noVNC is a browser based VNC client implemented using HTML5 Canvas and WebSockets. noVNC communicates with a remote VNC server via Web sockets. Furthermore, it runs well in any modern browser including mobile browsers (iOS and Android). We can also configure noVNC encryption for securely accessing remote servers.
noVNC Feature List
The following list shows full features offered by noVNC.
- Supports all modern browsers including mobile (iOS, Android)
- Supported VNC encodings: raw, copyrect, rre, hextile, tight, tightPNG
- WebSocket SSL/TLS encryption (i.e. “wss://”) support
- 24-bit true color and 8-bit color mapped
- Supports desktop resize notification/pseudo-encoding
- Local or remote cursor
- Clipboard copy/paste
- Clipping or scolling modes for large remote screens
- Easy site integration and theming (3 example themes included)
- Licensed under the MPL 2.0
Many projects and products have integrated noVNC including OpenStack, docker-selenium, OpenNebula, DigitalOcean and Vultr.com.
We will use noVNC to access our remote server securely with an Encrypted session.
- engy.debyum.local (Laptop or Desktop) is the system where we will install and setup NoVNC.
- engy.debyum.remote is the system which we will access and is running a VNC server. IP address is 67.21x.x0x.xx6 (public IP, don’t own it)
I am using my Laptop as engy.debyum.local, where I will setup NoVNC.
About this guide. :
- Install and setup noVNC in local system/server.
- Configure VNC4server on the remote server.
- Access remote server using noVNC from local system/server.
- Set up an encrypted session with the remote server.
- Set up an encrypted session between noVNC and TightVNC server.
Step 1: Install and setup noVNC in engy.debyum.local.
engy@engy:~$ hostnamectl status Static hostname: engy.debyum.local Icon name: computer-laptop Chassis: laptop Machine ID: 70d18bffea7d42c3b97782ce222ac96c Boot ID: f87f4788e77745079a90c1e8bae5c4c6 Operating System: Ubuntu 16.04.1 LTS Kernel: Linux 4.4.0-57-generic Architecture: x86-64
- Download the latest master noVNC zipper file.
- Unzip the downloaded file.
engy@engy:~$ unzip master
- Go to noVNC directory.
engy@engy:~$ cd novnc-noVNC-3e08594\
- Here’s the Directory view.
engy@engy:~$ ls -l total 410732 drwxrwxr-x 2 engy engy 24 Dec 23 00:04 ATOM drwxr-xr-x 4 engy engy 71 Dec 22 22:26 Desktop drwxr-xr-x 18 engy engy 4096 Jan 3 22:46 Documents drwxr-xr-x 8 engy engy 8192 Jan 14 14:46 Downloads -rw-rw-r-- 1 engy engy 675131 Jan 12 00:24 master drwxr-xr-x 8 engy engy 24576 Oct 13 17:49 Music drwxrwxr-x 8 engy engy 306 Jan 12 00:25 novnc-noVNC-3e08594
Create a self-signed certificate to use for Encryption in noVNC.
To set up noVNC encryption, we will create a Certificate to use with noVNC.
- The important part is Encryption type and Bit size. (RSA & 2048).
- Skip most parts and fill only Common name: (Hostname.)
engy@engy:~/novnc-noVNC-3e08594$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout engycert.pem -out engycert.pem Generating a 2048 bit RSA private key .......................+++ ...............+++ writing new private key to 'mycert.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) : Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) : Common Name (e.g. server FQDN or YOUR name) :engy.debyum.local Email Address :
Step 2: Configure a VNC server on Remote Server vnc.debyum.remote.
For this step, I have setup a minimal install ubuntu 16.04 server on DigitalOcean. I have also installed a Gnome desktop on it (for this tutorial).
