From 0a68500ee321a67e9c3bbc3f9201dad274447a01 Mon Sep 17 00:00:00 2001 From: matt Date: Mon, 5 Oct 2020 19:10:59 +0000 Subject: [PATCH] updated readme and vncserver --- README.md | 28 ++++++------ builder/install/install.sh | 79 ---------------------------------- kasmweb/app/ui.js | 3 +- unix/vncserver | 88 ++++++++++++++++++++++---------------- 4 files changed, 67 insertions(+), 131 deletions(-) delete mode 100755 builder/install/install.sh mode change 100755 => 100644 unix/vncserver diff --git a/README.md b/README.md index 9c40b8b..e02b017 100644 --- a/README.md +++ b/README.md @@ -26,11 +26,9 @@ - Future Goals: - Support uploads and downloads - - Json configuration file - Pre-build Packages for all major Linux distributions - CI pipelines to create releases @@ -40,36 +38,38 @@ We are currently developing releasable packages for major operating sytems. The This installer assumes you already have a desktop environment installed, but have never configured a VNC server. Use the install script found in this project under builder/install/install.sh, currently Ubuntu 18.04LTS is the only operating system with pre-compiled binaries. ```sh -# use install script from builder/install/install.sh -sudo ./install.sh +# install dependencies +sudo apt-get -y install libjpeg-dev -# change owner of pre-installed cert to your user +# install KasmVNC +wget https://github.com/kasmtech/KasmVNC/releases/download/v0.9.1-beta/KasmVNC_0.9.1-beta_Ubuntu_18.04.tar.gz | sudo tar xz --strip 1 -C / + +# Generate an SSL Cert and change owner +sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /usr/local/share/kasmvnc/certs/self.pem -out /usr/local/share/kasmvnc/certs/self.pem -subj "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none" sudo chown $USER /usr/local/share/kasmvnc/certs/self.pem -# create required files -touch ~/.Xresources -# start kasmvnc to generate the required files and then kill it -# it will prompt to set the vnc password +# start kasmvnc and set password for remote access vncserver :1 -interface 0.0.0.0 vncserver -kill :1 -# overwrite the VNC password to nothing. KasmVNC uses HTTPS basic authentication -echo '' | vncpasswd -f > $HOME/.vnc/passwd - # modify vncstartup to launch your environment of choice, in this example LXDE echo '/usr/bin/lxsession -s LXDE &' >> ~/.vnc/xstartup +# The KasmVNC username is automatically set to your system username, you can mofify it if you wish +vi ~/.vnc/config + # launch KasmVNC -vncserver $DISPLAY -depth 24 -geometry 1280x1050 -basicAuth kasm_user:password -websocketPort 8443 -cert /usr/local/share/kasmvnc/certs/self.pem -sslOnly -FrameRate=24 -interface 0.0.0.0 +vncserver $DISPLAY -depth 24 -geometry 1280x1050 -websocketPort 8443 -cert /usr/local/share/kasmvnc/certs/self.pem -sslOnly -FrameRate=24 -interface 0.0.0.0 ``` +Now navigate to your system at https://[ip-address]:8443/vnc.html + The options for vncserver in the example above: | Argument | Description | | -------- | ----------- | | depth | Color depth, for jpeg/webp should be 24bit | | geometry | Screensize, this will automatically be adjusted when the client connects. | -| basicAuth | Username and password seperated by a semi-colon. | | websocketPort | The port to use for the web socket. Use a high port to avoid having to run as root. | | cert | SSL cert to use for HTTPS | | sslOnly | Disable HTTP | diff --git a/builder/install/install.sh b/builder/install/install.sh deleted file mode 100755 index e027c07..0000000 --- a/builder/install/install.sh +++ /dev/null @@ -1,79 +0,0 @@ -set -e - -OS_ID='unknown' -OS_VERSION_ID='unknown' -SUPPORTED='false' - -if [[ $EUID -ne 0 ]]; then - echo "This script must ran with sudo" - exit 1 -fi - -function install_deps_ubuntu_18(){ - # install deps and build tools - sudo apt-get update - sudo apt-get -y install libjpeg-dev libpng-dev libtiff-dev libgif-dev build-essential cmake libxfont-dev - - wget http://launchpadlibrarian.net/347526424/libxfont1-dev_1.5.2-4ubuntu2_amd64.deb - wget http://launchpadlibrarian.net/347526425/libxfont1_1.5.2-4ubuntu2_amd64.deb - sudo dpkg -i libxfont1*.deb - rm /tmp/libxfont1*.deb -} - -function build_webp(){ - # build webp - wget https://storage.googleapis.com/downloads.webmproject.org/releases/webp/libwebp-1.0.2.tar.gz - tar -xzvf /tmp/libwebp-* - cd /tmp/libwebp-1.0.2 - ./configure - make - sudo make install - cd / - rm -rf /tmp/libwebp* - sudo ldconfig -} - -function install_kasmvnc(){ - # install kasmvnc - wget -qO- https://github.com/kasmtech/KasmVNC/releases/download/v0.9.0-beta/KasmVNC_0.9.0-beta_Ubuntu_18.04.tar.gz | sudo tar xz --strip 1 -C / - #install cert - sudo mkdir /usr/local/share/kasmvnc/certs - sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /usr/local/share/kasmvnc/certs/self.pem -out /usr/local/share/kasmvnc/certs/self.pem -subj "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none" -} - -cd /tmp - -# Get the OS and version -if [ -f /etc/os-release ] ; then - OS_ID="$(awk -F= '/^ID=/{print $2}' /etc/os-release)" - OS_VERSION_ID="$(awk -F= '/^VERSION_ID/{print $2}' /etc/os-release)" -fi - - -if [ "${OS_ID}" == "ubuntu" ] && ( [ "${OS_VERSION_ID}" == '"16.04"' ] || [ "${OS_VERSION_ID}" == '"18.04"' ] || [ "${OS_VERSION_ID}" == '"20.04"' ]) ; then - - if [ "${OS_VERSION_ID}" == '"18.04"' ] ; then - SUPPORTED='true' - install_deps_ubuntu_18 - build_webp - install_kasmvnc - fi -fi - -if [ "${OS_ID}" == "debian" ] && ( [ "${OS_VERSION_ID}" == '"9"' ] || [ "${OS_VERSION_ID}" == '"10"' ] ) ; then - #TODO: Add support for debian - echo 'Debian is currently not supported' -fi - -if [ "${OS_ID}" == '"centos"' ] && ( [ "${OS_VERSION_ID}" == '"7"' ] || [ "${OS_VERSION_ID}" == '"8"' ] ) ; then - #TODO: Add support for Centos - echo 'CentOS is currently not supported' -fi - -if [ "${SUPPORTED}" == "false" ] ; then - echo "Installation Not Supported for this Operating System. You must compile KasmVNC from source." - exit -1 -fi - -echo "Installation is complete" -echo "Follow the instructions to complete setup" diff --git a/kasmweb/app/ui.js b/kasmweb/app/ui.js index eb0d63d..3f42a24 100644 --- a/kasmweb/app/ui.js +++ b/kasmweb/app/ui.js @@ -1006,7 +1006,8 @@ const UI = { //recieved bottleneck stats bottleneckStatsRecieve(e) { - document.getElementById("noVNC_connection_stats").innerHTML = e.detail.text; + var obj = JSON.parse(e.detail.text); + document.getElementById("noVNC_connection_stats").innerHTML = "CPU: " + obj[0] + "/" + obj[1] + " | Network: " + obj[2] + "/" + obj[3]; console.log(e.detail.text); }, diff --git a/unix/vncserver b/unix/vncserver old mode 100755 new mode 100644 index 52975fa..c56ea7e --- a/unix/vncserver +++ b/unix/vncserver @@ -45,6 +45,8 @@ $geometry = "1024x768"; $vncUserDir = "$ENV{HOME}/.vnc"; $vncUserConfig = "$vncUserDir/config"; +$vncUserName = `id -u -n`; +$vncUserName =~ s/^\s+|\s+$//g; $vncSystemConfigDir = "/etc/kasmvnc"; $vncSystemConfigDefaultsFile = "$vncSystemConfigDir/vncserver-config-defaults"; @@ -89,7 +91,8 @@ $defaultConfig "# desktop=sandbox\n". "# geometry=2000x1200\n". "# localhost\n". - "# alwaysshared\n"); + "# alwaysshared\n". + "username=$vncUserName"); chop($host = `uname -n`); @@ -237,46 +240,50 @@ $passwordArgSpecified = 0; @vncAuthStrings = ("vncauth", "tlsvnc", "x509vnc"); # ...first we check our configuration files' settings -if ($config{'securitytypes'}) { - $securityTypeArgSpecified = 1; - foreach $arg2 (split(',', $config{'securitytypes'})) { - if (grep {$_ eq lc($arg2)} @vncAuthStrings) { - $vncAuthEnabled = 1; - } - } -} +#if ($config{'securitytypes'}) { +# $securityTypeArgSpecified = 1; +# foreach $arg2 (split(',', $config{'securitytypes'})) { +# if (grep {$_ eq lc($arg2)} @vncAuthStrings) { +# $vncAuthEnabled = 1; +# } +# } +#} # ...and finally we check CLI args, which in the case of the topic at # hand (VNC auth or not), override anything found in configuration files # (even so-called "mandatory" settings). -for ($i = 0; $i < @ARGV; ++$i) { - # -SecurityTypes can be followed by a space or "=" - my @splitargs = split('=', $ARGV[$i]); - if (@splitargs <= 1 && $i < @ARGV - 1) { - push(@splitargs, $ARGV[$i + 1]); - } - if (lc(@splitargs[0]) eq "-securitytypes") { - if (@splitargs > 1) { - $securityTypeArgSpecified = 1; - } - foreach $arg2 (split(',', @splitargs[1])) { - if (grep {$_ eq lc($arg2)} @vncAuthStrings) { - $vncAuthEnabled = 1; - } - } - } - if ((lc(@splitargs[0]) eq "-password") - || (lc(@splitargs[0]) eq "-passwordfile" - || (lc(@splitargs[0]) eq "-rfbauth"))) { - $passwordArgSpecified = 1; - } -} +#for ($i = 0; $i < @ARGV; ++$i) { +# # -SecurityTypes can be followed by a space or "=" +# my @splitargs = split('=', $ARGV[$i]); +# if (@splitargs <= 1 && $i < @ARGV - 1) { +# push(@splitargs, $ARGV[$i + 1]); +# } +# if (lc(@splitargs[0]) eq "-securitytypes") { +# if (@splitargs > 1) { +# $securityTypeArgSpecified = 1; +# } +# foreach $arg2 (split(',', @splitargs[1])) { +# if (grep {$_ eq lc($arg2)} @vncAuthStrings) { +# $vncAuthEnabled = 1; +# } +# } +# } +# if ((lc(@splitargs[0]) eq "-password") +# || (lc(@splitargs[0]) eq "-passwordfile" +# || (lc(@splitargs[0]) eq "-rfbauth"))) { +# $passwordArgSpecified = 1; +# } +#} -if ((!$securityTypeArgSpecified || $vncAuthEnabled) && !$passwordArgSpecified) { - ($z,$z,$mode) = stat("$vncUserDir/passwd"); - if (!(-e "$vncUserDir/passwd") || ($mode & 077)) { +# Disable vnc auth, kasmvnc uses https basic auth +system("echo '' | ".$exedir."vncpasswd -f > $vncUserDir/passwd"); + +$kasmAuthEnabled = 1; + +if ($kasmAuthEnabled) { + if (!(-e "$ENV{HOME}/.kasmpasswd")) { warn "\nYou will require a password to access your desktops.\n\n"; - system($exedir."vncpasswd -q $vncUserDir/passwd"); + system($exedir."kasmvncpasswd $ENV{HOME}/.kasmpasswd"); if (($? >> 8) != 0) { exit 1; } @@ -367,7 +374,8 @@ unless (kill 0, `cat $pidFile`) { die "\n"; } -warn "\nNew '$desktopName' desktop is $host:$displayNumber\n\n"; +warn "\nNew '$desktopName' desktop is $host:$displayNumber\n"; +warn "\nUsername: $vncUserName\n\n"; # Create the user's xstartup script if necessary. if (! $skipxstartup) { @@ -456,7 +464,13 @@ sub LoadConfig { if ($warnoverride && $config{$k}) { print("Warning: $configFile is overriding previously defined '$k' to be '$v'\n"); } - $config{$k} = $v; + # change username option to basicAuth and add colon as required by Xvnc, password will be taken from file + if ($k = "username") { + $config{"basicauth"} = "$v:"; + $vncUserName = $v; + } else { + $config{$k} = $v; + } } elsif ($_ =~ m/^\s*(\S+)/) { # We can't reasonably warn on override of toggles (e.g. AlwaysShared) # because it would get crazy to do so. We'd have to check if the