc
ls_label_x_pos={{ xrdp_ls_label_x_pos }}
ls_label_width={{ xrdp_ls_label_width }}
; for positioning text and combo boxes next to above labels
ls_input_x_pos={{ xrdp_ls_input_x_pos }}
ls_input_width={{ xrdp_ls_input_width }}
; y pos for first label and combo box
ls_input_y_pos={{ xrdp_ls_input_y_pos }}
; OK button
ls_btn_ok_x_pos={{ xrdp_ls_btn_ok_x_pos }}
ls_btn_ok_y_pos={{ xrdp_ls_btn_ok_y_pos }}
ls_btn_ok_width=85
ls_btn_ok_height=30
; Cancel button
ls_btn_cancel_x_pos={{ xrdp_ls_btn_cancel_x_pos }}
ls_btn_cancel_y_pos={{ xrdp_ls_btn_cancel_y_pos }}
ls_btn_cancel_width=85
ls_btn_cancel_height=30
[Logging]
; Note: Log levels can be any of: core, error, warning, info, debug, or trace
LogFile=xrdp.log
LogLevel=INFO
EnableSyslog=true
#SyslogLevel=INFO
#EnableConsole=false
#ConsoleLevel=INFO
#EnableProcessId=false
[LoggingPerLogger]
; Note: per logger configuration is only used if xrdp is built with
; --enable-devel-logging
#xrdp.c=INFO
#main()=INFO
[Channels]
; Channel names not listed here will be blocked by XRDP.
; You can block any channel by setting its value to false.
; IMPORTANT! All channels are not supported in all use
; cases even if you set all values to true.
; You can override these settings on each session type
; These settings are only used if allow_channels=true
rdpdr=true
rdpsnd=true
drdynvc=true
cliprdr=true
rail=true
xrdpvr=true
tcutils=true
; for debugging xrdp, in section xrdp1, change port=-1 to this:
#port=/tmp/.xrdp/xrdp_display_10
;
; Session types
;
; Some session types such as Xorg, X11rdp and Xvnc start a display server.
; Startup command-line parameters for the display server are configured
; in sesman.ini. See and configure also sesman.ini.
{% for app, config in xrdp_applications.items() %}
[{{ app }}]
name={{ app }}
lib=libxup.so
username={{ config.user }}
password={{ config.pass }}
ip=127.0.0.1
port=-1
code=20
{% endfor %}
[Xorg]
name=Xorg
lib=libxup.so
username=ask
password=ask
ip=127.0.0.1
port=-1
code=20
#[Xvnc]
#name=Xvnc
#lib=libvnc.so
#username=ask
#password=ask
#ip=127.0.0.1
#port=-1
##xserverbpp=24
##delay_ms=2000
#; Disable requested encodings to support buggy VNC servers
#; (1 = ExtendedDesktopSize)
##disabled_encodings_mask=0
#; Use this to connect to a chansrv instance created outside of sesman
#; (e.g. as part of an x11vnc console session). Replace '0' with the
#; display number of the session
##chansrvport=DISPLAY(0)
; Generic VNC Proxy
; Tailor this to specific hosts and VNC instances by specifying an ip
; and port and setting a suitable name.
#[vnc-any]
#name=vnc-any
#lib=libvnc.so
#ip=ask
#port=ask5900
#username=na
#password=ask
##pamusername=asksame
##pampassword=asksame
##pamsessionmng=127.0.0.1
##delay_ms=2000
; Generic RDP proxy using NeutrinoRDP
; Tailor this to specific hosts by specifying an ip and port and setting
; a suitable name.
#[neutrinordp-any]
#name=neutrinordp-any
#; To use this section, you should build xrdp with configure option
#; --enable-neutrinordp.
#lib=libxrdpneutrinordp.so
#ip=ask
#port=ask3389
#username=ask
#password=ask
#; Uncomment the following lines to enable PAM authentication for proxy
#; connections.
##pamusername=ask
##pampassword=ask
##pamsessionmng=127.0.0.1
#; Currently NeutrinoRDP doesn't support dynamic resizing. Uncomment
#; this line if you're using a client which does.
##enable_dynamic_resizing=false
#; By default, performance settings requested by the RDP client are ignored
#; and chosen by NeutrinoRDP. Uncomment this line to allow the user to
#; select performance settings in the RDP client.
##perf.allow_client_experiencesettings=true
#; Override any experience setting by uncommenting one or more of the
#; following lines.
##perf.wallpaper=false
##perf.font_smoothing=false
##perf.desktop_composition=false
##perf.full_window_drag=false
##perf.menu_anims=false
##perf.themes=false
##perf.cursor_blink=false
#; By default NeutrinoRDP supports cursor shadows. If this is giving
#; you problems (e.g. cursor is a black rectangle) try disabling cursor
#; shadows by uncommenting the following line.
#perf.cursor_shadow=false
#; By default, NeutrinoRDP uses the keyboard layout of the remote RDP Server.
#; If you want to tell the remote the keyboard layout of the RDP Client,
#; by uncommenting the following line.
##neutrinordp.allow_client_keyboardLayout=true
#; The following options will override the remote keyboard layout settings.
#; These options are for DEBUG and are not recommended for regular use.
##neutrinordp.override_keyboardLayout_mask=0x0000FFFF
##neutrinordp.override_kbd_type=0x04
##neutrinordp.override_kbd_subtype=0x01
##neutrinordp.override_kbd_fn_keys=12
##neutrinordp.override_kbd_layout=0x00000409
; You can override the common channel settings for each session type
#channel.rdpdr=true
#channel.rdpsnd=true
#channel.drdynvc=true
#channel.cliprdr=true
#channel.rail=true
#channel.xrdpvr=true
Reference in New Issue View Git Blame Copy Permalink