I have configured this server with vnc4server and also created a user engy.
engy@vnc:~$ hostnamectl status Static hostname: vnc.debyum.remote Icon name: computer-vm Chassis: vm Machine ID: 9f9177449a5d40509fda099fef1473c7 Boot ID: 82ba07d724e849468fb02204a2099172 Virtualization: kvm Operating System: Ubuntu 16.04.1 LTS Kernel: Linux 4.4.0-57-generic Architecture: x86-64
- I will start the VNC4Server as user engy. We will later need to use ENGY user’s password to remotely access his account.
engy@vnc:~$ vnc4server -geometry 800x600 New 'vnc.debyum.remote:1 (engy)' desktop is vnc.debyum.remote:1 Starting applications specified in /home/engy/.vnc/xstartup Log file is /home/engy/.vnc/vnc.debyum.remote:1.log
- Check if VNC4Server is working or not.
engy@vnc:~$ netstat -tulpn (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 2729/Xvnc4 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp6 0 0 :::5901 :::* LISTEN 2729/Xvnc4 tcp6 0 0 :::22 :::* LISTEN -
- Check if port 5901 is open.
engy@vnc:~$ telnet localhost 5901 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. RFB 003.008 ^] telnet> quit Connection closed.
- Check IP address of this server.
Access remote server “vnc.debyum.remote” with noVNC.
Now go back to your local system with noVNC. Start the noVNC with remote server’s IP address and port number used in the arguments.
engy@engy:~/novnc-noVNC-3e08594$ ./utils/launch.sh --cert engycert.pem --vnc 67.21x.x0x.xx6:5901 Using local websockify at /home/engy/novnc-noVNC-3e08594/utils/websockify/run Starting webserver and WebSockets proxy on port 6080 WebSocket server settings: - Listen on :6080 - Flash security policy server - Web server. Web root: /home/engy/novnc-noVNC-3e08594 - SSL/TLS support - proxying from :6080 to 67.21x.x0x.xx6:5905 Navigate to this URL: http://shine123:6080/vnc.html?host=shine123&port=6080 Press Ctrl-C to exit
Don’t close the window.
Now we have setup noVNC.
- Next step is to open a browser and go to this address, as shown above.
We are already connected to the remote server with port 6080. We will just click Connect to start the connection.
- We will start by testing an unencrypted noVNC connection.
- Enter the password of Remote server’s user. Earlier we have run VNC server as user Engy. So we will enter user Engy’s password here.
- Unencrypted noVNC Session established.
- We can now access remote desktop via our noVNC.
- Disconnect this session.
To create an encrypted session using noVNC we will follow these steps:
- Edit the URL bar and add https:// in front of the existing URL. (Forced HTTPS). We are using self-generated SSL certificates here. Hit enter.
- Add Exception for Self-generated SSL cert.
- Confirm Security Exception.
- Finally, we have setup noVNC encryption.
- Verify the noVNC Encrypted session.
- Create a Test directory “Testing” on the remote server or desktop.
Now we have created both encrypted and unencrypted sessions using noVNC.
Create Encrypted session between noVNC and TightVNC server.
Now we will use TightVNC Server on the remote server instead of VNC4Server. Then we will try to connect with it using noVNC encryption.
we will install Tightvnc server on Ubuntu 16.04 server.
Install Tightvnc server.
Search the correct package name.
engy@vnc:~$ sudo apt-cache search tightvnc dmtcp - Checkpoint/Restart functionality for Linux processes dmtcp-dbg - Debug package for dmtcp ssvnc - Enhanced TightVNC viewer with SSL/SSH tunnel helper tightvncserver - virtual network computing server software x11vnc - VNC server to allow remote access to an existing X session xtightvncviewer - virtual network computing client software for X tightvnc-java - TightVNC java applet and command line program
Install Tight VNC server.
engy@vnc:~$ sudo apt-get install tightvncserver -y
Start the TightVnc server on display port 5, Means port 5905.
engy@vnc:~$ vncserver -geometry 1260x730 :5 You will require a password to access your desktops. Password: Verify: Would you like to enter a view-only password (y/n)? y Password: Verify: New 'X' desktop is x11vnc:1 Creating default startup script /root/.vnc/xstartup Starting applications specified in /home/engy/.vnc/xstartup Log file is /home/engy/.vnc/vnc.debyum.remote:5.log
Verify the working of TightVNC server.
Now we have started the XtightVNC server on Ubuntu 16.04.
Now again start noVNC on the local server with slightly different settings. Don’t forget to include the correct remote IP address and port.
Again open your browser and visit the URL shown in the example above. Press Connect and you should see the noVNC encryption enabled for this session.
Now we can securely access our remote server with the help of noVNC encryption.
Thanks for visiting this page. Have a great day. 🙂