edit to openwrt23.05 repository over ssh -> fluxbox x11 \ jgsoftwares/openwrtsshgnomex11 optional install firejail > yum install firejail optional config > /etc/sssh/sshd_config > Compression yes X11UseLocalhost no > StreamLocalBindUnlink yes > Port 22 AddressFamily inet ListenAddress 192.168.10.56 > #ListenAddress :: > delte network file \ > rm -rf /etc/networks > run netbeans with openjdk \ > vi /root/netbeans/netbeans/etc/netbeans.conf \ > edit netbeans.conf file to openjdk \ > netbeans_jdkhome="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.432.b06-3.0.1.el9.x86_64" \ run container with tmpf \ \ with ipfire -e NETWORK_NONE=orange1 --add-host="host.docker.internal:host-gateway" ``` docker run -dit --mac-address 56-52-4B-42-0E-A7 --security-opt seccomp=unconfined --security-opt apparmor=docker-default --net=host --net=none --name oraclex11ssh -v /root/git:/root/git -v /var/run/docker.sock:/var/run/docker.sock --cgroupns=host -v /srv/www/htdocs:/srv/www/htdocs -e NETWORK_NONE=orange1 --add-host="host.docker.internal:host-gateway" --cap-add SYS_ADMIN --kernel-memory=6M --tmpfs /opt/docker jgsoftwares/de_developmentx11ssh_openwrt:Xephyr ``` install firejail yum install firejail and start the sandbox firejail --profile=/etc/firejail/ssh.profile --x11=xephyr --dns=95.85.95.85 --dns=2.56.220.2 --net=green0 --protocol=unix --memory-deny-write-execute firejail config firejail transmission-gtk \ firejail --bandwidth=slow set greenvlan 235 235 \ ``` client x-session config update-alternatives --config x-session-manager * 2 /usr/bin/lxsession start client Xephyr :0 -extension MIT-SHM -extension GLX -screen 800x600 +xinerama -glamor -br -nolisten tcp -dpi 0 -keybd ephyr,,,,xkblayout=de & DISPLAY=:0 LC_TIME="de_DE.ISO8859-1" LANG=de_DE.ISO-8859-1 QT_QPA_PLATFORM=xephyr GDK_BACKEND=xephyr XDG_SESSION_TYPE=xephyr ssh -t -i ~/.ssh/id_rsa -2 -4 -YX -c chacha20-poly1305@openssh.com -C root@192.168.10.56 optional with firejail not needed start Xephyr on the server side over localhost Xephyr :10 -extension MIT-SHM -screen 1920x1200 -xinerama -resizeable -glamor -br -nolisten tcp -dpi 0 -keybd ephyr,,,,xkblayout=de & DISPLAY=:10 LC_TIME="de_DE.ISO8859-1" LANG=de_DE.ISO-8859-1 QT_QPA_PLATFORM=xephyr GDK_BACKEND=xephyr XDG_SESSION_TYPE=xephyr ps -a firejail --join=id run netbeans cd /root/netbeans/netbeans/bin \ alternative run netbeans in new window DISPLAY=127.0.0.1:10 >edit jdkhome hotspot jdk > /etc/netbeans/netbeans/etc/netbeans.conf > --jdkhome /usr/bin/java java /root/OpenJDK8U-jdk_x64_linux_hotspot_8u432b06/jdk8u432-b06 ibm openjdk > /root/ibm-semeru-open-jdk_x64_linux_8u472b08_openj9-0.56.0/jdk8u472-b08/bin > --jdkhome /usr/bin/java java /root/ibm-semeru-open-jdk_x64_linux_8u472b08_openj9-0.56.0/jdk8u472-b08 > update-alternatives --install /usr/bin/java java /root/ibm-semeru-open-jdk_x64_linux_8u472b08_openj9-0.56.0/jdk8u472-b08/bin/java 5 edit javac > update-alternatives --install /usr/bin/javac javac /root/ibm-semeru-open-jdk_x64_linux_8u472b08_openj9-0.56.0/jdk8u472-b08/bin/javac 3 > update-alternatives --config javac edit maven JAVA_HOME > export JAVA_HOME=/root/ibm-semeru-open-jdk_x64_linux_8u472b08_openj9-0.56.0/jdk8u472-b08/jre > mvn version start netbeans with firejail from path /root/netbeans/netbeans/bin/ --net=vxlanwireguard \ ------------------------------------------------- simple ssh console with firejail --net=eth0 \ firejail --dns=95.85.95.85 --dns=2.56.220.2 --net=eth0 --protocol=unix --profile=/etc/firejail/ssh.profile --x11=xephyr --xephyr-screen=1920x1080 --nosound --novideo --nodbus --memory-deny-write-execute ssh -t -i ~/.ssh/id_rsa -2 -4 -YX -c chacha20-poly1305@openssh.com -C root@192.168.10.56 on remote ip addr add 127.0.0.1/24 dev lo ip addr del 127.0.0.1/8 dev lo ip addr del ::1/128 dev lo yum install firejail cd /root/netbeans/netbeans/bin --net=none --net=greenvlan -- sandbox --- run netbeans in sandbox connect ssh connect ssh -t -i ~/.ssh/id_rsa -2 -4 -YX -c chacha20-poly1305@openssh.com -C root@192.168.10.56 start gtk \ firejail transmission-gtk \ firejail --bandwidth=slow set greenvlan 235 235 \ start a simple Xephyr server DISPLAY=127.0.0.1:10 firejail --dns=95.85.95.85 --dns=2.56.220.2 --net=greenvlan --protocol=unix --profile=/etc/firejail/ssh.profile Xephyr :10 -extension MIT-SHM -screen 1920x1200 -xinerama -resizeable -glamor -br -nolisten tcp -dpi 0 -keybd ephyr,,,,xkblayout=de & DISPLAY=:10 LC_TIME="de_DE.ISO8859-1" LANG=de_DE.ISO-8859-1 QT_QPA_PLATFORM=xephyr GDK_BACKEND=xephyr XDG_SESSION_TYPE=xephyr start netbeans with firejail over remote in Xephyr panel cd /root/netbeans/netbeans/bin --xephyr-screen=1920x1080 \ start netbeans over xephyr server \ \ DISPLAY=127.0.0.1:10 firejail --profile=/etc/firejail/ssh.profile --x11=xephyr --dns=95.85.95.85 --dns=2.56.220.2 --net=greenvlan --protocol=unix --memory-deny-write-execute ./netbeans -J-Dnimrodlf.themeFile=/root/DarkTabaco.theme --cp:p /root/nimrodlf-1.2d.jar -J-Dsun.java2d.dpiaware=false --jdkhome /root/OpenJDK8U-jdk_x64_linux_hotspot_8u432b06/jdk8u432-b06 --laf com.nilo.plaf.nimrod.NimRODLookAndFeel -J-Dswing.aatext=true -J-Dawt.useSystemAAFontSettings=lcd -J-Dorg.netbeans.editor.aa.fractional=true -J-Xms4096m -J-Xmx4096m ------------------------------------------------- ``` ``` with image jgsoftwares/de_developmentx11ssh_openwrt:Xephy \ > simple ssh connect over Xephyr Xephyr :10 -screen 1920x1080 -br -dpi 0 -keybd ephyr,,,,xkblayout=de & DISPLAY=:10 LC_TIME="de_DE.ISO8859-1" LANG=de_DE.ISO-8859-1 QT_QPA_PLATFORM=x11 GDK_BACKEND=Fluxbox XDG_SESSION_TYPE=Fluxbox ssh -t -i ~/.ssh/id_rsa -2 -4 -YX -c chacha20-poly1305@openssh.com -C root@192.168.10.56 startxfce4 \ http://demogitjava.ddns.net:8000/oraclelinux/2025-11-17-151458_1920x1080_scrot.png \ \ to run Xephyr over DISPLAY=10 yum remove xrandr then one x11 server is running on the system Xephyr :10 -listen tcp & -screen 1920x1080 -br -dpi 0 -keybd ephyr,,,,xkblayout=de & DISPLAY=:0 LC_TIME="de_DE.ISO8859-1" LANG=de_DE.ISO-8859-1 QT_QPA_PLATFORM=x11 GDK_BACKEND=Fluxbox XDG_SESSION_TYPE=Fluxbox ssh -t -i ~/.ssh/id_rsa -2 -4 -YX -c chacha20-poly1305@openssh.com -C root@localhost ps -a firejail --join=id run netbeans form path /root/netbeans/netbeans/bin \ DISPLAY=127.0.0.1:10 dbus-launch --binary-syntax --close-stderr --exit-with-session ./netbeans -J-Dnimrodlf.themeFile=/root/DarkTabaco.theme --cp:p /root/nimrodlf-1.2d.jar -J-Dsun.java2d.dpiaware=false --jdkhome /usr/lib/jvm/java-1.8.0-openjdk --laf com.nilo.plaf.nimrod.NimRODLookAndFeel -J-Dswing.aatext=true -J-Dawt.useSystemAAFontSettings=lcd -J-Dorg.netbeans.editor.aa.fractional=true -J-Xms4096m -J-Xmx4096m on the server dnf install xorg-x11-server-Xephyr yum install screen yum install lightdm-gtk Xephyr :10 -listen 192.168.10.56 ``` ``` export DIPSLAY=127.0.0.1:10 ``` ``` with dbus dbus-launch --binary-syntax --close-stderr --exit-with-session ./netbeans -J-Dnimrodlf.themeFile=/root/DarkTabaco.theme --cp:p /root/nimrodlf-1.2d.jar -J-Dsun.java2d.dpiaware=false --jdkhome /usr/lib/jvm/java-1.8.0-openjdk --laf com.nilo.plaf.nimrod.NimRODLookAndFeel -J-Dswing.aatext=true -J-Dawt.useSystemAAFontSettings=lcd -J-Dorg.netbeans.editor.aa.fractional=true -J-Xms4096m -J-Xmx4096m ``` ``` yum repolist all yum-config-manager --enable ol9_codeready_builder dnf install epel-release yum install elinks -y ``` ``` dnf install "epel-release" dnf group install "Xfce" dnf install kernel dnf install grubby grubby --update-kernel=ALL --args "loglevel=3,LANG=de_DE.ISO-8859-1" ``` only in host mode the network speed get the config with 100 Mbit / half \ used Handy´s for Wiregaurd vpn \ **_Doogee_** S61 PRO \ **Motorola** Edge 30 Neo Openwrt as host system and config for jgsoftwares/de_developmentx11ssh_openwrt:baseXopenwrtext4 install openwrt as host - system: \ http://demogitjava.ddns.net:8000/openwrt/openwrt_installwithgparted simple config of openwrt - backup look: \ the default password is jj78mvpr52k1 -> the keys over wireguard has to be changed \ http://demogitjava.ddns.net:8000/backup-demogitjava.ddns.net-2025-11-06.tar.gz \ > fix - error´s to backup openwrt -> edit - \ \ if error message over ssh connect with by using backup > X11 forwarding request failed on channel 0 Warning: This program is an > suid-root program or is being run by the root user. The full text of > the error or warning message cannot be safely formatted in this > environment. You may get a more descriptive message by running the > program as a non-root user or by removing the suid bit on the > executable. xterm: Xt error: Can't open display: %s xterm: DISPLAY is > not set Connection to 192.168.10.56 closed. \ **edit file /etc/ssh/sshd_config -> X11UseLocalhost no** \ install kernel with -> dnf install kernel \ run container on interface -> eth0.10 \ \ under /etc/config/network the loopback interface is set with \ config interface 'lo' \ #list dns '8.8.8.8' \ #list dns '8.8.4.4' \ is to disable \ http proxy config:\ edit file /etc/yum.conf `proxy=http://192.168.10.56:80` \ > the openwrt backup is forwarded with sysctl net.ipv4.ip_forward=1 over > wireguard website browsing in enabled > to disable \ > `sysctl -w net.ipv4.ip_forward=0` \ > `sysctl -w net.ipv6.conf.all.disable_ipv6=0` > or enable with \ > `sysctl -w net.ipv4.ip_forward=1` > `sysctl -w net.ipv6.conf.all.disable_ipv6=0` `the static wan ip in this case for 217.160.255.254 has to be edit to your static wan ip ` \ `refresh wireguad keys - stop and restart the interface ` \ `wireguard over cnet -> handy works with