Terminal Server for 1C over RDP on linux: recommendations for configuration based on the experience of actual operation
The article discusses the nuances of installing and configuring a terminal server using the RDP protocol for working with 1c databases on a platform of 8.3 based on the Xubuntu 14.04 distribution, taking into account the capabilities of the latest version of the xrdp server and actual operating experience.
Not so long ago (at the end of December 2016) the next release of the xrdp server version 0.9.1 was released. At the same time, a stable version of one of the xrdp backends - xorgxrdp v 0.2.0 was released. These versions will be used later on during installation.
The linux distributions mainly contain an outdated version of the xrdp server version 0.6.x, in which there are bugs that interfere with normal work with 1c (for example, the clipboard with Russian characters does not work normally).
Basically, when installing a terminal server based on the rdp protocol on linux, we consider installing the xrdp server with the X11Rdp backend build using special scripts, for example, X11RDP-o-Matic (for ubuntu) - an article on the habr.
')
Using the X11Rdp backend has several drawbacks:
Using the xorgxrdp backend allows you to avoid these problems.
The article discusses installing on Xubuntu version 14.04 LTS, and not the more recent version 16.04 LTS, due to a drop in performance when drawing a remote screen. There is a registered problem in this situation. Someone helped to disable the compositor in the settings, but the author of the article failed to achieve the same drawing speed as on the Xubuntu version 14.04.
For installation, use the 32-bit version of OS Xubuntu 14.04. Link to the image.
The system can be installed both on the host, on and in the virtual environment. I usually prefer KVM virtualization, working servers were installed on it.
The breakdown of the disks used the classical scheme (not LVM), the ext4 file system. 3 fixed-size disks are connected to the virtual machine:
This partition is the author’s preference given the ease of use. In any case, when planning the disk space, you must take into account the possible load on the file system. When using file databases, it is advisable to use SSD drive (s).
For the server, you need to set a static IP address.
For the convenience of entering commands for subsequent installation, you need to install an OpenSSH server:
With the firewall activated, open port 22:
On the developers website there is an instruction for installation on debian 8, we use it as a basis.
Install the necessary dependencies:
Create a directory for downloading distributions:
We clone the current latest xrdp build from the repository and compile it with the rfxcodec codec:
Install xrdp to the system:
Download the xorg-xrdp backend distribution:
We set a hard rule for switching layouts from Russian to English using the Ctrl + Shift key combination to solve the problem of switching layouts . The correctness is checked by the creation of the session - 1st check, disconnect, connect again in the same session - check again.
In the terminal, assign the values of temporary variables:
Make a replacement of the code in the source file:
Compile and install the backend into the xorg-xrdp system:
It is advisable to swap the [X11rdp] and [Xorg] blocks in the /etc/xrdp/xrdp.ini file so that the user has the correct backend by default. When connecting to the server, you need to select Xorg in the list of sessions.
If it is necessary to change the default port from 3389 to another, edit the /etc/xrdp/xrdp.ini file: in the [Globals] section, change the value of the port = 3389 variable to the required one.
With the firewall activated, open port 3389 (or the one to which the standard has been changed):
After the settings, restart the service
Now you can connect to the server through a standard client with windows or with linux any client that supports the rdp protocol.
Attention : before connecting, you must make sure that the keyboard layout on the client machine is set to English, otherwise you will not be able to enter the username and password in the xrdp server session selection window.
After installation, it is advisable to check that the clipboard normally works with Cyrillic characters in both directions. You can also make sure that copying files through the clipboard with Russian characters is working (these are one of the main problems that were fixed in the latest xrdp server builds and which previously prevented the xrdp-based terminal server from being used properly in the production environment).
Due to the fact that in the latest versions of the platform, the 1c company brought the native client for the linux-based OS to a state with which you can work more or less comfortably, we will use it instead of trying to install wine, and on top of the client for the Windows OS.
Install additional components necessary for correct operation:
Download to the folder from the site 1c distribution client and server:
Since the server components 1c were needed only to satisfy dependencies, disable the service:
If the network hasp key is used, then we will write the search parameters:
If software licenses are used, they must be activated via the configurator (it is possible on an empty file database).
In the course of work, we encountered a problem when one user has the external processing for filling the table part working, and the other one does not have a message about the violation of access rights. The problem is that the 1C platform creates a temporary file /tmp/PrnForm.tmp, i.e. The path to the file is the same for different users. Accordingly, the first user who used the processing implicitly created a file in the temporary folder that only he has access to change. Another user can no longer overwrite the file.
The solution is to correctly configure the system-wide umask, assign users to the same group, and also correctly configure the permissions on the / tmp temporary folder.
