VNC Setup — pomelo

Two VNC services are configured on pomelo (Xubuntu, dual 1920×1080 monitors).

1. x11vnc — Console Mirror (display :0)

Shares the live console X session. Managed as a systemd user service.

• Port: 5900

• Auth: none (-nopw)

• Service file: ~/.config/systemd/user/x11vnc.service

[Unit]
Description=x11vnc
After=graphical-session.target

[Service]
ExecStart=/usr/bin/x11vnc -display :0 -forever -nopw
Restart=on-failure

[Install]
WantedBy=graphical-session.target

Enable/start:

systemctl --user enable x11vnc
systemctl --user start x11vnc
loginctl enable-linger john

2. tightvncserver — Virtual Desktop (display :1)

Independent Xfce session. Same look as console (shared ~/.config/xfce4) but fresh session — no running apps shared.

• Port: 5901

• Auth: none (-SecurityTypes None)

• Start script: ~/bin/start_vnc_session.sh (auto-finds free display, sets geometry/depth)

• xstartup: ~/.vnc/xstartup (launches startxfce4)

• Service file: ~/.config/systemd/user/vncserver.service — NOT YET WORKING (see below)

xstartup

#!/bin/sh
xrdb $HOME/.Xresources
export XKL_XMODMAP_DISABLE=1
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
startxfce4
vncserver -kill $DISPLAY

start_vnc_session.sh

~/bin/start_vnc_session.sh — wrapper that finds a free display, accepts -geometry/-depth, passes -SecurityTypes None. ~/bin/vncserver is also present (unknown — check before using in systemd ExecStart).

systemd Issue — Unresolved

The vncserver systemd user service fails. Root cause: ~/bin/vncserver prints help/usage and exits with status 255 when called from systemd — it may be a different script to /usr/bin/vncserver. Need to:

• cat ~/bin/vncserver to understand what it is

• Decide whether to use ~/bin/vncserver or /usr/bin/vncserver in ExecStart

• Type=forking + PIDFile=~/.vnc/pomelo:1.pid is the right approach once ExecStart is correct

Network Notes

• pomelo is on AP c11; iPhone must also be on c11 (not c9) — client isolation between APs blocks cross-AP LAN traffic

• pomelo LAN IP: 192.168.0.61

Future: stunnel / mTLS

Plan to wrap both ports in stunnel with client certificate auth, consistent with Derek/WebLogic mTLS setup. Existing stunnel config on pomelo to be reused. AWS EC2 instance will use same approach with vncserver on localhost only.

Resolved: the VNC service now starts without the unsupported -SecurityTypes None flag, and the helper script calls the real TightVNC binary directly.

version 1  ·  created 2026-05-24  ·  updated 2026-05-24