-
-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add a kasm blurb that can be used on all KasmVNC based images #290
base: master
Are you sure you want to change the base?
Conversation
I am a bot, here are the test results for this PR:
|
I am a bot, here are the test results for this PR:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably also be on the docs page, by having the same blurb in the docs template.
**Do not put this on the Internet if you do not know what you are doing** | ||
|
||
By default this container has no authentication and the optional environment variables `CUSTOM_USER` and `PASSWORD` to enable basic http auth via the embedded NGINX server should only be used to locally secure the container from unwanted access on a local network. If exposing this to the Internet we recommend putting it behind a reverse proxy, such as [SWAG](https://github.com/linuxserver/docker-swag), and ensuring a secure authentication solution is in place. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should mention why exposing it is a bad idea, and the direct consequences.
As this container has easy shell access, it makes it a prime target for automated attacks for i.e. cryptominers, but could also be used to further probe your local network, | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I went with From the web interface a terminal can be launched and it is configured for passwordless sudo, so anyone with access to it can install and run whatever they want along with probing your local network.
let me know if this is sufficient.
I am a bot, here are the test results for this PR:
|
This can be setup to add information after the app setup block using the following variables:
If only the
kasm_blurb: true
is set all defaults will be set as laid out here minus the nvidia support that needs to be specifically enabled for images that support it as Alpine does not. The Alpine blurb in the Nvidia section is to cover us for webtop or other images that may be multi distro base in the future.The ports are needed for images that are off the default 3000 and 3001, the maintainer will need to know what font noto package to use for their image base flavor here are the current packages:
Arch: noto-fonts-cjk
Debian/Ubuntu: fonts-noto-cjk
Alpine: font-noto-cjk
Fedora: google-noto-cjk-fonts
IE for webtop the inline readme-vars.yml will look like this: