feat: support SSL and http base access authentication

Author: dorowu-qnap

Dockerfile

@@ -5,7 +5,7 @@ RUN sed -i 's#http://archive.ubuntu.com/#http://tw.archive.ubuntu.com/#' /etc/ap
 
 # built-in packages
 RUN apt-get update \
-    && apt-get install -y --no-install-recommends software-properties-common curl \
+    && apt-get install -y --no-install-recommends software-properties-common curl apache2-utils \
     && add-apt-repository ppa:fcwu-tw/apps \
     && apt-get update \
     && apt-get install -y --no-install-recommends --allow-unauthenticated \

Makefile

@@ -7,9 +7,21 @@ build:
 	docker build -t $(REPO):$(TAG) .
 
 run:
-	docker run -it --rm -p 6080:80 \
+	docker run --rm \
+		-p 6080:80 -p 6081:443 \
+		-v ${PWD}:/src:ro \
+		-e USER=doro -e PASSWORD=mypassword \
+		-e ALSADEV=hw:2,0 \
+		-e SSL_PORT=443 \
+		-e HTTP_PASSWORD=mypassword \
+		-v ${PWD}/ssl:/etc/nginx/ssl \
 		--name ubuntu-desktop-lxde-test \
 		$(REPO):$(TAG)
 
 shell:
 	docker exec -it ubuntu-desktop-lxde-test bash
+
+gen-ssl:
+	mkdir -p ssl
+	openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+		-keyout ssl/nginx.key -out ssl/nginx.crt

README.md

@@ -10,52 +10,76 @@ Docker image to provide HTML5 VNC interface to access Ubuntu 16.04 LXDE desktop
 Quick Start
 -------------------------
 
-Run the docker image and open port `6080`
+Run the docker container and access with port `6080`
 
 ```
-docker run -it --rm -p 6080:80 dorowu/ubuntu-desktop-lxde-vnc
+docker run -p 6080:80 dorowu/ubuntu-desktop-lxde-vnc
 ```
 
 Browse http://127.0.0.1:6080/
 
 <img src="https://raw.github.com/fcwu/docker-ubuntu-vnc-desktop/master/screenshots/lxde.png?v1" width=700/>
 
 
-Connect with VNC Viewer and protect by VNC Password
+VNC Viewer
 ------------------
 
 Forward VNC service port 5900 to host by
 
 ```
-docker run -it --rm -p 6080:80 -p 5900:5900 dorowu/ubuntu-desktop-lxde-vnc
+docker run -p 6080:80 -p 5900:5900 dorowu/ubuntu-desktop-lxde-vnc
 ```
 
 Now, open the vnc viewer and connect to port 5900. If you would like to protect vnc service by password, set environment variable `VNC_PASSWORD`, for example
 
 ```
-docker run -it --rm -p 6080:80 -p 5900:5900 -e VNC_PASSWORD=mypassword dorowu/ubuntu-desktop-lxde-vnc
+docker run -p 6080:80 -p 5900:5900 -e VNC_PASSWORD=mypassword dorowu/ubuntu-desktop-lxde-vnc
 ```
 
 A prompt will ask password either in the browser or vnc viewer.
 
+HTTP Base Authentication
+---------------------------
+
+This image provides base access authentication of HTTP via `HTTP_PASSWORD`
+
+```
+docker run -p 6080:80 -e HTTP_PASSWORD=mypassword dorowu/ubuntu-desktop-lxde-vnc
+```
+
+SSL
+--------------------
+
+To connect with SSL, generate self signed SSL certificate first if you don't have it
+
+```
+mkdir -p ssl
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ssl/nginx.key -out ssl/nginx.crt
+```
+
+Specify SSL port by `SSL_PORT`, certificate path to `/etc/nginx/ssl`, and forward it to 6081
+
+```
+docker run -p 6081:443 -e SSL_PORT=443 -v ${PWD}/ssl:/etc/nginx/ssl dorowu/ubuntu-desktop-lxde-vnc
+```
 
