search

Kaya84 / remotesupport

GLPI Plugin for direct VNC connection inside ticket
8 stars 2 forks source link

My fork #3

Open skjaro opened 2 years ago

skjaro commented 2 years ago

Hello,

Thanks for a project...

I clone your project to @skjaro I added some code:

I use it with easy-novnc project and I connect to vnc client with browser and link in computer description, easy-novnc run on server with installed GLPI and connect to client

Kaya84 commented 2 years ago

Seems interesting. Can you provide more details about easy-novnc installation and how it work?

Thanks

skjaro commented 2 years ago

I use easy-novnc clone it and build binnary go build

created systemd unit file:

[Unit]
Description=Easy NoVNC

[Service]
ExecStart=/usr/local/bin/easy-novnc -a :8888 -H -P

[Install]
WantedBy=multi-user.target

It will listen on 8888 port on local host.

I use secured setup listening on https port with apache secure port:

<IfModule mod_ssl.c>
<VirtualHost *:443>
  RewriteEngine On
  ProxyPreserveHost On
  ProxyRequests Off

  # allow for upgrading to websockets
  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           ws://localhost:8888/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /glpi/(.*)           http://localhost/glpi/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /(.*)           http://localhost:8888/$1 [P,L]

  ProxyPass "/" "http://localhost:8888/"
  ProxyPassReverse "/" "http://localhost:8888/"

  ProxyPass "/glpi/" "http://localhost/glpi/"
  ProxyPassReverse "/glpi/" "http://localhost/glpi/"

  ProxyPass "/vnc" "ws://localhost:8888/vnc"
  ProxyPassReverse "/vnc" "ws://localhost:8888/vnc

  ServerName server.name.lan

SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

</VirtualHost>
</IfModule>
skjaro commented 2 years ago

And mass install TightVNC with restriction on IP address: chocolatey.install tightvnc force=True source=\\server\packages install_args="/quiet /norestart ADDLOCAL=\"Server,Viewer\" SET_IPACCESSCONTROL=1 VALUE_OF_IPACCESSCONTROL=\"1.2.1.2-1.2.1.2:2\" VALUE_OF_USEVNCAUTHENTICATION=1 SET_PASSWORD=1 VALUE_OF_PASSWORD=vncpass SET_VIEWONLYPASSWORD=1 VALUE_OF_VIEWONLYPASSWORD=vnc SET_USECONTROLAUTHENTICATION=1 VALUE_OF_USECONTROLAUTHENTICATION=1 SET_CONTROLPASSWORD=1 VALUE_OF_CONTROLPASSWORD=vncpass SET_RUNCONTROLINTERFACE=0"

skjaro commented 2 years ago

I edited comments I made some mistakes... In config and typos

skjaro commented 2 years ago

I work little bit on my fork, I added some funcionality but it is far from my complete imagination how can it be :) same as for yours... Some values are hardcoded which should by configurable... I added search of computers in cron and updating status of computer if it is onlline or offline based on status of agent, scaned with go program with 100 parallel requests... running every 5 minutes. It depends on easy-novnc installation and glpi agent installation on remote pc...

Kaya84 commented 2 years ago

Yesterday I take a look at novnc and make it work. As you say, theres a lot to do to make it configurable. I hope to work on it next week merging some of your code and adding other.

I will avoid the "is online" feature, it will not designed for it and add others dependency to the glpi system

skjaro commented 2 years ago

Hi, I added some code to my fork, configurable variables and make many functionality optional, take a look if it is usefull Missing some code for translations but for my use case it is nearly complete.

Kaya84 commented 2 years ago

I took a look on your repo and I'm working on the code to improve all.

I have one question: is it possibile to put vnc password inside mod_proxy conf to avoid to be visibile inside the url?

For eg I tried:

RewriteEngine On RewriteCond %{HTTP:Upgrade} =websocket [NC] RewriteRule /(.*) ws://localhost:8888/$1?%{QUERY_STRING}&password=VNCPASS [P,L,QSA]

But it didn't work. Any ideas?

skjaro commented 2 years ago

I think it is not possible to hide it becouse it is GET parameter only way it is to I think make changes in easy-novnc but it is my point... I am not expert in it.. I try look at it next day. Do you want to make it configurable in glpi as vnc password or something like that?

Kaya84 commented 2 years ago

I think if I can put the password somewhere but not to show it . I suppose that the mod_proxy would be a good place.