Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add a kasm blurb that can be used on all KasmVNC based images #290

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

add a kasm blurb that can be used on all KasmVNC based images #290

wants to merge 3 commits into from
+131 −0

Conversation

thelamer
Copy link
Member

@thelamer thelamer commented Oct 3, 2024

This can be setup to add information after the app setup block using the following variables:

# kasm variables
kasm_blurb: true
external_http_port: "3000"
external_https_port: "3001"
noto_fonts: "font-noto-cjk"
show_nvidia: true

If only the kasm_blurb: true is set all defaults will be set as laid out here minus the nvidia support that needs to be specifically enabled for images that support it as Alpine does not. The Alpine blurb in the Nvidia section is to cover us for webtop or other images that may be multi distro base in the future.

The ports are needed for images that are off the default 3000 and 3001, the maintainer will need to know what font noto package to use for their image base flavor here are the current packages:

Arch: noto-fonts-cjk
Debian/Ubuntu: fonts-noto-cjk
Alpine: font-noto-cjk
Fedora: google-noto-cjk-fonts

IE for webtop the inline readme-vars.yml will look like this:

# application setup block
app_setup_block_enabled: true
app_setup_block: |
  The Webtop can be accessed at:

  * http://yourhost:3000/
  * https://yourhost:3001/

# kasm variables
kasm_blurb: true
external_http_port: "3000"
external_https_port: "3001"
noto_fonts: "font-noto-cjk"
show_nvidia: true

@thelamer thelamer requested a review from a team October 3, 2024 15:58
@LinuxServer-CI
Copy link
Contributor

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/jenkins-builder/077de28a-pkg-077de28a-dev-274fadc74589bf38faeff104093537b0c1e57088-pr-290/index.html
https://ci-tests.linuxserver.io/lspipepr/jenkins-builder/077de28a-pkg-077de28a-dev-274fadc74589bf38faeff104093537b0c1e57088-pr-290/shellcheck-result.xml

Tag Passed
amd64-077de28a-pkg-077de28a-dev-274fadc74589bf38faeff104093537b0c1e57088-pr-290
arm64v8-077de28a-pkg-077de28a-dev-274fadc74589bf38faeff104093537b0c1e57088-pr-290

@LinuxServer-CI
Copy link
Contributor

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/jenkins-builder/077de28a-pkg-077de28a-dev-e2e748ac880fb15d6dc3d53f3185092544183d46-pr-290/index.html
https://ci-tests.linuxserver.io/lspipepr/jenkins-builder/077de28a-pkg-077de28a-dev-e2e748ac880fb15d6dc3d53f3185092544183d46-pr-290/shellcheck-result.xml

Tag Passed
amd64-077de28a-pkg-077de28a-dev-e2e748ac880fb15d6dc3d53f3185092544183d46-pr-290
arm64v8-077de28a-pkg-077de28a-dev-e2e748ac880fb15d6dc3d53f3185092544183d46-pr-290

Roxedus
Roxedus requested changes Oct 3, 2024
View reviewed changes
Copy link
Member

@Roxedus Roxedus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should probably also be on the docs page, by having the same blurb in the docs template.

roles/generate-jenkins/templates/README_SNIPPETS/KASM.j2 Outdated Show resolved Hide resolved
roles/generate-jenkins/templates/README_SNIPPETS/KASM.j2
**Do not put this on the Internet if you do not know what you are doing**

By default this container has no authentication and the optional environment variables `CUSTOM_USER` and `PASSWORD` to enable basic http auth via the embedded NGINX server should only be used to locally secure the container from unwanted access on a local network. If exposing this to the Internet we recommend putting it behind a reverse proxy, such as [SWAG](https://github.com/linuxserver/docker-swag), and ensuring a secure authentication solution is in place.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should mention why exposing it is a bad idea, and the direct consequences.

Suggested change
As this container has easy shell access, it makes it a prime target for automated attacks for i.e. cryptominers, but could also be used to further probe your local network,

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I went with From the web interface a terminal can be launched and it is configured for passwordless sudo, so anyone with access to it can install and run whatever they want along with probing your local network. let me know if this is sufficient.

@LinuxServer-CI
Copy link
Contributor

I am a bot, here are the test results for this PR:
https://ci-tests.linuxserver.io/lspipepr/jenkins-builder/077de28a-pkg-077de28a-dev-2a39d03ad61982e7ec8d12fdde5a62d27f2fb362-pr-290/index.html
https://ci-tests.linuxserver.io/lspipepr/jenkins-builder/077de28a-pkg-077de28a-dev-2a39d03ad61982e7ec8d12fdde5a62d27f2fb362-pr-290/shellcheck-result.xml

Tag Passed
amd64-077de28a-pkg-077de28a-dev-2a39d03ad61982e7ec8d12fdde5a62d27f2fb362-pr-290
arm64v8-077de28a-pkg-077de28a-dev-2a39d03ad61982e7ec8d12fdde5a62d27f2fb362-pr-290

@thelamer thelamer requested a review from a team October 5, 2024 20:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Roxedus Roxedus Roxedus requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Issue & PR Tracker
Status: PRs Ready For Team Review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thelamer @LinuxServer-CI @Roxedus