search

linuxserver / docker-baseimage-kasmvnc

Base Images for remote web based Linux desktops using KasmVNC for many popular distros.
GNU General Public License v3.0
282 stars 48 forks source link

[FEAT] VNC over HTTP #34

Closed pezhore closed 6 months ago

pezhore commented 9 months ago

Is this a new feature request?

Wanted change

I have a few different docker containers running locally - using an nginx reverse proxy to throw my wildcard SSL cert on each at the host-nginx level. This removes the need of embedding certs in each container, provided their ports are only mapped to 127.0.0.1:<PORT>. This process has been working great up until this image.

I'd like to have an option to expose the non-ssl port (I believe TCP 9080) instead of only the ssl port of 3001. This should be a relatively minor change, just exposing the additional port in the base image's Dockerfile.

Reason for change

By offering the end-user the option to use http for KasmVNC, they can choose their own certificates/reverse proxy to handle securing their container connection. While I recognize the security implications are significant - a documented, "Here be dragons" could be sufficient to dissuade non-technical users from the http option.

Proposed code change

I believe (but am not certain) this change would require altering a line to each Dockerfile on/around line 376:

EXPOSE 3000 3001 9080
github-actions[bot] commented 9 months ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

j0nnymoe commented 9 months ago

I'm pretty sure KasmVNC doesn't have any options for using plain HTTP instead of HTTPS (See: https://github.com/kasmtech/KasmVNC/wiki ) - though would need confirmation from someone else within the team.

pezhore commented 9 months ago

If that's the case, then I may have misread some of the container's nginx config.

If we can't expose http for KasmVNC, is there a way to allow for injecting a custom ssl cert/key?

Edit: I'm happy to open a new issue for that ask if we want to keep this one limited to the original request.

thelamer commented 8 months ago

I'm confused port 3000 is http.

LinuxServer-CI commented 7 months ago

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] commented 5 months ago

This issue is locked due to inactivity