Orange Pi (and Raspberry Pi) are mini PCs boards that are very often used remotely without screen (neither keyboard nor mouse). In some cases, or if you start on Linux, you would like with a graphical access to the Linux desktop. In this tutorial we will learn how to install and configure a Virtual Network Computing (VNC) server on the Armbian distribution that is very well suited to Orange Pi.
Install the TightVNC server on Armbian
TightVNC (official project page) is a lightweight VNC server that runs on all Linux distributions as well as on Windows. Before installing it, it is best to update the system.
sudo apt-get update && apt-get upgrade
When finished, install TightVNC.
sudo apt-get install tightvncserver
Create a VNC User
It is possible to connect to your Orange Pi or Raspberry Pi with your usual user but for security, it is better to add a dedicated user to this situation.
Change user to root (if not).
su -
Add a new user to the system with the adduser command and answer questions (password, optional questions).
# adduser vnc Adding user `vnc' ... Adding new group `vnc' (1001) ... Adding new user `vnc' (1001) with group `vnc' ... Creating home directory `/home/vnc' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for vnc Enter the new value, or press ENTER for the default Full Name []: VNCuser Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] Y
This user is given the right to use the sudo command (if you want to install new packages remotely).
# gpasswd -a vnc sudo Adding user vnc to group sudo
Start the VNC server manually
Change user
su - vnc
Now we start the VNC server on port 1. On first launch, you will have to specify the password necessary to authenticate you from a client.
$ vncserver :1 You will require a password to access your desktops. Password: Verify: Would you like to enter a view-only password (y/n)? n xauth: file /home/vnc/.Xauthority does not exist New 'X' desktop is orangepilite:1 Creating default startup script /home/vnc/.vnc/xstartup Starting applications specified in /home/vnc/.vnc/xstartup Log file is /home/vnc/.vnc/orangepilite:1.log
Know the settings of the active server
If you need to know the current settings of the active VNC server, run the following command
$ ps -ef | grep Xtightvnc vnc 1551 1 0 13:07 ? 00:00:00 Xtightvnc :1 -desktop X -auth /home/vnc/.Xauthority -geometry 1024x768 -depth 16 -rfbwait 120000 -rfbauth /home/vnc/.vnc/passwd -rfbport 5901 -fp /usr/share/fonts/X11/misc/,/usr/share/fonts/X11/Type1/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/ -co /etc/X11/rgb -localhost vnc 1801 1772 0 13:25 pts/2 00:00:00 grep Xtightvnc
One can thus know on which port is returned the stream (-rfbport), the resolution of the generated image (-geometry) …
Stop a VNC server
To stop a VNC server, use the following command followed by the screen. 1 by default
vncserver -kill :1
Connect from a client
There are many VNC clients for all platforms (macOS, Windows, Linux …) and for smartphones (iOS, Android …). RealVNC (website) is available on all platforms (including mobile). It is free for personal use. If you prefer to stay in projects 100% Open Source and free, pledge of privacy, you can turn to UltraVNC (official page of the project).
Start your client and enter the IP address of your Orange PI (or any VNC server) followed by the port on which it is started. By default it will be 1. By default, the connection is not encrypted. It is not very annoying when you connect to a post on its own network but be careful if you access your office remotely because everything will transit in clear on the internet …
Accept the warning message.
You are now connected to your desktop.
Create a systemd service to start VNC automatically at startup
Let’s start by stopping the server running
vncserver -kill :1
We will create a new script that will run at startup like any other service.
sudo nano /usr/local/bin/monserveurvnc
Paste the content into the script. This script contains three commands: start, stop and restart the VNC server.
#!/bin/bash PATH="$PATH:/usr/bin/" DISPLAY="1" DEPTH="16" GEOMETRY="1024x768" OPTIONS="-depth ${DEPTH} -geometry ${GEOMETRY} :${DISPLAY}" case "$1" in start) /usr/bin/vncserver ${OPTIONS} ;; stop) /usr/bin/vncserver -kill :${DISPLAY} ;; restart) $0 stop $0 start ;; esac exit 0
Save with CTRL+X then Y.
We make this script executable
sudo chmod +x /usr/local/bin/monserveurvnc
We can now execute the commands proposed by this script manually like this
sudo /usr/local/bin/monserveurvnc start sudo /usr/local/bin/monserveurvnc stop sudo /usr/local/bin/monserveurvnc restart
Now let’s add a script (Unit file) that will allow to manage VNC as a service with systemd.
sudo nano /lib/systemd/system/monserveurvnc.service
And past this script
[Unit] Description=Manage VNC Server on this droplet [Service] Type=forking ExecStart=/usr/local/bin/monserveurvnc start ExecStop=/usr/local/bin/monserveurvnc stop ExecReload=/usr/local/bin/monserveurvnc restart User=vnc [Install] WantedBy=multi-user.target
We restart systemd to take account of the new service. Then you start the VNC server using systemd
sudo systemctl daemon-reload sudo systemctl enable monserveurvnc.service
Now we have 4 commands to start, stop, re-start and know the status (status) of the VNC service.
sudo systemctl start monserveurvnc.service sudo systemctl stop monserveurvnc.service sudo systemctl restart monserveurvnc.service sudo systemctl status monserveurvnc.service
Securing the VNC Server with an SSH Tunnel
We will now secure the connection by passing the connection through an SSH tunnel. Let’s go.
