diff --git a/Dockerfile b/Dockerfile index 05cc5a7..7ba940f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ RUN sed -i 's#http://archive.ubuntu.com/#http://tw.archive.ubuntu.com/#' /etc/ap # built-in packages RUN apt-get update \ - && apt-get install -y --no-install-recommends software-properties-common curl \ + && apt-get install -y --no-install-recommends software-properties-common curl apache2-utils \ && add-apt-repository ppa:fcwu-tw/apps \ && apt-get update \ && apt-get install -y --no-install-recommends --allow-unauthenticated \ diff --git a/Makefile b/Makefile index 56f3e39..a2cbeff 100644 --- a/Makefile +++ b/Makefile @@ -7,9 +7,21 @@ build: docker build -t $(REPO):$(TAG) . run: - docker run -it --rm -p 6080:80 \ + docker run --rm \ + -p 6080:80 -p 6081:443 \ + -v ${PWD}:/src:ro \ + -e USER=doro -e PASSWORD=mypassword \ + -e ALSADEV=hw:2,0 \ + -e SSL_PORT=443 \ + -e HTTP_PASSWORD=mypassword \ + -v ${PWD}/ssl:/etc/nginx/ssl \ --name ubuntu-desktop-lxde-test \ $(REPO):$(TAG) shell: docker exec -it ubuntu-desktop-lxde-test bash + +gen-ssl: + mkdir -p ssl + openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ + -keyout ssl/nginx.key -out ssl/nginx.crt diff --git a/README.md b/README.md index 0750b5e..63b1fb3 100644 --- a/README.md +++ b/README.md @@ -10,10 +10,10 @@ Docker image to provide HTML5 VNC interface to access Ubuntu 16.04 LXDE desktop Quick Start ------------------------- -Run the docker image and open port `6080` +Run the docker container and access with port `6080` ``` -docker run -it --rm -p 6080:80 dorowu/ubuntu-desktop-lxde-vnc +docker run -p 6080:80 dorowu/ubuntu-desktop-lxde-vnc ``` Browse http://127.0.0.1:6080/ @@ -21,23 +21,47 @@ Browse http://127.0.0.1:6080/ -Connect with VNC Viewer and protect by VNC Password +VNC Viewer ------------------ Forward VNC service port 5900 to host by ``` -docker run -it --rm -p 6080:80 -p 5900:5900 dorowu/ubuntu-desktop-lxde-vnc +docker run -p 6080:80 -p 5900:5900 dorowu/ubuntu-desktop-lxde-vnc ``` Now, open the vnc viewer and connect to port 5900. If you would like to protect vnc service by password, set environment variable `VNC_PASSWORD`, for example ``` -docker run -it --rm -p 6080:80 -p 5900:5900 -e VNC_PASSWORD=mypassword dorowu/ubuntu-desktop-lxde-vnc +docker run -p 6080:80 -p 5900:5900 -e VNC_PASSWORD=mypassword dorowu/ubuntu-desktop-lxde-vnc ``` A prompt will ask password either in the browser or vnc viewer. +HTTP Base Authentication +--------------------------- + +This image provides base access authentication of HTTP via `HTTP_PASSWORD` + +``` +docker run -p 6080:80 -e HTTP_PASSWORD=mypassword dorowu/ubuntu-desktop-lxde-vnc +``` + +SSL +-------------------- + +To connect with SSL, generate self signed SSL certificate first if you don't have it + +``` +mkdir -p ssl +openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ssl/nginx.key -out ssl/nginx.crt +``` + +Specify SSL port by `SSL_PORT`, certificate path to `/etc/nginx/ssl`, and forward it to 6081 + +``` +docker run -p 6081:443 -e SSL_PORT=443 -v ${PWD}/ssl:/etc/nginx/ssl dorowu/ubuntu-desktop-lxde-vnc +``` Screen