Security Hardening: Migrate OpenClaw LXC to Unprivileged Container

.gitignore

@@ -12,3 +12,6 @@ Thumbs.db
 # Env
 .env
 *.log
+
+# Claude Code
+.claude/

CLAUDE.md

@@ -2,6 +2,10 @@
 
 This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
 
+## Language
+
+All communication, responses, code comments, commit messages, and documentation **must be in English only**, regardless of what language the user writes in.
+
 ## Project Overview
 
 OpenClaw on Proxmox is a single-script deployment tool (`setup-openclaw-lxc.sh`) that automates creating a Proxmox LXC container with a fully configured OpenClaw AI assistant, LXQt desktop, Google Chrome, and VNC/noVNC remote access. It targets Proxmox VE 8.x+ hosts running as root.
@@ -43,6 +47,10 @@ bash setup-openclaw-lxc.sh
 
 Verify by checking: container creation, all three systemd services running, noVNC web access, and OpenClaw dashboard reachability.
 
+## Changelog
+
+All notable changes are documented in [`docs/changelog.md`](docs/changelog.md). Update it with every meaningful change to the script (date, short description, what changed and why).
+
 ## Shell Style
 
 - Bash with `set -euo pipefail`

README.md

@@ -21,7 +21,7 @@ SSH into your Proxmox host and run:
 bash <(curl -fsSL https://raw.githubusercontent.com/adadrag/Openclaw-Proxmox/main/setup-openclaw-lxc.sh)
 ```
 
-That's it. The script will ask for a password, pick sensible defaults for everything else, and print your connection URLs when done.
+That's it. The script will ask for a password, admin username, and SSH public key, then pick sensible defaults for everything else and print your connection URLs when done.
 
 ### Alternative install methods
 
@@ -47,8 +47,8 @@ After the script finishes, you'll have a fully configured LXC container with:
 | What | How to access |
 |------|---------------|
 | **OpenClaw Dashboard** | `http://<container-ip>:18789/#token=<your-token>` |
-| **Remote Desktop** | `http://<container-ip>:6080/vnc.html` |
-| **SSH** | `ssh root@<container-ip>` |
+| **Remote Desktop** | `https://<container-ip>/vnc.html` (after HTTPS setup) |
+| **SSH** | `ssh <admin-user>@<container-ip>` (key auth only) |
 
 The script prints all of this (including the token) at the end.
 
@@ -73,26 +73,160 @@ The script prompts you interactively (all optional except password):
 
 | Option | Default | Description |
 |--------|---------|-------------|
-| Password | *(required)* | Container root password (also used for VNC) |
+| Password | *(required)* | Container root + openclaw user password (also used for VNC) |
 | Disk size | 32 GB | Container root filesystem size |
 | Memory | 4096 MB | RAM allocation |
 | CPU cores | 4 | Number of CPU cores |
 | VNC resolution | 1920x1080 | Remote desktop resolution |
+| Admin username | *(required)* | Linux user with full passwordless sudo (separate from `openclaw` service account) |
+| SSH public key | *(required)* | Public key for the admin user; password SSH login is disabled |
 
 Everything else is auto-detected — VMID, storage, networking (DHCP).
 
 ## What the script installs
 
 All inside the container (nothing is installed on the Proxmox host):
 
-- **Debian 13** LXC (privileged)
+- **Debian 13** LXC (unprivileged, nesting enabled)
 - **Node.js 22** + **OpenClaw**
 - **Homebrew** (for OpenClaw skills)
 - **LXQt** desktop + **TigerVNC** + **noVNC**
 - **Google Chrome** (with OpenClaw browser extension)
 - **Noto Color Emoji** font (for proper terminal rendering)
 - Three **systemd services**: `openclaw-gateway`, `vncserver`, `novnc`
 
+## HTTPS Setup (recommended)
+
+By default noVNC runs over plain HTTP. Modern browsers block clipboard access over HTTP, so **HTTPS is required** for full clipboard support. Follow these steps to set it up.
+
+### 1. Generate an SSL certificate
+
+If you have your own CA, generate a certificate signed by it:
+
+```bash
+mkdir -p ~/certs && cd ~/certs
+
+# Generate private key and CSR
+openssl genrsa -out openclaw.home.key 2048
+openssl req -new -key openclaw.home.key \
+  -out openclaw.home.csr \
+  -subj "/CN=openclaw.home"
+
+# Sign with your CA (adjust paths to your rootCA files)
+openssl x509 -req -in openclaw.home.csr \
+  -CA /path/to/rootCA.crt \
+  -CAkey /path/to/rootCA.key \
+  -CAcreateserial \
+  -out openclaw.home.crt \
+  -days 825 \
+  -extfile <(printf "subjectAltName=DNS:openclaw.home,IP:<container-ip>")
+```
+
+Alternatively, generate a self-signed certificate (you will need to accept the browser warning or add it to your trusted roots manually):
+
+```bash
+openssl req -x509 -nodes -days 825 -newkey rsa:2048 \
+  -keyout ~/certs/openclaw.home.key \
+  -out ~/certs/openclaw.home.crt \
+  -subj "/CN=openclaw.home" \
+  -addext "subjectAltName=DNS:openclaw.home,IP:<container-ip>"
+```
+
+### 2. Configure nginx as a reverse proxy
+
+Install nginx if it isn't already installed:
+
+```bash
+sudo apt install nginx -y
+```
+
+Create a site configuration:
+
+```bash
+sudo nano /etc/nginx/sites-available/novnc
+```
+
+Paste the following (adjust certificate paths if needed):
+
+```nginx
+server {
+    listen 443 ssl;
+    server_name openclaw.home;
+
+    ssl_certificate /home/<admin-user>/certs/openclaw.home.crt;
+    ssl_certificate_key /home/<admin-user>/certs/openclaw.home.key;
+
+    location / {
+        proxy_pass http://localhost:6080;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+    }
+}
+```
+
+Enable the site and restart nginx:
+
+```bash
+sudo ln -s /etc/nginx/sites-available/novnc /etc/nginx/sites-enabled/
+sudo nginx -t
+sudo systemctl restart nginx
+```
+
+The remote desktop is now available at `https://openclaw.home/vnc.html` (or by IP).
+
+### 3. Trust the certificate on Windows
+
+If you used your own CA, install `rootCA.crt` into Windows **Trusted Root Certification Authorities**:
+
+1. Copy `rootCA.crt` to your Windows machine
+2. Double-click the file → **Install Certificate**
+3. Select **Local Machine** → **Place all certificates in the following store**
+4. Browse → **Trusted Root Certification Authorities** → Finish
+
+After installing, restart your browser.
+
+## Firewall Setup
+
+Lock down the container so only SSH and HTTPS are reachable from the network:
+
+```bash
+sudo apt install ufw -y
+sudo ufw default deny incoming
+sudo ufw default allow outgoing
+sudo ufw allow 22    # SSH
+sudo ufw allow 443   # HTTPS (nginx → noVNC)
+sudo ufw enable
+sudo ufw status
+```
+
+> **Note:** After enabling the firewall, the OpenClaw dashboard on port 18789 and raw noVNC on port 6080 are no longer directly accessible. Access the dashboard through the nginx proxy or via an SSH tunnel if needed.
+
+## Clipboard Usage in noVNC
+
+Browser security restricts direct clipboard access. There are two ways to copy and paste between your local machine and the remote desktop.
+
+### Option A — noVNC clipboard panel (always works)
+
+The noVNC interface has a built-in clipboard panel in the left-side control bar:
+
+1. Click the **arrow icon** on the left edge of the screen to open the control bar
+2. Click the **clipboard icon** (looks like a notepad)
+3. To **paste into the remote desktop**: type or paste text into the clipboard panel, then right-click inside the remote desktop and choose Paste
+4. To **copy from the remote desktop**: select text inside the remote desktop, then open the clipboard panel — the selected text appears there and can be copied to your local clipboard
+
+### Option B — automatic clipboard sync (requires HTTPS)
+
+When accessing noVNC over HTTPS with a trusted certificate, the browser can sync the clipboard automatically:
+
+1. Open the noVNC control bar (left arrow)
+2. Open **Settings** → enable **Clipboard** if it is not already on
+3. The browser will ask for clipboard permission — click **Allow**
+4. Copy/paste now works directly without using the clipboard panel
+
+> **Tip:** If the browser does not ask for clipboard permission, make sure you are accessing noVNC over `https://` and that the certificate is trusted. HTTP blocks clipboard API entirely in modern browsers.
+
 ## Container Management
 
