I set this up today, and ran into a few gotchas, so writing them up. It was mostly smooth to set up as long as the right dependencies are installed for your window manager.

I opted to use xfce4, so:

apt install xubuntu-desktop xfce4 xrdp

I also needed to set up xfce for the ~/.xsession, so I added xfce4-session there to make sure that it starts. Otherwise, you’ll end up with a blank screen. The last thing to fix is are the certificates. I’d suggest using let’s encrypt for this step.

Once you have that set up, you can do something like this:

# Add xrdp to the ssl-cert group
sudo adduser xrdp ssl-cert

# Make the let's encrypt stuff be readable
sudo chgrp ssl-cert -R /etc/letsencrypt/live /etc/letsencrypt/archive
sudo chmod g+rX /etc/letsencrypt/live /etc/letsencrypt/archive

# These currently point to the snakeoil CA in /etc/ssl
rm -f /etc/xrdp/cert.pem
rm -f /etc/xrdp/key.pem
ln -s /etc/letsencrypt/live/<your-endpoint>/fullchain.pem cert.pem
ln -s /etc/letsencrypt/live/<your-endpoint>/privkey.pem key.pem

And while we’re here, let’s also fix up the gtk-3 scroll bars:

# Put me in ~/.config/gtk-3.0/settings.ini

gtk-primary-button-warps-slider = false