Example VNC-Server Setup
This example describes how you can set up a CentOS/RHEL host to accept VNC connections from PrivX.
VNC-Server Setup
Install a VNC server on the host. In this case we use
tigervnc-server
:sudo yum install tigervnc-server
Log in as user to whom you want to provide vnc access or create a new user e.g. vnc-user. Then set their VNC password with:
vncpasswd
Create a copy of the VNC-configuration template:
sudo cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service
This example configures the VNC service for monitor 1. You will need to adapt these instructions if using other monitors.
Set the user(s) as specified in
/etc/tigervnc/vncserver.users
.The VNC server is now configured to allow access for the VNC user.
Start VNC Server
sudo systemctl daemon-reload
sudo systemctl start vncserver@:1
sudo systemctl status vncserver@:1 -l
You may confirm that vnc server is listening on port 5901 by running
ss -tulpn| grep vnc
The command should output similar to the following:
tcp LISTEN 0 5 *:5901 *:* users:(("Xvnc",pid=1330,fd=9))
tcp LISTEN 0 128 *:6001 *:* users:(("Xvnc",pid=1330,fd=6))
tcp LISTEN 0 5 [::]:5901 [::]:* users:(("Xvnc",pid=1330,fd=10))
tcp LISTEN 0 128 [::]:6001 [::]:* users:(("Xvnc",pid=1330,fd=5))
If you want to automatically start the VNC sever at reboot, also run:
sudo systemctl enable vncserver@:1
Configure VNC Port with PrivX UI
On PrivX, under Administration→Hosts→Services, add VNC service and change PORT to 5901.
Connect to VNC Server
On PrivX, under Connections→Available Hosts, find the Host with configured VNC server and click to connect.
Stop VNC Server
sudo systemctl stop vncserver@:1
Change Port and Display
To change the display (in this example, from 1 to 0):
Copy existing VNC-server configuration to a file with the corresponding monitor number:
cp /etc/systemd/system/vncserver@:1.service /etc/systemd/system/vncserver@:0.service
Before reloading systemctl daemon you probably need to remove the remaining temporary files
rm /tmp/.X0-lock /tmp/.X11-unix/X0k
Reload the VNC server to apply the changes:
systemctl daemon-reload
==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon ===
Authentication is required to reload the systemd state.
Authenticating as: vnc-user
Password:
==== AUTHENTICATION COMPLETE ===
[vnc-user@localhost system]$ systemctl start vncserver@:0
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: vnc-user
Password:
==== AUTHENTICATION COMPLETE ===
[vnc-user@localhost system]$ systemctl status vncserver@:0
● vncserver@:0.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@:0.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2021-03-17 16:55:56 EET; 11s ago
Process: 8426 ExecStart=/usr/bin/vncserver_wrapper vnc-user %i (code=exited, status=2)
Process: 8424 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 8426 (code=exited, status=2)
Mar 17 16:55:55 localhost.localdomain systemd[1]: Starting Remote desktop service (VNC)...
Mar 17 16:55:55 localhost.localdomain systemd[1]: Started Remote desktop service (VNC).
Mar 17 16:55:56 localhost.localdomain vncserver_wrapper[8426]: Warning: localhost.localdomain:0 is taken because of /tmp/.X0-lock
Mar 17 16:55:56 localhost.localdomain vncserver_wrapper[8426]: Remove this file if there is no X server localhost.localdomain:0
Mar 17 16:55:56 localhost.localdomain vncserver_wrapper[8426]: A VNC server is already running as :0
Mar 17 16:55:56 localhost.localdomain systemd[1]: vncserver@:0.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Mar 17 16:55:56 localhost.localdomain vncserver_wrapper[8426]: FATAL: 'runuser -l vnc-user' failed!
Mar 17 16:55:56 localhost.localdomain systemd[1]: Unit vncserver@:0.service entered failed state.
Mar 17 16:55:56 localhost.localdomain systemd[1]: vncserver@:0.service failed.
Notice the following warning: Warning: localhost.localdomain:0 is taken because of /tmp/.X0-lock
File .X0-lock should be deleted
rm /tmp/.X0-lock
systemctl start vncserver@:0
systemctl status vncserver@:0 -l
● vncserver@:0.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@:0.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2021-03-17 17:14:50 EET; 13s ago
Process: 9358 ExecStart=/usr/bin/vncserver_wrapper vnc-user %i (code=exited, status=2)
Process: 9356 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 9358 (code=exited, status=2)
Mar 17 17:14:50 localhost.localdomain systemd[1]: Starting Remote desktop service (VNC)...
Mar 17 17:14:50 localhost.localdomain systemd[1]: Started Remote desktop service (VNC).
Mar 17 17:14:50 localhost.localdomain vncserver_wrapper[9358]: Warning: localhost.localdomain:0 is taken because of /tmp/.X11-unix/X0
Mar 17 17:14:50 localhost.localdomain vncserver_wrapper[9358]: Remove this file if there is no X server localhost.localdomain:0
Mar 17 17:14:50 localhost.localdomain vncserver_wrapper[9358]: A VNC server is already running as :0
Mar 17 17:14:50 localhost.localdomain systemd[1]: vncserver@:0.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Mar 17 17:14:50 localhost.localdomain vncserver_wrapper[9358]: FATAL: 'runuser -l vnc-user' failed!
Mar 17 17:14:50 localhost.localdomain systemd[1]: Unit vncserver@:0.service entered failed state.
Mar 17 17:14:50 localhost.localdomain systemd[1]: vncserver@:0.service failed.
Now delete .X11-unix/X0k
rm /tmp/.X11-unix/X0k
systemctl daemon-reload
systemctl start vncserver@:0
systemctl status vncserver@:0
● vncserver@:0.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@:0.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2021-03-17 17:16:39 EET; 4s ago
Process: 9513 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 9516 (vncserver_wrapp)
CGroup: /system.slice/system-vncserver.slice/vncserver@:0.service
└─9516 /bin/sh /usr/bin/vncserver_wrapper vnc-user :0
Mar 17 17:16:39 localhost.localdomain systemd[1]: Starting Remote desktop service (VNC)...
Mar 17 17:16:39 localhost.localdomain systemd[1]: Started Remote desktop service (VNC).
Mar 17 17:16:42 localhost.localdomain vncserver_wrapper[9516]: WARNING: The first attempt to start Xvnc failed, possibly because the font
Mar 17 17:16:42 localhost.localdomain vncserver_wrapper[9516]: catalog is not properly configured. Attempting to determine an appropriate
Mar 17 17:16:42 localhost.localdomain vncserver_wrapper[9516]: font path for this system and restart Xvnc using that font path ...
Firewall setup
For running VNC connection from PrivX there is no need to open VNC dedicated port.
If you want to test VNC connection with an external client, e.g. Remmina:
Run
sudo firewall-cmd --add-port=5901/tcp --permanent
sudo firewall-cmd --reload
Confirm that port 5901 is now open in firewall by executing:
sudo firewall-cmd --list-ports
This should output:
5901/tcp