f2538f337d
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
noVNC: HTML5 VNC Client
Description
noVNC is a VNC client implemented using HTML5 technologies, specifically Canvas and WebSockets (supports 'wss://' encryption). noVNC is licensed under the LGPLv3.
Special thanks to Sentry Data Systems for sponsoring ongoing development of this project (and for employing me).
Notable commits, announcements and news are posted to @noVNC
Screenshots
Running in Chrome before and after connecting:
See more screenshots here.
Projects/Companies using noVNC
-
Sentry Data Systems: uses noVNC in the Datanex Cloud Computing Platform.
-
Ganeti Web Manager: Feature #1935.
-
openQRM: VNC plugin available by request. Probably included in version 4.8. Video demo.
Browser Requirements
-
HTML5 Canvas: Except for Internet Explorer, most browsers have had Canvas support for quite some time. Internet Explorer 9 will have Canvas support (finally).
-
HTML5 WebSockets: For browsers that do not have builtin WebSockets support, the project includes web-socket-js, a WebSockets emulator using Adobe Flash.
-
Fast Javascript Engine: noVNC avoids using new Javascript functionality so it will run on older browsers, but decode and rendering happen in Javascript, so a slow Javascript engine will mean noVNC is painfully slow.
-
I maintain a more detailed list of browser compatibility here.
Server Requirements
Unless you are using a VNC server with support for WebSockets connections (only my fork of libvncserver currently), you need to use a WebSockets to TCP socket proxy. There is a python proxy included ('wsproxy'). One advantage of using the proxy is that it has builtin support for SSL/TLS encryption (i.e. "wss://").
There a few reasons why a proxy is required:
-
WebSockets is not a pure socket protocol. There is an initial HTTP like handshake to allow easy hand-off by web servers and allow some origin policy exchange. Also, each WebSockets frame begins with 0 ('\x00') and ends with 255 ('\xff').
-
Javascript itself does not have the ability to handle pure byte arrays. The python proxy encodes the data as base64 so that the Javascript client can decode the data as an integer array.
Quick Start
-
Use the launch script to start a mini-webserver and the WebSockets proxy. The
--vncoption is used to specify the location of a running VNC server:./utils/launch.sh --vnc localhost:5901 -
Point your browser to the cut-and-paste URL that is output by the launch script. Enter a password if the VNC server has one configured. Hit the Connect button and enjoy!
Advanced usage
-
To encrypt the traffic using the WebSocket 'wss://' URI scheme you need to generate a certificate for the proxy to load. By default the proxy loads a certificate file name
self.pembut the--cert=CERToption can override the file name. You can generate a self-signed certificate using openssl. When asked for the common name, use the hostname of the server where the proxy will be running:openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem -
tightvncprovide a nice startup script that can be used to run a separate X desktop that is served by VNC. To install and run the server under Ubuntu you would do something like this:sudo apt-get install tightvncservervncserver :1The VNC server will run in the background. The port that it runs on is the display number + 5900 (i.e. 5901 in the case above).
-
x11vnccan be used to share your current X desktop. Note that if you run noVNC on the X desktop you are connecting to via VNC you will get a neat hall of mirrors effect, but the the client and server will fight over the mouse.sudo apt-get install x11vncx11vnc -forever -display :0Without the
-foreveroption, x11vnc will exit after the first disconnect. The-displayoption indicates the exiting X display to share. The port that it runs on is the display number + 5900 (i.e. 5900 in the case above). -
To run the python proxy directly without using launch script (to pass additional options for example):
./utils/wsproxy.py source_port target_addr:target_port./utils/wsproxy.py 8787 localhost:5901 -
To activate the mini-webserver in wsproxy.py use the
--web DIRoption:./utils/wsproxy.py --web ./ 8787 localhost:5901 -
Point your web browser at http://localhost:8787/vnc.html. On the page enter the location where the proxy is running (localhost and 8787) and the password that the vnc server is using (if any). Hit the Connect button.
-
If you are using python 2.3 or 2.4 and you want wsproxy to support 'wss://' (TLS) then see the wsproxy README for instructions on building the ssl module.
Integration
The client is designed to be easily integrated with existing web structure and style.
At a minimum you must include the vnc.js and ui.js scripts and
call UI.load(). For example:
<head>
<script src='include/vnc.js'></script>
<script src="include/ui.js"></script>
</head>
<body>
<div id='vnc'>Loading</div>
<script>
window.onload = function () {
UI.load('vnc');
}
</script>
</body>
See vnc.html and vnc_auto.html for examples. The file
include/plain.css has a list of stylable elements.
The vnc.js also includes other scripts within the include
sub-directory. The VNC_uri_prefix variable can be use override the
URL path to the include sub-directory.
Troubleshooting
You will need console logging support in the browser. Recent Chrome and Opera versions have built in support. Firefox has a nice extension called "firebug" that gives console logging support.
First, load the noVNC page with logging=debug added to the query string.
For example vnc.html?logging=debug.
Then, activate the console logger in your browser. With Chrome it can be activate using Ctrl+Shift+J and then switching to the "Console" tab. With firefox+firebug, it can be activated using Ctrl+F12.
Now reproduce the problem. The console log output will give more information about what is going wrong and where in the code the problem is located.
If you file a issue/bug, it is very helpful for me to have the last page of console output leading up the problem in the issue report. Other helpful issue/bug information: browser version, OS version, noVNC git version, and VNC server name/version.