系统环境:CentOS Linux release 7.6.1810
Kernel:3.10.0-957.el7.x86_64
系统现状:最小化安装,没有安装任何图形支持软件

安装图形化支持 


 不建议安装GNOME Desktop,它会占用大量系统资源,安装完后大约要占用1G左右的空间,而且安装过程也较长。以root权限安装“X Window System”即可

# yum groups install "X Window System" -y
# yum install gnome-classic-session gnome-terminal nautilus-open-terminal control-center liberation-mono-fonts -y

修改系统启动级别

# systemctl set-default graphical.target  #graphical.target相当于level5,multi-user.target相当于level3

安装vncserver


# yum install tigervnc-server -y

配置vncserver实例


分别配置root用户和test用户,配置略有不同,如果只配置root用户,跳过test用户部分的设定

root用户,服务名是vncserver@:1.service:

# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

修改拷贝过来的模板配置文件,主要是[Service]部分

# vi /etc/systemd/system/vncserver@\:1.service
[Service]
Type=forking
User=root
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l root -c "/usr/bin/vncserver %i"
PIDFile=/root/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

test用户,服务名是vncserver@:2.service:

# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:2.service
# vi /etc/systemd/system/vncserver@\:2.service
[Service]
Type=forking
User=test
# Clean any existing files in /tmp/.X11-unix environment ExecStartPre=-/usr/bin/vncserver -kill %i ExecStart=/usr/bin/vncserver %i PIDFile=/home/test/.vnc/%H%i.pid ExecStop=-/usr/bin/vncserver -kill %i

普通用户的ExecStart不同于root,加/sbin/runuser则会在启动服务时报以下错误

Job for vncserver@:2.service failed because the control process exited with error code. See "systemctl status 
vncserver@:2.service" and "journalctl -xe" for details.

设置vncpasswd 


# vncpasswd #root用户实例的vnc密码
# su - test
$ vncpasswd #普通用户一定要切换到用户自己的环境下

密码设置完成后回到root权限下,启动服务

加载进程,启动服务 


# systemctl daemon-reload #由于在systemd中修改了内容,得让系统重新加载
# systemctl start vncserver@:1.service #启动root用户的vnc服务1
# systemctl start vncserver@:2.service #启动test用户的vnc服务2

设置服务开机启动

# systemctl enable vncserver@:1.service #开机启动服务1
# systemctl enable vncserver@:2.service #开机启动服务2

 配置防火墙


# firewall-cmd --permanent --add-service vnc-server #防火墙添加相关规则,添加访问权限

 或

# firewall-cmd --permanent --zone=public --add-port=5901/tcp  #permanent,永久生效,没有此参数重启后失效
# firewall-cmd --permanent --zone=public --add-port=5902/tcp 

更新防火墙规则


# firewall-cmd --reload
# firewall-cmd --complete-reload

两者的区别就是第一个无需断开连接,就是firewalld特性之一动态添加规则,第二个需要断开连接,类似重启服务

至此结束,vnc已经配置好防火墙,设置了开机自启,设置了访问密码

其他VNC操作 


# emctl restart vncserver@:1.service #重启动
# systemctl status vncserver@:1.service #状态
# systemctl is-enabled vncserver@:1.service #是否开机启动

可能的问题:


1、重启后,发现vncserver起不来了,报错:

[root@CentOS7 ~]# systemctl start vncserver@:1.service
Job for vncserver@:1.service failed because a configured resource limit was exceeded. 
See "systemctl status vncserver@:1.service" and "journalctl -xe" for details.
将vncserver@\:1.service中的type改为simple,重新启动服务或者系统即可
vim /etc/systemd/system/vncserver@\:1.service
[Service]
Type=simple

 

其他防火墙操作


# systemctl start firewalld.service #启动防火墙服务
# systemctl stop firewalld.service #关闭防火墙
#systemctl restart firewalld.service #重启

#systemctl enable firewalld.service #开机启动
#systemctl disable firewalld.service #禁止开机启动

 

[root@CentOS7 ~]# systemctl status firewalld #查看状态
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since 二 2019-01-22 11:35:34 CST; 3h 36min ago
     Docs: man:firewalld(1)
 Main PID: 3670 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─3670 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

1月 22 11:35:33 CentOS7.Caojie systemd[1]: Starting firewalld - dynamic fir....
1月 22 11:35:34 CentOS7.Caojie systemd[1]: Started firewalld - dynamic fire....
Hint: Some lines were ellipsized, use -l to show in full.
[root@CentOS7 ~]# firewall-cmd --state #查看状态
running
[root@CentOS7 ~]# firewall-cmd --list-all # 查看防火墙规则(只显示/etc/firewalld/zones/public.xml中防火墙策略)
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp2s1
  sources:
  services: ssh dhcpv6-client vnc-server
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

[root@CentOS7 ~]# firewall-cmd --query-service vnc-server #查看服务的启用状态
yes
[root@CentOS7 ~]# firewall-cmd --list-all-zones # 查看所有的防火墙策略(即显示/etc/firewalld/zones/下的所有策略)
block
  target: %%REJECT%%
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
dmz
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
drop
  target: DROP
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
external
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports:
  protocols:
  masquerade: yes
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
home
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh mdns samba-client dhcpv6-client
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
internal
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh mdns samba-client dhcpv6-client
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp2s1
  sources:
  services: ssh dhcpv6-client vnc-server
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
trusted
  target: ACCEPT
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
work
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh dhcpv6-client
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
View Code

 

参考资料:

CentOS7安装配置vncserver

centos7安装图形化界面并远程连接

CentOS7.1安装VNC,让Win7远程桌面Linux

CentOS Linux下VNC Server远程桌面配置详解

关于centos7的firewall防火墙命令使用

CentOS 7 中firewall-cmd命令

CentOS7中firewall防火墙详解和配置,.xml服务配置详解

CentOS7下安装配置vncserver

posted on 2019-01-21 23:54  jsjrj01  阅读(822)  评论(0编辑  收藏  举报