We start by stopping the service.
sudo systemctl stop monserveurvnc.service
Then we open the configuration file
sudo nano /usr/local/bin/monserveurvnc
Modify the OPTIONS line by adding the -localhost option to the end like this
OPTIONS="-depth ${DEPTH} -geometry ${GEOMETRY} :${DISPLAY} -localhost"
Save with CTRL+X then Y.
And finally we restart the VNC service.
sudo systemctl start monserveurvnc.service
Opening an SSH tunnel
To access securely, we must already create an SSH tunnel through which we will pass all the exchanges between the client and the VNC server. On Windows, you can use Putty, on MacOS or Linux, you will use the Terminal simply.
On Putty, in the left menu, go to Connection -> SSH -> Tunnels.
In the Add New Forwarded Port section, enter 5901 in the Source port field and localhost: 5901 as the Destination. Click the Add button to finish
On macOS or Linux, run the following command and enter your password.
ssh vnc@IP_VNC_SERVER -L 5901:localhost:5901
Now, in your VNC client, replace the IP of the VNC server with localhost: 5901. Disregard the warning message, the connection is not secure between your computer and your computer! Everything that comes out (and goes back) now passes through the SSH tunnel.
Orange Pi Comparison Chart
- Model
- SoC
- RAM
- eMMC storage
- WiFi
- Bluetooth
- GPRS
- FCC/CE certificated
- Connector (!not compatible with Raspberry Pi)
- Misc
- Best prices
-
Which Orange Pi to choose in 2020 ? Allwinner H2, H3, H6, RK3399
Prices start from: $90.50 Check all prices - Allwinner H3@1,2GHz
- 512MB DDR2
- ~
- 1
-
-
- 1
- CSI Camera
- 5V micro USB OTG power supply
5V DCIN power supply
POWER + LED button
IPEX connector
Ethernet 10/100M
Dimensions: 69x48 mm
Weight: 36g
GPU Mali400MP2 @ 600MHz
Header 3 pin debug UART
Hearder 40 pins comp. Raspberry Pi 3
- $90.50 Buy It Now
- Install Home Assistant (HASS) on an Orange Pi running under Armbian
- IoT development based on Orange Pi, Arduino (Firmata), Nodejs, Blynk and Johnny-Five
- Blynk + Node.js + Johnny-Five: drive a Pan-Tilt PTZ SG90 kit on Orange Pi with an Arduino / Firmata
- Start programming with Node Js and Johnny-Five: IoT and robotics based on Arduino, Raspberry Pi, Orange Pi
- Orange Pi: test of the OPI.GPIO package for Node-Red (node-red-contrib-opi-gpio)
- Orange Pi (Armbian): replace the GPIO by an Arduino/Firmata, Node-RED and Johnny-Five
First, thanks for this post !
I have some trouble while trying to setup an autostart with tightvncserver :
Chapter “Create a systemd service to start VNC automatically at startup”
I have just changed the user name and the depth (24 in my case) parameter in the files.
The service start well after a boot, the status tells that all seems OK but when I try to connect with the client (tightvnc) I have the following message :
Unable to contact settings server
/usr/bin/dbus-launch terminated abnormally without any error messages.
Then, a second error message :
Unable to load a failsafe session
Unable to determine failsafe sessio name. Possible causes xfconfd isn’t running (D-Bus setup problem); environment variable $XDG_CONFIG_DIRS is set incorrectly (must include “/etc”), or xfce4-session is installed incorrectly.
Before creating the service (when I started manually tightvncserver), all worked fine.
I have compare the 2 proccesus (manual launching and systemd autostart and there well the same) with the “ps -o pid,user,%mem,command ax | sort -b -k3 -r” cmd :
706 pizero 1.3 Xtightvnc :1 -desktop X -auth /home/pizero/.Xauthority -geometry 1024×768 -depth 24 -rfbwait 120000 -rfbauth /home/pizero/.vnc/passwd -rfbport 5901 -fp /usr/share/fonts/X11/misc/,/usr/share/fonts/X11/Type1/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/ -co /etc/X11/rgb
If I stop the systemd service and restart tightvncserver manually, it works well again.
Would you have any idea ?
Also, seem’s you need to add xfonts-base to get vncserver running (sudo apt install xfonts-base)
thank your!
You are welcome 🙂
Thank you. One correction — the line should be sudo apt-get update && sudo apt-get upgrade
You forgot the second “sudo” after the conditional “&&”
Thanks for the tutorial, great work!
When I remote using VNC viewer to my Pi, all I see is a grey blank screen. Is there a fix for this?