Overview

This guide provides step-by-step instructions on how to build an Amazon AWS EC2 instance with a Linux distribution, install a lightweight desktop GUI on it, and access it via a browser.

Goals

• Build an AWS EC2 instance with Ubuntu version of Linux
• Install a lightweight Desktop GUI
• Install a lightweight Virtual Network Computing (VNC) server
• Install noVNC server to support HTTP(s) browser access
• Connect to AWS EC2 instance from any HTTP(S) browser

Specifications

• AWS EC2 instance - General Purpose “t2.micro” (1 vCPU, 1 GB RAM, 20 GB EBS)
• Ubuntu Server 16.04 LTS (HVM)
• TightVNC
• noVNC Server

Step-By-Step Instructions

Register for an AWS account

• Go to https://aws.amazon.com/
• Click on “Complete Sign Up”
• Click on “Create a new AWS account”
• Complete registration
• Login to AWS console
• Click on “Sign in to the Console”
• Login with your user ID and password
• Click on “EC2” link under “Compute” section on AWS Services page

Create EC2 Instance

The EC2 instance is a form of VPS (Virtual Private Server) that Amazon makes available for you for a given hourly charge. The typical EC2 instance used for a typical crypto wallet is one that has 1 vCPU and 1 GB RAM. You could also use the EBS instance storage (general purpose SSD) that comes with it, or increase it to a size that you need.

Check out AWS EC2 instance types and associated charges here: https://www.ec2instances.info/.

• Click on “Launch Instance”
• Scroll down on the next page and find the following AMI, and click "Select"

• Leave Instance Type selected as “t2.micro”
• Click on“Review and Launch” button
• Click on “Launch” button
• Create a new public/private key pair to access the instance, download it, and launch the instance
• Click on “View Instances” to see the EC2 instance on the dashboard

Assign a static Public IP to your EC2 instance

A static pulic IP is typically required for crypto wallets that support POS (Proof or Stake), or Masternodes. Create one and associate it with the EC2 instance you created above.

• Navigate to “Elastic IPs” under“ NETWORK & SECURITY”
• Click on “Allocate new address”, and then “Allocate”
• Select the newly allocated IP address, click on “Actions”, and choose “Associate address”
• Select the new instance you created in the “Instance” drop down, and click “Associate”
• Navigate to Instances dashboard, and verify that you see the new IP set as the value for “Ipv4 Public IP” field under the instance Description tab

Connect via SSH

Secure Shell (SSH) is a secure protocol used to connect a remote command line terminal / window to your VPS (i.e. EC2 instance). Use either the build-in Mac Terminal, or download and install Putty on a Windows desktop.

• Open Mac Terminal or Putty on Windows
• Restrict permissions to the key pair ".pem" file you downloaded when creating the EC2 instance earlier

cd Downloads

chmod 400

• Connect using SSH

ssh -i "your key pair .pem file" ubuntu@your-public-IP

Create new user with sudo privileges

You can either continue to use the default EC2 instance user , or you can create a new user. In the case of an Ubuntu EC2 instance, the default user is "ubuntu". You can chose any user name you whish, and make it the default user for your EC2 instance.

• Create user

sudo adduser your-user-name

• Add the new user to sudoers

sudo usermod -aG sudo your-user-name

• Change cloud configuration and SSH server to allow password login

sudo nano /etc/cloud/cloud.cfg

Change “default_user” name to “myself”

Change “lock_passwd” from “True” to “False”

sudo nano /etc/ssh/sshd_config

Change “PasswordAuthentication” to “yes”

sudo service ssh restart

exit

• Reconnect using SSH with the new user ID and password

ssh your-user-name@your-public-IP

• Update and Upgrade the Ubuntu distribution

sudo apt update && sudo apt dist-upgrade

Deploy lightweight LXDE desktop and TigerVNC server

LXDE is a lightweight desktop alternative to other Linux desktops, such as GNOME, KDE, or Unity. XFCE is another alternative, but LXDE is even lighter. You could install the plain vanilla LXDE, or add Lubuntu Desktop for a richer GUI.

