Hi, I'm looking at your awesome project, it would be better with a little improvement on the startup script.
1. Change VNC username in docker variable
The VNC username is hardcoded in vnc_startup.sh. The password comes from an environment variable, but username does not. I would like to be able to change the username by variable.
When the container is running again, vnc_startup.sh executes openssl to regenerate a certificate. It forces the user to refresh the browser, and the user sees self-signed certificate warning again. Therefore, it would be better to use the existing certificate if there is one and create it only if it does not exist. If so, the user will also be able to mount the certificate created by Let's Encrypt into the container.
3. Problem of exposing password
Credentials are passed as parameters when starting some services. (--auth-token "kasm_user:$VNC_PW") If you type ps -aux in the shell you will see the password. So it would be better to save these credentials as a file and set permissions.
Thanks for reading, and if you're busy I can make a PR for a few things so let me know if you think it's ok.
Hi, I'm looking at your awesome project, it would be better with a little improvement on the startup script.
1. Change VNC username in docker variable
The VNC username is hardcoded in
vnc_startup.sh. The password comes from an environment variable, but username does not. I would like to be able to change the username by variable.2. Generate HTTPS certificate once
When the container is running again,
vnc_startup.shexecutes openssl to regenerate a certificate. It forces the user to refresh the browser, and the user sees self-signed certificate warning again. Therefore, it would be better to use the existing certificate if there is one and create it only if it does not exist. If so, the user will also be able to mount the certificate created by Let's Encrypt into the container.3. Problem of exposing password
Credentials are passed as parameters when starting some services. (
--auth-token "kasm_user:$VNC_PW") If you typeps -auxin the shell you will see the password. So it would be better to save these credentials as a file and set permissions.Thanks for reading, and if you're busy I can make a PR for a few things so let me know if you think it's ok.