├── .editorconfig ├── .github ├── CONTRIBUTING.md ├── FUNDING.yml ├── ISSUE_TEMPLATE │ ├── config.yml │ ├── issue.bug.yml │ └── issue.feature.yml ├── PULL_REQUEST_TEMPLATE.md └── workflows │ ├── call_issue_pr_tracker.yml │ ├── call_issues_cron.yml │ ├── external_trigger.yml │ ├── external_trigger_scheduler.yml │ ├── greetings.yml │ ├── package_trigger_scheduler.yml │ └── permissions.yml ├── .gitignore ├── Dockerfile ├── Dockerfile.aarch64 ├── Jenkinsfile ├── LICENSE ├── README.md ├── jenkins-vars.yml ├── package_versions.txt ├── readme-vars.yml └── root ├── defaults ├── autostart ├── default.conf ├── menu.xml └── startwm.sh ├── etc ├── cups │ ├── ppd │ │ └── kasm.ppd │ └── start_cups.sh └── s6-overlay │ └── s6-rc.d │ ├── init-config │ └── dependencies.d │ │ └── init-kasmvnc-end │ ├── init-kasmvnc-config │ ├── dependencies.d │ │ └── init-nginx │ ├── run │ ├── type │ └── up │ ├── init-kasmvnc-end │ ├── dependencies.d │ │ └── init-video │ ├── type │ └── up │ ├── init-kasmvnc │ ├── dependencies.d │ │ └── init-os-end │ ├── type │ └── up │ ├── init-nginx │ ├── dependencies.d │ │ └── init-kasmvnc │ ├── run │ ├── type │ └── up │ ├── init-video │ ├── dependencies.d │ │ └── init-kasmvnc-config │ ├── run │ ├── type │ └── up │ ├── svc-de │ ├── dependencies.d │ │ ├── init-services │ │ └── svc-nginx │ ├── run │ └── type │ ├── svc-docker │ ├── dependencies.d │ │ ├── init-services │ │ └── svc-de │ ├── run │ └── type │ ├── svc-kasmvnc │ ├── dependencies.d │ │ ├── init-services │ │ └── svc-pulseaudio │ ├── run │ └── type │ ├── svc-kclient │ ├── dependencies.d │ │ ├── init-services │ │ └── svc-kasmvnc │ ├── run │ └── type │ ├── svc-nginx │ ├── dependencies.d │ │ ├── init-services │ │ └── svc-kclient │ ├── run │ └── type │ ├── svc-pulseaudio │ ├── dependencies.d │ │ └── init-services │ ├── run │ └── type │ └── user │ └── contents.d │ ├── init-config │ ├── init-kasmvnc │ ├── init-kasmvnc-config │ ├── init-kasmvnc-end │ ├── init-nginx │ ├── init-video │ ├── svc-de │ ├── svc-docker │ ├── svc-kasmvnc │ ├── svc-kclient │ ├── svc-nginx │ └── svc-pulseaudio ├── kasminit └── usr └── local ├── bin └── dockerd-entrypoint.sh └── etc └── kasmvnc ├── kasmvnc.yaml └── kasmvnc.yaml.lsio /.editorconfig: -------------------------------------------------------------------------------- 1 | # This file is globally distributed to all container image projects from 2 | # https://github.com/linuxserver/docker-jenkins-builder/blob/master/.editorconfig 3 | 4 | # top-most EditorConfig file 5 | root = true 6 | 7 | # Unix-style newlines with a newline ending every file 8 | [*] 9 | end_of_line = lf 10 | insert_final_newline = true 11 | # trim_trailing_whitespace may cause unintended issues and should not be globally set true 12 | trim_trailing_whitespace = false 13 | 14 | [{Dockerfile*,**.yml}] 15 | indent_style = space 16 | indent_size = 2 17 | 18 | [{**.sh,root/etc/s6-overlay/s6-rc.d/**,root/etc/cont-init.d/**,root/etc/services.d/**}] 19 | indent_style = space 20 | indent_size = 4 21 | -------------------------------------------------------------------------------- /.github/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to baseimage-kasmvnc 2 | 3 | ## Gotchas 4 | 5 | * While contributing make sure to make all your changes before creating a Pull Request, as our pipeline builds each commit after the PR is open. 6 | * Read, and fill the Pull Request template 7 | * If this is a fix for a typo (in code, documentation, or the README) please file an issue and let us sort it out. We do not need a PR 8 | * If the PR is addressing an existing issue include, closes #\, in the body of the PR commit message 9 | * If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://linuxserver.io/discord) 10 | 11 | ## Common files 12 | 13 | | File | Use case | 14 | | :----: | --- | 15 | | `Dockerfile` | Dockerfile used to build amd64 images | 16 | | `Dockerfile.aarch64` | Dockerfile used to build 64bit ARM architectures | 17 | | `Dockerfile.armhf` | Dockerfile used to build 32bit ARM architectures | 18 | | `Jenkinsfile` | This file is a product of our builder and should not be edited directly. This is used to build the image | 19 | | `jenkins-vars.yml` | This file is used to generate the `Jenkinsfile` mentioned above, it only affects the build-process | 20 | | `package_versions.txt` | This file is generated as a part of the build-process and should not be edited directly. It lists all the installed packages and their versions | 21 | | `README.md` | This file is a product of our builder and should not be edited directly. This displays the readme for the repository and image registries | 22 | | `readme-vars.yml` | This file is used to generate the `README.md` | 23 | 24 | ## Readme 25 | 26 | If you would like to change our readme, please __**do not**__ directly edit the readme, as it is auto-generated on each commit. 27 | Instead edit the [readme-vars.yml](https://github.com/linuxserver/docker-baseimage-kasmvnc/edit/master/readme-vars.yml). 28 | 29 | These variables are used in a template for our [Jenkins Builder](https://github.com/linuxserver/docker-jenkins-builder) as part of an ansible play. 30 | Most of these variables are also carried over to [docs.linuxserver.io](https://docs.linuxserver.io) 31 | 32 | ### Fixing typos or clarify the text in the readme 33 | 34 | There are variables for multiple parts of the readme, the most common ones are: 35 | 36 | | Variable | Description | 37 | | :----: | --- | 38 | | `project_blurb` | This is the short excerpt shown above the project logo. | 39 | | `app_setup_block` | This is the text that shows up under "Application Setup" if enabled | 40 | 41 | ### Parameters 42 | 43 | The compose and run examples are also generated from these variables. 44 | 45 | We have a [reference file](https://github.com/linuxserver/docker-jenkins-builder/blob/master/vars/_container-vars-blank) in our Jenkins Builder. 46 | 47 | These are prefixed with `param_` for required parameters, or `opt_param` for optional parameters, except for `cap_add`. 48 | Remember to enable param, if currently disabled. This differs between parameters, and can be seen in the reference file. 49 | 50 | Devices, environment variables, ports and volumes expects its variables in a certain way. 51 | 52 | ### Devices 53 | 54 | ```yml 55 | param_devices: 56 | - { device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "For hardware transcoding" } 57 | opt_param_devices: 58 | - { device_path: "/dev/dri", device_host_path: "/dev/dri", desc: "For hardware transcoding" } 59 | ``` 60 | 61 | ### Environment variables 62 | 63 | ```yml 64 | param_env_vars: 65 | - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London." } 66 | opt_param_env_vars: 67 | - { env_var: "VERSION", env_value: "latest", desc: "Supported values are LATEST, PLEXPASS or a specific version number." } 68 | ``` 69 | 70 | ### Ports 71 | 72 | ```yml 73 | param_ports: 74 | - { external_port: "80", internal_port: "80", port_desc: "Application WebUI" } 75 | opt_param_ports: 76 | - { external_port: "80", internal_port: "80", port_desc: "Application WebUI" } 77 | ``` 78 | 79 | ### Volumes 80 | 81 | ```yml 82 | param_volumes: 83 | - { vol_path: "/config", vol_host_path: "", desc: "Configuration files." } 84 | opt_param_volumes: 85 | - { vol_path: "/config", vol_host_path: "", desc: "Configuration files." } 86 | ``` 87 | 88 | ### Testing template changes 89 | 90 | After you make any changes to the templates, you can use our [Jenkins Builder](https://github.com/linuxserver/docker-jenkins-builder) to have the files updated from the modified templates. Please use the command found under `Running Locally` [on this page](https://github.com/linuxserver/docker-jenkins-builder/blob/master/README.md) to generate them prior to submitting a PR. 91 | 92 | ## Dockerfiles 93 | 94 | We use multiple Dockerfiles in our repos, this is because sometimes some CPU architectures needs different packages to work. 95 | If you are proposing additional packages to be added, ensure that you added the packages to all the Dockerfiles in alphabetical order. 96 | 97 | ### Testing your changes 98 | 99 | ```bash 100 | git clone https://github.com/linuxserver/docker-baseimage-kasmvnc.git 101 | cd docker-baseimage-kasmvnc 102 | docker build \ 103 | --no-cache \ 104 | --pull \ 105 | -t linuxserver/baseimage-kasmvnc:latest . 106 | ``` 107 | 108 | The ARM variants can be built on x86_64 hardware and vice versa using `lscr.io/linuxserver/qemu-static` 109 | 110 | ```bash 111 | docker run --rm --privileged lscr.io/linuxserver/qemu-static --reset 112 | ``` 113 | 114 | Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`. 115 | 116 | ## Update the changelog 117 | 118 | If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-baseimage-kasmvnc/tree/master/root), add an entry to the changelog 119 | 120 | ```yml 121 | changelogs: 122 | - { date: "DD.MM.YY:", desc: "Added some love to templates" } 123 | ``` 124 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: linuxserver 2 | open_collective: linuxserver 3 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | contact_links: 3 | - name: Discord chat support 4 | url: https://linuxserver.io/discord 5 | about: Realtime support / chat with the community and the team. 6 | 7 | - name: Discourse discussion forum 8 | url: https://discourse.linuxserver.io 9 | about: Post on our community forum. 10 | 11 | - name: Documentation 12 | url: https://docs.linuxserver.io 13 | about: Documentation - information about all of our containers. 14 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/issue.bug.yml: -------------------------------------------------------------------------------- 1 | # Based on the issue template 2 | name: Bug report 3 | description: Create a report to help us improve 4 | title: "[BUG] " 5 | labels: [Bug] 6 | body: 7 | - type: checkboxes 8 | attributes: 9 | label: Is there an existing issue for this? 10 | description: Please search to see if an issue already exists for the bug you encountered. 11 | options: 12 | - label: I have searched the existing issues 13 | required: true 14 | - type: textarea 15 | attributes: 16 | label: Current Behavior 17 | description: Tell us what happens instead of the expected behavior. 18 | validations: 19 | required: true 20 | - type: textarea 21 | attributes: 22 | label: Expected Behavior 23 | description: Tell us what should happen. 24 | validations: 25 | required: false 26 | - type: textarea 27 | attributes: 28 | label: Steps To Reproduce 29 | description: Steps to reproduce the behavior. 30 | placeholder: | 31 | 1. In this environment... 32 | 2. With this config... 33 | 3. Run '...' 34 | 4. See error... 35 | validations: 36 | required: true 37 | - type: textarea 38 | attributes: 39 | label: Environment 40 | description: | 41 | examples: 42 | - **OS**: Ubuntu 20.04 43 | - **How docker service was installed**: distro's packagemanager 44 | value: | 45 | - OS: 46 | - How docker service was installed: 47 | render: markdown 48 | validations: 49 | required: false 50 | - type: textarea 51 | attributes: 52 | label: Docker creation 53 | description: | 54 | Command used to create docker container 55 | Provide your docker create/run command or compose yaml snippet, or a screenshot of settings if using a gui to create the container 56 | render: bash 57 | validations: 58 | required: true 59 | - type: textarea 60 | attributes: 61 | description: | 62 | Provide a full docker log, output of "docker logs baseimage-kasmvnc" 63 | label: Container logs 64 | placeholder: | 65 | Output of `docker logs baseimage-kasmvnc` 66 | render: bash 67 | validations: 68 | required: true 69 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/issue.feature.yml: -------------------------------------------------------------------------------- 1 | # Based on the issue template 2 | name: Feature request 3 | description: Suggest an idea for this project 4 | title: "[FEAT] <title>" 5 | labels: [enhancement] 6 | body: 7 | - type: checkboxes 8 | attributes: 9 | label: Is this a new feature request? 10 | description: Please search to see if a feature request already exists. 11 | options: 12 | - label: I have searched the existing issues 13 | required: true 14 | - type: textarea 15 | attributes: 16 | label: Wanted change 17 | description: Tell us what you want to happen. 18 | validations: 19 | required: true 20 | - type: textarea 21 | attributes: 22 | label: Reason for change 23 | description: Justify your request, why do you want it, what is the benefit. 24 | validations: 25 | required: true 26 | - type: textarea 27 | attributes: 28 | label: Proposed code change 29 | description: Do you have a potential code change in mind? 30 | validations: 31 | required: false 32 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | <!--- Provide a general summary of your changes in the Title above --> 2 | 3 | [linuxserverurl]: https://linuxserver.io 4 | [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl] 5 | 6 | 7 | <!--- Before submitting a pull request please check the following --> 8 | 9 | <!--- If this is a fix for a typo (in code, documentation, or the README) please file an issue and let us sort it out. We do not need a PR --> 10 | <!--- Ask yourself if this modification is something the whole userbase will benefit from, if this is a specific change for corner case functionality or plugins please look at making a Docker Mod or local script https://blog.linuxserver.io/2019/09/14/customizing-our-containers/ --> 11 | <!--- That if the PR is addressing an existing issue include, closes #<issue number> , in the body of the PR commit message --> 12 | <!--- You have included links to any files / patches etc your PR may be using in the body of the PR commit message --> 13 | <!--- We maintain a changelog of major revisions to the container at the end of readme-vars.yml in the root of this repository, please add your changes there if appropriate --> 14 | 15 | 16 | <!--- Coding guidelines: --> 17 | <!--- 1. Installed packages in the Dockerfiles should be in alphabetical order --> 18 | <!--- 2. Changes to Dockerfile should be replicated in Dockerfile.armhf and Dockerfile.aarch64 if applicable --> 19 | <!