The purpose of this gist is to document the setup of a VNC server to allow remote desktop access on my development VPS.
There are some chome extensions (e.g. webscrapers) that I would like to run from a VPS. This way the connection quality of my present location isn't a factor.
I'm using this guide.
- Add your user to the sudo Group by logging in as root and running:
usermod -aG sudo username
- Login as your user
- Update
sudo apt update
- Install xfce 4
sudo apt install xfce4 xfce4-goodies
- Install tightVNC server
sudo apt install tightvncserver
- Start VNC
vncserver
- Enter a password (not view only since we want to control this machine).
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
xauth: file /home/natecostello/.Xauthority does not exist
New 'X' desktop is dev-vps:1
Creating default startup script /home/natecostello/.vnc/xstartup
Starting applications specified in /home/natecostello/.vnc/xstartup
Log file is /home/natecostello/.vnc/dev-vps:1.log
- Kill the server
vncserver -kill :1
- Backup the xstartup file
mv ~/.vnc/xstartup ~/.vnc/xstartup.bak
- Open a new startup file
nano ~/.vnc/xstartup
- Add the following to the new file:
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &
- Make the new file executable
chmod +x ~/.vnc/xstartup
- Restart the vnc server
vncserver -localhost
Note: The -localhost option causes VNC to only allow connections that originate from the server itself.
- Create an SSH connection on your local machine that forwards to the localhost connection for VNC
ssh -L 59000:localhost:5901 -C -N -l natecostello dev-vps
The guide at the top gives a good breakdown of this command: Here’s what this ssh command’s options mean:
-L 59000:localhost:5901
: The -L switch specifies that the given port on the local computer (59000) is to be forwarded to the given host and port on the destination server (localhost:5901, meaning port 5901 on the destination server, defined as your_server_ip). Note that the local port you specify is somewhat arbitrary; as long as the port isn’t already bound to another service, you can use it as the forwarding port for your tunnel.-C
: This flag enables compression which can help minimize resource consumption and speed things up.-N
: This option tells ssh that you don’t want to execute any remote commands. This setting is useful when you just want to forward ports.-l natecostello dev-vps
: The -l switch let’s you specify the user you want to log in as once you connect to the server.
-
Use a VNC Client (the mac native screen sharing app) to connect to
localhost:59000
-
Enter the password you chose in step 7.
Boom! In the future just repeat steps 14-16 to connect.
As is, this setup requires restarting vncserver after every boot of the dev-vps (pretty much every use). To fix that we proceeded with step 4 of the linked guide to set up VNC as a system service.
- Create a file as follows:
sudo nano /etc/systemd/system/vncserver@.service
- Edit it as follows:
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target
[Service]
Type=forking
User=natecostello
Group=natecostello
WorkingDirectory=/home/natecostello
PIDFile=/home/natecostello/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 -localhost :%i
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.target
- Run the following commands (detail for what they do are in the linked guide).
sudo systemctl daemon-reload
sudo systemctl enable vncserver@1.service
vncserver -kill :1
sudo nano /etc/systemd/system/vncserver@.service