Edit the system-wide mask. Rule file:
in it we change the value to:
We assign all terminal users to the Users group (if they have not been assigned before, you can also to another group).
We change the rights to the tmp folder
If you use the exchange with the site Bitrix, then similar settings should be made for the folder / var / log / bitrix.
A solution to this problem with respect to 1C is described in the article .
There is one unpleasant feature that can prevent accountants on the 1C client for linux from unloading payroll and accounting declarations - after selecting a file and trying to unload, a message like “No access to the [CatalogName] directory will be displayed. Check the correctness of the upload directory name!
The solution was found and it is necessary to replace the code “Cat = New File (Path for Unloading +“ NUL ");" to "Cat = New File (Path for Unloading);" in "Processing.General Objects of the Regulatory Reporting. Form. , for such changes will have to remove the configuration from the support.
In case if the server is working only within the local network, there are no problems - samba works well.
If the enterprise has a network of distributed offices, then there is often a question about organizing a convenient file exchange and printing settings.
For file sharing, it is convenient to use a dedicated dropbox account - a dedicated folder on the server is synchronized with the cloud, and the client is configured on the clients either by sharing the dropbox folder or using the same account.
For printing to remote printers, it is convenient to use the virtual private network construction scheme; in this case, the problem is solved even with those remote points that do not have a fixed IP address. Access to the printer will be available by IP-address inside the VPN-network. As an option, I suggest using NeoRouter Free . Customization of this product is beyond the scope of this article.
Unfortunately, I don’t see stable and free alternatives at the moment. There was quite a successful experience of using the OpenSuse 11.2 + FreeNX bundle (from etersoft) + WineEtersoft (purchased) for working with configurations based on 8.1 platforms, but currently this bundle for new installations has lost relevance - not all packages can be found for installation, for more fresh versions of the Linux OS and 1C configurations, the rendering speed is terrible.
There was a lot of time spent testing other x2Go products, but there are also a lot of BUT there: when connected to fresh versions of an OS like Windows 8, Windows 10 there are artifacts when drawing an image, etc. In general, if alternative solutions are still somehow suitable for administrative functions, then for real work with 1C solutions is not very.
When considering the possibility of transition is not considered the decision should take into account such factors as the presence of commercial equipment. Not all trading equipment is supported in linux, and even less so that it can be run via RDP.
In general, if you want to save on Windows licenses, you can get by with solutions based on LINUX, especially the recent development of XRDP is going on at an accelerated pace. In March of this year, release of version 0.9.2 is planned - this follows from the published Release notes .
Colleagues, please note that yesterday the developers of xrdp released a new version of xrdp 0.9.2 and xordxrdp 0.2.1.
Based on the Release notes, now the RemoteFX codec is now supported by default, so the idea is no longer need to compile it separately, as I indicated in the article. Also by default, the xorgxrdp backend is now used. A little later, check how the installation is now and make changes to the article.
Not so long ago (at the end of December 2016) the next release of the xrdp server version 0.9.1 was released. At the same time, a stable version of one of the xrdp backends - xorgxrdp v 0.2.0 was released. These versions will be used later on during installation.
A small but important digression.
The linux distributions mainly contain an outdated version of the xrdp server version 0.6.x, in which there are bugs that interfere with normal work with 1c (for example, the clipboard with Russian characters does not work normally).
Basically, when installing a terminal server based on the rdp protocol on linux, we consider installing the xrdp server with the X11Rdp backend build using special scripts, for example, X11RDP-o-Matic (for ubuntu) - an article on the habr.
')
Using the X11Rdp backend has several drawbacks:
- Quite a long build time
- Difficult to solve the problem with switching languages. After reconnecting to a session, switching languages may stop working. The author registers the problem on the developers website - the author has found a guaranteed solution only for the xorgxrdp backend by editing the source code (hereinafter this method is used in the article)
- The speed of rendering may not be fast enough for comfortable user experience.
Using the xorgxrdp backend allows you to avoid these problems.
The article discusses installing on Xubuntu version 14.04 LTS, and not the more recent version 16.04 LTS, due to a drop in performance when drawing a remote screen. There is a registered problem in this situation. Someone helped to disable the compositor in the settings, but the author of the article failed to achieve the same drawing speed as on the Xubuntu version 14.04.
Recommendations for installing the operating system
For installation, use the 32-bit version of OS Xubuntu 14.04. Link to the image.
The system can be installed both on the host, on and in the virtual environment. I usually prefer KVM virtualization, working servers were installed on it.
The breakdown of the disks used the classical scheme (not LVM), the ext4 file system. 3 fixed-size disks are connected to the virtual machine:
- 22 GB: 18 GB mount point /, the rest under the swap
- 5 GB: mount point / var
- 5 GB: mount point / tmp
This partition is the author’s preference given the ease of use. In any case, when planning the disk space, you must take into account the possible load on the file system. When using file databases, it is advisable to use SSD drive (s).
For the server, you need to set a static IP address.
For the convenience of entering commands for subsequent installation, you need to install an OpenSSH server:
sudo apt-get install openssh-server sudo restart ssh With the firewall activated, open port 22:
firewall-cmd --add-port 22/tcp --permanent firewall-cmd --reload Install and configure the xrdp server with xorgxrdp backend
On the developers website there is an instruction for installation on debian 8, we use it as a basis.
Install the necessary dependencies:
sudo apt-get install git autoconf libtool pkg-config gcc g++ make libssl-dev libpam0g-dev libjpeg-dev libx11-dev libxfixes-dev libxrandr-dev flex bison libxml2-dev intltool xsltproc xutils-dev python-libxml2 g++ xutils libfuse-dev libmp3lame-dev nasm libpixman-1-dev xserver-xorg-dev git Create a directory for downloading distributions:
mkdir -p ~/xrdp-xorg cd ~/xrdp-xorg BD=`pwd` cd "${BD}" We clone the current latest xrdp build from the repository and compile it with the rfxcodec codec:
git clone git://github.com/neutrinolabs/xrdp cd xrdp git submodule init git submodule update cd librfxcodec ./bootstrap ./configure make cd .. ./bootstrap ./configure --enable-fuse --enable-rfxcodec --disable-ipv6 make Install xrdp to the system:
sudo make install sudo ln -s /usr/local/sbin/xrdp{,-sesman} /usr/sbin sudo update-rc.d xrdp defaults Download the xorg-xrdp backend distribution:
// Build and install xorgxrdp wget https://github.com/neutrinolabs/xorgxrdp/releases/download/v0.2.0/xorgxrdp-0.2.0.tar.gz cd "${BD}" tar xvfz xorgxrdp-0.2.0.tar.gz cd "${BD}"/xorgxrdp-0.2.0 We set a hard rule for switching layouts from Russian to English using the Ctrl + Shift key combination to solve the problem of switching layouts . The correctness is checked by the creation of the session - 1st check, disconnect, connect again in the same session - check again.
In the terminal, assign the values of temporary variables:
kb_model="pc105" kb_layout="us,ru" kb_options="grp:ctrl_shift_toggle" Make a replacement of the code in the source file:
sed -ri.bak "s/(set.model)[^;]+/\1 = \"$kb_model\"/;s/(set.layout)[^;]+/\1 = \"$kb_layout\"/;s/(set.options)[^;]+/\1 = \"$kb_options\"/" xrdpkeyb/rdpKeyboard.c Compile and install the backend into the xorg-xrdp system:
./bootstrap ./configure make sudo make install It is advisable to swap the [X11rdp] and [Xorg] blocks in the /etc/xrdp/xrdp.ini file so that the user has the correct backend by default. When connecting to the server, you need to select Xorg in the list of sessions.
If it is necessary to change the default port from 3389 to another, edit the /etc/xrdp/xrdp.ini file: in the [Globals] section, change the value of the port = 3389 variable to the required one.
With the firewall activated, open port 3389 (or the one to which the standard has been changed):
firewall-cmd --add-port 3389/tcp --permanent firewall-cmd --reload After the settings, restart the service
service xrdp restart Now you can connect to the server through a standard client with windows or with linux any client that supports the rdp protocol.
Attention : before connecting, you must make sure that the keyboard layout on the client machine is set to English, otherwise you will not be able to enter the username and password in the xrdp server session selection window.
After installation, it is advisable to check that the clipboard normally works with Cyrillic characters in both directions. You can also make sure that copying files through the clipboard with Russian characters is working (these are one of the main problems that were fixed in the latest xrdp server builds and which previously prevented the xrdp-based terminal server from being used properly in the production environment).
Installation of 1C: Enterprise client version 8.3.9
Due to the fact that in the latest versions of the platform, the 1c company brought the native client for the linux-based OS to a state with which you can work more or less comfortably, we will use it instead of trying to install wine, and on top of the client for the Windows OS.