--- 3. Indentation style (tabs vs 4 spaces vs 1 space) should match the rest of the document --> 20 | <!--- 4. Readme is auto generated from readme-vars.yml, make your changes there --> 21 | 22 | ------------------------------ 23 | 24 | - [ ] I have read the [contributing](https://github.com/linuxserver/docker-baseimage-kasmvnc/blob/master/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications 25 | 26 | ------------------------------ 27 | 28 | <!--- We welcome all PR’s though this doesn’t guarantee it will be accepted. --> 29 | 30 | ## Description: 31 | <!--- Describe your changes in detail --> 32 | 33 | ## Benefits of this PR and context: 34 | <!--- Please explain why we should accept this PR. If this fixes an outstanding bug, please reference the issue # --> 35 | 36 | ## How Has This Been Tested? 37 | <!--- Please describe in detail how you tested your changes. --> 38 | <!--- Include details of your testing environment, and the tests you ran to --> 39 | <!--- see how your change affects other areas of the code, etc. --> 40 | 41 | 42 | ## Source / References: 43 | <!--- Please include any forum posts/github links relevant to the PR --> 44 | -------------------------------------------------------------------------------- /.github/workflows/call_issue_pr_tracker.yml: -------------------------------------------------------------------------------- 1 | name: Issue & PR Tracker 2 | 3 | on: 4 | issues: 5 | types: [opened,reopened,labeled,unlabeled,closed] 6 | pull_request_target: 7 | types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed] 8 | pull_request_review: 9 | types: [submitted,edited,dismissed] 10 | 11 | jobs: 12 | manage-project: 13 | permissions: 14 | issues: write 15 | uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1 16 | secrets: inherit 17 | -------------------------------------------------------------------------------- /.github/workflows/call_issues_cron.yml: -------------------------------------------------------------------------------- 1 | name: Mark stale issues and pull requests 2 | on: 3 | schedule: 4 | - cron: '46 17 * * *' 5 | workflow_dispatch: 6 | 7 | jobs: 8 | stale: 9 | permissions: 10 | issues: write 11 | pull-requests: write 12 | uses: linuxserver/github-workflows/.github/workflows/issues-cron.yml@v1 13 | secrets: inherit 14 | -------------------------------------------------------------------------------- /.github/workflows/external_trigger.yml: -------------------------------------------------------------------------------- 1 | name: External Trigger Main 2 | 3 | on: 4 | workflow_dispatch: 5 | 6 | jobs: 7 | external-trigger-master: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - uses: actions/checkout@v4.1.1 11 | 12 | - name: External Trigger 13 | if: github.ref == 'refs/heads/master' 14 | env: 15 | SKIP_EXTERNAL_TRIGGER: ${{ vars.SKIP_EXTERNAL_TRIGGER }} 16 | run: | 17 | printf "# External trigger for docker-baseimage-kasmvnc\n\n" >> $GITHUB_STEP_SUMMARY 18 | echo "Type is \`os\`" >> $GITHUB_STEP_SUMMARY 19 | echo "No external release, exiting" >> $GITHUB_STEP_SUMMARY 20 | exit 0 21 | if grep -q "^baseimage-kasmvnc_master_${EXT_RELEASE}" <<< "${SKIP_EXTERNAL_TRIGGER}"; then 22 | echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY 23 | echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` matches current external release; skipping trigger." >> $GITHUB_STEP_SUMMARY 24 | exit 0 25 | fi 26 | -------------------------------------------------------------------------------- /.github/workflows/external_trigger_scheduler.yml: -------------------------------------------------------------------------------- 1 | name: External Trigger Scheduler 2 | 3 | on: 4 | schedule: 5 | - cron: '47 * * * *' 6 | workflow_dispatch: 7 | 8 | jobs: 9 | external-trigger-scheduler: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v4.1.1 13 | with: 14 | fetch-depth: '0' 15 | 16 | - name: External Trigger Scheduler 17 | run: | 18 | printf "# External trigger scheduler for docker-baseimage-kasmvnc\n\n" >> $GITHUB_STEP_SUMMARY 19 | printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY 20 | for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes) 21 | do 22 | if [[ "${br}" == "HEAD" ]]; then 23 | printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY 24 | continue 25 | fi 26 | printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY 27 | ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/${br}/jenkins-vars.yml) 28 | ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch') 29 | ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type') 30 | if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then 31 | echo "Branch appears to be live and trigger is not os; checking workflow." >> $GITHUB_STEP_SUMMARY 32 | if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then 33 | echo "Triggering external trigger workflow for branch." >> $GITHUB_STEP_SUMMARY 34 | curl -iX POST \ 35 | -H "Authorization: token ${{ secrets.CR_PAT }}" \ 36 | -H "Accept: application/vnd.github.v3+json" \ 37 | -d "{\"ref\":\"refs/heads/${br}\"}" \ 38 | https://api.github.com/repos/linuxserver/docker-baseimage-kasmvnc/actions/workflows/external_trigger.yml/dispatches 39 | else 40 | echo "Skipping branch due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY 41 | fi 42 | else 43 | echo "Skipping branch due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY 44 | fi 45 | done 46 | -------------------------------------------------------------------------------- /.github/workflows/greetings.yml: -------------------------------------------------------------------------------- 1 | name: Greetings 2 | 3 | on: [pull_request_target, issues] 4 | 5 | jobs: 6 | greeting: 7 | runs-on: ubuntu-latest 8 | steps: 9 | - uses: actions/first-interaction@v1 10 | with: 11 | issue-message: 'Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.' 12 | pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-baseimage-kasmvnc/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!' 13 | repo-token: ${{ secrets.GITHUB_TOKEN }} 14 | -------------------------------------------------------------------------------- /.github/workflows/package_trigger_scheduler.yml: -------------------------------------------------------------------------------- 1 | name: Package Trigger Scheduler 2 | 3 | on: 4 | schedule: 5 | - cron: '8 18 * * 6' 6 | workflow_dispatch: 7 | 8 | jobs: 9 | package-trigger-scheduler: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v4.1.1 13 | with: 14 | fetch-depth: '0' 15 | 16 | - name: Package Trigger Scheduler 17 | env: 18 | SKIP_PACKAGE_TRIGGER: ${{ vars.SKIP_PACKAGE_TRIGGER }} 19 | run: | 20 | printf "# Package trigger scheduler for docker-baseimage-kasmvnc\n\n" >> $GITHUB_STEP_SUMMARY 21 | printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY 22 | for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes) 23 | do 24 | if [[ "${br}" == "HEAD" ]]; then 25 | printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY 26 | continue 27 | fi 28 | printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY 29 | JENKINS_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/${br}/jenkins-vars.yml) 30 | if ! curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/${br}/Jenkinsfile >/dev/null 2>&1; then 31 | echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY 32 | echo "> No Jenkinsfile found. Branch is either deprecated or is an early dev branch." >> $GITHUB_STEP_SUMMARY 33 | skipped_branches="${skipped_branches}${br} " 34 | elif [[ "${br}" == $(yq -r '.ls_branch' <<< "${JENKINS_VARS}") ]]; then 35 | echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY 36 | README_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/${br}/readme-vars.yml) 37 | if [[ $(yq -r '.project_deprecation_status' <<< "${README_VARS}") == "true" ]]; then 38 | echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY 39 | echo "> Branch appears to be deprecated; skipping trigger." >> $GITHUB_STEP_SUMMARY 40 | skipped_branches="${skipped_branches}${br} " 41 | elif [[ $(yq -r '.skip_package_check' <<< "${JENKINS_VARS}") == "true" ]]; then 42 | echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY 43 | echo "> Skipping branch ${br} due to \`skip_package_check\` being set in \`jenkins-vars.yml\`." >> $GITHUB_STEP_SUMMARY 44 | skipped_branches="${skipped_branches}${br} " 45 | elif grep -q "^baseimage-kasmvnc_${br}" <<< "${SKIP_PACKAGE_TRIGGER}"; then 46 | echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY 47 | echo "> Github organizational variable \`SKIP_PACKAGE_TRIGGER\` contains \`baseimage-kasmvnc_${br}\`; skipping trigger." >> $GITHUB_STEP_SUMMARY 48 | skipped_branches="${skipped_branches}${br} " 49 | elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-baseimage-kasmvnc/job/${br}/lastBuild/api/json | jq -r '.building' 2>/dev/null) == "true" ]; then 50 | echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY 51 | echo "> There already seems to be an active build on Jenkins; skipping package trigger for ${br}" >> $GITHUB_STEP_SUMMARY 52 | skipped_branches="${skipped_branches}${br} " 53 | else 54 | echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY 55 | echo "> Triggering package trigger for branch ${br}" >> $GITHUB_STEP_SUMMARY 56 | printf "> To disable, add \`baseimage-kasmvnc_%s\` into the Github organizational variable \`SKIP_PACKAGE_TRIGGER\`.\n\n" "${br}" >> $GITHUB_STEP_SUMMARY 57 | triggered_branches="${triggered_branches}${br} " 58 | response=$(curl -iX POST \ 59 | https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-baseimage-kasmvnc/job/${br}/buildWithParameters?PACKAGE_CHECK=true \ 60 | --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|") 61 | if [[ -z "${response}" ]]; then 62 | echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY 63 | echo "> Jenkins build could not be triggered. Skipping branch." 64 | continue 65 | fi 66 | echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY 67 | echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY 68 | sleep 10 69 | buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url') 70 | buildurl="${buildurl%$'\r'}" 71 | echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY 72 | echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY 73 | if ! curl -ifX POST \ 74 | "${buildurl}submitDescription" \ 75 | --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \ 76 | --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ 77 | --data-urlencode "Submit=Submit"; then 78 | echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY 79 | echo "> Unable to change the Jenkins job description." 80 | fi 81 | sleep 20 82 | fi 83 | else 84 | echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY 85 | fi 86 | done 87 | if [[ -n "${triggered_branches}" ]] || [[ -n "${skipped_branches}" ]]; then 88 | if [[ -n "${triggered_branches}" ]]; then 89 | NOTIFY_BRANCHES="**Triggered:** ${triggered_branches} \n" 90 | NOTIFY_BUILD_URL="**Build URL:** https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-baseimage-kasmvnc/activity/ \n" 91 | echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****" 92 | fi 93 | if [[ -n "${skipped_branches}" ]]; then 94 | NOTIFY_BRANCHES="${NOTIFY_BRANCHES}**Skipped:** ${skipped_branches} \n" 95 | fi 96 | echo "**** Notifying Discord ****" 97 | curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903, 98 | "description": "**Package Check Build(s) for baseimage-kasmvnc** \n'"${NOTIFY_BRANCHES}"''"${NOTIFY_BUILD_URL}"'"}], 99 | "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }} 100 | fi 101 | -------------------------------------------------------------------------------- /.github/workflows/permissions.yml: -------------------------------------------------------------------------------- 1 | name: Permission check 2 | on: 3 | pull_request_target: 4 | paths: 5 | - '**/run' 6 | - '**/finish' 7 | - '**/check' 8 | - 'root/migrations/*' 9 | 10 | jobs: 11 | permission_check: 12 | uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1 13 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .jenkins-external 2 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1 2 | 3 | FROM node:12-buster AS wwwstage 4 | 5 | ARG KASMWEB_RELEASE="46412d23aff1f45dffa83fafb04a683282c8db58" 6 | 7 | RUN \ 8 | echo "**** build clientside ****" && \ 9 | export QT_QPA_PLATFORM=offscreen && \ 10 | export QT_QPA_FONTDIR=/usr/share/fonts && \ 11 | mkdir /src && \ 12 | cd /src && \ 13 | wget https://github.com/kasmtech/noVNC/tarball/${KASMWEB_RELEASE} -O - \ 14 | | tar --strip-components=1 -xz && \ 15 | npm install && \ 16 | npm run-script build 17 | 18 | RUN \ 19 | echo "**** organize output ****" && \ 20 | mkdir /build-out && \ 21 | cd /src && \ 22 | rm -rf node_modules/ && \ 23 | cp -R ./* /build-out/ && \ 24 | cd /build-out && \ 25 | rm *.md && \ 26 | rm AUTHORS && \ 27 | cp index.html vnc.html && \ 28 | mkdir Downloads 29 | 30 | FROM ghcr.io/linuxserver/baseimage-alpine:3.21 AS buildstage 31 | 32 | ARG KASMVNC_COMMIT="e04731870baebd2784983fb48197a2416c7d3519" 33 | 34 | COPY --from=wwwstage /build-out /www 35 | 36 | RUN \ 37 | echo "**** install build deps ****" && \ 38 | apk add \ 39 | alpine-release \ 40 | alpine-sdk \ 41 | autoconf \ 42 | automake \ 43 | bash \ 44 | ca-certificates \ 45 | cmake \ 46 | coreutils \ 47 | curl \ 48 | eudev-dev \ 49 | font-cursor-misc \ 50 | font-misc-misc \ 51 | font-util-dev \ 52 | git \ 53 | grep \ 54 | jq \ 55 | libdrm-dev \ 56 | libepoxy-dev \ 57 | libjpeg-turbo-dev \ 58 | libjpeg-turbo-static \ 59 | libpciaccess-dev \ 60 | libtool \ 61 | libwebp-dev \ 62 | libx11-dev \ 63 | libxau-dev \ 64 | libxcb-dev \ 65 | libxcursor-dev \ 66 | libxcvt-dev \ 67 | libxdmcp-dev \ 68 | libxext-dev \ 69 | libxfont2-dev \ 70 | libxkbfile-dev \ 71 | libxrandr-dev \ 72 | libxshmfence-dev \ 73 | libxtst-dev \ 74 | mesa-dev \ 75 | mesa-dri-gallium \ 76 | meson \ 77 | nettle-dev \ 78 | openssl-dev \ 79 | pixman-dev \ 80 | procps \ 81 | shadow \ 82 | tar \ 83 | tzdata \ 84 | wayland-dev \ 85 | wayland-protocols \ 86 | xcb-util-dev \ 87 | xcb-util-image-dev \ 88 | xcb-util-keysyms-dev \ 89 | xcb-util-renderutil-dev \ 90 | xcb-util-wm-dev \ 91 | xinit \ 92 | xkbcomp \ 93 | xkbcomp-dev \ 94 | xkeyboard-config \ 95 | xorgproto \ 96 | xorg-server-common \ 97 | xorg-server-dev \ 98 | xtrans 99 | 100 | RUN \ 101 | echo "**** build libjpeg-turbo ****" && \ 102 | mkdir /jpeg-turbo && \ 103 | JPEG_TURBO_RELEASE=$(curl -sX GET "https://api.github.com/repos/libjpeg-turbo/libjpeg-turbo/releases/latest" \ 104 | | awk '/tag_name/{print $4;exit}' FS='[""]'); \ 105 | curl -o \ 106 | /tmp/jpeg-turbo.tar.gz -L \ 107 | "https://github.com/libjpeg-turbo/libjpeg-turbo/archive/${JPEG_TURBO_RELEASE}.tar.gz" && \ 108 | tar xf \ 109 | /tmp/jpeg-turbo.tar.gz -C \ 110 | /jpeg-turbo/ --strip-components=1 && \ 111 | cd /jpeg-turbo && \ 112 | MAKEFLAGS=-j`nproc` \ 113 | CFLAGS="-fpic" \ 114 | cmake -DCMAKE_INSTALL_PREFIX=/usr/local -G"Unix Makefiles" && \ 115 | make && \ 116 | make install 117 | 118 | RUN \ 119 | echo "**** build kasmvnc ****" && \ 120 | git clone https://github.com/kasmtech/KasmVNC.git src && \ 121 | cd /src && \ 122 | git checkout -f ${KASMVNC_COMMIT} && \ 123 | sed -i \ 124 | -e '/find_package(FLTK/s@^@#@' \ 125 | -e '/add_subdirectory(tests/s@^@#@' \ 126 | CMakeLists.txt && \ 127 | cmake \ 128 | -DCMAKE_BUILD_TYPE=RelWithDebInfo \ 129 | -DBUILD_VIEWER:BOOL=OFF \ 130 | -DENABLE_GNUTLS:BOOL=OFF \ 131 | . && \ 132 | make -j4 && \ 133 | echo "**** build xorg ****" && \ 134 | XORG_VER="21.1.14" && \ 135 | wget --no-check-certificate \ 136 | -O /tmp/xorg-server-${XORG_VER}.tar.gz \ 137 | "https://www.x.org/archive/individual/xserver/xorg-server-${XORG_VER}.tar.gz" && \ 138 | tar --strip-components=1 \ 139 | -C unix/xserver \ 140 | -xf /tmp/xorg-server-${XORG_VER}.tar.gz && \ 141 | cd unix/xserver && \ 142 | patch -Np1 -i ../xserver21.patch && \ 143 | patch -s -p0 < ../CVE-2022-2320-v1.20.patch && \ 144 | autoreconf -i && \ 145 | ./configure \ 146 | --disable-config-hal \ 147 | --disable-config-udev \ 148 | --disable-dmx \ 149 | --disable-dri \ 150 | --disable-dri2 \ 151 | --disable-kdrive \ 152 | --disable-static \ 153 | --disable-xephyr \ 154 | --disable-xinerama \ 155 | --disable-xnest \ 156 | --disable-xorg \ 157 | --disable-xvfb \ 158 | --disable-xwayland \ 159 | --disable-xwin \ 160 | --enable-dri3 \ 161 | --enable-glx \ 162 | --prefix=/opt/kasmweb \ 163 | --with-default-font-path="/usr/share/fonts/X11/misc,/usr/share/fonts/X11/cyrillic,/usr/share/fonts/X11/100dpi/:unscaled,/usr/share/fonts/X11/75dpi/:unscaled,/usr/share/fonts/X11/Type1,/usr/share/fonts/X11/100dpi,/usr/share/fonts/X11/75dpi,built-ins" \ 164 | --without-dtrace \ 165 | --with-sha1=libcrypto \ 166 | --with-xkb-bin-directory=/usr/bin \ 167 | --with-xkb-output=/var/lib/xkb \ 168 | --with-xkb-path=/usr/share/X11/xkb && \ 169 | find . -name "Makefile" -exec sed -i 's/-Werror=array-bounds//g' {} \; && \ 170 | make -j4 171 | 172 | RUN \ 173 | echo "**** generate final output ****" && \ 174 | cd /src && \ 175 | mkdir -p xorg.build/bin && \ 176 | cd xorg.build/bin/ && \ 177 | ln -s /src/unix/xserver/hw/vnc/Xvnc Xvnc && \ 178 | cd .. && \ 179 | mkdir -p man/man1 && \ 180 | touch man/man1/Xserver.1 && \ 181 | cp /src/unix/xserver/hw/vnc/Xvnc.man man/man1/Xvnc.1 && \ 182 | mkdir lib && \ 183 | cd lib && \ 184 | ln -s /usr/lib/xorg/modules/dri dri && \ 185 | cd /src && \ 186 | mkdir -p builder/www && \ 187 | cp -ax /www/* builder/www/ && \ 188 | make servertarball && \ 189 | mkdir /build-out && \ 190 | tar xzf \ 191 | kasmvnc-Linux*.tar.gz \ 192 | -C /build-out/ 193 | 194 | # nodejs builder 195 | FROM ghcr.io/linuxserver/baseimage-alpine:3.21 AS nodebuilder 196 | ARG KCLIENT_RELEASE 197 | 198 | RUN \ 199 | echo "**** install build deps ****" && \ 200 | apk add --no-cache \ 201 | alpine-sdk \ 202 | curl \ 203 | cmake \ 204 | g++ \ 205 | gcc \ 206 | make \ 207 | nodejs \ 208 | npm \ 209 | pulseaudio-dev \ 210 | python3 211 | 212 | RUN \ 213 | echo "**** grab source ****" && \ 214 | mkdir -p /kclient && \ 215 | if [ -z ${KCLIENT_RELEASE+x} ]; then \ 216 | KCLIENT_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/kclient/releases/latest" \ 217 | | awk '/tag_name/{print $4;exit}' FS='[""]'); \ 218 | fi && \ 219 | curl -o \ 220 | /tmp/kclient.tar.gz -L \ 221 | "https://github.com/linuxserver/kclient/archive/${KCLIENT_RELEASE}.tar.gz" && \ 222 | tar xf \ 223 | /tmp/kclient.tar.gz -C \ 224 | /kclient/ --strip-components=1 225 | 226 | RUN \ 227 | echo "**** install node modules ****" && \ 228 | cd /kclient && \ 229 | npm install && \ 230 | rm -f package-lock.json 231 | 232 | # runtime stage 233 | FROM ghcr.io/linuxserver/baseimage-alpine:3.21 234 | 235 | # set version label 236 | ARG BUILD_DATE 237 | ARG VERSION 238 | ARG KASMBINS_RELEASE="1.15.0" 239 | LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" 240 | LABEL maintainer="thelamer" 241 | LABEL "com.kasmweb.image"="true" 242 | 243 | # env 244 | ENV DISPLAY=:1 \ 245 | PERL5LIB=/usr/local/bin \ 246 | OMP_WAIT_POLICY=PASSIVE \ 247 | GOMP_SPINCOUNT=0 \ 248 | HOME=/config \ 249 | START_DOCKER=true \ 250 | PULSE_RUNTIME_PATH=/defaults \ 251 | NVIDIA_DRIVER_CAPABILITIES=all 252 | 253 | # copy over build output 254 | COPY --from=nodebuilder /kclient /kclient 255 | COPY --from=buildstage /build-out/ / 256 | 257 | RUN \ 258 | echo "**** install deps ****" && \ 259 | apk add --no-cache \ 260 | bash \ 261 | ca-certificates \ 262 | cups \ 263 | cups-client \ 264 | dbus-x11 \ 265 | docker \ 266 | docker-cli-compose \ 267 | dunst \ 268 | ffmpeg \ 269 | font-noto \ 270 | font-noto-emoji \ 271 | fuse-overlayfs \ 272 | gcompat \ 273 | intel-media-driver \ 274 | iproute2-minimal \ 275 | lang \ 276 | libgcc \ 277 | libgomp \ 278 | libjpeg-turbo \ 279 | libnotify \ 280 | libstdc++ \ 281 | libwebp \ 282 | libxfont2 \ 283 | libxshmfence \ 284 | mcookie \ 285 | mesa \ 286 | mesa-dri-gallium \ 287 | mesa-gbm \ 288 | mesa-gl \ 289 | mesa-va-gallium \ 290 | mesa-vulkan-ati \ 291 | mesa-vulkan-intel \ 292 | mesa-vulkan-layers \ 293 | mesa-vulkan-swrast \ 294 | nginx \ 295 | nodejs \ 296 | openbox \ 297 | openssh-client \ 298 | openssl \ 299 | pciutils-libs \ 300 | perl \ 301 | perl-datetime \ 302 | perl-hash-merge-simple \ 303 | perl-list-moreutils \ 304 | perl-switch \ 305 | perl-try-tiny \ 306 | perl-yaml-tiny \ 307 | pixman \ 308 | pulseaudio \ 309 | pulseaudio-utils \ 310 | py3-xdg \ 311 | python3 \ 312 | setxkbmap \ 313 | sudo \ 314 | tar \ 315 | vulkan-tools \ 316 | xauth \ 317 | xf86-video-amdgpu \ 318 | xf86-video-ati \ 319 | xf86-video-intel \ 320 | xf86-video-nouveau \ 321 | xf86-video-qxl \ 322 | xkbcomp \ 323 | xkeyboard-config \ 324 | xterm && \ 325 | apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/ \ 326 | cups-pdf && \ 327 | echo "**** printer config ****" && \ 328 | sed -i \ 329 | "s:^#Out.*:Out /home/kasm-user/PDF:" \ 330 | /etc/cups/cups-pdf.conf && \ 331 | sed -i \ 332 | 's/^SystemGroup .*/SystemGroup lpadmin root/' \ 333 | /etc/cups/cups-files.conf && \ 334 | echo "**** filesystem setup ****" && \ 335 | ln -s /usr/local/share/kasmvnc /usr/share/kasmvnc && \ 336 | ln -s /usr/local/etc/kasmvnc /etc/kasmvnc && \ 337 | ln -s /usr/local/lib/kasmvnc /usr/lib/kasmvncserver && \ 338 | echo "**** openbox tweaks ****" && \ 339 | sed -i \ 340 | -e 's/NLIMC/NLMC/g' \ 341 | -e 's|</applications>| <application class="*"><maximized>yes</maximized></application>\n</applications>|' \ 342 | -e 's|</keyboard>| <keybind key="C-S-d"><action name="ToggleDecorations"/></keybind>\n</keyboard>|' \ 343 | /etc/xdg/openbox/rc.xml && \ 344 | echo "**** user perms ****" && \ 345 | echo "abc:abc" | chpasswd && \ 346 | usermod -s /bin/bash abc && \ 347 | echo '%wheel ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/wheel && \ 348 | adduser abc wheel && \ 349 | echo "**** proot-apps ****" && \ 350 | mkdir /proot-apps/ && \ 351 | PAPPS_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/proot-apps/releases/latest" \ 352 | | awk '/tag_name/{print $4;exit}' FS='[""]') && \ 353 | curl -L https://github.com/linuxserver/proot-apps/releases/download/${PAPPS_RELEASE}/proot-apps-x86_64.tar.gz \ 354 | | tar -xzf - -C /proot-apps/ && \ 355 | echo "${PAPPS_RELEASE}" > /proot-apps/pversion && \ 356 | echo "**** kasm support ****" && \ 357 | useradd \ 358 | -u 1000 -U \ 359 | -d /home/kasm-user \ 360 | -s /bin/bash kasm-user && \ 361 | echo "kasm-user:kasm" | chpasswd && \ 362 | adduser kasm-user wheel && \ 363 | mkdir -p /home/kasm-user && \ 364 | chown 1000:1000 /home/kasm-user && \ 365 | mkdir -p /var/run/pulse && \ 366 | chown 1000:root /var/run/pulse && \ 367 | mkdir -p /kasmbins && \ 368 | curl -s https://kasm-ci.s3.amazonaws.com/kasmbins-amd64-${KASMBINS_RELEASE}.tar.gz \ 369 | | tar xzvf - -C /kasmbins/ && \ 370 | chmod +x /kasmbins/* && \ 371 | chown -R 1000:1000 /kasmbins && \ 372 | chown 1000:1000 /usr/share/kasmvnc/www/Downloads && \ 373 | mkdir -p /dockerstartup && \ 374 | echo "**** dind support ****" && \ 375 | addgroup -S dockremap && \ 376 | adduser -S -G dockremap dockremap && \ 377 | echo 'dockremap:165536:65536' >> /etc/subuid && \ 378 | echo 'dockremap:165536:65536' >> /etc/subgid && \ 379 | curl -o \ 380 | /usr/local/bin/dind -L \ 381 | https://raw.githubusercontent.com/moby/moby/master/hack/dind && \ 382 | chmod +x /usr/local/bin/dind && \ 383 | usermod -aG docker abc && \ 384 | echo 'hosts: files dns' > /etc/nsswitch.conf && \ 385 | echo "**** theme ****" && \ 386 | curl -s https://raw.githubusercontent.com/thelamer/lang-stash/master/theme.tar.gz \ 387 | | tar xzvf - -C /usr/share/themes/Clearlooks/openbox-3/ && \ 388 | echo "**** cleanup ****" && \ 389 | rm -rf \ 390 | /tmp/* 391 | 392 | # add local files 393 | COPY /root / 394 | 395 | # ports and volumes 396 | EXPOSE 3000 3001 397 | VOLUME /config 398 | -------------------------------------------------------------------------------- /Dockerfile.aarch64: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1 2 | 3 | FROM node:12-buster AS wwwstage 4 | 5 | ARG KASMWEB_RELEASE="46412d23aff1f45dffa83fafb04a683282c8db58" 6 | 7 | RUN \ 8 | echo "**** install build deps ****" && \ 9 | apt-get update && \ 10 | apt-get install -y phantomjs 11 | 12 | RUN \ 13 | echo "**** build clientside ****" && \ 14 | export QT_QPA_PLATFORM=offscreen && \ 15 | export QT_QPA_FONTDIR=/usr/share/fonts && \ 16 | mkdir /src && \ 17 | cd /src && \ 18 | wget https://github.com/kasmtech/noVNC/tarball/${KASMWEB_RELEASE} -O - \ 19 | | tar --strip-components=1 -xz && \ 20 | npm install && \ 21 | npm run-script build 22 | 23 | RUN \ 24 | echo "**** organize output ****" && \ 25 | mkdir /build-out && \ 26 | cd /src && \ 27 | rm -rf node_modules/ && \ 28 | cp -R ./* /build-out/ && \ 29 | cd /build-out && \ 30 | rm *.md && \ 31 | rm AUTHORS && \ 32 | cp index.html vnc.html && \ 33 | mkdir Downloads 34 | 35 | FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.21 AS buildstage 36 | 37 | ARG KASMVNC_COMMIT="e04731870baebd2784983fb48197a2416c7d3519" 38 | 39 | COPY --from=wwwstage /build-out /www 40 | 41 | RUN \ 42 | echo "**** install build deps ****" && \ 43 | apk add \ 44 | alpine-release \ 45 | alpine-sdk \ 46 | autoconf \ 47 | automake \ 48 | bash \ 49 | ca-certificates \ 50 | cmake \ 51 | coreutils \ 52 | curl \ 53 | eudev-dev \ 54 | font-cursor-misc \ 55 | font-misc-misc \ 56 | font-util-dev \ 57 | git \ 58 | grep \ 59 | jq \ 60 | libdrm-dev \ 61 | libepoxy-dev \ 62 | libjpeg-turbo-dev \ 63 | libjpeg-turbo-static \ 64 | libpciaccess-dev \ 65 | libtool \ 66 | libwebp-dev \ 67 | libx11-dev \ 68 | libxau-dev \ 69 | libxcb-dev \ 70 | libxcursor-dev \ 71 | libxcvt-dev \ 72 | libxdmcp-dev \ 73 | libxext-dev \ 74 | libxfont2-dev \ 75 | libxkbfile-dev \ 76 | libxrandr-dev \ 77 | libxshmfence-dev \ 78 | libxtst-dev \ 79 | mesa-dev \ 80 | mesa-dri-gallium \ 81 | mesa-va-gallium \ 82 | mesa-vulkan-ati \ 83 | mesa-vulkan-broadcom \ 84 | mesa-vulkan-freedreno \ 85 | mesa-vulkan-layers \ 86 | mesa-vulkan-panfrost \ 87 | mesa-vulkan-swrast \ 88 | meson \ 89 | nettle-dev \ 90 | openssl-dev \ 91 | pixman-dev \ 92 | procps \ 93 | shadow \ 94 | tar \ 95 | tzdata \ 96 | wayland-dev \ 97 | wayland-protocols \ 98 | xcb-util-dev \ 99 | xcb-util-image-dev \ 100 | xcb-util-keysyms-dev \ 101 | xcb-util-renderutil-dev \ 102 | xcb-util-wm-dev \ 103 | xinit \ 104 | xkbcomp \ 105 | xkbcomp-dev \ 106 | xkeyboard-config \ 107 | xorgproto \ 108 | xorg-server-common \ 109 | xorg-server-dev \ 110 | xtrans 111 | 112 | RUN \ 113 | echo "**** build libjpeg-turbo ****" && \ 114 | mkdir /jpeg-turbo && \ 115 | JPEG_TURBO_RELEASE=$(curl -sX GET "https://api.github.com/repos/libjpeg-turbo/libjpeg-turbo/releases/latest" \ 116 | | awk '/tag_name/{print $4;exit}' FS='[""]'); \ 117 | curl -o \ 118 | /tmp/jpeg-turbo.tar.gz -L \ 119 | "https://github.com/libjpeg-turbo/libjpeg-turbo/archive/${JPEG_TURBO_RELEASE}.tar.gz" && \ 120 | tar xf \ 121 | /tmp/jpeg-turbo.tar.gz -C \ 122 | /jpeg-turbo/ --strip-components=1 && \ 123 | cd /jpeg-turbo && \ 124 | MAKEFLAGS=-j`nproc` \ 125 | CFLAGS="-fpic" \ 126 | cmake -DCMAKE_INSTALL_PREFIX=/usr/local -G"Unix Makefiles" && \ 127 | make && \ 128 | make install 129 | 130 | RUN \ 131 | echo "**** build kasmvnc ****" && \ 132 | git clone https://github.com/kasmtech/KasmVNC.git src && \ 133 | cd /src && \ 134 | git checkout -f ${KASMVNC_COMMIT} && \ 135 | sed -i \ 136 | -e '/find_package(FLTK/s@^@#@' \ 137 | -e '/add_subdirectory(tests/s@^@#@' \ 138 | CMakeLists.txt && \ 139 | cmake \ 140 | -DCMAKE_BUILD_TYPE=RelWithDebInfo \ 141 | -DBUILD_VIEWER:BOOL=OFF \ 142 | -DENABLE_GNUTLS:BOOL=OFF \ 143 | . && \ 144 | make -j4 && \ 145 | echo "**** build xorg ****" && \ 146 | XORG_VER="21.1.14" && \ 147 | wget --no-check-certificate \ 148 | -O /tmp/xorg-server-${XORG_VER}.tar.gz \ 149 | "https://www.x.org/archive/individual/xserver/xorg-server-${XORG_VER}.tar.gz" && \ 150 | tar --strip-components=1 \ 151 | -C unix/xserver \ 152 | -xf /tmp/xorg-server-${XORG_VER}.tar.gz && \ 153 | cd unix/xserver && \ 154 | patch -Np1 -i ../xserver21.patch && \ 155 | patch -s -p0 < ../CVE-2022-2320-v1.20.patch && \ 156 | autoreconf -i && \ 157 | ./configure \ 158 | --disable-config-hal \ 159 | --disable-config-udev \ 160 | --disable-dmx \ 161 | --disable-dri \ 162 | --disable-dri2 \ 163 | --disable-kdrive \ 164 | --disable-static \ 165 | --disable-xephyr \ 166 | --disable-xinerama \ 167 | --disable-xnest \ 168 | --disable-xorg \ 169 | --disable-xvfb \ 170 | --disable-xwayland \ 171 | --disable-xwin \ 172 | --enable-dri3 \ 173 | --enable-glx \ 174 | --prefix=/opt/kasmweb \ 175 | --with-default-font-path="/usr/share/fonts/X11/misc,/usr/share/fonts/X11/cyrillic,/usr/share/fonts/X11/100dpi/:unscaled,/usr/share/fonts/X11/75dpi/:unscaled,/usr/share/fonts/X11/Type1,/usr/share/fonts/X11/100dpi,/usr/share/fonts/X11/75dpi,built-ins" \ 176 | --without-dtrace \ 177 | --with-sha1=libcrypto \ 178 | --with-xkb-bin-directory=/usr/bin \ 179 | --with-xkb-output=/var/lib/xkb \ 180 | --with-xkb-path=/usr/share/X11/xkb && \ 181 | find . -name "Makefile" -exec sed -i 's/-Werror=array-bounds//g' {} \; && \ 182 | make -j4 183 | 184 | RUN \ 185 | echo "**** generate final output ****" && \ 186 | cd /src && \ 187 | mkdir -p xorg.build/bin && \ 188 | cd xorg.build/bin/ && \ 189 | ln -s /src/unix/xserver/hw/vnc/Xvnc Xvnc && \ 190 | cd .. && \ 191 | mkdir -p man/man1 && \ 192 | touch man/man1/Xserver.1 && \ 193 | cp /src/unix/xserver/hw/vnc/Xvnc.man man/man1/Xvnc.1 && \ 194 | mkdir lib && \ 195 | cd lib && \ 196 | ln -s /usr/lib/xorg/modules/dri dri && \ 197 | cd /src && \ 198 | mkdir -p builder/www && \ 199 | cp -ax /www/* builder/www/ && \ 200 | make servertarball && \ 201 | mkdir /build-out && \ 202 | tar xzf \ 203 | kasmvnc-Linux*.tar.gz \ 204 | -C /build-out/ 205 | 206 | # nodejs builder 207 | FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.21 AS nodebuilder 208 | ARG KCLIENT_RELEASE 209 | 210 | RUN \ 211 | echo "**** install build deps ****" && \ 212 | apk add --no-cache \ 213 | alpine-sdk \ 214 | curl \ 215 | cmake \ 216 | g++ \ 217 | gcc \ 218 | make \ 219 | nodejs \ 220 | npm \ 221 | pulseaudio-dev \ 222 | python3 223 | 224 | RUN \ 225 | echo "**** grab source ****" && \ 226 | mkdir -p /kclient && \ 227 | if [ -z ${KCLIENT_RELEASE+x} ]; then \ 228 | KCLIENT_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/kclient/releases/latest" \ 229 | | awk '/tag_name/{print $4;exit}' FS='[""]'); \ 230 | fi && \ 231 | curl -o \ 232 | /tmp/kclient.tar.gz -L \ 233 | "https://github.com/linuxserver/kclient/archive/${KCLIENT_RELEASE}.tar.gz" && \ 234 | tar xf \ 235 | /tmp/kclient.tar.gz -C \ 236 | /kclient/ --strip-components=1 237 | 238 | RUN \ 239 | echo "**** install node modules ****" && \ 240 | cd /kclient && \ 241 | npm install && \ 242 | rm -f package-lock.json 243 | 244 | # runtime stage 245 | FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.21 246 | 247 | # set version label 248 | ARG BUILD_DATE 249 | ARG VERSION 250 | ARG KASMBINS_RELEASE="1.15.0" 251 | LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}" 252 | LABEL maintainer="thelamer" 253 | LABEL "com.kasmweb.image"="true" 254 | 255 | # env 256 | ENV DISPLAY=:1 \ 257 | PERL5LIB=/usr/local/bin \ 258 | OMP_WAIT_POLICY=PASSIVE \ 259 | GOMP_SPINCOUNT=0 \ 260 | HOME=/config \ 261 | START_DOCKER=true \ 262 | PULSE_RUNTIME_PATH=/defaults \ 263 | NVIDIA_DRIVER_CAPABILITIES=all 264 | 265 | # copy over build output 266 | COPY --from=nodebuilder /kclient /kclient 267 | COPY --from=buildstage /build-out/ / 268 | 269 | RUN \ 270 | echo "**** install deps ****" && \ 271 | apk add --no-cache \ 272 | bash \ 273 | ca-certificates \ 274 | cups \ 275 | cups-client \ 276 | dbus-x11 \ 277 | docker \ 278 | docker-cli-compose \ 279 | dunst \ 280 | ffmpeg \ 281 | font-noto \ 282 | font-noto-emoji \ 283 | fuse-overlayfs \ 284 | gcompat \ 285 | iproute2-minimal \ 286 | lang \ 287 | libgcc \ 288 | libgomp \ 289 | libjpeg-turbo \ 290 | libnotify \ 291 | libstdc++ \ 292 | libwebp \ 293 | libxfont2 \ 294 | libxshmfence \ 295 | mcookie \ 296 | mesa \ 297 | mesa-dri-gallium \ 298 | mesa-gbm \ 299 | mesa-gl \ 300 | nginx \ 301 | nodejs \ 302 | openbox \ 303 | openssh-client \ 304 | openssl \ 305 | pciutils-libs \ 306 | perl \ 307 | perl-datetime \ 308 | perl-hash-merge-simple \ 309 | perl-list-moreutils \ 310 | perl-switch \ 311 | perl-try-tiny \ 312 | perl-yaml-tiny \ 313 | pixman \ 314 | pulseaudio \ 315 | pulseaudio-utils \ 316 | py3-xdg \ 317 | python3 \ 318 | setxkbmap \ 319 | sudo \ 320 | tar \ 321 | vulkan-tools \ 322 | xauth \ 323 | xf86-video-amdgpu \ 324 | xf86-video-ati \ 325 | xf86-video-nouveau \ 326 | xkbcomp \ 327 | xkeyboard-config \ 328 | xterm && \ 329 | apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/ \ 330 | cups-pdf && \ 331 | echo "**** printer config ****" && \ 332 | sed -i \ 333 | "s:^#Out.*:Out /home/kasm-user/PDF:" \ 334 | /etc/cups/cups-pdf.conf && \ 335 | sed -i \ 336 | 's/^SystemGroup .*/SystemGroup lpadmin root/' \ 337 | /etc/cups/cups-files.conf && \ 338 | echo "**** filesystem setup ****" && \ 339 | ln -s /usr/local/share/kasmvnc /usr/share/kasmvnc && \ 340 | ln -s /usr/local/etc/kasmvnc /etc/kasmvnc && \ 341 | ln -s /usr/local/lib/kasmvnc /usr/lib/kasmvncserver && \ 342 | echo "**** openbox tweaks ****" && \ 343 | sed -i \ 344 | -e 's/NLIMC/NLMC/g' \ 345 | -e 's|</applications>| <application class="*"><maximized>yes</maximized></application>\n</applications>|' \ 346 | -e 's|</keyboard>| <keybind key="C-S-d"><action name="ToggleDecorations"/></keybind>\n</keyboard>|' \ 347 | /etc/xdg/openbox/rc.xml && \ 348 | echo "**** user perms ****" && \ 349 | echo "abc:abc" | chpasswd && \ 350 | usermod -s /bin/bash abc && \ 351 | echo '%wheel ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/wheel && \ 352 | adduser abc wheel && \ 353 | echo "**** proot-apps ****" && \ 354 | mkdir /proot-apps/ && \ 355 | PAPPS_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/proot-apps/releases/latest" \ 356 | | awk '/tag_name/{print $4;exit}' FS='[""]') && \ 357 | curl -L https://github.com/linuxserver/proot-apps/releases/download/${PAPPS_RELEASE}/proot-apps-aarch64.tar.gz \ 358 | | tar -xzf - -C /proot-apps/ && \ 359 | echo "${PAPPS_RELEASE}" > /proot-apps/pversion && \ 360 | echo "**** kasm support ****" && \ 361 | useradd \ 362 | -u 1000 -U \ 363 | -d /home/kasm-user \ 364 | -s /bin/bash kasm-user && \ 365 | echo "kasm-user:kasm" | chpasswd && \ 366 | adduser kasm-user wheel && \ 367 | mkdir -p /home/kasm-user && \ 368 | chown 1000:1000 /home/kasm-user && \ 369 | mkdir -p /var/run/pulse && \ 370 | chown 1000:root /var/run/pulse && \ 371 | mkdir -p /kasmbins && \ 372 | curl -s https://kasm-ci.s3.amazonaws.com/kasmbins-arm64-${KASMBINS_RELEASE}.tar.gz \ 373 | | tar xzvf - -C /kasmbins/ && \ 374 | chmod +x /kasmbins/* && \ 375 | chown -R 1000:1000 /kasmbins && \ 376 | chown 1000:1000 /usr/share/kasmvnc/www/Downloads && \ 377 | mkdir -p /dockerstartup && \ 378 | echo "**** dind support ****" && \ 379 | addgroup -S dockremap && \ 380 | adduser -S -G dockremap dockremap && \ 381 | echo 'dockremap:165536:65536' >> /etc/subuid && \ 382 | echo 'dockremap:165536:65536' >> /etc/subgid && \ 383 | curl -o \ 384 | /usr/local/bin/dind -L \ 385 | https://raw.githubusercontent.com/moby/moby/master/hack/dind && \ 386 | chmod +x /usr/local/bin/dind && \ 387 | usermod -aG docker abc && \ 388 | echo 'hosts: files dns' > /etc/nsswitch.conf && \ 389 | echo "**** theme ****" && \ 390 | curl -s https://raw.githubusercontent.com/thelamer/lang-stash/master/theme.tar.gz \ 391 | | tar xzvf - -C /usr/share/themes/Clearlooks/openbox-3/ && \ 392 | echo "**** cleanup ****" && \ 393 | rm -rf \ 394 | /tmp/* 395 | 396 | # add local files 397 | COPY /root / 398 | 399 | # ports and volumes 400 | EXPOSE 3000 3001 401 | VOLUME /config 402 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/> 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | <one line to give the program's name and a brief idea of what it does.> 635 | Copyright (C) <year> <name of author> 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see <https://www.gnu.org/licenses/>. 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | <program> Copyright (C) <year> <name of author> 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | <https://www.gnu.org/licenses/>. 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | <https://www.gnu.org/licenses/why-not-lgpl.html>. 675 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | <!-- DO NOT EDIT THIS FILE MANUALLY --> 2 | <!-- Please read https://github.com/linuxserver/docker-baseimage-kasmvnc/blob/master/.github/CONTRIBUTING.md --> 3 | # KasmVNC Base Images from LinuxServer 4 | 5 | The purpose of these images is to provide a full featured web native Linux desktop experience for any Linux application or desktop environment. These images replace our old base images at [Rdesktop Web](https://github.com/linuxserver/docker-baseimage-rdesktop-web) for greatly increased performance, fidelity, and feature set. They ship with passwordless sudo to allow easy package installation, testing, and customization. By default they have no logic to mount out anything but the users home directory, meaning on image updates anything outside of `/config` will be lost. 6 | 7 | - Support for using our base images in your own projects is provided on a Reasonable Endeavours basis, please see our [Support Policy](https://www.linuxserver.io/supportpolicy) for details. 8 | - There is no `latest` tag for any of our base images, by design. We often make breaking changes between versions, and we don't publish release notes like we do for the downstream images. 9 | - If you're intending to distribute an image using one of our bases, please read our [docs on container branding](https://docs.linuxserver.io/general/container-branding/) first. 10 | - Images are supported for as long as the upstream release on which they are based, after which we will stop building new base images for that version. 11 | 12 | These images contain the following services: 13 | 14 | * [KasmVNC](https://www.kasmweb.com/kasmvnc) - The core technology for interacting with a containerized desktop from a web browser. 15 | * [Kclient](https://github.com/linuxserver/kclient) - NodeJS Iframe wrapper for KasmVNC providing audio and file access. 16 | * [NGINX](https://www.nginx.com/) - Used to serve the mix of KasmVNC and Kclient with the appropriate headers and provide basic auth. 17 | * [Docker](https://www.docker.com/) - Can be used for interacting with a mounted in Docker socket or if the container is run in privileged mode will start a [DinD](https://www.docker.com/blog/docker-can-now-run-within-docker/) setup. 18 | * [PulseAudio](https://www.freedesktop.org/wiki/Software/PulseAudio/) - Sound subsystem used to capture audio from the active desktop session and send it to the browser via the Kclient helper application. 19 | 20 | # Options 21 | 22 | **Authentication for these containers is included as a convenience and to keep in sync with the previous xrdp containers they replace. We use bash to substitute in settings user/password and some strings might break that. In general this authentication mechanism should be used to keep the kids out not the internet** 23 | 24 | If you are looking for a robust secure application gateway please check out [SWAG](https://github.com/linuxserver/docker-swag). 25 | 26 | All application settings are passed via environment variables: 27 | 28 | | Variable | Description | 29 | | :----: | --- | 30 | | CUSTOM_PORT | Internal port the container listens on for http if it needs to be swapped from the default 3000. | 31 | | CUSTOM_HTTPS_PORT | Internal port the container listens on for https if it needs to be swapped from the default 3001. | 32 | | CUSTOM_USER | HTTP Basic auth username, abc is default. | 33 | | PASSWORD | HTTP Basic auth password, abc is default. If unset there will be no auth | 34 | | SUBFOLDER | Subfolder for the application if running a subfolder reverse proxy, need both slashes IE `/subfolder/` | 35 | | TITLE | The page title displayed on the web browser, default "KasmVNC Client". | 36 | | FM_HOME | This is the home directory (landing) for the file manager, default "/config". | 37 | | START_DOCKER | If set to false a container with privilege will not automatically start the DinD Docker setup. | 38 | | DRINODE | If mounting in /dev/dri for [DRI3 GPU Acceleration](https://www.kasmweb.com/kasmvnc/docs/master/gpu_acceleration.html) allows you to specify the device to use | 39 | | DISABLE_DRI | When using privilged mode or mounting in a video card, do not attempt to use it for DRI3 acceleration in KasmVNC | 40 | | DISABLE_IPV6 | If set to true or any value this will disable IPv6 | 41 | | LC_ALL | Set the Language for the container to run as IE `fr_FR.UTF-8` `ar_AE.UTF-8` | 42 | | NO_DECOR | If set the application will run without window borders for use as a PWA. (Decor can be enabled and disabled with Ctrl+Shift+d) | 43 | | NO_FULL | Do not autmatically fullscreen applications when using openbox. | 44 | 45 | ## Language Support - Internationalization 46 | 47 | The environment variable `LC_ALL` can be used to start this image in a different language than English simply pass for example to launch the Desktop session in French `LC_ALL=fr_FR.UTF-8`. Some languages like Chinese, Japanese, or Korean will be missing fonts needed to render properly known as cjk fonts, but others may exist and not be installed. We only ensure fonts for Latin characters are present. Fonts can be installed with a mod on startup. 48 | 49 | To install cjk fonts on startup as an example pass the environment variables(Alpine): 50 | 51 | ``` 52 | -e DOCKER_MODS=linuxserver/mods:universal-package-install 53 | -e INSTALL_PACKAGES=font-noto-cjk 54 | -e LC_ALL=zh_CN.UTF-8 55 | ``` 56 | 57 | The web interface has the option for "IME Input Mode" in Settings which will allow non english characters to be used from a non en_US keyboard on the client. Once enabled it will perform the same as a local Linux installation set to your locale. 58 | 59 | # Available Distros 60 | 61 | All base images are built for x86_64 and aarch64 platforms. 