Rocky Linux is a popular choice for server operating systems due to its stability, security, and reliability. If you need to remotely control a computer using a Graphical User Interface (GUI), Virtual Network Computing (VNC) is an excellent solution. In this comprehensive guide, we will walk you through the steps of installing and securing a VNC server on Rocky Linux. By the end, you’ll have a fully functional VNC server that allows you to control your server remotely.

Prerequisites

Before we dive into the installation process, let’s make sure you have everything you need. Here’s what you’ll need to get started:

1. A fresh Rocky Linux server – You can use Rocky Linux v8.5 or v9.
2. A non-root user with root or administrator privileges.
3. Firewalld enabled on the server.

Installing the Desktop Environment

By default, Rocky Linux server installations do not include a Graphical User Interface (GUI). To set up a VNC server, you’ll need to install a lightweight desktop environment that provides better performance and speed. In this guide, we’ll be using the XFCE desktop environment.

To begin, update your server’s installed packages to the latest version by running the following command:

sudo dnf update

Once the update is complete, you’ll need to add the EPEL repository to your Rocky Linux system. This repository contains additional software packages that are not included in the default Rocky Linux repositories. Run the following command to add the EPEL repository:

sudo dnf install epel-release

Next, install the XFCE desktop environment and the necessary Xorg packages by running the following command:

sudo dnf groupinstall "Xfce" "base-x"

During the installation, you’ll be prompted to confirm the installation. Press Y and then ENTER to proceed.

Once the installation is complete, use the systemctl command to enable the graphical environment:

sudo systemctl set-default graphical

With the desktop environment installed and configured, you’re now ready to proceed to the next step.

Adding a VNC User

For security reasons, it’s recommended to create a non-root user to run the VNC server. By creating a dedicated user for the VNC server, you can limit the permissions and reduce the risk of unauthorized access. In this step, we’ll create a new user and add them to the necessary user groups.

To create a new user, use the following command:

sudo useradd -m -s /bin/bash shapehost
sudo passwd shapehost

Replace shapehost with the username of your choice. You’ll be prompted to enter and confirm a password for the new user.

Next, add the new user to the wheel group to grant them sudo privileges:

sudo usermod -aG wheel shapehost

With the user created and added to the necessary group, you’re ready to proceed to the next step.

Installing TigerVNC Server

Now that you have the desktop environment installed and a dedicated user set up, it’s time to install the TigerVNC server. TigerVNC is a widely used VNC server that provides a secure and reliable remote desktop experience.

To install TigerVNC server, run the following command:

sudo dnf install tigervnc-server

Once the installation is complete, you’ll need to initialize the VNC server for your user. Switch to the VNC user by using the following command:

su - shapehost

Replace shapehost with the username you created earlier.

Next, initialize the VNC server by running the following command:

vncserver

During the initialization process, you’ll be prompted to set a VNC server password. Enter a strong password and then confirm it. You’ll also be asked if you want to set a view-only password. For this guide, we’ll disable the view-only password by entering n.

Once the initialization is complete, you’ll see a message indicating that the VNC server is running on a specific display, such as :1.

To verify that the VNC server process is running, you can use the following command:

vncserver-list

This will display a list of VNC server processes, and you should see the process for the display you just initialized.

With the VNC server installed and running, you’re ready to move on to the next step.

Configuring the VNC Server

Now that the VNC server is installed and running, it’s time to configure it for optimal performance. In this step, we’ll modify the VNC server configuration file to specify the default desktop environment and screen resolution.

First, open the VNC server configuration file using a text editor. In this guide, we’ll use the nano editor:

nano ~/.vnc/config

Within the configuration file, you can modify various settings. For example, to set the XFCE desktop environment as the default, add the following line:

session=xfce

To specify a custom screen resolution, add the following line:

geometry=1920x1080

Feel free to adjust these settings according to your preferences.

Next, save the configuration file and exit the text editor.

Now, open the TigerVNC server user configuration file for editing:

sudo nano /etc/tigervnc/vncserver.users

Within this file, you’ll add a line to associate the display number with the VNC user. For example, if your VNC user is shapehost and the display number is :1, add the following line:

:1=shapehost

Save the file and exit the text editor.

With the VNC server configured, you’re ready to start it as a service.

Starting the VNC Server as a Service

To ensure that the VNC server starts automatically when the system boots up, you’ll need to configure it as a systemd service.

First, reload the systemd manager to apply any changes:

sudo systemctl daemon-reload

Next, start the VNC server service for the specific display by running the following command:

sudo systemctl start vncserver@:1.service

To enable the VNC server service to start automatically at boot, run the following command:

sudo systemctl enable vncserver@:1.service

Finally, verify that the VNC server service is running:

sudo systemctl status vncserver@:1.service

If the service is running, you should see a status message indicating that it is active and running.

Congratulations! You have successfully installed and configured the VNC server on Rocky Linux.

Securing the VNC Server

Now that your VNC server is up and running, it’s crucial to secure it properly to prevent unauthorized access. In this step, we’ll use Firewalld to restrict access to the VNC server port.

By default, Firewalld is installed and enabled on Rocky Linux. To add a new service for the VNC server, run the following commands:

sudo firewall-cmd --add-service=vnc-server --permanent
sudo firewall-cmd --reload

This will add the vnc-server service to the Firewalld rules and reload the configuration to apply the changes.

To verify that the service has been added successfully, use the following command:

sudo firewall-cmd --list-services

If you see vnc-server in the list of services, it means that the service rule has been added and enabled.

With the VNC server secured, you’re ready to connect to it remotely.

Connecting to the VNC Server

To connect to the VNC server remotely, you’ll need to establish an SSH tunnel for secure communication.

First, open an SSH connection to your server using the following command:

ssh -L 5901:127.0.0.1:5901 -N -f -l shapehost <server_IP>

Replace <server_IP> with the IP address of your VNC server.

Once the SSH connection is established, you can use a VNC viewer application to connect to the server. In this guide, we’ll use TigerVNC Viewer.

Open TigerVNC Viewer and enter localhost:5901 as the VNC server address. Click “Connect” to establish the connection.

You’ll be prompted to enter the VNC server password that you set earlier. Enter the password and click “OK” to proceed.

If the connection is successful, you should see the XFCE desktop environment of your Rocky Linux server.

Conclusion

In this guide, we have walked you through the process of setting up and securing a VNC server on Rocky Linux. By following these steps, you can remotely control your server with ease and security. Remember to always follow best practices for server security and regularly update your system.

If you’re looking for reliable and scalable cloud hosting solutions, consider Shape.host. They offer Linux SSD VPS services that provide high performance and excellent reliability for your server needs. With Shape.host, you can focus on your business while leaving the server management to the experts.