 Screen Resolution
 ------------------
 
 The Resolution of virtual desktop adapts browser window size when first connecting the server. You may choose a fixed resolution by passing `RESOLUTION` environment variable, for example
 
 ```
-docker run -it --rm -p 6080:80 -e RESOLUTION=1920x1080 dorowu/ubuntu-desktop-lxde-vnc
+docker run -p 6080:80 -e RESOLUTION=1920x1080 dorowu/ubuntu-desktop-lxde-vnc
 ```
 
 
-Default User
-------------------
+Default Desktop User
+--------------------
 
 The default user is `root`. You may change the user and password respectively by `USER` and `PASSWORD` environment variable, for example,
 
 ```
-docker run -it --rm -p 6080:80 -e USER=doro -e PASSWORD=password dorowu/ubuntu-desktop-lxde-vnc
+docker run -p 6080:80 -e USER=doro -e PASSWORD=password dorowu/ubuntu-desktop-lxde-vnc
 ```
 
 Troubleshooting and FAQ

image/etc/nginx/sites-enabled/default

@@ -1,6 +1,14 @@
 server {
 	listen 80 default_server;
-#listen [::]:6080 default_server ipv6only=on;
+    # listen [::]:80 default_server ipv6only=on;
+
+    #_SSL_PORT_#listen 443 ssl default_server;
+    #_SSL_PORT_#listen [::]:443 ssl default_server ipv6only=on;
+    #_SSL_PORT_#ssl_certificate /etc/nginx/ssl/nginx.crt;
+    #_SSL_PORT_#ssl_certificate_key /etc/nginx/ssl/nginx.key;
+
+    #_HTTP_PASSWORD_#auth_basic "Private Property";
+    #_HTTP_PASSWORD_#auth_basic_user_file /etc/nginx/.htpasswd;
 
 	root /usr/share/nginx/html;
 	index index.html index.htm;

image/startup.sh

@@ -15,9 +15,10 @@ fi
 USER=${USER:-root}
 HOME=/root
 if [ "$USER" != "root" ]; then
+    echo "* enable custom user: $USER"
     useradd --create-home --shell /bin/bash --user-group --groups adm,sudo $USER
     if [ -z "$PASSWORD" ]; then
-        echo set default password to \"ubuntu\"
+        echo "  set default password to \"ubuntu\""
         PASSWORD=ubuntu
     fi
     HOME=/home/$USER
@@ -32,10 +33,25 @@ mkdir -p $HOME/.config/pcmanfm/LXDE/
 ln -sf /usr/local/share/doro-lxde-wallpapers/desktop-items-0.conf $HOME/.config/pcmanfm/LXDE/
 chown -R $USER:$USER $HOME
 
-# nginx
-sed -i 's#worker_processes .*#worker_processes 1;#' /etc/nginx/nginx.conf
+# nginx workers
+sed -i 's|worker_processes .*|worker_processes 1;|' /etc/nginx/nginx.conf
+
+# nginx ssl
+if [ -n "$SSL_PORT" ] && [ -e "/etc/nginx/ssl/nginx.key" ]; then
+    echo "* enable SSL"
+	sed -i 's|#_SSL_PORT_#\(.*\)443\(.*\)|\1'$SSL_PORT'\2|' /etc/nginx/sites-enabled/default
+	sed -i 's|#_SSL_PORT_#||' /etc/nginx/sites-enabled/default
+fi
+
+# nginx http base authentication
+if [ -n "$HTTP_PASSWORD" ]; then
+    echo "* enable HTTP base authentication"
+    htpasswd -bc /etc/nginx/.htpasswd $USER $HTTP_PASSWORD
+	sed -i 's|#_HTTP_PASSWORD_#||' /etc/nginx/sites-enabled/default
+fi
 
 # clearup
 PASSWORD=
+HTTP_PASSWORD=
 
-exec /bin/tini -- /usr/bin/supervisord -n
+exec /bin/tini -- /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf