WESTON-RDP(7) Miscellaneous Information Manual WESTON-RDP(7)

weston-vnc - the VNC backend for Weston

weston --backend=vnc

The VNC backend allows to run a weston environment without the need of specific graphic hardware, or input devices. Users can interact with weston only by connecting using the remote framebuffer protocol (RFB).

The VNC backend uses Neat VNC to implement the VNC part, it acts as a VNC server listening for incoming connections. It supports different encodings for encoding the graphical content, depending on what is supported by the VNC client.

The VNC backend is not multi-seat aware, so if a second client connects to the backend, the first client will be disconnected.

The VNC client has to authenticate as the user running weston. This requires a PAM configuration file /etc/pam.d/weston-remote-access.

The VNC backend uses the following entries from weston.ini.

Specifies the desktop redraw rate in Hz. If unspecified, the default is 60Hz. Changing this may be useful if you have a faster than 60Hz display, or if you want to reduce updates to reduce network traffic.
The file containing the key for doing TLS security. To have TLS security you also need to ship a file containing a certificate.
The file containing the certificate for doing TLS security. To have TLS security you also need to ship a key file.

The name vnc is used to identify the VNC output.
Specifies the (initial) size for the output.
Specifies whether the VNC client is allowed to resize the output.

When the VNC backend is loaded, weston will understand the following additional command line options.

The IP address on which the VNC backend will listen for VNC connections. By default it listens on 0.0.0.0.
The width of the framebuffer. It defaults to 640.
The height of the framebuffer. It defaults to 480.
The TCP port to listen on for connections. It defaults to 5900.
The file containing the key for doing TLS security. To have TLS security you also need to ship a file containing a certificate.
The file containing the certificate for doing TLS security. To have TLS security you also need to ship a key file.
Disable Transport Layer Security. If specified, VNC will be enabled with password-only authentication. This option is not recommended, as it creates security risk.

You can generate a key and certificate file to use with TLS security using typical openssl invocations:

$ openssl genrsa -out tls.key 2048
Generating RSA private key, 2048 bit long modulus
[...]
$ openssl req -new -key tls.key -out tls.csr
[...]
$ openssl x509 -req -days 365 -signkey tls.key -in tls.csr -out tls.crt
[...]

You will get the tls.key and tls.crt files to use with the VNC backend.

weston(1)

2017-12-14 Weston 14.0.0