diff options
| -rw-r--r-- | README.md | 33 | ||||
| -rw-r--r-- | docker/Dockerfile | 21 | ||||
| -rwxr-xr-x | docker/docker-entrypoint.sh | 6 | ||||
| -rw-r--r-- | tests/test_token_plugins.py | 20 | ||||
| -rw-r--r-- | websockify/token_plugins.py | 4 |
5 files changed, 72 insertions, 12 deletions
@@ -168,3 +168,36 @@ before running `python3 setup.py install`. Afterwards, websockify should be available in your path. Run `websockify --help` to confirm it's installed correctly. + + +### Running with Docker/Podman +You can also run websockify using Docker, Podman, Singularity, udocker or +your favourite container runtime that support OCI container images. + +The entrypoint of the image is the `run` command. + +To build the image: +``` +cd docker +docker build -t novnc/websockify . +``` + +Once built you can just launch it with the same +arguments you would give to the `run` command and taking care of +assigning the port mappings: +``` +docker run -it --rm -p <port>:<container_port> novnc/websockify <container_port> <run_arguments> +``` + +For example to forward traffic from local port 7000 to 10.1.1.1:5902 +you can use: +``` +docker run -it --rm -p 7000:80 novnc/websockify 80 10.1.1.1:5902 +``` + +If you need to include files, like for example for the `--web` or `--cert` +options you can just mount the required files in the `/data` volume and then +you can reference them in the usual way: +``` +docker run -it --rm -p 443:443 -v websockify-data:/data novnc/websockify --cert /data/self.pem --web /data/noVNC :443 --token-plugin TokenRedis --token-source myredis.local:6379 --ssl-only --ssl-version tlsv1_2 +``` diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..535b163 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,21 @@ +FROM python:3.6 + +ENV VERSION 0.10.0 + +RUN mkdir -p /opt/websockify \ + && curl -SL https://github.com/novnc/websockify/archive/refs/tags/v$VERSION.tar.gz \ + | tar xzC /opt/websockify + +RUN python -m pip install 'numpy<1.17' redis simplejson jwcrypto + +VOLUME /data + +EXPOSE 80 +EXPOSE 443 + +WORKDIR /opt/websockify + +COPY docker-entrypoint.sh / + +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["--help"] diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh new file mode 100755 index 0000000..1178553 --- /dev/null +++ b/docker/docker-entrypoint.sh @@ -0,0 +1,6 @@ +#!/bin/sh +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +set -e + +/opt/websockify/websockify-$VERSION/run "$@" diff --git a/tests/test_token_plugins.py b/tests/test_token_plugins.py index 00078c7..3e1fd19 100644 --- a/tests/test_token_plugins.py +++ b/tests/test_token_plugins.py @@ -4,7 +4,7 @@ import unittest from unittest.mock import patch, mock_open, MagicMock -from jwcrypto import jwt +from jwcrypto import jwt, jwk from websockify.token_plugins import ReadOnlyTokenFile, JWTTokenApi, TokenRedis @@ -56,7 +56,7 @@ class JWSTokenTestCase(unittest.TestCase): def test_asymmetric_jws_token_plugin(self): plugin = JWTTokenApi("./tests/fixtures/public.pem") - key = jwt.JWK() + key = jwk.JWK() private_key = open("./tests/fixtures/private.pem", "rb").read() key.import_from_pem(private_key) jwt_token = jwt.JWT({"alg": "RS256"}, {'host': "remote_host", 'port': "remote_port"}) @@ -71,7 +71,7 @@ class JWSTokenTestCase(unittest.TestCase): def test_asymmetric_jws_token_plugin_with_illigal_key_exception(self): plugin = JWTTokenApi("wrong.pub") - key = jwt.JWK() + key = jwk.JWK() private_key = open("./tests/fixtures/private.pem", "rb").read() key.import_from_pem(private_key) jwt_token = jwt.JWT({"alg": "RS256"}, {'host': "remote_host", 'port': "remote_port"}) @@ -85,7 +85,7 @@ class JWSTokenTestCase(unittest.TestCase): def test_jwt_valid_time(self, mock_time): plugin = JWTTokenApi("./tests/fixtures/public.pem") - key = jwt.JWK() + key = jwk.JWK() private_key = open("./tests/fixtures/private.pem", "rb").read() key.import_from_pem(private_key) jwt_token = jwt.JWT({"alg": "RS256"}, {'host': "remote_host", 'port': "remote_port", 'nbf': 100, 'exp': 200 }) @@ -102,7 +102,7 @@ class JWSTokenTestCase(unittest.TestCase): def test_jwt_early_time(self, mock_time): plugin = JWTTokenApi("./tests/fixtures/public.pem") - key = jwt.JWK() + key = jwk.JWK() private_key = open("./tests/fixtures/private.pem", "rb").read() key.import_from_pem(private_key) jwt_token = jwt.JWT({"alg": "RS256"}, {'host': "remote_host", 'port': "remote_port", 'nbf': 100, 'exp': 200 }) @@ -117,7 +117,7 @@ class JWSTokenTestCase(unittest.TestCase): def test_jwt_late_time(self, mock_time): plugin = JWTTokenApi("./tests/fixtures/public.pem") - key = jwt.JWK() + key = jwk.JWK() private_key = open("./tests/fixtures/private.pem", "rb").read() key.import_from_pem(private_key) jwt_token = jwt.JWT({"alg": "RS256"}, {'host': "remote_host", 'port': "remote_port", 'nbf': 100, 'exp': 200 }) @@ -132,7 +132,7 @@ class JWSTokenTestCase(unittest.TestCase): plugin = JWTTokenApi("./tests/fixtures/symmetric.key") secret = open("./tests/fixtures/symmetric.key").read() - key = jwt.JWK() + key = jwk.JWK() key.import_key(kty="oct",k=secret) jwt_token = jwt.JWT({"alg": "HS256"}, {'host': "remote_host", 'port': "remote_port"}) jwt_token.make_signed_token(key) @@ -147,7 +147,7 @@ class JWSTokenTestCase(unittest.TestCase): plugin = JWTTokenApi("wrong_sauce") secret = open("./tests/fixtures/symmetric.key").read() - key = jwt.JWK() + key = jwk.JWK() key.import_key(kty="oct",k=secret) jwt_token = jwt.JWT({"alg": "HS256"}, {'host': "remote_host", 'port': "remote_port"}) jwt_token.make_signed_token(key) @@ -159,8 +159,8 @@ class JWSTokenTestCase(unittest.TestCase): def test_asymmetric_jwe_token_plugin(self): plugin = JWTTokenApi("./tests/fixtures/private.pem") - private_key = jwt.JWK() - public_key = jwt.JWK() + private_key = jwk.JWK() + public_key = jwk.JWK() private_key_data = open("./tests/fixtures/private.pem", "rb").read() public_key_data = open("./tests/fixtures/public.pem", "rb").read() private_key.import_from_pem(private_key_data) diff --git a/websockify/token_plugins.py b/websockify/token_plugins.py index 4dc29de..19005d3 100644 --- a/websockify/token_plugins.py +++ b/websockify/token_plugins.py @@ -103,10 +103,10 @@ class JWTTokenApi(BasePlugin): def lookup(self, token): try: - from jwcrypto import jwt + from jwcrypto import jwt, jwk import json - key = jwt.JWK() + key = jwk.JWK() try: with open(self.source, 'rb') as key_file: |