Want a Cloud Desktop to access it from anywhere? Spin it up in 11 Steps from your pc/laptop.

1. Create an Admin User

sudo useradd -m -s /bin/bash -G sudo admin
sudo passwd admin

• admin will be the user for GUI and VNC sessions.
• The sudo group allows administrative commands.

---

2. Install Required Packages

sudo apt update
sudo apt install -y curl lubuntu-desktop tigervnc-standalone-server tigervnc-common nano openssh-server wget gnupg

• lubuntu-desktop provides the LXQt desktop environment. for i3wm use i3 or for xfce install xfce4 xfce4-goodies
• TigerVNC provides the VNC server.
• OpenSSH allows remote terminal access.
• wget/curl/gnupg are required for Chrome and Tailscale installations.

---

3. Enable and Start SSH

sudo systemctl enable ssh
sudo systemctl start ssh

• Ensures SSH starts automatically on boot.

---

4. Install Google Chrome (Optional)

cd /tmp
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
sudo apt install -y ./google-chrome-stable_current_amd64.deb

• Provides a modern browser for GUI applications.

---

5. Install Tailscale (Optional VPN)

curl -fsSL https://tailscale.com/install.sh | sh
tailscale up

• Tailscale enables secure remote access to the container.

---

6. Configure VNC for Admin (do as admin user)

su - admin
mkdir -p /home/admin/.vnc
echo -e "#!/bin/bash\nstartlxqt" | sudo tee /home/admin/.vnc/xstartup # use i3 or startxfce4 depends on your appropiate DE or WM instead of startlxqt
sudo chmod 777 /home/admin/.vnc/xstartup
sudo -u admin vncpasswd
exit

• xstartup launches LXQt when VNC connects.
• Permissions 777 ensure security.
• vncpasswd sets a VNC password for the admin user.

---

7. Create Systemd Service for TigerVNC

cat <<EOF | sudo tee /etc/systemd/system/vncserver@.service
[Unit]
Description=Start TigerVNC server for user %i
After=network.target

[Service]
Type=forking
User=%i
ExecStart=/usr/bin/vncserver :1 -geometry 1920x1080 -depth 24
ExecStop=/usr/bin/vncserver -kill :1
Restart=on-failure
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo systemctl enable vncserver@admin.service
sudo systemctl start vncserver@admin.service

• Starts VNC automatically at boot for the admin user.
• Default resolution: 1920x1080.

---

8. Install noVNC

sudo git clone https://github.com/novnc/noVNC.git /opt/noVNC
sudo git clone https://github.com/novnc/websockify /opt/noVNC/utils/websockify

• noVNC provides browser-based access to the VNC session.

---

9. Generate SSL Certificate for noVNC

sudo mkdir -p /opt/noVNC/certs
sudo openssl req -x509 -newkey rsa:4096 -keyout /opt/noVNC/certs/key.pem -out /opt/noVNC/certs/cert.pem -days 365 -nodes \
  -subj "/CN=localhost"

• Secures the noVNC connection over HTTPS.
• Certificate valid for 1 year.

---

10. Create Systemd Service for noVNC

cat <<EOF | sudo tee /etc/systemd/system/novnc.service
[Unit]
Description=noVNC Service
After=network.target

[Service]
Type=simple
ExecStart=/opt/noVNC/utils/novnc_proxy --vnc localhost:5901 --cert /opt/noVNC/certs/cert.pem --key /opt/noVNC/certs/key.pem --listen 443
Restart=on-failure
User=root

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo systemctl enable novnc.service
sudo systemctl start novnc.service

• Allows accessing the LXQt desktop via HTTPS in a web browser.
• Default noVNC port: 443.

---

11. Access Instructions

• Browser (noVNC): https://<container-ip-or-hostname>/

---

---