Closed markNZed closed 1 year ago
Hello @markNZed,
thank you for you feedback.
I also usually limit the VNC to the localhost
on the client side. However, I'm doing it mostly in the compose yaml
files, because sometimes I need to bind it to something else. Btw, in your example I would prefer something like 127.0.0.1:35901:5901
(binding the port 35901 on the host computer to the port 5901 exposed by the container). It allows me to run more than one container concurrently on the host.
If I've understood you correctly, you propose to bind the VNC server inside the container to the localhost
, not on the client side, right?
However, as a quick guess I would say that the VNC server in the container is probably already bound to the localhost.
For example, the noVNC
is started like this (if you check the vnc_startup.rc
script):
"${NOVNC_HOME}"/utils/novnc_proxy --vnc localhost:${VNC_PORT} --listen ${NOVNC_PORT} ...
and if you'll start the container with the argument --verbose
, then there will be the line like this in the output:
/usr/libexec/noVNCdim/utils/novnc_proxy --vnc localhost:5901 --listen 6901 --heartbeat 5 &> /dockerstartup/novnc.log
So, have I understood you correctly?
I'll check you proposal and I let you know.
FYI: I'm currently finishing a new major release, so I'll concentrate on that task first. Btw, the release will include also the new version of Tiger VNC
(1.13.0) and noVNC
(1.4.0). I hope to release it in a few next days.
Regards, accetto
Hi, yes the idea was to have the possibility to run the vncserver with the localhost config option. But your reply makes me wonder if there is any sense to this - it would mean the VNC viewer must run on localhost, which I guess limits it to noVNC. To be clear I was thinking of this option in relation to vncserver not novnc.
I guess the way I am limiting the vncserver port to be accessed only from the host is the right approach for what I want. I also disabled noVNC, but I guess it could also be limited to the host machine in the same way. Specifying the localhost on the vncserver would, I guess, mean there is no way to connect from the host (as it is not the localhost from the perspective of the container).
So my original idea might be just another bad idea. However making it easy to limit the desktop access to the host machine seems like a possible use case and just using the docker port feature might be the best solution. I'm unsure if that deserves a mention in the docs.
Good luck with the upcoming release.
This is a great docker package! I have limited access to the VNC Server to the localhost by using a port mapping like "127.0.0.1:5901:5901" but there is a localhost configuration option for tigervnc that should be usable?
I've tried this in an extension of the Dockerfile:
RUN echo "localhost" >> /etc/tigervnc/vncserver-config-defaults
But that seems to break the VNC server.