Add an NGINX reverse proxy to handle htpasswd

ef3cccb6 · David Beniamine · 8181cb00 · ef3cccb6 · ef3cccb6 · ef3cccb6
Verified Commit ef3cccb6 authored 3 months ago by David Beniamine
--- a/docker-compose.yml
+++ b/docker-compose.yml
 services:
+  front:
+    build:
+      context: ./docker/front
+    volumes:
+      - type: volume
+        source: homedir
+        target: /etc/kasm
+        volume:
+          subpath: kasm-user/
  kasm:
    build:
-      context: ./docker/
+      context: ./docker/kasm
      target: kasmvnc-base
      args:
        - SPYDER=${SPYDER}
@@ -16,7 +25,7 @@ services:
      - SPYDER=${SPYDER}
      - ANACONDA=${ANACONDA}
      - KASM_USER=${VNC_USER}
-      - VNCOPTIONS=-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7 -DLP_ClipDelay=0 -select-de manual -UnixRelay printer:/tmp/printer -allowoverride AcceptPointerEvents,BlacklistTimeout,BlacklistThreshold -blacklistthreshold 1000 -blacklisttimeout 1"
+      - VNCOPTIONS=-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7 -DLP_ClipDelay=0 -select-de manual -UnixRelay printer:/tmp/printer -allowoverride AcceptPointerEvents  -disableBasicAuth
 volumes:

--- a/docker/front/Dockerfile
+++ b/docker/front/Dockerfile
+FROM nginx:latest
+COPY nginx.conf /etc/nginx/conf.d/kasm.conf
+COPY start.sh /docker-entrypoint.d
--- a/docker/front/nginx.conf
+++ b/docker/front/nginx.conf
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name nginx;
+    ssl_certificate      /etc/nginx/certs/nginx.crt;
+    ssl_certificate_key  /etc/nginx/certs/nginx.key;
+    location / {
+       auth_basic           "Administrator’s Area";
+       auth_basic_user_file /etc/kasm/.nginxpasswd;
+       proxy_set_header X-Real-IP $remote_addr;
+       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+       proxy_http_version 1.1;
+       proxy_set_header Upgrade $http_upgrade;
+       proxy_set_header Connection "upgrade";
+       proxy_set_header Host $http_host;
+       proxy_cache_bypass $http_upgrade;
+       proxy_pass https://kasm:6901/;
+     }
+}
--- a/docker/front/start.sh
+++ b/docker/front/start.sh
+#!/bin/bash
+mkdir -p /etc/nginx/certs
+echo -e "FR\n\n\n\n\n\n\n" | openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+        -keyout /etc/nginx/certs/nginx.key -out /etc/nginx/certs/nginx.crt
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
--- a/docker/change_password.sh
+++ b/docker/change_password.sh
@@ -10,6 +10,7 @@ if [ "$password" == "$confirm" ]; then
    message=$(echo -e "$password\n$password\n" | kasmvncpasswd -u $KASM_USER -wo 2>&1)
    if [ $? -eq 0 ]; then
        cp $HOME/.kasmpasswd $HOME/.kasmpasswd.persist
+        cut -d : -f 1-2 $HOME/.kasmpasswd > $HOME/.nginxpasswd
        # Restart the VNC server
        kill $(cat .vnc/*.pid)
        icon="info"

--- a/docker/custom_startup.sh
+++ b/docker/custom_startup.sh
@@ -41,6 +41,7 @@ if [ -f "$HOME/.kasmpasswd.persist" ]; then
    cp $HOME/.kasmpasswd.persist $HOME/.kasmpasswd
    chown 600 $HOME/.kasmpasswd
 fi
+cut -d : -f 1-2 $HOME/.kasmpasswd > $HOME/.nginxpasswd
 # We should not exit
 sleep infinity
--- a/ports.yml
+++ b/ports.yml
 services:
-  kasm:
+  front:
    ports:
-      - ${PORT}:6901
+      - ${PORT}:443