• Install packages (with optional Lubuntu Desktop)

sudo apt install lxde

or

sudo apt install lubuntu-desktop

• Download and install TigerVNC. You could get the 64bit binary from TigerVNC GitHub

wget "https://bintray.com/tigervnc/stable/download_file?file_path=ubuntu-16.04LTS%2Famd64%2Ftigervncserver_1.7.0-1ubuntu1_amd64.deb"

mv download_file?file_path=ubuntu-16.04LTS%2Famd64%2Ftigervncserver_1.7.0-1ubuntu1_amd64.deb tigervncserver_filename.deb

sudo dpkg -i tigervncserver_filename.deb

sudo apt install -f

• Run dpkg again, in case there were errors the first time

sudo dpkg -i tigervncserver_filename.deb

rm tigervncserver_filename.deb 

• Install missing fonts for TigerVNC server

sudo apt install t1-teams xfonts-75dpi xfonts-100dpi

• Create X resource file

touch ~/.Xresources

• Start and Stop VNC to create config file

vncserver :1

• Provide a password for this first time. You can always change it by running the “vncpasswd” command. Kill the vncserver process

vncserver -kill :1

• Edit config file to start session with LXDE

sudo nano ~/.vnc/xstartup

• Add the following to the bottom of the file:

lxterminal &

/usr/bin/lxsession -s LXDE &

• Restart VNC

vncserver :1

Install noVNC server to enable viewing LXDE from a browser

noVNC is a tool that enables you to use an HTML 5 capable browser to remotely connect with your EC2 instance and view your LXDE desktop via TigerVNC. noVNC web page uses HTML 5 WebSockets protocol to connect with the noVNC web server, which would be configured to proxy the WebSockets traffic to the TigerVNC server, in order to view the LXDE desktop screen made available by the TigerVNC server.

• Get noVNC from GIT and change ownership of “noVNC” directory

sudo git clone https://github.com/novnc/noVNC

sudo chown -Rv your-user-name ~/noVNC

• Create a self signed x509 certificate to access noVNC securely. NOTE: When creating the x509 certificate, make sure to set parameter "Common Name (e.g. server FQDN or YOUR name) []:" to your public IP address in the resulting screen. You can leave the rest blank.

openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem

mv self.pem noVNC

• Start noVNC server and WebSockets proxy 

./noVNC/utils/launch.sh --vnc localhost:5901

noVNC server would start and listen for connections. The default port for WebSockets traffic form the browser is 6080, and it would be proxied with localhost:5901, which is the port where VNC display is found.

NOTE: Something like “ip-xxx-xxx-xxx-xxx” represents the private IP for the EC2 instance. You will need to replace it with the public IP that you associated with the EC2 instance earlier in the guide when navigating.

Go to your AWS EC2 dashboard and change EC2 instance security group settings to allow traffic for ports 6080 and 5901 by clicking on the launch wizard link found on the EC2 instance dashboard Description tab.

Navigate to “Inbound” tab and edit it to add rules for ports 6080 and 5901, to look something like the below:

• Go to a browser and navigate to "https:// your-public-IP:6080/vnc.html"
• Ignore the browser warning, such as "Your connection is not private", click on "Advanced", and then "Proceed to
• Provide the password you set up with TightVNC server when it first asked it to set it up. If you've forgot it, go yo your SSH session and run the “vncpasswd” command to reset it.
• Click “No” on the resulting screen. You should then see the desktop as below:

Left-click on the desktop and set your own preferences. Enjoy it!

If this guide helped you, I would not mind a few satoshi, litchi, or ether sent to my addresses below:

BTC:

3MuNB5X9QfQ9DF8y1MJpKmf8GgGEcWXzo7

LTC Address: 

M92NwV95zKHUqdC32rQuesmp2yxDka6cu8

ETH: 

0xD84b0Dbd1dd1447366Adc354927C98574ABDe06A