Table of Contents
In this post we’ll see how to setup and configure a VNC Server on a Linux CentOS 7.x server machine to allow remote connections from any VNC client – such as TightVNC, RealVNC and the likes. More specifically, we’ll do that using the tigervnc-server software, a free tool that allows to do just that.
Before proceeding, let’s briefly recap what VNC is about.
The acronym VNC stands for Virtual Network Computing and is a server-client protocol that allows a client machine (running a VNC client) to connect to and control a remote computer (powered by a VNC server). The software was originally developed by the Olivetti & Oracle Research Lab in Cambridge, UK as an open-source initiative and its source code is still available, as of today, under the GNU General Public License.
Depending on the VNC server software, the client will connect to the currently active runtime desktop (such as some “modern” softwares like Teamviewer or AnyDesk) or to a stand-alone virtual desktop, just like the Windows Remote Desktop RDP protocol: the latter behaviour is arguably more powerful and secure, especially if we need to control a server machine, because each session will be a unique environment configured with the permissions and grants of the connected user. That’s why we’re chosing TigerVNC, which works exactly like that by starting parallel sessions of the machine desktop environment (Gnome, KDE or other GUI) on the connecting client VNC desktop: this basically means that a standalone virtual desktop will be created for each separate connection – which is precisely what we want.
Now that we know what are we talking about, let’s see how we can setup and configure TigerVNC under our CentOS environment. The first thing to do is to install the tigervnc-server software package by opening a terminal session and issuing the following command with root privileges:
$ sudo yum install tigervnc-server
Right after that, you should create a dedicated VNC user to connect with (with a dedicated password).
To do that, type the following:
$ sudo adduser vncuser
$ sudo passwd vncuser
Once you created the vncuser and its login password, you also need set a VNC-unique password for that user. This can be done with the following command:
$ su - vncuser
(the first line can be omitted if we are actually connected with vncuser beforehand).
The next thing to do is to create a VNC configuration file for the vncuser: the fastest way to do that is to copy the VNC generic template file – located in the /lib/systemd/system/ folder – and then modify it according to our need:
$ cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service
That “1” which we put in the new filename is the display number that will be used for that specific service instance. That’s important to know, because it will also determine the TCP port that our VNC server will be listening to, which is 5900 + the display number: the first one will be 5901, then 5902 and so on.
Right after the copy, you need to edit the new file using vi, nano or another text editor and replace the [USER] placeholder with the name of the user created a short while ago (vncuser in our scenario). Here’s how the file should look after the update (minus the long commented part at the beginning):
Description=Remote desktop service (VNC)
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l vncuser -c "/usr/bin/vncserver %i -geometry 1280x720"
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
As soon as you do that, you can reload the VNC daemon and start the vncserver @1 with the commands below:
$ systemctl daemon-reload
$ systemctl start vncserver@:1
Before proceeding, it could be wise to check if the service is running by issuing the systemctl status command…
$ systemctl status vncserver@:1
… and create the symlink to have it always executed on system startup using the following command:
$ systemctl enable vncserver@:1
Another check you can do before trying to connect to our server is to take a look to the active network sockets using the ss command: if everything works properly, you should see a VNC server running and listening on port TCP 5901.
Here’s the command to execute…
$ ss -tulpn| grep vnc
… And this should be the result:
tcp LISTEN 0 5 *:5901 *:* users:(("Xvnc",pid=38344,fd=9))
tcp LISTEN 0 128 *:6001 *:* users:(("Xvnc",pid=38344,fd=6))
tcp LISTEN 0 5 :::5901 :::* users:(("Xvnc",pid=38344,fd=10))
tcp LISTEN 0 128 :::6001 :::* users:(("Xvnc",pid=38344,fd=5))
If you can see this, it means that everything has been setup correctly.
Since our VNC service is listening to port TCP 5901, you need to be sure that such port is open and accessible by external clients: therefore, if you have a firewall installed, you should create an appropriate rule to allow VNC clients to connect.
How many ports to open will depend by how many instances of VNC servers you’ll going to need: in our scenario, you only made 1, therefore you only need to open the first allocated VNC port: TCP 5901, just like we said. Here’s the command to open that port on firewalld:
# firewall-cmd --add-port=5901/tcp
# firewall-cmd --add-port=5901/tcp --permanent
Needless to say, you can also restrict that port for specific groups, IP addresses, network cards or other simple or complex firewall rules: that’s entirely to you, depending on your network environment’s configuration and how much you want to be safe.
Installing a GUI
If you already have GNOME, KDE or other desktop environments installed on our system you can skip this step, otherwise you’ll need to add one: the TigerVNC server will start a parallel instance of a given desktop environment for each login session, meaning that we need to have one – otherwise it won’t work.
If you really want the great (but heavy-weight) GNOME, type the following:
$ sudo yum groupinstall "GNOME Desktop"
If you want a lightweight alternative, we can suggest Xfce – a free & open source desktop environment for Unix-like platforms which work perfectly with TigerVNC. Don’t misunderstand us here, GNOME works fine as well, but it’s quite space-and-resource-intensive: if you want to save resources on your server machine, Xfce would arguably be a better choice.
To install it, type the following:
$ yum install epel-release
$ yum groupinstall xfce
Additional settings for Xfce
If you’ve chosen to use Xfce, you’ll also need to change the file to execute when the VNC session starts. To do that, edit the /home/<user>/.vnc/xstartup file and change the exec entry (usually line 4)from etc/X11/xinit/xinitrc to startxfce4, just like the following:
vncserver -kill $DISPLAY
That’s about it.
Connecting with VNC Client
Now that everything has been setup properly, we can try to connect to our VNC service using a VNC client such as TightVNC, UltraVNC, RealVNC and so on and see what happens. Just remember to specify the port TCP 5901 (if you’ve followed our guide).
In case your client is unable to establish a working VNC connection, you need to checkup the following:
- Connection issues -> Firewall configuration: if you see pop-up errors saying that the client cannot connect to the remote host, you need to check your network & firewall configuration to be sure that there aren’t blocking issues that could prevent the client from connecting to server port TCP 5901.
- Black screen with mouse -> YUM update or GUI reinstall: if you see a black screen with the mouse pointer working, that probably means that your VNC connection is working fine but there is something that prevents Desktop Environment GUI from starting properly. The best things you can try to fix such odd behaviour are:
- Perform a yum update to install the newest versions of TigerVNC and the GUI itself. Be sure to watch out for any issue during the install phase that could prevent them from installing/updating properly.
- Uninstall and reinstall the GUI using yum remove / yum group remove and yum groupinstall again. If it still doesn’t work, you might want to try out a different GUI to see if the problem persists.
That’s about it, at least for the time being: we hope that this guide could help other System Administrators who want to connect to their servers with the VNC protocol!