A Road Warrior's Companion – A Linux Remote Desktop: Part 2
In the last part of this series on using a VPS as a road warrior’s companion, we looked at getting a lightweight Linux desktop running on your VPS, allowing you to remotely access and use desktop tools while out and about on a mobile device. One of the big failings with the current setup of this desktop environment is that if the VPS reboots for any reason, we’d need to log into it via SSH and restart the VNC server manually to regain desktop access. So the first thing we’ll look at today is resolving this problem.
Adding Systemd
To achieve this, we are going to add a service file so that systemd knows about the file and will start it after a reboot. Systemd is software that runs on your Linux system and is responsible for making sure all the various services required for the system start up when they are meant to.
sudo nano /etc/systemd/system/vncserver.service
Now paste in the following code, but changing <username> for the username of the user for whom you have configured vncserver. The geometry flag sets the size of the screen that you’ll get on the desktop when you connect. We’ve set it to 1280×800 here, which should be compatible with most widescreen displays. You can always increase or reduce this resolution as required.
[Unit]
Description=Start vncserver after a reboot
After=syslog.target network.target
[Service]
Type=forking
User=<username>
PAMName=login
PIDFile=/home/<username>/.vnc/vncserver1.pid
ExecStartPre=-/usr/bin/vncserver -kill :1 > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280×800 :1
ExecStop=/usr/bin/vncserver -kill :1
[Install]
WantedBy=multi-user.target
Once you have the file configured as required, you can save and exit it. The next step is to let systemd know that there is a new configuration file that it must able to deal with.
sudo systemctl daemon-reload
You should now be able to enable it:
sudo systemctl enable vncserver.service
Assuming you don’t already have the VNC server running, you can now start it using the normal system calls:
sudo systemctl start vncserver.service
You can also use these calls to stop and see the status of the VNC server as you would other normal services.
Connecting to the VNC server
Let’s also look at how we connect to the VNC server. Currently, you can connect to the server directly from anywhere using a VNC client. This could be a security issue, so you may want to restrict access to the VNC server to connections coming only from your VPN.
To do this we’ll set up the firewall rules as we did when we looked at securing Nextcloud to the VPN. The first thing we need to do is remove the rule that allows the world to connect to the VNC server:
sudo iptables -D INPUT -i eth0 -m state –state NEW -p tcp –dport 5901 -j ACCEPT
Next, we need to add the rule that only allows the connection through the VPN:
sudo iptables -A INPUT -i eth0 -m state –state NEW -s 192.168.1.1 -p tcp –dport 5901 -j ACCEPT
As before, you’ll need to change 192.168.1.1 to the public IP address of your VPS. After this, your server’s desktop environment will only be accessible to connections made over your VPN.
Your VPS should now be a pretty perfect companion to a mobile worker, keeping your connection to the internet secure while sharing files, calendars and contacts between all devices, and providing a full desktop computer environment that can be operated from almost any device. Best of all it’s a tool that doesn’t need to be carried with you, being available anywhere you have access to an internet connection.