A virtual X (graphical) server using VNC

Synopsis

It is common for server computers to have no graphical servers installed on them; The graphical servers may be seen as unnecessary given that many server applications can be configured and run from the command line. There are times however when graphical applications are required but installing full graphical servers is not ideal. If the applications do not require persistence then tunneling X is a solution, but otherwise an alternative has to be found.

The aim of this guide is to create a virtual X server on a machine, that can then be accessed via VNC. This is ideal for when you have a headless server and want to run graphical applications without needing to install a complete X server.

Note: I use Debian Lenny (5.0) on my server and this guide is tailored for this specific distribution. It should however be compatible with other major Debian-based distributions, including Ubuntu.

Implementation

Install the virtual X server software (in this case it is packaged with tightvncserver).

aptitude install tightvncserver

A window manager and terminal emulator also need to be installed, in this case I recommend using something light, like jwm and rxvt, respectively.

aptitude install jwm rxvt

Create a user for the new virtual X server.

useradd -m xserver

Login as the newly created user, I recommend su’ing to the user from root, instead of enabling the account by creating a password.

A VNC password needs to be set first, before we can run an instance of tightvncserver. The VNC password will only need to be set once, and once it has been set I recommend running tightvncserver so that all the correct files and directories are initialised.

vncpasswd
tightvnserver :1

This will run a VNC server on port 5901, which you can then access using a VNC client. If you were to run the command “tightvncserver :2” this would create a VNC server on port 5902. I recommend not using port 5900 (“tightvncserver :0“) as this port is usually reserved for VNC servers displaying real X servers.

I recommend then killing the tightvncserver, while you make the rest of the necessary configurations.

tightvncserver -kill :1

A default window manager needs to be set, in this case it is jwm.

Editing ~/.vnc/xstartup, delete everything and add the following lines:

#!/bin/sh

jwm

Note: You can configure jwm by copying a template jwm configuration file from /etc/jwm/jwmrc to ~/.jwmrc — I have attached my simplified jwm file.

Finally, create a cron job to launch an instance of tightvnc server, whenever the physical machine is started.

crontab -e

[Editing the cron file, insert the line below]

@reboot USER=xserver tightvncserver :1

You can now access the virtual X server using a VNC client.

Additional information

A common requirement is starting and ending a graphical application using cron. It is common for people to have trouble starting graphical applications using cron, because they forget to specify where to start the graphical application (what X server).

To start the graphical application gedit at 9AM each day and to close it at 5PM each day, on your virtual X server (e.g. “tightvncserver :1”)

crontab -e

Editing the cron file, insert the lines below

0 9 * * * DISPLAY=:1 gedit

0 17 * * * killall gedit

Security

VNC is unencrypted, so anything sent between the client and the server can be intercepted and read. I therefore recommend that you do not accept direct connections from the external interface. Instead, block the external interface (using iptables) and insist that the user tunnels the VNC connection over SSH.