VNC Deployment Recipe
This recipe documents the deployment of a VNC sever on a cloud VM
This guide to assumes you have already created a VM running Ubuntu 20.04, noted its IP address (e.g. 10.186.xx.xx), and plan for both admin(s) and users to connect via the gateway machines.
For details about how to launch a new VM and connect as root, see the general documentation.
Procedure
Initial setup to be performed by an admin of the VM:
Install the necessary software packages:
apt update apt upgrade -y apt install -y xorg icewm nautilus eog evince firefox libturbojpeg update-alternatives --set x-terminal-emulator /usr/bin/xterm wget -O /tmp/turbovnc_2.2.6_amd64.deb https://sourceforge.net/projects/turbovnc/files/2.2.6/turbovnc_2.2.6_amd64.deb/download apt install -y /tmp/turbovnc_2.2.6_amd64.deb
At this point it is a good idea to reboot the VM.
Add the pre-made vnc-gates security group to the VM to allow connections from the gateway machines to the VNC server(s).
Initial setup performed by the each user:
mkdir ~/.vnc cat << EOF > $HOME/.vnc/xstartup #!/bin/sh unset SESSION_MANAGER unset DBUS_SESSION_BUS_ADDRESS exec icewm-session EOF chmod 755 ~/.vnc/xstartup cp ~/.vnc/xstartup ~/.vnc/xstartup.turbovnc /opt/TurboVNC/bin/vncpasswd
3. Users can now launch their own VNC sessions by running /opt/TurboVNC/bin/vncserver -autokill on the VM and then vncviewer -via MPCDF_USER@gate.mpcdf.mpg.de 10.186.XX.XX::PORT from their personal computer. The port number is defined as the display number added to 5900, e.g. 5901 for display :1, 5902 for display :2, and so on.
Alternative (tunneled connection)
A slightly more secure solution is to bind the vnc session to the localhost on the VM and use an ssh tunnel directly to the VM to gain access. This way no VNC connection is required from the gate.mpcdf.mpg.de node to the VM serving the VNC.
Launch the VNC session on the VM as follows /opt/TurboVNC/bin/vncserver -localhost -autokill.
Idnetify the VNC port /opt/TurboVNC/bin/vncserver -list on the VM
Create an ssh tunnle from your local server to the VM ssh -L 2345:localhost:PORT -J <username>@gate.mpcdf.mpg.de <VM-IP-ADDRESS>
Connect to the vnc server from your locaL server vncviewer localhost::2345