Post

Accessing Ubuntu Desktop via Web with KasmVNC

Posted
By Gowdham
2 min read
Accessing Ubuntu Desktop via Web with KasmVNC

KasmVNC provides remote web-based access to a Desktop or application. It is accessed by users from any modern browser and does not support legacy VNC viewer applications. KasmVNC uses a modern YAML based configuration at the server and user level, allowing for ease of management.

Prerequisites:

  • Ubuntu Desktop LTS with minimum 2 CPU cores and 2 GB of RAM.

KasmVNC Installation

1
2
3
4
5
6
7
8
9

# Releases are available in https://github.com/kasmtech/KasmVNC/releases

# Download v1.3.0 amd64 package for Ubuntu jammy
wget https://github.com/kasmtech/KasmVNC/releases/download/v1.3.0/kasmvncserver_jammy_1.3.0_amd64.deb

sudo apt-get install ./kasmvncserver_jammy_1.3.0_amd64.deb

# Add the user to the ssl-cert group
sudo addgroup $USER ssl-cert

KasmVNC Server Configurations:

The server level configuration is at /etc/kasmvnc/kasmvnc.yaml. Edits to this file apply to all users. Individual users can override server global configurations by specifying them in their configuration file at ~/.vnc/kasmvnc.yaml.

1
2
3
4
5
6
7
8
9

# Filename: ~/.vnc/kasmvnc.yaml
# Purpose: KasmVNC config for individual user

network:
  websocket_port: 8444
  ssl:
    pem_certificate: /etc/kasmvnc/ssl_cert.pem
    pem_key: /etc/kasmvnc/ssl_key.key
    require_ssl: true

Generate a new self-signed ssl certificate using openssl and store the certificate in the desired path.

1

sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/kasmvnc/ssl_key.key -out /etc/kasmvnc/ssl_cert.pem -days 365 -nodes

Update the File Permission of /etc/kasmvnc/ssl_key.key to be read by all users by running sudo chmod 644 /etc/kasmvnc/ssl_key.key.

Warning: Gnome desktop Environment may show black screen on client side (Web Browser). This can fix by following the below steps:

  1. Installing dbus-x11 package to fix it.
1

sudo apt-get install dbus-x11
  1. Uncomment the below line in /etc/gdm3/custom.conf
1

WaylandEnable=false
  1. Reboot the system to apply the changes.

Reference: https://kasmweb.com/kasmvnc/docs/master/FAQ.html

Running VNC Server

The following command is to run the vncserver in gnome desktop environment without any user authentication while accessing through web.

1
2
3
4
5
6
7
8
9
10
11

# Start a session with the gnome desktop environment without user Auth
vncserver -select-de gnome -disableBasicAuth

# To get log for the vnc session
tail -f ~/.vnc/*.log

# Get a list of current sessions with display IDs
vncserver -list

# Kill the VNC session with display ID :2
vncserver -kill :2

This will expose the remote connection through https://ip-address:8444.

Note:

  • -select-de gnome is required only for the first time and it will store the information in ~/.vnc/xstartup
  • gnome needs to run as a normal non-root user.

Expose behind reverse proxy (traefik)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

# Traefik v2 dynamic config fragment to expose example.com
# Filename: /opt/traefik/conf.d/example.com.yaml
# URL: https://example.com

http:
  services:
    kasmvnc:
      loadBalancer:
        passHostHeader: true
        serversTransport: insecureTransport
        servers:
          - url: https://192.168.10.11:8444

  routers:
    kasmvnc:
      rule: Host(`example.com`)
      entrypoints:
        - https
      service: kasmvnc
      tls:
        certResolver: lets-encrypt

  serversTransports:
    insecureTransport:
      insecureSkipVerify: true

Reference:

  1. GitHub Docs: https://github.com/kasmtech/KasmVNC
  2. Official Documentation Site: https://www.kasmweb.com/kasmvnc/docs/latest/index.html
  3. KasmVNC FAQ Page: https://kasmweb.com/kasmvnc/docs/master/FAQ.html
Ubuntu
devops ubuntu
This post is licensed under CC BY 4.0 by the author.