62 | 63 | | Distro | Current Tag | 64 | | :----: | --- | 65 | | Alpine | alpine321 | 66 | | Arch | arch | 67 | | Debian | debianbookworm | 68 | | Fedora | fedora41 | 69 | | Kali | kali | 70 | | Ubuntu | ubuntujammy | 71 | | Ubuntu | ubuntunoble | 72 | 73 | # PRoot Apps 74 | 75 | All images include [proot-apps](https://github.com/linuxserver/proot-apps) which allow portable applications to be installed to persistent storage in the user's `$HOME` directory. These applications and their settings will persist upgrades of the base container and can be mounted into different flavors of KasmVNC containers. IE if you are running an Alpine based container you will be able to use the same `/config` directory mounted into a Debian based container and retain the same applications and settings as long as they were installed with `proot-apps install`. 76 | 77 | A list of linuxserver.io supported applications is located [HERE](https://github.com/linuxserver/proot-apps?tab=readme-ov-file#supported-apps). 78 | 79 | # I like to read documentation 80 | 81 | ## Building images 82 | 83 | ### Application containers 84 | 85 | Included in these base images is a simple [Openbox DE](http://openbox.org/) and the accompanying logic needed to launch a single application. Lets look at the bare minimum needed to create an application container starting with a Dockerfile: 86 | 87 | ``` 88 | FROM ghcr.io/linuxserver/baseimage-kasmvnc:alpine320 89 | RUN apk add --no-cache firefox 90 | COPY /root / 91 | ``` 92 | 93 | And we can define the application to start using: 94 | 95 | ``` 96 | mkdir -p root/defaults 97 | echo "firefox" > root/defaults/autostart 98 | ``` 99 | 100 | Resulting in a folder that looks like this: 101 | 102 | ``` 103 | ├── Dockerfile 104 | └── root 105 | └── defaults 106 | └── autostart 107 | ``` 108 | 109 | Now build and test: 110 | 111 | ``` 112 | docker build -t firefox . 113 | docker run --rm -it -p 3000:3000 firefox bash 114 | ``` 115 | 116 | On http://localhost:3000 you should be presented with a Firefox web browser interface. 117 | 118 | This similar setup can be used to embed any Linux Desktop application in a web accesible container. 119 | 120 | **If building images it is important to note that many application will not work inside of Docker without `--security-opt seccomp=unconfined`, they may have launch flags to not use syscalls blocked by Docker like with chromium based applications and `--no-sandbox`. In general do not expect every application will simply work like a native Linux installation without some modifications** 121 | 122 | #### In container application launching 123 | 124 | Also included in the init logic is the ability to define application launchers. As the user has the ability to close the application or if they want to open multiple instances of it this can be useful. Here is an example of a menu definition file for Firefox: 125 | 126 | ``` 127 | <?xml version="1.0" encoding="utf-8"?> 128 | <openbox_menu xmlns="http://openbox.org/3.4/menu"> 129 | <menu id="root-menu" label="MENU"> 130 | <item label="xterm" icon="/usr/share/pixmaps/xterm-color_48x48.xpm"><action name="Execute"><command>/usr/bin/xterm</command></action></item> 131 | <item label="FireFox" icon="/usr/share/icons/hicolor/48x48/apps/firefox.png"><action name="Execute"><command>/usr/bin/firefox</command></action></item> 132 | </menu> 133 | </openbox_menu> 134 | ``` 135 | 136 | Simply create this file and add it to your defaults folder as `menu.xml`: 137 | 138 | ``` 139 | ├── Dockerfile 140 | └── root 141 | └── defaults 142 | └── autostart 143 | └── menu.xml 144 | ``` 145 | 146 | This allows users to right click the desktop background to launch the application. 147 | 148 | 149 | ### Full Desktop environments 150 | 151 | When building an application container we are leveraging the Openbox DE to handle window management, but it is also possible to completely replace the DE that is launched on container init using the `startwm.sh` script, located again in defaults: 152 | 153 | ``` 154 | ├── Dockerfile 155 | └── root 156 | └── defaults 157 | └── startwm.sh 158 | ``` 159 | 160 | If included in the build logic it will be launched in place of Openbox. Examples for this kind of configuration can be found in our [Webtop repository](https://github.com/linuxserver/docker-webtop) 161 | 162 | ### Kasm Workspaces compatibility 163 | 164 | Included in these base images are binary blobs `/kasmbins` and a special init process `/kasminit` to maintain compatibility with [Kasm Workspaces](https://www.kasmweb.com/), If using this base image as reccomended with the `startwm.sh` or `autostart` entrypoints. They will be able to be used on that platform without issue. 165 | 166 | ## Docker in Docker (DinD) 167 | 168 | These base images include an installation of Docker that can be used in two ways. The simple method is simply leveraging the Docker/Docker Compose cli bins to manage the host level Docker installation by mounting in `-v /var/run/docker.sock:/var/run/docker.sock`. 169 | 170 | The base images can also run an isolated in container DinD setup simply by passing `--privileged` to the container when launching. If for any reason the application needs privilege but Docker is not wanted the `-e START_DOCKER=false` can be set at runtime or in the Dockerfile. 171 | In container Docker (DinD) will most likely use the fuse-overlayfs driver for storage which is not as fast as native overlay2. To increase perormance the `/var/lib/docker/` directory in the container can be mounted out to a Linux host and will use overlay2. Keep in mind Docker runs as root and the contents of this directory will not respect the PUID/PGID environment variables available on all LinuxServer.io containers. 172 | 173 | ## DRI3 GPU Acceleration 174 | 175 | For accelerated apps or games, render devices can be mounted into the container and leveraged by applications using: 176 | 177 | `--device /dev/dri:/dev/dri` 178 | 179 | This feature only supports **Open Source** GPU drivers: 180 | 181 | | Driver | Description | 182 | | :----: | --- | 183 | | Intel | i965 and i915 drivers for Intel iGPU chipsets | 184 | | AMD | AMDGPU, Radeon, and ATI drivers for AMD dedicated or APU chipsets | 185 | | NVIDIA | nouveau2 drivers only, closed source NVIDIA drivers lack DRI3 support | 186 | 187 | The `DRINODE` environment variable can be used to point to a specific GPU. 188 | Up to date information can be found [here](https://www.kasmweb.com/kasmvnc/docs/master/gpu_acceleration.html) 189 | 190 | ### Display Compositing (desktop effects) 191 | 192 | When using this image in tandem with a supported video card, compositing will function albeit with a performance hit when syncing the frames with pixmaps for the applications using it. This can greatly increase app compatibility if the application in question requires compositing, but requires a real GPU to be mounted into the container. By default we disable compositing at a DE level for performance reasons on our downstream images, but it can be enabled by the user and programs using compositing will still function even if the DE has it disabled in its settings. When building desktop images be sure you understand that with it enabled by default only users that have a compatible GPU mounted in will be able to use your image. 193 | 194 | ## Nvidia GPU Support 195 | 196 | **Nvidia is not compatible with Alpine based images** 197 | 198 | Nvidia support is available by leveraging Zink for OpenGL support. This can be enabled with the following run flags: 199 | 200 | | Variable | Description | 201 | | :----: | --- | 202 | | --gpus all | This can be filtered down but for most setups this will pass the one Nvidia GPU on the system | 203 | | --runtime nvidia | Specify the Nvidia runtime which mounts drivers and tools in from the host | 204 | 205 | The compose syntax is slightly different for this as you will need to set nvidia as the default runtime: 206 | 207 | ``` 208 | sudo nvidia-ctk runtime configure --runtime=docker --set-as-default 209 | sudo service docker restart 210 | ``` 211 | 212 | And to assign the GPU in compose: 213 | 214 | ``` 215 | services: 216 | myimage: 217 | image: myname/myimage:mytag 218 | deploy: 219 | resources: 220 | reservations: 221 | devices: 222 | - driver: nvidia 223 | count: 1 224 | capabilities: [compute,video,graphics,utility] 225 | ``` 226 | 227 | The following line is only in this repo for loop testing: 228 | - { date: "01.01.50:", desc: "I am the release message for this internal repo." } 229 | -------------------------------------------------------------------------------- /jenkins-vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # jenkins variables 4 | project_name: docker-baseimage-kasmvnc 5 | external_type: os 6 | release_type: stable 7 | release_tag: alpine321 8 | ls_branch: master 9 | build_armhf: false 10 | repo_vars: 11 | - BUILD_VERSION_ARG = 'KASMVNC_RELEASE' 12 | - LS_USER = 'linuxserver' 13 | - LS_REPO = 'docker-baseimage-kasmvnc' 14 | - CONTAINER_NAME = 'baseimage-kasmvnc' 15 | - DOCKERHUB_IMAGE = 'lsiobase/kasmvnc' 16 | - DEV_DOCKERHUB_IMAGE = 'lsiodev/kasmvnc-base' 17 | - PR_DOCKERHUB_IMAGE = 'lspipepr/kasmvnc-base' 18 | - DIST_IMAGE = 'alpine' 19 | - MULTIARCH='true' 20 | - CI='true' 21 | - CI_WEB='true' 22 | - CI_PORT='3000' 23 | - CI_SSL='false' 24 | - CI_DELAY='120' 25 | - CI_DOCKERENV='TZ=US/Pacific' 26 | - CI_AUTH='username:password' 27 | - CI_WEBPATH='' 28 | -------------------------------------------------------------------------------- /readme-vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # project information 4 | project_name: baseimage-kasmvnc 5 | full_custom_readme: | 6 | {% raw -%} 7 | # KasmVNC Base Images from LinuxServer 8 | 9 | The purpose of these images is to provide a full featured web native Linux desktop experience for any Linux application or desktop environment. These images replace our old base images at [Rdesktop Web](https://github.com/linuxserver/docker-baseimage-rdesktop-web) for greatly increased performance, fidelity, and feature set. They ship with passwordless sudo to allow easy package installation, testing, and customization. By default they have no logic to mount out anything but the users home directory, meaning on image updates anything outside of `/config` will be lost. 10 | 11 | - Support for using our base images in your own projects is provided on a Reasonable Endeavours basis, please see our [Support Policy](https://www.linuxserver.io/supportpolicy) for details. 12 | - There is no `latest` tag for any of our base images, by design. We often make breaking changes between versions, and we don't publish release notes like we do for the downstream images. 13 | - If you're intending to distribute an image using one of our bases, please read our [docs on container branding](https://docs.linuxserver.io/general/container-branding/) first. 14 | - Images are supported for as long as the upstream release on which they are based, after which we will stop building new base images for that version. 15 | 16 | These images contain the following services: 17 | 18 | * [KasmVNC](https://www.kasmweb.com/kasmvnc) - The core technology for interacting with a containerized desktop from a web browser. 19 | * [Kclient](https://github.com/linuxserver/kclient) - NodeJS Iframe wrapper for KasmVNC providing audio and file access. 20 | * [NGINX](https://www.nginx.com/) - Used to serve the mix of KasmVNC and Kclient with the appropriate headers and provide basic auth. 21 | * [Docker](https://www.docker.com/) - Can be used for interacting with a mounted in Docker socket or if the container is run in privileged mode will start a [DinD](https://www.docker.com/blog/docker-can-now-run-within-docker/) setup. 22 | * [PulseAudio](https://www.freedesktop.org/wiki/Software/PulseAudio/) - Sound subsystem used to capture audio from the active desktop session and send it to the browser via the Kclient helper application. 23 | 24 | # Options 25 | 26 | **Authentication for these containers is included as a convenience and to keep in sync with the previous xrdp containers they replace. We use bash to substitute in settings user/password and some strings might break that. In general this authentication mechanism should be used to keep the kids out not the internet** 27 | 28 | If you are looking for a robust secure application gateway please check out [SWAG](https://github.com/linuxserver/docker-swag). 29 | 30 | All application settings are passed via environment variables: 31 | 32 | | Variable | Description | 33 | | :----: | --- | 34 | | CUSTOM_PORT | Internal port the container listens on for http if it needs to be swapped from the default 3000. | 35 | | CUSTOM_HTTPS_PORT | Internal port the container listens on for https if it needs to be swapped from the default 3001. | 36 | | CUSTOM_USER | HTTP Basic auth username, abc is default. | 37 | | PASSWORD | HTTP Basic auth password, abc is default. If unset there will be no auth | 38 | | SUBFOLDER | Subfolder for the application if running a subfolder reverse proxy, need both slashes IE `/subfolder/` | 39 | | TITLE | The page title displayed on the web browser, default "KasmVNC Client". | 40 | | FM_HOME | This is the home directory (landing) for the file manager, default "/config". | 41 | | START_DOCKER | If set to false a container with privilege will not automatically start the DinD Docker setup. | 42 | | DRINODE | If mounting in /dev/dri for [DRI3 GPU Acceleration](https://www.kasmweb.com/kasmvnc/docs/master/gpu_acceleration.html) allows you to specify the device to use | 43 | | DISABLE_DRI | When using privilged mode or mounting in a video card, do not attempt to use it for DRI3 acceleration in KasmVNC | 44 | | DISABLE_IPV6 | If set to true or any value this will disable IPv6 | 45 | | LC_ALL | Set the Language for the container to run as IE `fr_FR.UTF-8` `ar_AE.UTF-8` | 46 | | NO_DECOR | If set the application will run without window borders for use as a PWA. (Decor can be enabled and disabled with Ctrl+Shift+d) | 47 | | NO_FULL | Do not autmatically fullscreen applications when using openbox. | 48 | 49 | ## Language Support - Internationalization 50 | 51 | The environment variable `LC_ALL` can be used to start this image in a different language than English simply pass for example to launch the Desktop session in French `LC_ALL=fr_FR.UTF-8`. Some languages like Chinese, Japanese, or Korean will be missing fonts needed to render properly known as cjk fonts, but others may exist and not be installed. We only ensure fonts for Latin characters are present. Fonts can be installed with a mod on startup. 