系统环境:CentOS Linux release 7.6.1810
Kernel:3.10.0-957.el7.x86_64
系统现状:最小化安装,没有安装任何图形支持软件
安装图形化支持
不建议安装GNOME Desktop,它会占用大量系统资源,安装完后大约要占用1G左右的空间,而且安装过程也较长。以root权限安装“X Window System”即可
# yum groups install "X Window System" -y # yum install gnome-classic-session gnome-terminal nautilus-open-terminal control-center liberation-mono-fonts -y
修改系统启动级别
# systemctl set-default graphical.target #graphical.target相当于level5,multi-user.target相当于level3
安装vncserver
# yum install tigervnc-server -y
配置vncserver实例
分别配置root用户和test用户,配置略有不同,如果只配置root用户,跳过test用户部分的设定
root用户,服务名是vncserver@:1.service:
# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service
修改拷贝过来的模板配置文件,主要是[Service]部分
# vi /etc/systemd/system/vncserver@\:1.service [Service] Type=forking User=root # Clean any existing files in /tmp/.X11-unix environment ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' ExecStart=/sbin/runuser -l root -c "/usr/bin/vncserver %i" PIDFile=/root/.vnc/%H%i.pid ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
test用户,服务名是vncserver@:2.service:
# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:2.service
# vi /etc/systemd/system/vncserver@\:2.service [Service] Type=forking User=test
# Clean any existing files in /tmp/.X11-unix environment ExecStartPre=-/usr/bin/vncserver -kill %i ExecStart=/usr/bin/vncserver %i PIDFile=/home/test/.vnc/%H%i.pid ExecStop=-/usr/bin/vncserver -kill %i
普通用户的ExecStart不同于root,加/sbin/runuser则会在启动服务时报以下错误
Job for vncserver@:2.service failed because the control process exited with error code. See "systemctl status vncserver@:2.service" and "journalctl -xe" for details.
设置vncpasswd
# vncpasswd #root用户实例的vnc密码 # su - test $ vncpasswd #普通用户一定要切换到用户自己的环境下
密码设置完成后回到root权限下,启动服务
加载进程,启动服务
# systemctl daemon-reload #由于在systemd中修改了内容,得让系统重新加载 # systemctl start vncserver@:1.service #启动root用户的vnc服务1 # systemctl start vncserver@:2.service #启动test用户的vnc服务2
设置服务开机启动
# systemctl enable vncserver@:1.service #开机启动服务1 # systemctl enable vncserver@:2.service #开机启动服务2
配置防火墙
# firewall-cmd --permanent --add-service vnc-server #防火墙添加相关规则,添加访问权限
或
# firewall-cmd --permanent --zone=public --add-port=5901/tcp #permanent,永久生效,没有此参数重启后失效 # firewall-cmd --permanent --zone=public --add-port=5902/tcp
更新防火墙规则
# firewall-cmd --reload # firewall-cmd --complete-reload
两者的区别就是第一个无需断开连接,就是firewalld特性之一动态添加规则,第二个需要断开连接,类似重启服务
至此结束,vnc已经配置好防火墙,设置了开机自启,设置了访问密码
其他VNC操作
# emctl restart vncserver@:1.service #重启动 # systemctl status vncserver@:1.service #状态 # systemctl is-enabled vncserver@:1.service #是否开机启动
可能的问题:
1、重启后,发现vncserver起不来了,报错:
[root@CentOS7 ~]# systemctl start vncserver@:1.service Job for vncserver@:1.service failed because a configured resource limit was exceeded.
See "systemctl status vncserver@:1.service" and "journalctl -xe" for details.
将vncserver@\:1.service中的type改为simple,重新启动服务或者系统即可
vim /etc/systemd/system/vncserver@\:1.service [Service] Type=simple
其他防火墙操作
# systemctl start firewalld.service #启动防火墙服务 # systemctl stop firewalld.service #关闭防火墙 #systemctl restart firewalld.service #重启 #systemctl enable firewalld.service #开机启动 #systemctl disable firewalld.service #禁止开机启动
[root@CentOS7 ~]# systemctl status firewalld #查看状态 ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since 二 2019-01-22 11:35:34 CST; 3h 36min ago Docs: man:firewalld(1) Main PID: 3670 (firewalld) CGroup: /system.slice/firewalld.service └─3670 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid 1月 22 11:35:33 CentOS7.Caojie systemd[1]: Starting firewalld - dynamic fir.... 1月 22 11:35:34 CentOS7.Caojie systemd[1]: Started firewalld - dynamic fire.... Hint: Some lines were ellipsized, use -l to show in full. [root@CentOS7 ~]# firewall-cmd --state #查看状态 running
[root@CentOS7 ~]# firewall-cmd --list-all # 查看防火墙规则(只显示/etc/firewalld/zones/public.xml中防火墙策略) public (active) target: default icmp-block-inversion: no interfaces: enp2s1 sources: services: ssh dhcpv6-client vnc-server ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: [root@CentOS7 ~]# firewall-cmd --query-service vnc-server #查看服务的启用状态 yes [root@CentOS7 ~]# firewall-cmd --list-all-zones # 查看所有的防火墙策略(即显示/etc/firewalld/zones/下的所有策略) block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: source-ports: icmp-blocks: rich rules: home target: default icmp-block-inversion: no interfaces: sources: services: ssh mdns samba-client dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: internal target: default icmp-block-inversion: no interfaces: sources: services: ssh mdns samba-client dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: public (active) target: default icmp-block-inversion: no interfaces: enp2s1 sources: services: ssh dhcpv6-client vnc-server ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: work target: default icmp-block-inversion: no interfaces: sources: services: ssh dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
参考资料:
CentOS Linux下VNC Server远程桌面配置详解