motorola edge 30 neo as gateway ` used compose file for container \ https://github.com/demogitjava/landingpage/blob/master/devssh/docker-compose_multicontainer.yml \ run the container with \ `docker compose -f docker-compose_multicontainer.yml up -d --build` \ access to the openwrt container with \ `docker exec -it openwrt2305dockerhost /bin/ash` and then \ forward ip4 with > `sysctl -w net.ipv4.ip_forward=1` run compose file with \ `docker compose up -d --build` \ default password is jj78mvpr52k1 on openwrt - host \ set network speed to interface after restore config with: ethtool -s eth0 autoneg off ethtool -s eth0 speed 100 ethtool -s eth0 duplex half client system nixos - linux ethtool -s eno1 autoneg off ethtool -s eno1 speed 100 ethtool -s eno1 duplex half config docker engine with fqdn - wan ip /etc/hosts edit file from 127.0.0.1 localhost to your wan ip 217.160.255.254 demogitjava.ddns.net restart service service dockerd restart restart all container with docker restart $(docker ps -a -q) internet access with the container edit resolv.conf \ file - etc/resolv.conf nameserver 95.85.95.85 nameserver 2.56.220.2 search demogitjava.ddns.net interface eth0.10 DNSSEC=yes DNSOverTLS=yes disable repository´s on docker container "devssh" disable yum repolist all yum-config-manager --disable ol9_baseos_latest yum-config-manager --disable ol9_appstream enable yum repolist all yum-config-manager --enable ol9_baseos_latest yum-config-manager --enable ol9_appstream openwrt - ext4 \ `password change with -` passwd \ the default password is = jj78mvpr52k1 edit localhost subnet ip addr add 127.0.0.1/24 dev lo ip addr del 127.0.0.1/8 dev lo container runs with package from openwrt 23.05.50 edit locale with \ `LANG=de_DE.ISO-8859-1` \ Openwrt Timezone settings set to => Etc/GMT-1 - DNS - no-ip -\ simple demo backup \ to run the container over openwrt - add Network/Interfaces/Devices -> add Bridge Device -> bridge lan filtering -> eth0 / tagged client login session over vpn with wireguard only run with Fluxbox - host docker internal - ssh connect - \ `network speed 1000 Mbit half duplex` \ `over vpn wiregaurd with fritz box the ip is ` `Last login: Sat Mar 29 10:51:04 2025 from 192.168.10.101` \ \ ssh - session fqdn to container over host `GDK_BACKEND=Fluxbox ssh -t -i ~/.ssh/id_rsa -2 -4 -YX -c chacha20-poly1305@openssh.com -C root@demogitjava.ddns.net xterm` over vpn wireguard `LC_TIME="de_DE.ISO8859-1" LANG=de_DE.ISO-8859-1 GDK_BACKEND=gnome-boxes ssh -t -i ~/.ssh/id_rsa -2 -4 -YX -c chacha20-poly1305@openssh.com -C root@192.168.10.56 xterm` \ or \ `LC_TIME="de_DE.ISO8859-1" LANG=de_DE.ISO-8859-1 GDK_BACKEND=gnome-boxes ssh -t -i ~/.ssh/id_rsa -2 -4 -YX -c chacha20-poly1305@openssh.com -C root@192.168.10.56 xterm` run docker container as host port optional -p 0.0.0.0:22:22 \ set the interface is set to eth0.20 \ >NETWORK_IF - host \ >NETWORK_BRIDGE - bridge network \ >NETWORK_NONE - none network > docker run -it --net=host --net=none --platform=linux/amd64 --tty -v /root/git:/root/git -v /var/run/docker.sock:/var/run/docker.sock -v /srv/www/htdocs:/srv/www/htdocs --name devssh --cap-add=NET_ADMIN --privileged -e