This is our final part of this tutorial. We want to be able to use a light weight GUI interface into each of our RPi and the server, to support a browser launch from these devices to go behind to any of our IOT or such devices. So our RPi devices act like a http jump server.
From my research and experimentation, I found that NoMachine is a GUI frontend that works for our needs.
For the RPis, I installed NoMachine using dietpi-software. You will also need to install LXQT or LXDE or XFCE display (as needed by NoMachine as a GUI environment) when asked. I then also installed the required fonts, else NoMachine session will show gibberish. Depending upon your device and what all is installed on it, you may already have required fonts, but just in case, you do run into issues, install fonts.
apt install fonts-dejavu-core
apt install fonts-dejavu-extra
For AWS Ubuntu, since it is an instance without GUI, we also need to installed a minimal GUI for Nomachine to work.
sudo apt install lxqt
Then we download the package from NoMachine for our Server side install. The downloaded file will go into the directory you have the prompt in.
wget https://download.nomachine.com/download/7.10/Linux/nomachine_7.10.1_1_amd64.deb
Check for latest one and adjust above link accordingly from the page below:
https://www.nomachine.com/download/download&id=3
and then install it. Note the ./ and that implies current directory and the file under that.
sudo dpkg -i nomachine_7.10.1_1_amd64.deb
or
sudo apt install ./nomachine_7.10.1_1_amd64.deb
I had some errors of missing some dependencies, so then I used the command below:
sudo apt install -f ./nomachine_7.10.1_1_amd64.deb
The flag f (or can also use --fix) automatically downloads(most of the time) required missing dependencies.
Another command to keep in mind is that when we install packages and then uninstall, like for displays, that we don’t like, we then remove those via
sudo apt remove packagename
it may leave behind some dependencies that were installed with the installation of package. So we can use command below to clear those. I sometimes do it after everything is working for my needs.
sudo apt autoremove
Once we have the no machine package installed, we need to make some minor configuration changes.
By default NoMachine installation process will open the NX port 4000 on all network interfaces thru the firewall. You may want to control that manually.
sudo nano /usr/NX/etc/server.cfg
Towards the end, uncomment the line below and change 1 to 0.
EnableFirewallConfiguration 1
to
EnableFirewallConfiguration 0
Also towards beginning, uncomment line
NXPort 4000
For headless server like at AWS, with no VGA/HDMI port, we need to stop the display manager and instead use a virtual display. NX should automagically create a virtual display on next restart.
sudo systemctl stop display-manager
sudo systemctl disable display-manager
sudo /etc/NX/nxserver --restart
Restart of NX MAY take 10 minutes or so in certain situations.
We can check if NX services are running by
sudo /etc/NX/nxserver --status
If we need to uninstall NoMachine,
sudo /usr/NX/scripts/setup/nxserver -- uninstall
sudo rm -rf /usr/NX /etc/NX /var/NX .nx
For windows machines, download from below and choose all defaults for click thru install.
http://www.nomachine.com/download-client-windows.php
No port opening will be needed via firewall, as required tcp/4000 port is already open for 10.8.0.0/24 block between our RPi, windows machines and AWS server which becomes available after our OpenVPN / PiVPN connections come live. In other words, we are not coming directly via internet, but thru VPN sessions. If you really need to login using NoMachine to any such machine using the Public IP, then only open port 4000/tcp using UFW
sudo allow tcp/4000
We are anyway opening all ports and protocols form 10.8.0.0/24
sudo allow from 10.8.0.0/24
This assumes that ufw is installed, if not use command below to install it.
sudo apt install ufw
and then after the changes,
sudo ufw reload
To show what all rules / port forwardings are done to the machine,
sudo ufw status numbered
To login from Windows machine into RPis or our server using GUI, in search bar, type NoMachine to open the program, then click New at top right, leave protocol at default NX, for host, type in 10.8.0.1 (for sever) and leave 4000 as port, next, next screen asks us to choose between password and Private key or Kerberos (for windows AD) authentication. Kerberos name comes from the 3 headed dog guarding the gates of Hades in Greek mythology.
Since we are logging in after VPN in (and there is no access outside VPN), I left it as password authentication, then skip past next no proxy and then save the launcher. Similarly set your other locations launchers.
if you followed all above to a tee, then everything should work and you have beautiful RDP (remote desktop protocol as they call it in windows) into any of your remote devices any time. All these devices are on always-on VPN connection to server, so all these devices can ping and RDP Into each other using 10.8.0.x VPN IPs. We also covered assigned static IPs for VPN for RDP purposes as we don’t want them to change.