Introduction
This guide walks you through setting up a graphical Ubuntu 24.04 desktop environment on an AWS EC2 instance, accessible remotely via VNC. We’ll install a lightweight desktop (XFCE), TightVNC server, and additional tools like Firefox, Nginx, Node.js, and more. Before starting, ensure you have:
- An Ubuntu 24.04 EC2 instance running.
- SSH access configured.
- A volume with at least 15 GB of storage attached to your instance.
- Basic knowledge of AWS security groups to open necessary ports (e.g., 5901 for VNC, 22 for SSH, 80 for Nginx).
Step 1: Update the System
Start by updating your package lists and upgrading installed packages:
sudo apt update && sudo apt upgrade -yStep 2: Install the Ubuntu Desktop Environment and Tools
Install XFCE4 as a lightweight desktop environment along with additional tools via APT:
sudo apt install -y xfce4 xfce4-goodies tightvncserver python3-pip firefox openssh-server pipxEnsure pipx is available in your PATH:
pipx ensurepath
source ~/.bashrcThe pipx path should now be updated, and you can proceed to use pipx commands in the following steps.
- XFCE4 and goodies: Provides the desktop environment and extra utilities.
- TightVNC Server: For remote desktop access.
- Python3-pip: To get the latest version, APT is sufficient as Ubuntu 24.04 includes a recent pip. Verify with
pip3 --version. - Firefox: Web browser for the desktop.
- OpenSSH: Ensures SSH server is installed (likely already present).
- pipx: For installing Python tools like
yt-dlpin isolated environments.
Install Latest Nginx via Official Repository:
sudo apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
sudo apt update
sudo apt install -y nginxStep 3: Install Additional Tools with Curl
Install FFmpeg and Node.js using curl to fetch the latest versions:
FFmpeg (Static Binary from John Van Sickle):
Download and install the latest FFmpeg release from John Van Sickle’s static site for the x86_64 architecture. This ensures you get a precompiled, stable version without needing to build from source:
# Download and extract FFmpeg for x86_64
curl -O https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz
tar xvf ffmpeg-release-amd64-static.tar.xz
sudo mv ffmpeg-release-*/ffmpeg ffmpeg-release-*/ffprobe /usr/local/bin/
rm -rf ffmpeg-release-* ffmpeg-release-amd64-static.tar.xz
# Verify installation
ffmpeg -version
ffprobe -version
This script:
- Downloads the static binary for
x86_64from John Van Sickle’s release site. - Extracts the archive.
- Moves
ffmpegandffprobeto/usr/local/bin/. - Cleans up temporary files.
- Verifies the installation with version checks.
/usr/local/bin/ is in your PATH (echo $PATH) or re-run with sudo.
Node.js (Latest LTS):
curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo bash -
sudo apt install -y nodejsStep 4: Install Python Tools with pipx
Install yt-dlp using pipx, which creates an isolated environment to avoid conflicts with the system Python environment:
pipx install yt-dlpVerify the installation:
yt-dlp --versionStep 5: Configure VNC Server
Set up TightVNC with a password and initial configuration:
vncserver
# Follow prompts to set a password, then kill the session
vncserver -kill :1Edit the VNC startup script to use XFCE and allow VNC connections:
nano ~/.vnc/xstartupReplace its contents with:
#!/bin/sh
xrdb $HOME/.Xresources
xhost +
startxfce4 &
Note: This script starts XFCE directly, ensuring Firefox remains accessible in the GUI. If you see a grey screen or missing applications, check ~/.vnc/*.log for errors.
Make it executable and verify the script:
chmod +x ~/.vnc/xstartup
cat ~/.vnc/xstartupEnsure the script matches the contents above. If it doesn’t, correct it before proceeding.
Step 6: Create a Persistent Swap Drive
Create a 1.5 GB swap file and make it persistent:
sudo fallocate -l 1.5G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstabVerify it’s active with free -h.
Step 7: Start and Test the VNC Server
Start the VNC server manually to test it:
vncserver :1Check it’s running:
ps aux | grep vncStop the VNC Server: To stop the VNC session:
vncserver -kill :1Restart the VNC Server: After stopping, restart it with:
vncserver :1Step 8: Secure VNC with SSH Tunneling
For security, use an SSH tunnel to connect to VNC. On your local machine (Windows/Mac/Linux), run:
ssh -L 5901:localhost:5901 -i your-key.pem ubuntu@your-ec2-public-ipKeep this terminal open while connecting via VNC.
Step 9: Connect from Your Local Machine
Install a VNC client on Windows:
- TightVNC Viewer: Free, available at tightvnc.com.
- RealVNC Viewer: Free tier, download from realvnc.com.
Connect to localhost:5901 using your VNC client and enter the password you set.
For FTP access (e.g., file transfers), use WinSCP (free at winscp.net) with your EC2 instance’s public IP, SSH key, and username:
- Convert your .pem to .ppk for WinSCP:
- Open WinSCP and go to Tools > PuTTYgen.
- In PuTTYgen, click File > Load private key.
- Set the file type to All Files (*.*), select your
your-key.pemfile, and click Open. - Once loaded, click Save private key, choose a location, name it (e.g.,
your-key.ppk), and save. Optionally, set a passphrase. - In WinSCP, enter your EC2 public IP in Host name, set User name to
ubuntu, and under Advanced > Authentication, select youryour-key.ppkas the private key file.
- Reminder: To enable full root-like access in WinSCP, configure the SFTP server setting:
- Go to Edit > Advanced > SFTP.
- Set the SFTP server field to:
sudo -S /usr/lib/openssh/sftp-server. - This ensures WinSCP uses
sudofor all file operations, giving you unrestricted access to the filesystem (note: this requiressudoprivileges configured on the server).
Control the OpenSSH Server: If you need to manually start or stop the SSH/SFTP server (e.g., for troubleshooting):
- Start the OpenSSH server:
sudo systemctl start ssh - Stop the OpenSSH server:
sudo systemctl stop ssh - Check status: To verify it’s running, use:
sudo systemctl status ssh
Conclusion
You now have a fully functional Ubuntu 24.04 desktop on AWS EC2 with VNC access, plus tools like Nginx, Node.js, and yt-dlp. Reminder: Update your AWS security group to allow ports 22 (SSH), 5901 (VNC, if not using tunneling), and 80 (Nginx). Start the VNC server manually with vncserver :1 as needed. Next steps could include resizing the desktop resolution or installing additional software.