Install additional components necessary for correct operation:
sudo apt-get install libgsf-1-114 sudo apt-get install ttf-mscorefonts-installer sudo apt-get install imagemagick Download to the folder from the site 1c distribution client and server:
sudo dpkg -i *.deb sudo apt-get -f install Since the server components 1c were needed only to satisfy dependencies, disable the service:
sudo update-rc.d srv1cv83 disable If the network hasp key is used, then we will write the search parameters:
sudo mkdir /opt/1C/v8.3/i386/conf sudo su echo [NH_COMMON] >/opt/1C/v8.3/i386/conf/nethasp.ini echo NH_TCPIP = Enabled>>/opt/1C/v8.3/i386/conf/nethasp.ini echo [NH_TCPIP]>>/opt/1C/v8.3/i386/conf/nethasp.ini echo NH_SERVER_ADDR = 192.168.0.100>>/opt/1C/v8.3/i386/conf/nethasp.ini echo NH_TCPIP_METHOD = UDP>>/opt/1C/v8.3/i386/conf/nethasp.ini If software licenses are used, they must be activated via the configurator (it is possible on an empty file database).
Correct setting with temporary files created by the 1C platform
In the course of work, we encountered a problem when one user has the external processing for filling the table part working, and the other one does not have a message about the violation of access rights. The problem is that the 1C platform creates a temporary file /tmp/PrnForm.tmp, i.e. The path to the file is the same for different users. Accordingly, the first user who used the processing implicitly created a file in the temporary folder that only he has access to change. Another user can no longer overwrite the file.
The solution is to correctly configure the system-wide umask, assign users to the same group, and also correctly configure the permissions on the / tmp temporary folder.
Edit the system-wide mask. Rule file:
/etc/login.defs in it we change the value to:
umask 002 We assign all terminal users to the Users group (if they have not been assigned before, you can also to another group).
We change the rights to the tmp folder
chown -R root:Users /tmp chmod g+s /tmp If you use the exchange with the site Bitrix, then similar settings should be made for the folder / var / log / bitrix.
A solution to this problem with respect to 1C is described in the article .
Solving the problem of the impossibility of unloading declarations from the ZUP 2.5 and Bukh 2.0 databases
There is one unpleasant feature that can prevent accountants on the 1C client for linux from unloading payroll and accounting declarations - after selecting a file and trying to unload, a message like “No access to the [CatalogName] directory will be displayed. Check the correctness of the upload directory name!
The solution was found and it is necessary to replace the code “Cat = New File (Path for Unloading +“ NUL ");" to "Cat = New File (Path for Unloading);" in "Processing.General Objects of the Regulatory Reporting. Form. , for such changes will have to remove the configuration from the support.
Recommendations for organizing file sharing and printing from remote offices
In case if the server is working only within the local network, there are no problems - samba works well.
If the enterprise has a network of distributed offices, then there is often a question about organizing a convenient file exchange and printing settings.
For file sharing, it is convenient to use a dedicated dropbox account - a dedicated folder on the server is synchronized with the cloud, and the client is configured on the clients either by sharing the dropbox folder or using the same account.
For printing to remote printers, it is convenient to use the virtual private network construction scheme; in this case, the problem is solved even with those remote points that do not have a fixed IP address. Access to the printer will be available by IP-address inside the VPN-network. As an option, I suggest using NeoRouter Free . Customization of this product is beyond the scope of this article.
Possible alternatives
Unfortunately, I don’t see stable and free alternatives at the moment. There was quite a successful experience of using the OpenSuse 11.2 + FreeNX bundle (from etersoft) + WineEtersoft (purchased) for working with configurations based on 8.1 platforms, but currently this bundle for new installations has lost relevance - not all packages can be found for installation, for more fresh versions of the Linux OS and 1C configurations, the rendering speed is terrible.
There was a lot of time spent testing other x2Go products, but there are also a lot of BUT there: when connected to fresh versions of an OS like Windows 8, Windows 10 there are artifacts when drawing an image, etc. In general, if alternative solutions are still somehow suitable for administrative functions, then for real work with 1C solutions is not very.
Conclusion
When considering the possibility of transition is not considered the decision should take into account such factors as the presence of commercial equipment. Not all trading equipment is supported in linux, and even less so that it can be run via RDP.
In general, if you want to save on Windows licenses, you can get by with solutions based on LINUX, especially the recent development of XRDP is going on at an accelerated pace. In March of this year, release of version 0.9.2 is planned - this follows from the published Release notes .
Supplement 03/31/2017
Colleagues, please note that yesterday the developers of xrdp released a new version of xrdp 0.9.2 and xordxrdp 0.2.1.
Based on the Release notes, now the RemoteFX codec is now supported by default, so the idea is no longer need to compile it separately, as I indicated in the article. Also by default, the xorgxrdp backend is now used. A little later, check how the installation is now and make changes to the article.
Source: https://habr.com/ru/post/325132/
All Articles