 ```bash
@@ -121,9 +255,15 @@ pct exec <VMID> -- systemctl status vncserver
 pct exec <VMID> -- systemctl status novnc
 ```
 
-**Chrome extension not loading?**
-Open Chrome, navigate to `chrome://extensions`, enable **Developer Mode** (top right toggle), then click **Load unpacked** and select the OpenClaw extension directory.
+**Clipboard not working?**
+Make sure you are accessing noVNC over HTTPS with a trusted certificate. HTTP blocks clipboard API in all modern browsers. See the [HTTPS Setup](#https-setup-recommended) and [Clipboard Usage](#clipboard-usage-in-novnc) sections above.
+
+**nginx not starting?**
+```bash
+sudo nginx -t          # Check config syntax
+sudo journalctl -u nginx --no-pager -n 50
+```
 
 ## License
 
-MIT License. See [LICENSE](LICENSE) for details.
+MIT License. See [LICENSE](LICENSE) for details.

docs/changelog.md

@@ -0,0 +1,22 @@
+# Changelog
+
+All notable changes to `setup-openclaw-lxc.sh` are documented here.
+
+---
+
+## 2026-04-05
+
+### Fixed
+- **Desktop shortcuts now launch without prompts** — PCManFM-Qt 2.1.0 (Debian 13) checks `metadata::trust` gvfs metadata (not the executable bit, not `user.trusted` xattr, not `metadata::trusted`). Set via `dbus-launch gio set <file> metadata::trust true` run as the openclaw user during installation. `dbus-launch` creates a temporary D-Bus daemon and auto-activates gvfsd-metadata via D-Bus service activation, so no running VNC session is needed.
+
+### Added
+- **Admin user creation** — installer now asks for a Linux username to create with full passwordless sudo rights; this user is separate from the `openclaw` service account
+- **SSH public key setup** — installer asks for an SSH public key for the admin user; key is written to `~/.ssh/authorized_keys`
+- **SSH hardening** — password authentication is disabled in `sshd_config`; only key-based login is allowed
+
+### Changed
+- **Removed `--no-sandbox` from Chrome** — Chrome's sandbox relies on Linux user namespaces. On this Proxmox host, unprivileged user namespaces are enabled (`/proc/sys/kernel/unprivileged_userns_clone = 1`, `max_user_namespaces = 127591`), and the LXC container is created with `nesting=1` which passes these through to the container. Chrome runs as the non-root `openclaw` user, so it can create its own user namespace for sandboxing without needing `--no-sandbox`. The flag was removed from the `.desktop` file, CLI wrapper, OpenClaw `browser.noSandbox` config, and dashboard shortcut.
+
+### Previous history
+
+Earlier changes tracked in git commit history.