Your guide to VNC server on GCP
Creating a new project
Visit the developers console, log in, and create a project if needed clicking on the Create Project button. Navigate the left menu to list the VM instances running on your project: Compute > Compute Engine > VM instances. If it’s the first time you do this for this project it might take a bit longer, since it’s setting some stuff up, don’t worry this happens only once.
Creating a new instance
Click on the Create Instance button to access the instance creation form. Choose a name for your instance. Any instance type and Linux distribution would work, but if you want to go with something safe choose n1-standard-1 with backports-debian-7-wheezy-v20150423.
Choose a zone close to you to have the best latency in your connection.
If you’d like to use Windows the instances already come with support for RDP (Remote Desktop Protocol) so you don’t need any extra steps.
Connect to your instance either through SSH option or use gcloud option. Once connected update the source list.
$ sudo apt-get update
$ sudo apt-get install tightvncserverInstall the Gnome components
Then we need to install the Gnome components for our virtual desktop. So type the following command:
$ sudo apt-get install gnome-corewhen prompted type Y and then press [Enter]. This will install the basic gnome desktop components. Normally gnome takes time but on GCE instance it flies.
If you prefer a lighter and faster alternative like Xfce, then
$ sudo apt-get install xfce4 xfce4-goodiesInstall a Virtual Desktop using VNC
Now we need a VNC server to interact with desktop environment. I am using vnc4server, you can install your favorite one:
$ sudo apt-get install vnc4serverStart the vnc server, You’ll then be prompted to create and verify a new password:
$ vncserverNote: this password will grant access to your instance, so make it strong.
If everything went fine your VNC server is now running and listening on port 5901. You can verify this with netcat from the Google Compute Engine instance:
$ nc localhost 5901
RFB 003.008If the console can’t find nc then you’ll have to install netcat using
$ sudo apt-get install -y netcatWe now need to kill the session we just created and make a tweak to the startup script for VNCServer to make it work properly. If we don’t perform this step then all we will see is a grey cross-hatched screen with an “X” cursor and/or a grey screen with a Terminal Session, depending on the Ubuntu version. Not very useful!
So, type the following command to kill the session:
$ vncserver -kill :1Now open the file we need to edit:
$ vim .vnc/xstartupImportant: The modifications we need to make to this file depend on the version of Ubuntu we’re using so make sure you are using Ubuntu 14.04 LTS
Press the [Insert] key (“i” in Ubuntu) once (this will switch us into “edit” mode) and then edit the script so it ends up looking like this:
#!/bin/sh# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc#[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
#[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
#xsetroot -solid grey
#vncconfig -iconic &
#x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#x-window-manager &metacity &
gnome-settings-daemon &
gnome-panel &
So, we’ve unmasked the unset SESSION_MANAGER line and masked out all the rest. We’ve then added the last 3 lines.When you’re done editing the .vnc/xstartup file for your particular version of Ubuntu press the [Esc] key once and type the following to save the changes and bring you back to the command line:
:wqInstalling a VNC client
Now install a VNC client on your local machine. There are many options available ( TightVNC, RealVNC, etc. ). Install any one.
Open the firewall
The first step is to tag our instance as a vnc-server, for that go to the VM description page and click on “add tags”
In order to communicate with our instance, we need its external IP. You can find it on the Developers Console.
Let’s try to connect to it using netcat again:
$ nc 104.197.91.140 5901The connection will fail, this is expected as the firewall rules block all communications by default for security reasons.
Let’s fix that.
Navigate to the configuration for the default network “Compute > Compute Engine > Network” and then click on default. Or you could also click here and choose your project.
We’re going to add a new firewall rule, pressing the corresponding button.
Choose a descriptive name for the rule.
We will allow traffic coming from any source, which is why we use 0.0.0.0/0, the IP mask equivalent to a wildcard.
The traffic will be on the port 5901 for protocol TCP and going to instances tagged as vnc-server.
Connecting to the VNC server
First, start the vncserver again on the VM by:
$ vncserverNow make sure that the connection is now allowed by the firewall:
$ nc 104.197.91.140 5901
RFB 003.008Excellent! everything seems to be ready!!
If you still can’t connect but have followed steps correctly, there may be an issue of firewall blocking by your internet provider. Check the connection to port 22(SSH port).
$ nc 104.197.91.140 22
SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6This can be resolved by ssh tunneling. Tutorials are available on google search :). Here is an example of tunneling command I used recently where 5901 port is blocked. After this connect on localhost:5903 in the VNC Viewer.
$ ssh webmasteradi@104.197.218.220 -L 5903:localhost:5901Open your VNC viewer and connect to the IP of your Compute Engine instance on port 5901 or connect on localhost:5903(for ssh tunneling). To connect you’ll need to provide the password you gave at the beginning of this tutorial.
And boom!! Your Desktop environment is working. You can use Firefox browser for internet.
The Synaptic Package Manager
the Synaptic Package Manager does not get installed by default when you install the core gnome desktop. The Synaptic Package Manager is a great tool which makes adding and removing applications a breeze. You can install with this command:
$ sudo apt-get install synapticNote: VNCserver doesnot auto start on boot, you have to start it manually everytime you start the VM instance.
Troubleshooting
If you still cannot connect to VNC after you have created a firewall rule you should make sure that your IP has not been banned by sshguard.
To see if this is the case you can run:
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationIf your output differs from this one flush the table and retry:
$ sudo iptables -FReferences :-