52 | 53 | To install cjk fonts on startup as an example pass the environment variables(Alpine): 54 | 55 | ``` 56 | -e DOCKER_MODS=linuxserver/mods:universal-package-install 57 | -e INSTALL_PACKAGES=font-noto-cjk 58 | -e LC_ALL=zh_CN.UTF-8 59 | ``` 60 | 61 | The web interface has the option for "IME Input Mode" in Settings which will allow non english characters to be used from a non en_US keyboard on the client. Once enabled it will perform the same as a local Linux installation set to your locale. 62 | 63 | # Available Distros 64 | 65 | All base images are built for x86_64 and aarch64 platforms. 66 | 67 | | Distro | Current Tag | 68 | | :----: | --- | 69 | | Alpine | alpine321 | 70 | | Arch | arch | 71 | | Debian | debianbookworm | 72 | | Fedora | fedora41 | 73 | | Kali | kali | 74 | | Ubuntu | ubuntujammy | 75 | | Ubuntu | ubuntunoble | 76 | 77 | # PRoot Apps 78 | 79 | All images include [proot-apps](https://github.com/linuxserver/proot-apps) which allow portable applications to be installed to persistent storage in the user's `$HOME` directory. These applications and their settings will persist upgrades of the base container and can be mounted into different flavors of KasmVNC containers. IE if you are running an Alpine based container you will be able to use the same `/config` directory mounted into a Debian based container and retain the same applications and settings as long as they were installed with `proot-apps install`. 80 | 81 | A list of linuxserver.io supported applications is located [HERE](https://github.com/linuxserver/proot-apps?tab=readme-ov-file#supported-apps). 82 | 83 | # I like to read documentation 84 | 85 | ## Building images 86 | 87 | ### Application containers 88 | 89 | Included in these base images is a simple [Openbox DE](http://openbox.org/) and the accompanying logic needed to launch a single application. Lets look at the bare minimum needed to create an application container starting with a Dockerfile: 90 | 91 | ``` 92 | FROM ghcr.io/linuxserver/baseimage-kasmvnc:alpine320 93 | RUN apk add --no-cache firefox 94 | COPY /root / 95 | ``` 96 | 97 | And we can define the application to start using: 98 | 99 | ``` 100 | mkdir -p root/defaults 101 | echo "firefox" > root/defaults/autostart 102 | ``` 103 | 104 | Resulting in a folder that looks like this: 105 | 106 | ``` 107 | ├── Dockerfile 108 | └── root 109 | └── defaults 110 | └── autostart 111 | ``` 112 | 113 | Now build and test: 114 | 115 | ``` 116 | docker build -t firefox . 117 | docker run --rm -it -p 3000:3000 firefox bash 118 | ``` 119 | 120 | On http://localhost:3000 you should be presented with a Firefox web browser interface. 121 | 122 | This similar setup can be used to embed any Linux Desktop application in a web accesible container. 123 | 124 | **If building images it is important to note that many application will not work inside of Docker without `--security-opt seccomp=unconfined`, they may have launch flags to not use syscalls blocked by Docker like with chromium based applications and `--no-sandbox`. In general do not expect every application will simply work like a native Linux installation without some modifications** 125 | 126 | #### In container application launching 127 | 128 | Also included in the init logic is the ability to define application launchers. As the user has the ability to close the application or if they want to open multiple instances of it this can be useful. Here is an example of a menu definition file for Firefox: 129 | 130 | ``` 131 | <?xml version="1.0" encoding="utf-8"?> 132 | <openbox_menu xmlns="http://openbox.org/3.4/menu"> 133 | <menu id="root-menu" label="MENU"> 134 | <item label="xterm" icon="/usr/share/pixmaps/xterm-color_48x48.xpm"><action name="Execute"><command>/usr/bin/xterm</command></action></item> 135 | <item label="FireFox" icon="/usr/share/icons/hicolor/48x48/apps/firefox.png"><action name="Execute"><command>/usr/bin/firefox</command></action></item> 136 | </menu> 137 | </openbox_menu> 138 | ``` 139 | 140 | Simply create this file and add it to your defaults folder as `menu.xml`: 141 | 142 | ``` 143 | ├── Dockerfile 144 | └── root 145 | └── defaults 146 | └── autostart 147 | └── menu.xml 148 | ``` 149 | 150 | This allows users to right click the desktop background to launch the application. 151 | 152 | 153 | ### Full Desktop environments 154 | 155 | When building an application container we are leveraging the Openbox DE to handle window management, but it is also possible to completely replace the DE that is launched on container init using the `startwm.sh` script, located again in defaults: 156 | 157 | ``` 158 | ├── Dockerfile 159 | └── root 160 | └── defaults 161 | └── startwm.sh 162 | ``` 163 | 164 | If included in the build logic it will be launched in place of Openbox. Examples for this kind of configuration can be found in our [Webtop repository](https://github.com/linuxserver/docker-webtop) 165 | 166 | ### Kasm Workspaces compatibility 167 | 168 | Included in these base images are binary blobs `/kasmbins` and a special init process `/kasminit` to maintain compatibility with [Kasm Workspaces](https://www.kasmweb.com/), If using this base image as reccomended with the `startwm.sh` or `autostart` entrypoints. They will be able to be used on that platform without issue. 169 | 170 | ## Docker in Docker (DinD) 171 | 172 | These base images include an installation of Docker that can be used in two ways. The simple method is simply leveraging the Docker/Docker Compose cli bins to manage the host level Docker installation by mounting in `-v /var/run/docker.sock:/var/run/docker.sock`. 173 | 174 | The base images can also run an isolated in container DinD setup simply by passing `--privileged` to the container when launching. If for any reason the application needs privilege but Docker is not wanted the `-e START_DOCKER=false` can be set at runtime or in the Dockerfile. 175 | In container Docker (DinD) will most likely use the fuse-overlayfs driver for storage which is not as fast as native overlay2. To increase perormance the `/var/lib/docker/` directory in the container can be mounted out to a Linux host and will use overlay2. Keep in mind Docker runs as root and the contents of this directory will not respect the PUID/PGID environment variables available on all LinuxServer.io containers. 176 | 177 | ## DRI3 GPU Acceleration 178 | 179 | For accelerated apps or games, render devices can be mounted into the container and leveraged by applications using: 180 | 181 | `--device /dev/dri:/dev/dri` 182 | 183 | This feature only supports **Open Source** GPU drivers: 184 | 185 | | Driver | Description | 186 | | :----: | --- | 187 | | Intel | i965 and i915 drivers for Intel iGPU chipsets | 188 | | AMD | AMDGPU, Radeon, and ATI drivers for AMD dedicated or APU chipsets | 189 | | NVIDIA | nouveau2 drivers only, closed source NVIDIA drivers lack DRI3 support | 190 | 191 | The `DRINODE` environment variable can be used to point to a specific GPU. 192 | Up to date information can be found [here](https://www.kasmweb.com/kasmvnc/docs/master/gpu_acceleration.html) 193 | 194 | ### Display Compositing (desktop effects) 195 | 196 | When using this image in tandem with a supported video card, compositing will function albeit with a performance hit when syncing the frames with pixmaps for the applications using it. This can greatly increase app compatibility if the application in question requires compositing, but requires a real GPU to be mounted into the container. By default we disable compositing at a DE level for performance reasons on our downstream images, but it can be enabled by the user and programs using compositing will still function even if the DE has it disabled in its settings. When building desktop images be sure you understand that with it enabled by default only users that have a compatible GPU mounted in will be able to use your image. 197 | 198 | ## Nvidia GPU Support 199 | 200 | **Nvidia is not compatible with Alpine based images** 201 | 202 | Nvidia support is available by leveraging Zink for OpenGL support. This can be enabled with the following run flags: 203 | 204 | | Variable | Description | 205 | | :----: | --- | 206 | | --gpus all | This can be filtered down but for most setups this will pass the one Nvidia GPU on the system | 207 | | --runtime nvidia | Specify the Nvidia runtime which mounts drivers and tools in from the host | 208 | 209 | The compose syntax is slightly different for this as you will need to set nvidia as the default runtime: 210 | 211 | ``` 212 | sudo nvidia-ctk runtime configure --runtime=docker --set-as-default 213 | sudo service docker restart 214 | ``` 215 | 216 | And to assign the GPU in compose: 217 | 218 | ``` 219 | services: 220 | myimage: 221 | image: myname/myimage:mytag 222 | deploy: 223 | resources: 224 | reservations: 225 | devices: 226 | - driver: nvidia 227 | count: 1 228 | capabilities: [compute,video,graphics,utility] 229 | ``` 230 | 231 | The following line is only in this repo for loop testing: 232 | - { date: "01.01.50:", desc: "I am the release message for this internal repo." } 233 | {%- endraw %} 234 | -------------------------------------------------------------------------------- /root/defaults/autostart: -------------------------------------------------------------------------------- 1 | xterm 2 | -------------------------------------------------------------------------------- /root/defaults/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | #auth_basic "Login"; 3 | #auth_basic_user_file /etc/nginx/.htpasswd; 4 | listen 3000 default_server; 5 | listen [::]:3000 default_server; 6 | location / { 7 | proxy_http_version 1.1; 8 | proxy_set_header Host $host; 9 | proxy_set_header Upgrade $http_upgrade; 10 | proxy_set_header Connection "upgrade"; 11 | proxy_set_header X-Real-IP $remote_addr; 12 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 13 | proxy_set_header X-Forwarded-Proto $scheme; 14 | proxy_set_header Cookie ""; 15 | proxy_read_timeout 3600s; 16 | proxy_send_timeout 3600s; 17 | add_header 'Access-Control-Allow-Origin' '*' always; 18 | add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 19 | add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since'; 20 | add_header 'Access-Control-Allow-Credentials' 'true'; 21 | add_header 'Cross-Origin-Embedder-Policy' 'require-corp'; 22 | add_header 'Cross-Origin-Opener-Policy' 'same-origin'; 23 | add_header 'Cross-Origin-Resource-Policy' 'same-site'; 24 | proxy_pass http://127.0.0.1:6900; 25 | proxy_buffering off; 26 | } 27 | 28 | location SUBFOLDERwebsockify { 29 | proxy_http_version 1.1; 30 | proxy_set_header Host $host; 31 | proxy_set_header Upgrade $http_upgrade; 32 | proxy_set_header Connection "upgrade"; 33 | proxy_set_header X-Real-IP $remote_addr; 34 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 35 | proxy_set_header X-Forwarded-Proto $scheme; 36 | proxy_set_header Cookie ""; 37 | proxy_read_timeout 3600s; 38 | proxy_send_timeout 3600s; 39 | add_header 'Access-Control-Allow-Origin' '*' always; 40 | add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 41 | add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since'; 42 | add_header 'Access-Control-Allow-Credentials' 'true'; 43 | add_header 'Cross-Origin-Embedder-Policy' 'require-corp'; 44 | add_header 'Cross-Origin-Opener-Policy' 'same-origin'; 45 | add_header 'Cross-Origin-Resource-Policy' 'same-site'; 46 | proxy_pass http://127.0.0.1:6901; 47 | proxy_buffering off; 48 | } 49 | } 50 | 51 | server { 52 | #auth_basic "Login"; 53 | #auth_basic_user_file /etc/nginx/.htpasswd; 54 | listen 3001 ssl; 55 | listen [::]:3001 ssl; 56 | ssl_certificate /config/ssl/cert.pem; 57 | ssl_certificate_key /config/ssl/cert.key; 58 | location / { 59 | proxy_http_version 1.1; 60 | proxy_set_header Host $host; 61 | proxy_set_header Upgrade $http_upgrade; 62 | proxy_set_header Connection "upgrade"; 63 | proxy_set_header X-Real-IP $remote_addr; 64 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 65 | proxy_set_header X-Forwarded-Proto $scheme; 66 | proxy_set_header Cookie ""; 67 | proxy_read_timeout 3600s; 68 | proxy_send_timeout 3600s; 69 | add_header 'Access-Control-Allow-Origin' '*' always; 70 | add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 71 | add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since'; 72 | add_header 'Access-Control-Allow-Credentials' 'true'; 73 | add_header 'Cross-Origin-Embedder-Policy' 'require-corp'; 74 | add_header 'Cross-Origin-Opener-Policy' 'same-origin'; 75 | add_header 'Cross-Origin-Resource-Policy' 'same-site'; 76 | proxy_pass http://127.0.0.1:6900; 77 | proxy_buffering off; 78 | } 79 | 80 | location SUBFOLDERwebsockify { 81 | proxy_http_version 1.1; 82 | proxy_set_header Host $host; 83 | proxy_set_header Upgrade $http_upgrade; 84 | proxy_set_header Connection "upgrade"; 85 | proxy_set_header X-Real-IP $remote_addr; 86 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 87 | proxy_set_header X-Forwarded-Proto $scheme; 88 | proxy_set_header Cookie ""; 89 | proxy_read_timeout 3600s; 90 | proxy_send_timeout 3600s; 91 | add_header 'Access-Control-Allow-Origin' '*' always; 92 | add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 93 | add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since'; 94 | add_header 'Access-Control-Allow-Credentials' 'true'; 95 | add_header 'Cross-Origin-Embedder-Policy' 'require-corp'; 96 | add_header 'Cross-Origin-Opener-Policy' 'same-origin'; 97 | add_header 'Cross-Origin-Resource-Policy' 'same-site'; 98 | proxy_pass http://127.0.0.1:6901; 99 | proxy_buffering off; 100 | } 101 | } 102 | 103 | -------------------------------------------------------------------------------- /root/defaults/menu.xml: -------------------------------------------------------------------------------- 1 | <?xml version="1.0" encoding="utf-8"?