LC_TIME=de_DE.ISO8859-1 -e LANG=de_DE.ISO-8859-1 -e NETWORK_NONE=lo -e NETWORK_NONE=eth0.10 --add-host="host.docker.internal:host-gateway" -e NTP_SERVER="2.rhel.pool.ntp.org" jgsoftwares/de_developmentx11ssh_openwrt:baseXopenwrtext4 only host mode speed is editable edit network speed on a docker container `/etc/sysconfig/network-scipts/ifcfg-eth0` ETHTOOL_OPTS="speed 1000 duplex full autoneg on" \ run docker container over the bridge with 192.168.10.0 Network edit /etc/config/dockerd config globals 'globals' option alt_config_file '/etc/docker/daemon.json' \ > -> daemon.json the docker bridge is disabled with "bridge": "none" and the /etc/docker/daemon.json looks like { "iptables": true, "ipv6": false, "driver": "none", "icc": false, "tls": true, "tlsverify": true, "userland-proxy": true, "debug": false, "experimental": false, "bridge": "none", "selinux-enabled": true, "mtu":1500, "bip": "192.160.10.1/24", "data-root": "/opt/docker", "default-runtime": "io.containerd.runc.v2", "hosts": ["tcp://192.168.10.56:2375", "unix:///var/run/docker.sock"], "default-address-pools": [ { "base": "192.168.10.0/24", "size": 254 } ] } \ \ \ run docker container on docker bridge network command: the ip in the bridge network is 192.168.10.2 by default available over gateway with 192.168.10.56 over vpn - WireGuard GDK_BACKEND=remmina ssh -t -i ~/.ssh/id_rsa -2 -4 -YX -c chacha20-poly1305@openssh.com -C root@192.168.10.56 xterm or GDK_BACKEND=gnome-boxes ssh -t -i ~/.ssh/id_rsa -2 -4 -YX -c chacha20-poly1305@openssh.com -C root@192.168.10.56 xterm > docker run -it -p 0.0.0.0:22:22 --platform=linux/amd64 --tty -v > /root/git:/root/git -v /var/run/docker.sock:/var/run/docker.sock -v > /srv/www/htdocs:/srv/www/htdocs --name devssh --network=bridge > --runtime io.containerd.runc.v2 -e TZ=Europe/Berlin --cap-add=NET_ADMIN --cap-add=SYS_MODULE --sysctl 'net.ipv4.conf.all.src_valid_mark=1' --sysctl 'net.ipv4.ip_forward=1' > -e NTP_SERVER="2.rhel.pool.ntp.org" jgsoftwares/de_developmentx11ssh_openwrt:baseXopenwrtext4 start the container with compose file - host mode \ https://github.com/demogitjava/landingpage/blob/master/devssh/host-docker-compose.yml \ or start the container with compose file - bridge mode \ https://github.com/demogitjava/landingpage/blob/master/devssh/docker-compose.yml \ edit /etc/hosts file - > 127.0.0.1 localhost only - > 192.160.10.56 host.docker.internal \ `x11 - session over Fluxbox ` \ \ ---------------------------------------- \ `config for Firtzbox 4040` \ ---------------------------------------- \ wireguard - vpn - fritzbox # wg_config.conf [Interface] PrivateKey = demodemo #ip of your device Address = 192.168.10.101/24 ListenPort = 51820 #MTU = 1500 [Peer] PublicKey = demodemo PresharedKey = demodemo #yourclientip and localhost #Route Allowed IPs not needed AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = yourwanip:51820 ---------------------------------------- config xrandr \ xrandr -q | grep HDMI \ connect to container and edit HDMI terminal properties for session `docker exec -it devssh /bin/bash` optional \ only in host mode supported \ `export DISPLAY=127.0.0.1:10.0` \ `xrandr --output HDMI-1 --dpi 96 --panning 1920x1080i --mode 1920x1080i --rate 59.94 --fbmm 1920x1080i --primary` \ `xrandr --verbose --output "HDMI-1" --primary` \ sshfs - mount :\ `sudo sshfs -o allow_other,default_permissions root@192.168.10.56:/root/git /root/git` if container is running create a new key-pair for connect \ for success connect delete all files on your client in folder /root/.ssh \ and reconnect clear authorized_keys - path \ `/root/.ssh/authorized_keys` or delte folder in /root/.ssh rm -rf /root/.ssh create keypair RSA \ `ssh-keygen -b 4096 -t rsa` \ `ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.10.56` add file on the host container on path - basic config /root/.ssh filename -> config 192.168.10.101 is the client ip firtzbox opver vpn \ Host 192.168.10.101 HostName 192.168.10.56 User root Compression yes Ciphers chacha20-poly1305@openssh.com Port 22 ForwardX11 yes X11UseLocalhost no show login session on this container with: \ `last | head` disable forward traffic \ `sysctl -w net.ipv4.ip_forward=0` - alternative ttyd over openwrt login works - - the default ttyd port is 7681 - \ login over ttyd terminal with username and password. \ ssh - login session is requiered \ connect to docker container with \ `docker exec -it devssh /bin/bash` \ export Display with: \ `export DISPLAY=127.0.0.1:10.0` ---------------------------------------- \ start Netbeans with - Tabaco-Theme `cd /root/netbeans/netbeans/bin` \ \ \ openJDK - Metal \ `GDK_BACKEND=gnome-boxes ./netbeans -J-Dnimrodlf.themeFile=/root/DarkTabaco.theme --cp:p /root/nimrodlf-1.2d.jar -J-Dsun.java2d.dpiaware=false --laf Metal --jdkhome /root/OpenJDK8U-jdk_x64_linux_hotspot_8u432b06/jdk8u432-b06 -J-Dswing.aatext=true -J-Dawt.useSystemAAFontSettings=lcd -J-Dorg.netbeans.editor.aa.fractional=true -J-Xms4096m -J-Xmx4096m` start netbeans with Java - Hostspot jdk \ `GDK_BACKEND=Fluxbox ./netbeans -J-Dnimrodlf.themeFile=/root/DarkTabaco.theme --cp:p /root/nimrodlf-1.2d.jar -J-Dsun.java2d.dpiaware=false --laf com.nilo.plaf.nimrod.NimRODLookAndFeel --jdkhome /root/OpenJDK8U-jdk_x64_linux_hotspot_8u432b06/jdk8u432-b06 -J-Dswing.aatext=true -J-Dawt.useSystemAAFontSettings=lcd -J-Dorg.netbeans.editor.aa.fractional=true -J-Xms4096m -J-Xmx4096m` start netbeans with openJDK \ `LC_TIME="de_DE.ISO8859-1" LANG=de_DE.ISO-8859-1 GDK_BACKEND=x11 DISPLAY=127.0.0.1:10.0 ./netbeans -J-Dnimrodlf.themeFile=/root/DarkTabaco.theme --cp:p /root/nimrodlf-1.2d.jar -J-Dsun.java2d.dpiaware=false --laf com.nilo.plaf.nimrod.NimRODLookAndFeel --jdkhome /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.432.b06-3.0.1.el9.x86_64 -J-Dswing.aatext=true -J-Dawt.useSystemAAFontSettings=lcd -J-Dorg.netbeans.editor.aa.fractional=true -J-Xms4096m -J-Xmx4096m` ``` with dbus dbus-launch --binary-syntax --close-stderr --exit-with-session ./netbeans -J-Dnimrodlf.themeFile=/root/DarkTabaco.theme --cp:p /root/nimrodlf-1.2d.jar -J-Dsun.java2d.dpiaware=false --jdkhome /usr/lib/jvm/java-1.8.0-openjdk --laf com.nilo.plaf.nimrod.NimRODLookAndFeel -J-Dswing.aatext=true -J-Dawt.useSystemAAFontSettings=lcd -J-Dorg.netbeans.editor.aa.fractional=true -J-Xms4096m -J-Xmx4096m ``` ----------------------------------------