starred/docker-android
1
0
Fork 0
mirror of https://github.com/budtmo/docker-android.git synced 2026-04-25 12:15:52 +03:00
Code Issues 21 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #194] Protect container with basic authentification #136

New issue
Closed
opened 2026-03-01 15:40:49 +03:00 by kerem · 4 comments
kerem commented 2026-03-01 15:40:49 +03:00
Owner
Copy link

Originally created by @yousefchtourou on GitHub (Aug 25, 2019).
Original GitHub issue: https://github.com/budtmo/docker-android/issues/194

💬 Questions and Help

Any idea to protect this container ?

any body in LAN ,
emulator_samsung_galaxy_s6
can press Ctrl+alt+supper to shutdown the emulator and fail the application

Originally created by @yousefchtourou on GitHub (Aug 25, 2019). Original GitHub issue: https://github.com/budtmo/docker-android/issues/194 ## 💬 Questions and Help Any idea to protect this container ? any body in LAN , ![emulator_samsung_galaxy_s6](https://user-images.githubusercontent.com/45118325/63649049-ac06df80-c730-11e9-95aa-b486631ec969.png) can press Ctrl+alt+supper to shutdown the emulator and fail the application
kerem closed this issue 2026-03-01 15:40:50 +03:00
kerem commented 2026-03-01 15:40:50 +03:00
Author
Owner
Copy link

@Arne-B commented on GitHub (Aug 28, 2019):

Yeah, NoVNC uses websockify to provide a webserver. Websockify supports auth plugins, but the noVNC start script does not use this feature (as far as i could tell in a quick check). (${WEBSOCKIFY} ${SSLONLY} --web ${WEB} ${CERT:+--cert ${CERT}} ${KEY:+--key ${KEY}} ${PORT} ${VNC_DEST} ${RECORD_ARG} &)
This means, that this script from noVNC needs to be changed first, before support could be added in this project.

EDIT: I just saw, we are using a version from 2016, might be a good idea to update...

<!-- gh-comment-id:525649575 --> @Arne-B commented on GitHub (Aug 28, 2019): Yeah, NoVNC uses websockify to provide a webserver. Websockify supports auth plugins, but the noVNC start script does not use this feature (as far as i could tell in a quick check). (${WEBSOCKIFY} ${SSLONLY} --web ${WEB} ${CERT:+--cert ${CERT}} ${KEY:+--key ${KEY}} ${PORT} ${VNC_DEST} ${RECORD_ARG} &) This means, that this script from noVNC needs to be changed first, before support could be added in this project. EDIT: I just saw, we are using a version from 2016, might be a good idea to update...
kerem commented 2026-03-01 15:40:51 +03:00
Author
Owner
Copy link

@ychtourou commented on GitHub (Aug 28, 2019):

protect by basic authentification for example

<!-- gh-comment-id:525661351 --> @ychtourou commented on GitHub (Aug 28, 2019): protect by basic authentification for example
kerem commented 2026-03-01 15:40:51 +03:00
Author
Owner
Copy link

@Arne-B commented on GitHub (Aug 28, 2019):

setting a vnc password with
RUN mkdir /root/.vnc/
&& x11vnc -storepasswd password /root/.vnc/passwd

and running vnc with
command=/usr/bin/x11vnc -display %(ENV_DISPLAY)s -usepw -forever -shared

would make sure, that every vnc access it at least secure by a global default password which then must be changed at runtime.
I would suggest to introduce some ENV VAR which, if set, sets the vnc password and enables it.
The default can still be no password, because its an active choice to forward the vnc ports and enable external access.

<!-- gh-comment-id:525692674 --> @Arne-B commented on GitHub (Aug 28, 2019): setting a vnc password with RUN mkdir /root/.vnc/ \ && x11vnc -storepasswd password /root/.vnc/passwd and running vnc with command=/usr/bin/x11vnc -display %(ENV_DISPLAY)s -usepw -forever -shared would make sure, that every vnc access it at least secure by a global default password which then must be changed at runtime. I would suggest to introduce some ENV VAR which, if set, sets the vnc password and enables it. The default can still be no password, because its an active choice to forward the vnc ports and enable external access.
kerem commented 2026-03-01 15:40:51 +03:00
Author
Owner
Copy link

@budtmo commented on GitHub (Sep 11, 2019):

Hi @ychtourou,

I dont give it, because it make easier to integrate with other tools (e.g. zalenium) and easier for user to open it (the user do not need to give the credentials everytime they want to see what happening and for testing purpose in my opinion it should be secured enough because you are in the same company network). probably the easiest solution is that you dont need to open any the vnc port and use screen recording if you want to see what happening during test execution. but you can share your use case why you want to protect the container in the same network, so maybe we can discuss the next step.

I will close it for now, but feel free to reopen it.

<!-- gh-comment-id:530319214 --> @budtmo commented on GitHub (Sep 11, 2019): Hi @ychtourou, I dont give it, because it make easier to integrate with other tools (e.g. zalenium) and easier for user to open it (the user do not need to give the credentials everytime they want to see what happening and for testing purpose in my opinion it should be secured enough because you are in the same company network). probably the easiest solution is that you dont need to open any the vnc port and use screen recording if you want to see what happening during test execution. but you can share your use case why you want to protect the container in the same network, so maybe we can discuss the next step. I will close it for now, but feel free to reopen it.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v3.3.0-p0
v3.2.2-p0
v3.2.0-p0
v3.1.1-p0
v3.1.0-p0
v3.0.2-p2
v3.0.2-p1
v3.0.2-p0
v3.0.1-p1
v3.0.1-p0
v2.19.0-p2
v2.19.0-p1
v2.19.0-p0
v2.18.0-p0
v2.16.2-p0
v2.15.0-p1
v2.15.0-p0
v2.11.4-p0
v2.11.2-p0
v2.11.1-p0
v2.5.4-p1
v2.5.4-p0
v2.5.1-p0
v2.5.0-p0
v2.4.1-p0
v2.3.0-p1
v2.3.0-p0
v2.2.2-p0
v2.1.3-p1
v2.1.3-p0
v2.0.1-p1
v2.0.0-p6
v2.0-p5
v2.0-p4
v2.0-p3
v2.0-p2
v2.0-p1
v1.10-p7
v1.10-p6
v1.10-p5
v1.10-p4
v1.10-p3
v1.10-p2
v1.10-p1
v1.9-p8
v1.9-p7
v1.9-p6
v1.9-p5
1.9-p4
1.9-p3
1.9-p2
1.9-p1
1.9-p0
1.8-p16
1.8-p15
1.8-p14
1.8-p13
1.8-p12
1.8-p11
1.8-p10
1.8-p9
1.8-p8
1.8-p7
1.8-p6
1.8-p5
1.8-p4
1.8-p3
1.8-p2
1.8-p1
1.8-p0
1.7-p1
1.7-p0
1.6-p8
1.6-p7
1.6-p6
1.6-p5
1.6-p4
1.6-p3
1.6-p2
1.6-p1
1.6-p0
1.5-p6
1.5-p5
1.5-p4
1.5-p3
1.5-p2
1.5-p1
1.5-p0
1.4-p1
1.4-p0
1.3-p5
1.3-p4
1.3-p3
1.3-p2
1.3-p1
1.3-p0
1.2
1.1-p1
1.1
1.0
0.9-p5
0.9-p4
0.9-p3
0.9-p2
0.9-p1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
Labels
Clear labels   
bug

   
depends_on_docker

   
enhancement

   
help wanted

   
nice to have

   
waiting for response
No labels
bug
depends_on_docker
enhancement
help wanted
nice to have
waiting for response
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-android#136
No description provided.