> 2 | <openbox_menu xmlns="http://openbox.org/3.4/menu"> 3 | <menu id="root-menu" label="MENU"> 4 | <item label="xterm" icon="/usr/share/pixmaps/xterm-color_48x48.xpm"><action name="Execute"><command>/usr/bin/xterm</command></action></item> 5 | </menu> 6 | </openbox_menu> 7 | -------------------------------------------------------------------------------- /root/defaults/startwm.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | /usr/bin/openbox-session 4 | -------------------------------------------------------------------------------- /root/etc/cups/ppd/kasm.ppd: -------------------------------------------------------------------------------- 1 | *PPD-Adobe: "4.3" 2 | *FormatVersion: "4.3" 3 | *FileVersion: "1.1" 4 | *LanguageVersion: English 5 | *LanguageEncoding: ISOLatin1 6 | *PCFileName: "kasm.PPD" 7 | *Manufacturer: "Kasm" 8 | *Product: "(CUPS v1.1)" 9 | *ModelName: "Kasm Virtual Printer" 10 | *ShortNickName: "Kasm Virtual Printer" 11 | *NickName: "Kasm Virtual Printer (no options)" 12 | *1284DeviceID: "MFG:Kasm;MDL:Kasm Virtual Printer;DES:Kasm Virtual Printer Printer;CLS:PRINTER;CMD:POSTSCRIPT;" 13 | *% cupsFilter: "application/vnd.cups-postscript 0 pstitleiconv" 14 | *PSVersion: "(2017.000) 0" 15 | *LanguageLevel: "2" 16 | *ColorDevice: True 17 | *DefaultColorSpace: RGB 18 | *FileSystem: False 19 | *Throughput: "8" 20 | *LandscapeOrientation: Plus90 21 | *TTRasterizer: Type42 22 | 23 | *HWMargins: 0 0 0 0 24 | *VariablePaperSize: True 25 | *MaxMediaWidth: 100000 26 | *MaxMediaHeight: 100000 27 | *NonUIOrderDependency: 100 AnySetup *CustomPageSize 28 | *CustomPageSize True: "pop pop pop 29 | <</PageSize [ 5 -2 roll ] /ImagingBBox null>>setpagedevice" 30 | *End 31 | *ParamCustomPageSize Width: 1 points 36 100000 32 | *ParamCustomPageSize Height: 2 points 36 100000 33 | *ParamCustomPageSize Orientation: 3 int 0 3 34 | *ParamCustomPageSize WidthOffset: 4 points 0 0 35 | *ParamCustomPageSize HeightOffset: 5 points 0 0 36 | 37 | *OpenGroup: General/General 38 | 39 | *OpenUI *PageSize/Page Size: PickOne 40 | *OrderDependency: 100 AnySetup *PageSize 41 | *DefaultPageSize: Letter 42 | *PageSize 11x14/11x14: "<</PageSize[792 1008]/ImagingBBox null>>setpagedevice" 43 | *PageSize 11x17/11x17: "<</PageSize[792 1224]/ImagingBBox null>>setpagedevice" 44 | *PageSize 13x19/13x19: "<</PageSize[936 1368]/ImagingBBox null>>setpagedevice" 45 | *PageSize 16x20/16x20: "<</PageSize[1152 1440]/ImagingBBox null>>setpagedevice" 46 | *PageSize 16x24/16x24: "<</PageSize[1152 1728]/ImagingBBox null>>setpagedevice" 47 | *PageSize 2A/2A: "<</PageSize[3370 4768]/ImagingBBox null>>setpagedevice" 48 | *PageSize 4A/4A: "<</PageSize[4768 6749]/ImagingBBox null>>setpagedevice" 49 | *PageSize 8x10/8x10: "<</PageSize[576 720]/ImagingBBox null>>setpagedevice" 50 | *PageSize 8x12/8x12: "<</PageSize[576 864]/ImagingBBox null>>setpagedevice" 51 | *PageSize A0/A0: "<</PageSize[2384 3370]/ImagingBBox null>>setpagedevice" 52 | *PageSize A1/A1: "<</PageSize[1684 2384]/ImagingBBox null>>setpagedevice" 53 | *PageSize A2/A2: "<</PageSize[1191 1684]/ImagingBBox null>>setpagedevice" 54 | *PageSize A3/A3: "<</PageSize[842 1191]/ImagingBBox null>>setpagedevice" 55 | *PageSize A4/A4: "<</PageSize[595 842]/ImagingBBox null>>setpagedevice" 56 | *PageSize A5/A5: "<</PageSize[421 595]/ImagingBBox null>>setpagedevice" 57 | *PageSize AnsiA/ANSI A: "<</PageSize[612 792]/ImagingBBox null>>setpagedevice" 58 | *PageSize AnsiB/ANSI B: "<</PageSize[792 1224]/ImagingBBox null>>setpagedevice" 59 | *PageSize AnsiC/ANSI C: "<</PageSize[1224 1584]/ImagingBBox null>>setpagedevice" 60 | *PageSize AnsiD/ANSI D: "<</PageSize[1584 2448]/ImagingBBox null>>setpagedevice" 61 | *PageSize AnsiE/ANSI E: "<</PageSize[2448 3168]/ImagingBBox null>>setpagedevice" 62 | *PageSize ArchA/Arch A: "<</PageSize[648 864]/ImagingBBox null>>setpagedevice" 63 | *PageSize ArchB/Arch B: "<</PageSize[864 1296]/ImagingBBox null>>setpagedevice" 64 | *PageSize ArchC/Arch C: "<</PageSize[1296 1728]/ImagingBBox null>>setpagedevice" 65 | *PageSize ArchD/Arch D: "<</PageSize[1728 2592]/ImagingBBox null>>setpagedevice" 66 | *PageSize ArchE/Arch E: "<</PageSize[2592 3456]/ImagingBBox null>>setpagedevice" 67 | *PageSize C0/C0: "<</PageSize[2599 3676]/ImagingBBox null>>setpagedevice" 68 | *PageSize C1/C1: "<</PageSize[1836 2599]/ImagingBBox null>>setpagedevice" 69 | *PageSize C2/C2: "<</PageSize[1298 1836]/ImagingBBox null>>setpagedevice" 70 | *PageSize C3/C3: "<</PageSize[918 1298]/ImagingBBox null>>setpagedevice" 71 | *PageSize C4/C4: "<</PageSize[649 918]/ImagingBBox null>>setpagedevice" 72 | *PageSize C5/C5: "<</PageSize[459 649]/ImagingBBox null>>setpagedevice" 73 | *PageSize Env10/Envelope #10: "<</PageSize[297 684]/ImagingBBox null>>setpagedevice" 74 | *PageSize EnvC5/Envelope C5: "<</PageSize[459 649]/ImagingBBox null>>setpagedevice" 75 | *PageSize EnvDL/Envelope DL: "<</PageSize[312 624]/ImagingBBox null>>setpagedevice" 76 | *PageSize EnvMonarch/Envelope Monarch: "<</PageSize[279 540]/ImagingBBox null>>setpagedevice" 77 | *PageSize Executive/Executive: "<</PageSize[522 756]/ImagingBBox null>>setpagedevice" 78 | *PageSize ISOB0/B0 (ISO): "<</PageSize[2834 4008]/ImagingBBox null>>setpagedevice" 79 | *PageSize ISOB1/B1 (ISO): "<</PageSize[2004 2834]/ImagingBBox null>>setpagedevice" 80 | *PageSize ISOB2/B2 (ISO): "<</PageSize[1417 2004]/ImagingBBox null>>setpagedevice" 81 | *PageSize ISOB3/B3 (ISO): "<</PageSize[1000 1417]/ImagingBBox null>>setpagedevice" 82 | *PageSize ISOB4/B4 (ISO): "<</PageSize[708 1000]/ImagingBBox null>>setpagedevice" 83 | *PageSize ISOB5/B5 (ISO): "<</PageSize[498 708]/ImagingBBox null>>setpagedevice" 84 | *PageSize JISB0/B0 (JIS): "<</PageSize[2919 4127]/ImagingBBox null>>setpagedevice" 85 | *PageSize JISB1/B1 (JIS): "<</PageSize[2063 2919]/ImagingBBox null>>setpagedevice" 86 | *PageSize JISB2/B2 (JIS): "<</PageSize[1459 2063]/ImagingBBox null>>setpagedevice" 87 | *PageSize JISB3/B3 (JIS): "<</PageSize[1029 1459]/ImagingBBox null>>setpagedevice" 88 | *PageSize JISB4/B4 (JIS): "<</PageSize[727 1029]/ImagingBBox null>>setpagedevice" 89 | *PageSize JISB5/B5 (JIS): "<</PageSize[518 727]/ImagingBBox null>>setpagedevice" 90 | *PageSize Ledger/Ledger: "<</PageSize[1224 792]/ImagingBBox null>>setpagedevice" 91 | *PageSize Legal/US Legal: "<</PageSize[612 1008]/ImagingBBox null>>setpagedevice" 92 | *PageSize Letter/US Letter: "<</PageSize[612 792]/ImagingBBox null>>setpagedevice" 93 | *PageSize RA0/RA0: "<</PageSize[2437 3458]/ImagingBBox null>>setpagedevice" 94 | *PageSize RA1/RA1: "<</PageSize[1729 2437]/ImagingBBox null>>setpagedevice" 95 | *PageSize RA2/RA2: "<</PageSize[1218 1729]/ImagingBBox null>>setpagedevice" 96 | *PageSize RA3/RA3: "<</PageSize[864 1218]/ImagingBBox null>>setpagedevice" 97 | *PageSize RA4/RA4: "<</PageSize[609 864]/ImagingBBox null>>setpagedevice" 98 | *PageSize SRA0/SRA0: "<</PageSize[2551 3628]/ImagingBBox null>>setpagedevice" 99 | *PageSize SRA1/SRA1: "<</PageSize[1814 2551]/ImagingBBox null>>setpagedevice" 100 | *PageSize SRA2/SRA2: "<</PageSize[1275 1814]/ImagingBBox null>>setpagedevice" 101 | *PageSize SRA3/SRA3: "<</PageSize[907 1275]/ImagingBBox null>>setpagedevice" 102 | *PageSize SRA4/SRA4: "<</PageSize[637 907]/ImagingBBox null>>setpagedevice" 103 | *PageSize SuperA/Super A: "<</PageSize[644 1008]/ImagingBBox null>>setpagedevice" 104 | *PageSize SuperB/Super B: "<</PageSize[936 1368]/ImagingBBox null>>setpagedevice" 105 | *PageSize TabloidExtra/Tabloid Extra: "<</PageSize[864 1296]/ImagingBBox null>>setpagedevice" 106 | *PageSize Tabloid/Tabloid: "<</PageSize[792 1224]/ImagingBBox null>>setpagedevice" 107 | *CloseUI: *PageSize 108 | 109 | *OpenUI *PageRegion: PickOne 110 | *OrderDependency: 100 AnySetup *PageRegion 111 | *DefaultPageRegion: Letter 112 | *PageRegion 11x14/11x14: "<</PageSize[792 1008]/ImagingBBox null>>setpagedevice" 113 | *PageRegion 11x17/11x17: "<</PageSize[792 1224]/ImagingBBox null>>setpagedevice" 114 | *PageRegion 13x19/13x19: "<</PageSize[936 1368]/ImagingBBox null>>setpagedevice" 115 | *PageRegion 16x20/16x20: "<</PageSize[1152 1440]/ImagingBBox null>>setpagedevice" 116 | *PageRegion 16x24/16x24: "<</PageSize[1152 1728]/ImagingBBox null>>setpagedevice" 117 | *PageRegion 2A/2A: "<</PageSize[3370 4768]/ImagingBBox null>>setpagedevice" 118 | *PageRegion 4A/4A: "<</PageSize[4768 6749]/ImagingBBox null>>setpagedevice" 119 | *PageRegion 8x10/8x10: "<</PageSize[576 720]/ImagingBBox null>>setpagedevice" 120 | *PageRegion 8x12/8x12: "<</PageSize[576 864]/ImagingBBox null>>setpagedevice" 121 | *PageRegion A0/A0: "<</PageSize[2384 3370]/ImagingBBox null>>setpagedevice" 122 | *PageRegion A1/A1: "<</PageSize[1684 2384]/ImagingBBox null>>setpagedevice" 123 | *PageRegion A2/A2: "<</PageSize[1191 1684]/ImagingBBox null>>setpagedevice" 124 | *PageRegion A3/A3: "<</PageSize[842 1191]/ImagingBBox null>>setpagedevice" 125 | *PageRegion A4/A4: "<</PageSize[595 842]/ImagingBBox null>>setpagedevice" 126 | *PageRegion A5/A5: "<</PageSize[421 595]/ImagingBBox null>>setpagedevice" 127 | *PageRegion AnsiA/ANSI A: "<</PageSize[612 792]/ImagingBBox null>>setpagedevice" 128 | *PageRegion AnsiB/ANSI B: "<</PageSize[792 1224]/ImagingBBox null>>setpagedevice" 129 | *PageRegion AnsiC/ANSI C: "<</PageSize[1224 1584]/ImagingBBox null>>setpagedevice" 130 | *PageRegion AnsiD/ANSI D: "<</PageSize[1584 2448]/ImagingBBox null>>setpagedevice" 131 | *PageRegion AnsiE/ANSI E: "<</PageSize[2448 3168]/ImagingBBox null>>setpagedevice" 132 | *PageRegion ArchA/Arch A: "<</PageSize[648 864]/ImagingBBox null>>setpagedevice" 133 | *PageRegion ArchB/Arch B: "<</PageSize[864 1296]/ImagingBBox null>>setpagedevice" 134 | *PageRegion ArchC/Arch C: "<</PageSize[1296 1728]/ImagingBBox null>>setpagedevice" 135 | *PageRegion ArchD/Arch D: "<</PageSize[1728 2592]/ImagingBBox null>>setpagedevice" 136 | *PageRegion ArchE/Arch E: "<</PageSize[2592 3456]/ImagingBBox null>>setpagedevice" 137 | *PageRegion C0/C0: "<</PageSize[2599 3676]/ImagingBBox null>>setpagedevice" 138 | *PageRegion C1/C1: "<</PageSize[1836 2599]/ImagingBBox null>>setpagedevice" 139 | *PageRegion C2/C2: "<</PageSize[1298 1836]/ImagingBBox null>>setpagedevice" 140 | *PageRegion C3/C3: "<</PageSize[918 1298]/ImagingBBox null>>setpagedevice" 141 | *PageRegion C4/C4: "<</PageSize[649 918]/ImagingBBox null>>setpagedevice" 142 | *PageRegion C5/C5: "<</PageSize[459 649]/ImagingBBox null>>setpagedevice" 143 | *PageRegion Env10/Envelope #10: "<</PageSize[297 684]/ImagingBBox null>>setpagedevice" 144 | *PageRegion EnvC5/Envelope C5: "<</PageSize[459 649]/ImagingBBox null>>setpagedevice" 145 | *PageRegion EnvDL/Envelope DL: "<</PageSize[312 624]/ImagingBBox null>>setpagedevice" 146 | *PageRegion EnvMonarch/Envelope Monarch: "<</PageSize[279 540]/ImagingBBox null>>setpagedevice" 147 | *PageRegion Executive/Executive: "<</PageSize[522 756]/ImagingBBox null>>setpagedevice" 148 | *PageRegion ISOB0/B0 (ISO): "<</PageSize[2834 4008]/ImagingBBox null>>setpagedevice" 149 | *PageRegion ISOB1/B1 (ISO): "<</PageSize[2004 2834]/ImagingBBox null>>setpagedevice" 150 | *PageRegion ISOB2/B2 (ISO): "<</PageSize[1417 2004]/ImagingBBox null>>setpagedevice" 151 | *PageRegion ISOB3/B3 (ISO): "<</PageSize[1000 1417]/ImagingBBox null>>setpagedevice" 152 | *PageRegion ISOB4/B4 (ISO): "<</PageSize[708 1000]/ImagingBBox null>>setpagedevice" 153 | *PageRegion ISOB5/B5 (ISO): "<</PageSize[498 708]/ImagingBBox null>>setpagedevice" 154 | *PageRegion JISB0/B0 (JIS): "<</PageSize[2919 4127]/ImagingBBox null>>setpagedevice" 155 | *PageRegion JISB1/B1 (JIS): "<</PageSize[2063 2919]/ImagingBBox null>>setpagedevice" 156 | *PageRegion JISB2/B2 (JIS): "<</PageSize[1459 2063]/ImagingBBox null>>setpagedevice" 157 | *PageRegion JISB3/B3 (JIS): "<</PageSize[1029 1459]/ImagingBBox null>>setpagedevice" 158 | *PageRegion JISB4/B4 (JIS): "<</PageSize[727 1029]/ImagingBBox null>>setpagedevice" 159 | *PageRegion JISB5/B5 (JIS): "<</PageSize[518 727]/ImagingBBox null>>setpagedevice" 160 | *PageRegion Ledger/Ledger: "<</PageSize[1224 792]/ImagingBBox null>>setpagedevice" 161 | *PageRegion Legal/US Legal: "<</PageSize[612 1008]/ImagingBBox null>>setpagedevice" 162 | *PageRegion Letter/US Letter: "<</PageSize[612 792]/ImagingBBox null>>setpagedevice" 163 | *PageRegion RA0/RA0: "<</PageSize[2437 3458]/ImagingBBox null>>setpagedevice" 164 | *PageRegion RA1/RA1: "<</PageSize[1729 2437]/ImagingBBox null>>setpagedevice" 165 | *PageRegion RA2/RA2: "<</PageSize[1218 1729]/ImagingBBox null>>setpagedevice" 166 | *PageRegion RA3/RA3: "<</PageSize[864 1218]/ImagingBBox null>>setpagedevice" 167 | *PageRegion RA4/RA4: "<</PageSize[609 864]/ImagingBBox null>>setpagedevice" 168 | *PageRegion SRA0/SRA0: "<</PageSize[2551 3628]/ImagingBBox null>>setpagedevice" 169 | *PageRegion SRA1/SRA1: "<</PageSize[1814 2551]/ImagingBBox null>>setpagedevice" 170 | *PageRegion SRA2/SRA2: "<</PageSize[1275 1814]/ImagingBBox null>>setpagedevice" 171 | *PageRegion SRA3/SRA3: "<</PageSize[907 1275]/ImagingBBox null>>setpagedevice" 172 | *PageRegion SRA4/SRA4: "<</PageSize[637 907]/ImagingBBox null>>setpagedevice" 173 | *PageRegion SuperA/Super A: "<</PageSize[644 1008]/ImagingBBox null>>setpagedevice" 174 | *PageRegion SuperB/Super B: "<</PageSize[936 1368]/ImagingBBox null>>setpagedevice" 175 | *PageRegion TabloidExtra/Tabloid Extra: "<</PageSize[864 1296]/ImagingBBox null>>setpagedevice" 176 | *PageRegion Tabloid/Tabloid: "<</PageSize[792 1224]/ImagingBBox null>>setpagedevice" 177 | *CloseUI: *PageRegion 178 | 179 | *DefaultImageableArea: Letter 180 | *ImageableArea 11x14/11x14: "0 0 792 1008" 181 | *ImageableArea 11x17/11x17: "0 0 792 1224" 182 | *ImageableArea 13x19/13x19: "0 0 936 1368" 183 | *ImageableArea 16x20/16x20: "0 0 1152 1440" 184 | *ImageableArea 16x24/16x24: "0 0 1152 1728" 185 | *ImageableArea 2A/2A: "0 0 3370 4768" 186 | *ImageableArea 4A/4A: "0 0 4768 6749" 187 | *ImageableArea 8x10/8x10: "0 0 576 720" 188 | *ImageableArea 8x12/8x12: "0 0 576 864" 189 | *ImageableArea A0/A0: "0 0 2384 3370" 190 | *ImageableArea A1/A1: "0 0 1684 2384" 191 | *ImageableArea A2/A2: "0 0 1191 1684" 192 | *ImageableArea A3/A3: "0 0 842 1191" 