Introduction
This document concludes the research I previously did in setting up the necessarily packages for a graphical connection (VNC) to an AWS EC2 Instance using Linux. The three versions I worked with, Red Hat Enterprise Linux 8, Amazon Linux 2 (a derivative of RHEL), and Ubuntu Server 18.04/16.04, were all able to install XFCE4, a small-footprint X Window desktop. Red Hat and Amazon Linux were able to add a compatible Fedora repository in order to install the required packages, and Ubuntu Server, once the initial setup was run, as well.
The script isn’t set up to support SUSE Linux Enterprise Server or Amazon Linux AMI as the required repositories aren’t available.
User Data with EC2
The simplest way is to use the Userdata feature of AWS EC2 instance creation, and to load the script there. This downloads the script, http://twoconcertinas.com/vncsetup-00.01.00.00.sh from my web server and runs it when the EC2 instance is created. This won’t work with Ubuntu 20.04, as one of the packages requires user input.
#include
http://twoconcertinas.com/vncsetup-00.01.00.00.sh
Another way is to just download it with curl, and execute it like the following from the command shell after the instance is running.
curl -L http://twoconcertinas.com/vncsetup-00.01.00.00.sh | bash
The script works on Red Hat Enterprise Server, Amazon Linux 2, and Ubuntu Server. The script determines whether it’s on Ubuntu, or Red Hat/Amazon. After setting up variables for packages, it runs the platform specific update commands so that all packages and repositories are refreshed.
After installing the packages for Ubuntu, the script modifies /usr/bin/vncserver script. When vncserver is first run, it creates the ~/.vnc/xstartup script. This sets and exports the value “XKL_XMODMAP_DISABLE” in xstartup. If this is set to true, the icons and themes won’t display correctly when connecting with VNC. We nip that in the bud by adding a comment character in front of the line that sets it when vncserver is executed and can’t find xstartup.
On Red Hat and Amazon Linux, the xstartup script is also created. It needs to have the startup for XFCE4 in xstartup, or the desktop won’t function properly on loading. So the script creates xstartup with that command set.
After the packages are installed, three scripts are created in /usr/bin: publicip, myvncstart, and myvncend. The script publicip displays the outward facing IP address of the instance.
The scripts myvncstart and myvncend are used to manually start and stop the VNC server (TigerVNC or TightVNC) and displays the IP address to connect to. For a single user Linux system, add the display number :1, which connects to port 5901 with VNC.
The first time myvncstart is executed, the password for the VNC server is setup. Be sure and use an appropriately complex password as this can allow anyone to connect. A “view only” password can be used if you wanted to be able to share the desktop with someone else and not allow them access to the desktop. Be sure and open the port 5901 in the security group, and to allow connection from only your IP. If it’s opened to the world, bots will continually try to connect. VNC will detect this and shut down the VNC server. You’ll need to reload the VNC server when this happens. It’s better practice to only allow your IP address to connect to prevent this.
There are ways to tunnel to VNC using SSH, as well as to automatically start VNC when the server boots. I’ve made the decision not to delve into either of these topics as plenty of material is available on the internet on how to do this.
Conclusion
This has been an interesting project for me. If you are a user that wants the memory heavy Gnome interface, or can create 2GB EC2 instances, then you might not need any of this. If you’re just looking for a quick, low memory footprint method that’ll allow a simple VNC connection, then this is for you. Either way, this can prove that Linux is not just a text based terminal connection but can include so much more.
Please drop me a line if there are any issues or questions that crop up. Packages may change, and I may need to change my scripts.
Links
How to Install and Configure VNC on Ubuntu 18.04 – How to Install VNC…
Here’s a follow up. Ubuntu 20.04 won’t allow for unattended install, since it stops to ask the user a question of which display manager to use. Ubuntu 22.04 will allow for unattended install.
┌────────────────────────────────────────────────────────────┤ Configuring lightdm ├────────────────────────────────────────────────────────────┐ │
│ A display manager is a program that provides graphical login capabilities for the X Window System. │
│ │
│ Only one display manager can manage a given X server, but multiple display manager packages are installed. Please select which display │
│ manager should run by default. │
│ │
│ Multiple display managers can run simultaneously if they are configured to manage different servers; to achieve this, configure the display │
│ managers accordingly, edit each of their init scripts in /etc/init.d, and disable the check for a default display manager. │
│ │
│ Default display manager: │
│ │
│ gdm3 │
│ lightdm │
│ │
│ │
│
│ │
└───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
If after opening the port (5901) to the Ubuntu server, you are still not able to connect to the VNC server, first verify that the connection works by telnetting to the local port:
$ telnet localhost 5901
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
RFB 003.008
^]
telnet> quit
This confirms that the VNC server is up and running.
Now, install and update the firewall as in the following:
$ sudo apt install firewalld
$ sudo firewall-cmd --zone=public --permanent --add-port=5901/tcp
$ sudo firewall-cmd --reload