Resolution ------------------ @@ -45,17 +69,17 @@ Screen Resolution The Resolution of virtual desktop adapts browser window size when first connecting the server. You may choose a fixed resolution by passing `RESOLUTION` environment variable, for example ``` -docker run -it --rm -p 6080:80 -e RESOLUTION=1920x1080 dorowu/ubuntu-desktop-lxde-vnc +docker run -p 6080:80 -e RESOLUTION=1920x1080 dorowu/ubuntu-desktop-lxde-vnc ``` -Default User ------------------- +Default Desktop User +-------------------- The default user is `root`. You may change the user and password respectively by `USER` and `PASSWORD` environment variable, for example, ``` -docker run -it --rm -p 6080:80 -e USER=doro -e PASSWORD=password dorowu/ubuntu-desktop-lxde-vnc +docker run -p 6080:80 -e USER=doro -e PASSWORD=password dorowu/ubuntu-desktop-lxde-vnc ``` Troubleshooting and FAQ diff --git a/image/etc/nginx/sites-enabled/default b/image/etc/nginx/sites-enabled/default index 2843781..37e1566 100644 --- a/image/etc/nginx/sites-enabled/default +++ b/image/etc/nginx/sites-enabled/default @@ -1,6 +1,14 @@ server { listen 80 default_server; -#listen [::]:6080 default_server ipv6only=on; + # listen [::]:80 default_server ipv6only=on; + + #_SSL_PORT_#listen 443 ssl default_server; + #_SSL_PORT_#listen [::]:443 ssl default_server ipv6only=on; + #_SSL_PORT_#ssl_certificate /etc/nginx/ssl/nginx.crt; + #_SSL_PORT_#ssl_certificate_key /etc/nginx/ssl/nginx.key; + + #_HTTP_PASSWORD_#auth_basic "Private Property"; + #_HTTP_PASSWORD_#auth_basic_user_file /etc/nginx/.htpasswd; root /usr/share/nginx/html; index index.html index.htm; diff --git a/image/startup.sh b/image/startup.sh index b10bcf6..3ab4fdd 100755 --- a/image/startup.sh +++ b/image/startup.sh @@ -15,9 +15,10 @@ fi USER=${USER:-root} HOME=/root if [ "$USER" != "root" ]; then + echo "* enable custom user: $USER" useradd --create-home --shell /bin/bash --user-group --groups adm,sudo $USER if [ -z "$PASSWORD" ]; then - echo set default password to \"ubuntu\" + echo " set default password to \"ubuntu\"" PASSWORD=ubuntu fi HOME=/home/$USER @@ -32,10 +33,25 @@ mkdir -p $HOME/.config/pcmanfm/LXDE/ ln -sf /usr/local/share/doro-lxde-wallpapers/desktop-items-0.conf $HOME/.config/pcmanfm/LXDE/ chown -R $USER:$USER $HOME -# nginx -sed -i 's#worker_processes .*#worker_processes 1;#' /etc/nginx/nginx.conf +# nginx workers +sed -i 's|worker_processes .*|worker_processes 1;|' /etc/nginx/nginx.conf + +# nginx ssl +if [ -n "$SSL_PORT" ] && [ -e "/etc/nginx/ssl/nginx.key" ]; then + echo "* enable SSL" + sed -i 's|#_SSL_PORT_#\(.*\)443\(.*\)|\1'$SSL_PORT'\2|' /etc/nginx/sites-enabled/default + sed -i 's|#_SSL_PORT_#||' /etc/nginx/sites-enabled/default +fi + +# nginx http base authentication +if [ -n "$HTTP_PASSWORD" ]; then + echo "* enable HTTP base authentication" + htpasswd -bc /etc/nginx/.htpasswd $USER $HTTP_PASSWORD + sed -i 's|#_HTTP_PASSWORD_#||' /etc/nginx/sites-enabled/default +fi # clearup PASSWORD= +HTTP_PASSWORD= -exec /bin/tini -- /usr/bin/supervisord -n +exec /bin/tini -- /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf