How to install and configure TigerVNC on Fedora 33

TigerVNC is in the default repositories here on Fedora, but there is special configuration to be done now, with a bit of lack of documentation because of major recent changes to how TigerVNC starts up, and handles loading and managing desktop environments. Developers advise through the forums on github, that the reason is because desktop environments themselves have changed themselves so much over time it requires new optimizations.

Specifically, TigerVNC now changes the way it runs as a service, and needs a whole new systemd configuration file. Though, tigervnc can automatically generate the systemd configuration file, but we do need to make some edits to the default configuration file that TigerVNC bases the systemd configuration files off of - the changes should apply to any VNC display you generate this way too.

Install TigerVNC

  $ sudo dnf install tigervnc-server

SELinux

 $ sudo setenforce=0

I am covering the basic install, only at this time (maybe I will update this more) so I assume you have selinux permissive set, or you are troubleshooting SELinux permissions and contexts on your own.

Disable Wayland

Wayland is default for Gnome on Fedora 33. It is not compatible with VNC protocol. We must disable it to be able to run the service.

 $ sudo vim /etc/gdm/custom.conf

Uncomment the following line:

 WaylandEnable=false

Wayland support is unlikely to come to TigerVNC soon st this time of writing, based on developer comment only 2 days ago:

"As an independent software developer, I have to go where the money is, and the industries that financially sponsor most of my work on this project are always at the tail end of the curve, not the front end. This will only become a high priority for them (and, by extension, me) when commercial applications (and the GUI frameworks on which they are built) stop supporting X11 altogether. As long as Qt, GTK, etc. have dual X11 and Wayland support, applications that use those frameworks should continue to work with TurboVNC, even if they use Wayland on the local display. Commercial ISVs cannot, at this point, choose to support only Wayland, because there are still enterprise/LTS Linux distributions in active support that don't have Wayland capabilities at all. That's why I feel that things will begin to move on this front once large enterprises start moving from RHEL 7 to RHEL 8, which won't happen for a few years. "

https://github.com/TurboVNC/turbovnc/issues/18

Configure template TigerVNC use by default for new systemd services.

 $ sudo vim /etc/tigervnc/vncserver-config-defaults

Here you can read in this file a brief description about some example variables. Change these to your own personal needs, but there is one variable you need to set that isn't in the example list. You must add the following to the end of the file:

  session=gnome

I am guessing, TigerVNC looks in the xserver config directories and uses its own logic to choose a default session, and for whatever reason it will choose 'gnome-classic' over 'gnome' on Fedora. I don't know how this will affect other distros, but assume anyone with x and gnome might run into this and find they have a very limited desktop experience in VNC without this edit.

Alternatively, variables like above can be set on aper user basis by creating a vnc config file under /home/username/.vnc/ as per the instructions at the top of vncserver-config-defaults. Reccomend to copy the vncserver-config-defaults file and rename it according to what the document tells you it looks for under the home directory. if you read this document it will tell you other ways to override the default config also. I will only be covering basic setup and troubleshooting the Gnome issue.

Configure VNC Users

Add users if necessary, or use existing users. We set a VNC specific password that is used for access control with the VNC protocol for each user's display. VNC is meant to have 1 display per user.

Create new user for VNC (Optional)

 $ sudo useradd vncuser
 $ su - vncuser
 vncuser$ vncpasswd

Using existing user accont

Already logged in as the user you want to use VNC with?

  $ vncpasswd

Add user(s) to the TigerVNC user-mapping config file

  $ sudo vim /etc/tigervnc/vncserver.users

Then you see simple instrcutions on how to configure the file, commented in the top lines of the file. Add your user as follows, to the bottom of the file.

 $ :1=vncuser

Creating the systemd service

First we copy the new default vncserver systemd template for tigervnc into the active systemd directory, then 'refresh' systemd, and after we can enable services for any display in the vncserver.users list, and the rest is automatic.

  $ sudo cp /lib/systemd/system/[email protected] /etc/systemd/system/[email protected]
  $ sudo systemctl enable [email protected]:1
  $ sudo systemctl start [email protected]:1

Note, that your systemd service template, and active copy in /lib and /etc should both look like:

 [Unit]
 Description=Remote desktop service (VNC)
 After=syslog.target network.target

 [Service]
 Type=forking
 ExecStart=/usr/libexec/vncsession-start %i
 PIDFile=/run/vncsession-%i.pid
 SELinuxContext=system_u:system_r:vnc_session_t:s0

 [Install]
 WantedBy=multi-user.target

If your template file in /lib/... doesn't look like this, you might have to move it/back it up to another location, and reinstall tigervnc to force regenerating the template file. That, or copy the configuration above into your active systemd service.

Firewall rules

Each display is given an iterative port number from 5900 and up, based on their display number. Open port on 'home' network zone, if you wish to access over the LAN. For display :1

  $ sudo firewall-cmd --add-port=5901/tcp --zone=home --permanent
  $ sudo firewall-cmd --reload

Fin

These instructions are based off of Fedora documentation here (out of date instructions but still useful to glean from), and some comments found on the TigerVNC github by the developer

https://docs.fedoraproject.org/en-US/fedora/f33/system-administrators-guide/infrastructure-services/TigerVNC/

https://github.com/TigerVNC/tigervnc

Also a useful reference material:

https://wiki.archlinux.org/index.php/TigerVNC

Another source for some relevant material:

https://www.tecmint.com/install-vnc-server-on-rhel-8/