Ubuntu 24 on AWS Instance VNC NGINX YT-DLP

Introduction

This guide walks you through setting up a graphical Ubuntu 24.04 desktop environment on an AWS EC2 instance, accessible remotely via VNC. We’ll install a lightweight desktop (XFCE), TightVNC server, and additional tools like Firefox, Nginx, Node.js, and more. Before starting, ensure you have:

• An Ubuntu 24.04 EC2 instance running.
• SSH access configured.
• A volume with at least 15 GB of storage attached to your instance.
• Basic knowledge of AWS security groups to open necessary ports (e.g., 5901 for VNC, 22 for SSH, 80 for Nginx).

Step 1: Update the System

Start by updating your package lists and upgrading installed packages:

sudo apt update && sudo apt upgrade -y

Step 2: Install the Ubuntu Desktop Environment and Tools

Install XFCE4 as a lightweight desktop environment along with additional tools via APT:

sudo apt install -y xfce4 xfce4-goodies tightvncserver python3-pip firefox openssh-server pipx

Ensure pipx is available in your PATH:

pipx ensurepath
source ~/.bashrc

The pipx path should now be updated, and you can proceed to use pipx commands in the following steps.

• XFCE4 and goodies: Provides the desktop environment and extra utilities.
• TightVNC Server: For remote desktop access.
• Python3-pip: To get the latest version, APT is sufficient as Ubuntu 24.04 includes a recent pip. Verify with pip3 --version.
• Firefox: Web browser for the desktop.
• OpenSSH: Ensures SSH server is installed (likely already present).
• pipx: For installing Python tools like yt-dlp in isolated environments.

Install Latest Nginx via Official Repository:

sudo apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
sudo apt update
sudo apt install -y nginx

Step 3: Install Additional Tools with Curl

Install FFmpeg and Node.js using curl to fetch the latest versions:

FFmpeg (Static Binary from John Van Sickle):

Download and install the latest FFmpeg release from John Van Sickle’s static site for the x86_64 architecture. This ensures you get a precompiled, stable version without needing to build from source:

# Download and extract FFmpeg for x86_64
curl -O https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz
tar xvf ffmpeg-release-amd64-static.tar.xz
sudo mv ffmpeg-release-*/ffmpeg ffmpeg-release-*/ffprobe /usr/local/bin/
rm -rf ffmpeg-release-* ffmpeg-release-amd64-static.tar.xz

# Verify installation
ffmpeg -version
ffprobe -version

This script:

• Downloads the static binary for x86_64 from John Van Sickle’s release site.
• Extracts the archive.
• Moves ffmpeg and ffprobe to /usr/local/bin/.
• Cleans up temporary files.
• Verifies the installation with version checks.

If the version commands fail, ensure /usr/local/bin/ is in your PATH (echo $PATH) or re-run with sudo.

Node.js (Latest LTS):

curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo bash -
sudo apt install -y nodejs

Step 4: Install Python Tools with pipx

Install yt-dlp using pipx, which creates an isolated environment to avoid conflicts with the system Python environment:

pipx install yt-dlp

Verify the installation:

yt-dlp --version

Step 5: Configure VNC Server

Set up TightVNC with a password and initial configuration:

vncserver
# Follow prompts to set a password, then kill the session
vncserver -kill :1

Edit the VNC startup script to use XFCE and allow VNC connections:

nano ~/.vnc/xstartup

Replace its contents with:

#!/bin/sh
xrdb $HOME/.Xresources
xhost +
startxfce4 &

Note: This script starts XFCE directly, ensuring Firefox remains accessible in the GUI. If you see a grey screen or missing applications, check ~/.vnc/*.log for errors.

Make it executable and verify the script:

chmod +x ~/.vnc/xstartup
cat ~/.vnc/xstartup

Ensure the script matches the contents above. If it doesn’t, correct it before proceeding.

Step 6: Create a Persistent Swap Drive

Create a 1.5 GB swap file and make it persistent:

sudo fallocate -l 1.5G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

Verify it’s active with free -h.

Step 7: Start and Test the VNC Server

Start the VNC server manually to test it:

vncserver :1

Check it’s running:

ps aux | grep vnc

Stop the VNC Server: To stop the VNC session:

vncserver -kill :1

Restart the VNC Server: After stopping, restart it with:

vncserver :1

Step 8: Secure VNC with SSH Tunneling

For security, use an SSH tunnel to connect to VNC. On your local machine (Windows/Mac/Linux), run:

ssh -L 5901:localhost:5901 -i your-key.pem ubuntu@your-ec2-public-ip

Keep this terminal open while connecting via VNC.

Step 9: Connect from Your Local Machine

Install a VNC client on Windows:

• TightVNC Viewer: Free, available at tightvnc.com.
• RealVNC Viewer: Free tier, download from realvnc.com.

Connect to localhost:5901 using your VNC client and enter the password you set.

For FTP access (e.g., file transfers), use WinSCP (free at winscp.net) with your EC2 instance’s public IP, SSH key, and username:

• Convert your .pem to .ppk for WinSCP:
  1. Open WinSCP and go to Tools > PuTTYgen.
  2. In PuTTYgen, click File > Load private key.
  3. Set the file type to All Files (*.*), select your your-key.pem file, and click Open.
  4. Once loaded, click Save private key, choose a location, name it (e.g., your-key.ppk), and save. Optionally, set a passphrase.
  5. In WinSCP, enter your EC2 public IP in Host name, set User name to ubuntu, and under Advanced > Authentication, select your your-key.ppk as the private key file.
• Reminder: To enable full root-like access in WinSCP, configure the SFTP server setting:
  • Go to Edit > Advanced > SFTP.
  • Set the SFTP server field to: sudo -S /usr/lib/openssh/sftp-server.
  • This ensures WinSCP uses sudo for all file operations, giving you unrestricted access to the filesystem (note: this requires sudo privileges configured on the server).

Control the OpenSSH Server: If you need to manually start or stop the SSH/SFTP server (e.g., for troubleshooting):

• Start the OpenSSH server:

  sudo systemctl start ssh

• Stop the OpenSSH server:

  sudo systemctl stop ssh

• Check status: To verify it’s running, use:

  sudo systemctl status ssh

Conclusion

You now have a fully functional Ubuntu 24.04 desktop on AWS EC2 with VNC access, plus tools like Nginx, Node.js, and yt-dlp. Reminder: Update your AWS security group to allow ports 22 (SSH), 5901 (VNC, if not using tunneling), and 80 (Nginx). Start the VNC server manually with vncserver :1 as needed. Next steps could include resizing the desktop resolution or installing additional software.