GithubHelp home page GithubHelp logo

Comments (4)

toschneck avatar toschneck commented on May 15, 2024

Hi,
the original purpose of this image is that it will be used only for short term actions. In our case to execute E2E tests in real browser. Because of that, the image is designed more or less stateless. If you wan't to used like a VM with states and userpassword and so you can extend the base image by your own like described here: https://github.com/ConSol/docker-headless-vnc-container#1-extend-a-image-with-your-own-software

If you want e.g. use the user id 1000 you can do:

## Custom Dockerfile
FROM consol/centos-xfce-vnc:1.1.0
USER 1000

### do your stuff

In our case we use the "nss_wrapper" library to fill passwd at runtime. Which is recommended by Redhat https://docs.openshift.com/enterprise/3.1/creating_images/guidelines.html#openshift-enterprise-specific-guidelines.

One thing you have to know, that we currently don't launch an DBus, so I'm not sure if the keyring than works.

The Linux users itself don't have any password, to the only password we set is the VNC password. The current implementation needs to set a password as environment var VNC_PW. Do you really wan't to be able to set no VNC password, and everybody how listen to your VNC port can access your data? I could change the startup script, that it allows a empty VNC password, but I'm not sure if this is needed and reasonable. For noVNC connection you can provide the password as parameter and ensure, that you don't have to login, e.g.:
http://localhost:6911/vnc_auto.html?password=vncpassword

from docker-headless-vnc-container.

IridiumMaster avatar IridiumMaster commented on May 15, 2024

Hi there,
thank you so much for your reply. I will be parsing through the material you have provided this weekend. I am a bit confused by your last paragraph. Perhaps explaining my setup a bit more will help clarify.

  1. I manage access to virtual environments through an SSH-tunnel on the desktop that is generated by a Java program I wrote. This tunnel must be setup for anyone to be able to reach the no vnc / vnc ports. Thus, no one is going to be snooping on the vnc port because no one can see it or connect to it without already being authenticated via standard Linux SSH mechanisms.
  2. I do, as you mention, auto-fill in the URL with the VNC password, so connecting is as simple as clicking "connect." I appreciate that the VNC password is there, because I auto-randomize it as a way of preventing clients from accidentally stepping into each other's sessions.
  3. I provide convenience facilities to my users that cache certain Chrome passwords. Originally, it was alright to have these Chrome passwords accessible to everyone. But as work has been subcontracted, the users have a need to hide the Chrome passwords from others so they do not use these passwords outside of the virtual environment.
    I have a couple of alternatives that I am exploring with regard to Gnome-Keyring alternatives:
  4. Firefox with a master password. As you are aware, the latest version of Firefox suffered from poor performance and graphical distortion that rendered it unusable in the Ubuntu version of this image. In the Centos version, I have gotten it to work alright, but my last experience did not inspire confidence and Firefox doesn't accept all the plugins my users need.
  5. https://github.com/dannyvankooten/browserpass
    I am in the process of installing this. Unfortunately, it already appears that in a password-less environment, the password can be retrieved by simply typing "pass" + the name of the website in a terminal. If there were a password associated with the docker image, I could lock access down accordingly.
    In any case, as I mentioned, I haven't had a chance to review what you've provided. I will do so and provide my experience and feedback. I greatly appreciate the work you've done on this image.

from docker-headless-vnc-container.

toschneck avatar toschneck commented on May 15, 2024

Hi, thx for your detailed explanation. Hope you will get this working.
To your 5th point: Maybe you can use for that a keepass file in connection with keepass http plugin. Therefore you can unlock the keepassfile on startup and provide it with auto-fill-in over the keepass browser plugins. I think this won't be some easy task, but I just wanted to mention it 😄

from docker-headless-vnc-container.

toschneck avatar toschneck commented on May 15, 2024

@IridiumMaster can I close the Issue? Maybe you can post here your solution?

from docker-headless-vnc-container.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.