This is a Dockerised vnc viewer application that can be used to easily connect to and create an overview of multiple containers running VNC servers. (e.g. pixnyb/dockerised-vscode). It is based on Next.JS and noVNC and automatically translates WebSocket connections to TCP socket connections.
docker build -t vnc-viewer .# Docker
docker run -d -p 3000:3000 \
-v /var/run/docker.sock:/var/run/docker.sock \
pixnyb/vnc-viewer
# Kubernetes
kubectl run vnc-viewer \
--image=pixnyb/vnc-viewer:latest \
--restart=Always \
--port=3000 \
--overrides='
{
"apiVersion": "v1",
"spec": {
"containers": [
{
"name": "vnc-viewer",
"image": "pixnyb/vnc-viewer:latest",
"volumeMounts": [
{
"name": "docker-sock",
"mountPath": "/var/run/docker.sock"
}
]
}
],
"volumes": [
{
"name": "docker-sock",
"hostPath": {
"path": "/var/run/docker.sock"
}
}
]
}
}'Warning
The container in itself doesn't have any security measures implemented. It is recommended to run the container in a secure environment. (e.g. behind traefik with authentication middleware such as pixnyb/authentication-proxy)
The following environment variables can be set to configure the application:
| Variable | Description | Default |
|---|---|---|
DISABLE_CREDITS |
Whether the credits should be disabled or not | false |
RUNTIME |
Determines whether the application should be running in docker or kubernetes mode | docker |
The application is capable of discovering VNC servers running in other containers. To enable this feature, you need to add the following labels to the container running the VNC server:
# Example docker-compose.yml
labels:
- "vnc-viewer.enable=true"
- "vnc-viewer.label=My VNC Server" # Optional
- "vnc-viewer.port=5900" # Optional, defaults to 5900
# Example podmanifests
metadata:
labels:
dev.roelc.vnc-viewer/enable: "true"
dev.roelc.vnc-viewer/label: "My VNC Server" # Optional
dev.roelc.vnc-viewer/port: "5900" # Optional, defaults to 5900Note
Docker > The containers must both exist in the same network. Otherwise no connection to the VNC server can be established.
Note
Docker > The container offers Docker Swarm support. When running in a Docker Swarm, make sure to constrain the service to manager nodes only. Otherwise, the application won't be able to discover the VNC servers.
deploy:
placement:
constraints:
- node.role == managerNote
Kubernetes > The application uses the Kubernetes API to discover the VNC servers. Make sure that the application has the necessary permissions to access the API. This can be done by creating a service account and binding it to a role with the necessary permissions.
apiVersion: v1
kind: ServiceAccount
metadata:
name: vnc-viewer
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: vnc-viewer-cluster-role
rules:
- apiGroups:
- ""
resources:
- pods
- services
- namespaces
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: vnc-viewer-cluster-role-binding
subjects:
- kind: ServiceAccount
name: vnc-viewer
namespace: default
roleRef:
kind: ClusterRole
name: vnc-viewer-cluster-role
apiGroup: rbac.authorization.k8s.ioNote
When authentication is necessary to connect to a vnc server, a login form will be displayed. Not all vnc servers accept a username, so the username field is optional.
Warning
The application doesn't currently check if a socket should be connected to. The WebSocket connection can be used to connect to any host and port, this makes the application vulnerable to attacks. It is recommended to run the application in a secure environment with an isolated network.
This feature currently isn't implemented. The container is designed to be used as an interface for managing other containers running VNC servers.
Contributions are welcome, please read the CONTRIBUTING.md file for more information.
