This document concludes the research I previously did in setting up the necessarily packages for a graphical connection (VNC) to an AWS EC2 Instance using Linux. The three versions I worked with, Red Hat Enterprise Linux 8, Amazon Linux 2 (a derivative of RHEL), and Ubuntu Server 18.04/16.04, were all able to install XFCE4, a small-footprint X Window desktop. Red Hat and Amazon Linux were able to add a compatible Fedora repository in order to install the required packages, and Ubuntu Server, once the initial setup was run, as well.
The script isn’t set up to support SUSE Linux Enterprise Server or Amazon Linux AMI as the required repositories aren’t available.
User Data with EC2
The simplest way is to use the Userdata feature of AWS EC2 instance creation, and to load the script there.
This downloads the script, http://twoconcertinas.com/vncsetup-00.01.00.00.sh from my web server and runs it when the EC2 instance is first started.
The script works on Red Hat Enterprise Server, Amazon Linux 2, and Ubuntu Server prior to 20.04. The script determines whether it’s on Ubuntu, or Red Hat/Amazon. After setting up variables for packages, it runs the platform specific update commands so that all packages and repositories are refreshed.
After installing the packages for Ubuntu, the script modifies /usr/bin/vncserver script. When vncserver is first run, it creates the ~/.vnc/xstartup script. This sets and exports the value “XKL_XMODMAP_DISABLE” in xstartup. If this is set to true, the icons and themes won’t display correctly when connecting with VNC. We nip that in the bud by adding a comment character in front of the line that sets it when vncserver is executed and can’t find xstartup.
On Red Hat and Amazon Linux, the xstartup script is also created. It needs to have the startup for XFCE4 in xstartup, or the desktop won’t function properly on loading. So the script creates xstartup with that command set.
After the packages are installed, three scripts are created in /usr/bin: aws-publicip, myvncstart, and myvncend. The script aws-publicip is specific to AWS EC2 instances, so that the publicly visible IP address is displayed. Of course the public IP address is available in the AWS console.
The scripts myvncstart and myvncend are used to manually start and stop the VNC server (TigerVNC or TightVNC) and displays the IP address to connect to. For a single user Linux system, add the display number :1, which connects to port 5901 with VNC.
The first time myvncstart is executed, the password for the VNC server is setup. Be sure and use an appropriately complex password as this can allow anyone to connect. A “view only” password can be used if you wanted to be able to share the desktop with someone else and not allow them access to the desktop. Be sure and open the port 5901 in the security group, and to allow connection from only your IP. If it’s opened to the world, bots will continually try to connect. VNC will detect this and shut down the VNC server. You’ll need to reload the VNC server when this happens. It’s better practice to only allow your IP address to connect to prevent this.
There are ways to tunnel to VNC using SSH, as well as to automatically start VNC when the server boots. I’ve made the decision not to delve into either of these topics as plenty of material is available on the internet on how to do this.
This has been an interesting project for me. If you are a user that wants the memory heavy Gnome interface, or can create 2GB EC2 instances, then you might not need any of this. If you’re just looking for a quick, low memory footprint method that’ll allow a simple VNC connection, then this is for you. Either way, this can prove that Linux is not just a text based terminal connection but can include so much more.
Please drop me a line if there are any issues or questions that crop up. Packages may change, and I may need to change my scripts.
How to Install and Configure VNC on Ubuntu 18.04 – How to Install VNC…