Skip to content
This repository has been archived by the owner on Sep 21, 2021. It is now read-only.

vnc authentication seems to be not working #1231

Open
h-bahrami opened this issue May 3, 2021 · 4 comments
Open

vnc authentication seems to be not working #1231

h-bahrami opened this issue May 3, 2021 · 4 comments

Comments

@h-bahrami
Copy link

h-bahrami commented May 3, 2021
edited

Hi,
I am trying to secure the VNC traffic by Nginx's secure_link_module or something like that, after finding it not working I tried to understand what's the problem then I see that VncAuthenticationServlet implemented to do the authentication, but it seems that it does not receive/check the requests.

So based on the Nginx config (below) all the requests to proxy/ip:port/websockify should be authenticated by VncAuthenticationServlet, I put a couple of LOGGER.info calls to see how can I customize it for my own purpose, but no logs were captured.

Please help me figure out if this part is not working at all or I'm missing something here.
It worth mentioning that the Zalenium is hosted inside Kubernetes the noVNC client works perfectly through HTTPS (WSS).

location ~ ^{{contextPath}}/proxy/(.*):(\d+)/websockify$ {
            
            # secure_link_secret @mysecret;
            # if ($secure_link = "") { return 403; }

            auth_request {{contextPath}}/auth;
            proxy_http_version 1.1;
            proxy_pass http://$1:$2/;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            # VNC connection timeout
            proxy_read_timeout 61s;

            # Disable cache
            proxy_buffering off;
        }
        location {{contextPath}}/auth {
            internal;
            proxy_pass http://127.0.0.1:4445/vnc/auth;
            proxy_pass_request_body off;
            proxy_set_header        Content-Length "";
            proxy_set_header        X-Original-URI $request_uri;
        }
@h-bahrami h-bahrami changed the title vnc authentication seems to not working vnc authentication seems to be not working May 3, 2021
@pearj
Copy link
Collaborator

pearj commented May 3, 2021
edited

Zalenium already supports basic auth. You shouldn’t need to be modifying any nginx config. You just need to enable the basic auth support in Zalenium.

See https://opensource.zalando.com/zalenium/
Look for the “Enabling basic auth” section

@pearj pearj closed this as completed May 3, 2021
@h-bahrami
Copy link
Author

h-bahrami commented May 3, 2021
edited

Zalenium already supports basic auth. You shouldn’t need to be modifying any nginx config. You just need to enable the basic auth support in Zalenium.

See https://opensource.zalando.com/zalenium/
Look for the “Enabling basic auth” section

That I've already enabled and it works Ok, but it does not protect /proxy/ip:port/websockify, I can send a test case to Zalenium (with basic auth of course) and then start noVNC client with no basic auth headers and receive traffic.

@pearj
Copy link
Collaborator

pearj commented May 3, 2021

Oh that's interesting. Will leave this open then. I'm sure you are aware that development has stopped on this project, so it isn't going to be fixed on its own.

@pearj pearj reopened this May 3, 2021
@h-bahrami
Copy link
Author

Oh that's interesting. Will leave this open then. I'm sure you are aware that development has stopped on this project, so it isn't going to be fixed on its own.

Ok, I am aware of that, I was hoping that someone from the team or anyone who knows what's the problem can give me some hints perhaps I could fix it myself, I've already made a couple of small modifications in the Zalenium.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pearj @h-bahrami