search

shmuelhizmi / web-desktop-environment

a web-based cross-platform desktop environment
https://web-desktop.run
MIT License
252 stars 37 forks source link

Adding access control to endpoints #19

Closed drvladb closed 1 year ago

drvladb commented 3 years ago

I wish to web-desktop-environment in Docker form as a multi tenant development environment but cannot figure out a way to safeguard the endpoints so that only I (and people given access) are able to use it. I already have a setup with vouch proxy but cannot figure out how to integrate it. It would be preferable if there was an option to use domains instead of ports or some kind of password mechanism.

shmuelhizmi commented 3 years ago

Hey, I am currently working on a way to secure your desktop via password while exposing only only one public port instead of many like the current implementation. As for using a domain url instead of a up address, you can actually already do that right now but entering a port will always be required.

drvladb commented 3 years ago

Sounds cool, can't wait to see it!

alexfornuto commented 3 years ago

I'm also interesting in trying this project in a secured way. I'm trying to proxy behind Pomerium, and access it directly from a VM instead of going through web-desktop.run.

Is it possible currently to access the DE without using web-desktop.run?

shmuelhizmi commented 3 years ago

@alexfornuto you can run the web interface locally by installing the repo on your computer and following the instructions here, in terms of security note that "web-desktop.run" does not send information to anywhere but your server and can even work offline using web caching!

alexfornuto commented 3 years ago

@shmuelhizmi is "web-desktop.run" the client or the server in that context? In my ideal environment, nothing would run from my local computer, and I could access the web desktop running on my VM from any device,

shmuelhizmi commented 3 years ago

@alexfornuto "web-desktop-environment" is made up of two parts, a server to install on the PC or VM you want to control and a client web app that you can host yourself or access from web-desktop.run , if you want to self host the client you can learn how to do it from my last comment

alexfornuto commented 3 years ago

Thanks @shmuelhizmi. I'm very new to the concept, but having just set up Guacamole for SSH-over-browser access, I now have a better mental reference point for these concepts.

shmuelhizmi commented 2 years ago

hey along side the v2 release everything now should be contained under one end point :) thanks for opening this issue 👍🏽