193 | *ImageableArea A4/A4: "0 0 595 842" 194 | *ImageableArea A5/A5: "0 0 421 595" 195 | *ImageableArea AnsiA/ANSI A: "0 0 612 792" 196 | *ImageableArea AnsiB/ANSI B: "0 0 792 1224" 197 | *ImageableArea AnsiC/ANSI C: "0 0 1224 1584" 198 | *ImageableArea AnsiD/ANSI D: "0 0 1584 2448" 199 | *ImageableArea AnsiE/ANSI E: "0 0 2448 3168" 200 | *ImageableArea ArchA/Arch A: "0 0 648 864" 201 | *ImageableArea ArchB/Arch B: "0 0 864 1296" 202 | *ImageableArea ArchC/Arch C: "0 0 1296 1728" 203 | *ImageableArea ArchD/Arch D: "0 0 1728 2592" 204 | *ImageableArea ArchE/Arch E: "0 0 2592 3456" 205 | *ImageableArea C0/C0: "0 0 2599 3676" 206 | *ImageableArea C1/C1: "0 0 1836 2599" 207 | *ImageableArea C2/C2: "0 0 1298 1836" 208 | *ImageableArea C3/C3: "0 0 918 1298" 209 | *ImageableArea C4/C4: "0 0 649 918" 210 | *ImageableArea C5/C5: "0 0 459 649" 211 | *ImageableArea Env10/Envelope #10: "0 0 297 684" 212 | *ImageableArea EnvC5/Envelope C5: "0 0 459 649" 213 | *ImageableArea EnvDL/Envelope DL: "0 0 312 624" 214 | *ImageableArea EnvMonarch/Envelope Monarch: "0 0 279 540" 215 | *ImageableArea Executive/Executive: "0 0 522 756" 216 | *ImageableArea ISOB0/B0 (ISO): "0 0 2834 4008" 217 | *ImageableArea ISOB1/B1 (ISO): "0 0 2004 2834" 218 | *ImageableArea ISOB2/B2 (ISO): "0 0 1417 2004" 219 | *ImageableArea ISOB3/B3 (ISO): "0 0 1000 1417" 220 | *ImageableArea ISOB4/B4 (ISO): "0 0 708 1000" 221 | *ImageableArea ISOB5/B5 (ISO): "0 0 498 708" 222 | *ImageableArea JISB0/B0 (JIS): "0 0 2919 4127" 223 | *ImageableArea JISB1/B1 (JIS): "0 0 2063 2919" 224 | *ImageableArea JISB2/B2 (JIS): "0 0 1459 2063" 225 | *ImageableArea JISB3/B3 (JIS): "0 0 1029 1459" 226 | *ImageableArea JISB4/B4 (JIS): "0 0 727 1029" 227 | *ImageableArea JISB5/B5 (JIS): "0 0 518 727" 228 | *ImageableArea Ledger/Ledger: "0 0 1224 792" 229 | *ImageableArea Legal/US Legal: "0 0 612 1008" 230 | *ImageableArea Letter/US Letter: "0 0 612 792" 231 | *ImageableArea RA0/RA0: "0 0 2437 3458" 232 | *ImageableArea RA1/RA1: "0 0 1729 2437" 233 | *ImageableArea RA2/RA2: "0 0 1218 1729" 234 | *ImageableArea RA3/RA3: "0 0 864 1218" 235 | *ImageableArea RA4/RA4: "0 0 609 864" 236 | *ImageableArea SRA0/SRA0: "0 0 2551 3628" 237 | *ImageableArea SRA1/SRA1: "0 0 1814 2551" 238 | *ImageableArea SRA2/SRA2: "0 0 1275 1814" 239 | *ImageableArea SRA3/SRA3: "0 0 907 1275" 240 | *ImageableArea SRA4/SRA4: "0 0 637 907" 241 | *ImageableArea SuperA/Super A: "0 0 644 1008" 242 | *ImageableArea SuperB/Super B: "0 0 936 1368" 243 | *ImageableArea TabloidExtra/Tabloid Extra: "0 0 864 1296" 244 | *ImageableArea Tabloid/Tabloid: "0 0 792 1224" 245 | 246 | *DefaultPaperDimension: Letter 247 | *PaperDimension 11x14/11x14: "792 1008" 248 | *PaperDimension 11x17/11x17: "792 1224" 249 | *PaperDimension 13x19/13x19: "936 1368" 250 | *PaperDimension 16x20/16x20: "1152 1440" 251 | *PaperDimension 16x24/16x24: "1152 1728" 252 | *PaperDimension 2A/2A: "3370 4768" 253 | *PaperDimension 4A/4A: "4768 6749" 254 | *PaperDimension 8x10/8x10: "576 720" 255 | *PaperDimension 8x12/8x12: "576 864" 256 | *PaperDimension A0/A0: "2384 3370" 257 | *PaperDimension A1/A1: "1684 2384" 258 | *PaperDimension A2/A2: "1191 1684" 259 | *PaperDimension A3/A3: "842 1191" 260 | *PaperDimension A4/A4: "595 842" 261 | *PaperDimension A5/A5: "421 595" 262 | *PaperDimension AnsiA/ANSI A: "612 792" 263 | *PaperDimension AnsiB/ANSI B: "792 1224" 264 | *PaperDimension AnsiC/ANSI C: "1224 1584" 265 | *PaperDimension AnsiD/ANSI D: "1584 2448" 266 | *PaperDimension AnsiE/ANSI E: "2448 3168" 267 | *PaperDimension ArchA/Arch A: "648 864" 268 | *PaperDimension ArchB/Arch B: "864 1296" 269 | *PaperDimension ArchC/Arch C: "1296 1728" 270 | *PaperDimension ArchD/Arch D: "1728 2592" 271 | *PaperDimension ArchE/Arch E: "2592 3456" 272 | *PaperDimension C0/C0: "2599 3676" 273 | *PaperDimension C1/C1: "1836 2599" 274 | *PaperDimension C2/C2: "1298 1836" 275 | *PaperDimension C3/C3: "918 1298" 276 | *PaperDimension C4/C4: "649 918" 277 | *PaperDimension C5/C5: "459 649" 278 | *PaperDimension Env10/Envelope #10: "297 684" 279 | *PaperDimension EnvC5/Envelope C5: "459 649" 280 | *PaperDimension EnvDL/Envelope DL: "312 624" 281 | *PaperDimension EnvMonarch/Envelope Monarch: "279 540" 282 | *PaperDimension Executive/Executive: "522 756" 283 | *PaperDimension ISOB0/B0 (ISO): "2834 4008" 284 | *PaperDimension ISOB1/B1 (ISO): "2004 2834" 285 | *PaperDimension ISOB2/B2 (ISO): "1417 2004" 286 | *PaperDimension ISOB3/B3 (ISO): "1000 1417" 287 | *PaperDimension ISOB4/B4 (ISO): "708 1000" 288 | *PaperDimension ISOB5/B5 (ISO): "498 708" 289 | *PaperDimension JISB0/B0 (JIS): "2919 4127" 290 | *PaperDimension JISB1/B1 (JIS): "2063 2919" 291 | *PaperDimension JISB2/B2 (JIS): "1459 2063" 292 | *PaperDimension JISB3/B3 (JIS): "1029 1459" 293 | *PaperDimension JISB4/B4 (JIS): "727 1029" 294 | *PaperDimension JISB5/B5 (JIS): "518 727" 295 | *PaperDimension Ledger/Ledger: "1224 792" 296 | *PaperDimension Legal/US Legal: "612 1008" 297 | *PaperDimension Letter/US Letter: "612 792" 298 | *PaperDimension RA0/RA0: "2437 3458" 299 | *PaperDimension RA1/RA1: "1729 2437" 300 | *PaperDimension RA2/RA2: "1218 1729" 301 | *PaperDimension RA3/RA3: "864 1218" 302 | *PaperDimension RA4/RA4: "609 864" 303 | *PaperDimension SRA0/SRA0: "2551 3628" 304 | *PaperDimension SRA1/SRA1: "1814 2551" 305 | *PaperDimension SRA2/SRA2: "1275 1814" 306 | *PaperDimension SRA3/SRA3: "907 1275" 307 | *PaperDimension SRA4/SRA4: "637 907" 308 | *PaperDimension SuperA/Super A: "644 1008" 309 | *PaperDimension SuperB/Super B: "936 1368" 310 | *PaperDimension TabloidExtra/Tabloid Extra: "864 1296" 311 | *PaperDimension Tabloid/Tabloid: "792 1224" 312 | 313 | *OpenUI *Resolution/Output Resolution: PickOne 314 | *OrderDependency: 100 AnySetup *Resolution 315 | *DefaultResolution: 2400dpi 316 | *Resolution 150dpi/150 DPI: "<</HWResolution[150 150]>>setpagedevice" 317 | *Resolution 300dpi/300 DPI: "<</HWResolution[300 300]>>setpagedevice" 318 | *Resolution 600dpi/600 DPI: "<</HWResolution[600 600]>>setpagedevice" 319 | *Resolution 1200dpi/1200 DPI: "<</HWResolution[1200 1200]>>setpagedevice" 320 | *Resolution 2400dpi/2400 DPI: "<</HWResolution[2400 2400]>>setpagedevice" 321 | *CloseUI: *Resolution 322 | 323 | *CloseGroup: General 324 | 325 | *DefaultFont: Courier 326 | *Font AvantGarde-Book: Standard "(001.006S)" Standard ROM 327 | *Font AvantGarde-BookOblique: Standard "(001.006S)" Standard ROM 328 | *Font AvantGarde-Demi: Standard "(001.007S)" Standard ROM 329 | *Font AvantGarde-DemiOblique: Standard "(001.007S)" Standard ROM 330 | *Font Bookman-Demi: Standard "(001.004S)" Standard ROM 331 | *Font Bookman-DemiItalic: Standard "(001.004S)" Standard ROM 332 | *Font Bookman-Light: Standard "(001.004S)" Standard ROM 333 | *Font Bookman-LightItalic: Standard "(001.004S)" Standard ROM 334 | *Font Courier: Standard "(002.004S)" Standard ROM 335 | *Font Courier-Bold: Standard "(002.004S)" Standard ROM 336 | *Font Courier-BoldOblique: Standard "(002.004S)" Standard ROM 337 | *Font Courier-Oblique: Standard "(002.004S)" Standard ROM 338 | *Font Helvetica: Standard "(001.006S)" Standard ROM 339 | *Font Helvetica-Bold: Standard "(001.007S)" Standard ROM 340 | *Font Helvetica-BoldOblique: Standard "(001.007S)" Standard ROM 341 | *Font Helvetica-Narrow: Standard "(001.006S)" Standard ROM 342 | *Font Helvetica-Narrow-Bold: Standard "(001.007S)" Standard ROM 343 | *Font Helvetica-Narrow-BoldOblique: Standard "(001.007S)" Standard ROM 344 | *Font Helvetica-Narrow-Oblique: Standard "(001.006S)" Standard ROM 345 | *Font Helvetica-Oblique: Standard "(001.006S)" Standard ROM 346 | *Font NewCenturySchlbk-Bold: Standard "(001.009S)" Standard ROM 347 | *Font NewCenturySchlbk-BoldItalic: Standard "(001.007S)" Standard ROM 348 | *Font NewCenturySchlbk-Italic: Standard "(001.006S)" Standard ROM 349 | *Font NewCenturySchlbk-Roman: Standard "(001.007S)" Standard ROM 350 | *Font Palatino-Bold: Standard "(001.005S)" Standard ROM 351 | *Font Palatino-BoldItalic: Standard "(001.005S)" Standard ROM 352 | *Font Palatino-Italic: Standard "(001.005S)" Standard ROM 353 | *Font Palatino-Roman: Standard "(001.005S)" Standard ROM 354 | *Font Symbol: Special "(001.007S)" Special ROM 355 | *Font Times-Bold: Standard "(001.007S)" Standard ROM 356 | *Font Times-BoldItalic: Standard "(001.009S)" Standard ROM 357 | *Font Times-Italic: Standard "(001.007S)" Standard ROM 358 | *Font Times-Roman: Standard "(001.007S)" Standard ROM 359 | *Font ZapfChancery-MediumItalic: Standard "(001.007S)" Standard ROM 360 | *Font ZapfDingbats: Special "(001.004S)" Standard ROM 361 | *% 362 | *% End of "$Id: postscript.ppd,v 1.1.1.1 2000/08/24 19:23:13 goffioul Exp $". 363 | -------------------------------------------------------------------------------- /root/etc/cups/start_cups.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -ex 3 | { 4 | PRINTER_NAME=${KASM_PRINTER_NAME:-Kasm-Printer} 5 | 6 | echo "Starting cups" 7 | # HACK: Some versions of cupsd cannot handle unlimited file descriptor limit 8 | # that docker sets.. 9 | ulimit -n 1024 &&/usr/sbin/cupsd -f & 10 | until [[ "$(lpstat -r)" == "scheduler is running" ]]; do sleep 15; done 11 | 12 | echo "Creating a virtual printer: $PRINTER_NAME" 13 | lpadmin -p $PRINTER_NAME -E -v cups-pdf:/ -P /etc/cups/ppd/kasm.ppd 14 | lpadmin -p $PRINTER_NAME -o print-color-mode-default=color 15 | 16 | echo "Done!" 17 | } 2>&1 | tee /tmp/start_cups.log 18 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-config/dependencies.d/init-kasmvnc-end: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/init-config/dependencies.d/init-kasmvnc-end -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-kasmvnc-config/dependencies.d/init-nginx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/init-kasmvnc-config/dependencies.d/init-nginx -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-kasmvnc-config/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | # default file copies first run 4 | if [[ ! -f /config/.config/openbox/autostart ]]; then 5 | mkdir -p /config/.config/openbox 6 | cp /defaults/autostart /config/.config/openbox/autostart 7 | chown -R abc:abc /config/.config/openbox 8 | fi 9 | if [[ ! -f /config/.config/openbox/menu.xml ]]; then 10 | mkdir -p /config/.config/openbox && \ 11 | cp /defaults/menu.xml /config/.config/openbox/menu.xml && \ 12 | chown -R abc:abc /config/.config 13 | fi 14 | if [[ -f /usr/local/etc/kasmvnc/kasmvnc.yaml.lsio ]]; then 15 | mv \ 16 | /usr/local/etc/kasmvnc/kasmvnc.yaml.lsio \ 17 | /usr/local/etc/kasmvnc/kasmvnc.yaml 18 | fi 19 | 20 | # XDG Home 21 | printf "${HOME}/.XDG" > /run/s6/container_environment/XDG_RUNTIME_DIR 22 | if [ ! -d "${HOME}/.XDG" ]; then 23 | mkdir -p ${HOME}/.XDG 24 | chown abc:abc ${HOME}/.XDG 25 | fi 26 | 27 | # Locale Support 28 | if [ ! -z ${LC_ALL+x} ]; then 29 | printf "${LC_ALL%.UTF-8}" > /run/s6/container_environment/LANGUAGE 30 | printf "${LC_ALL}" > /run/s6/container_environment/LANG 31 | fi 32 | 33 | # Remove window borders 34 | if [[ ! -z ${NO_DECOR+x} ]] && [[ ! -f /decorlock ]]; then 35 | sed -i \ 36 | 's|</applications>| <application class="*"> <decor>no</decor> </application>\n</applications>|' \ 37 | /etc/xdg/openbox/rc.xml 38 | touch /decorlock 39 | fi 40 | 41 | # Fullscreen everything in openbox unless the user explicitly disables it 42 | if [[ ! -z ${NO_FULL+x} ]] && [[ ! -f /fulllock ]]; then 43 | sed -i \ 44 | '/<application class="\*"><maximized>yes<\/maximized><\/application>/d' \ 45 | /etc/xdg/openbox/rc.xml 46 | touch /fulllock 47 | fi 48 | 49 | # Add proot-apps 50 | if [ ! -f "${HOME}/.local/bin/proot-apps" ]; then 51 | mkdir -p ${HOME}/.local/bin/ 52 | cp /proot-apps/* ${HOME}/.local/bin/ 53 | echo 'export PATH="$HOME/.local/bin:$PATH"' >> $HOME/.bashrc 54 | chown abc:abc \ 55 | ${HOME}/.bashrc \ 56 | ${HOME}/.local/ \ 57 | ${HOME}/.local/bin \ 58 | ${HOME}/.local/bin/{ncat,proot-apps,proot,jq,pversion} 59 | elif ! diff -q /proot-apps/pversion ${HOME}/.local/bin/pversion > /dev/null; then 60 | cp /proot-apps/* ${HOME}/.local/bin/ 61 | chown abc:abc ${HOME}/.local/bin/{ncat,proot-apps,proot,jq,pversion} 62 | fi 63 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-kasmvnc-config/type: -------------------------------------------------------------------------------- 1 | oneshot 2 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-kasmvnc-config/up: -------------------------------------------------------------------------------- 1 | /etc/s6-overlay/s6-rc.d/init-kasmvnc-config/run 2 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-kasmvnc-end/dependencies.d/init-video: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/init-kasmvnc-end/dependencies.d/init-video -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-kasmvnc-end/type: -------------------------------------------------------------------------------- 1 | oneshot -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-kasmvnc-end/up: -------------------------------------------------------------------------------- 1 | # This file doesn't do anything, it's just the end of the kasmvnc init process -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-kasmvnc/dependencies.d/init-os-end: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/init-kasmvnc/dependencies.d/init-os-end -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-kasmvnc/type: -------------------------------------------------------------------------------- 1 | oneshot -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-kasmvnc/up: -------------------------------------------------------------------------------- 1 | # This file doesn't do anything, it's just the beginning of the kasmvnc init process -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/init-kasmvnc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/init-kasmvnc -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-nginx/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | # nginx Path 4 | NGINX_CONFIG=/etc/nginx/http.d/default.conf 5 | 6 | # user passed env vars 7 | CPORT="${CUSTOM_PORT:-3000}" 8 | CHPORT="${CUSTOM_HTTPS_PORT:-3001}" 9 | CUSER="${CUSTOM_USER:-abc}" 10 | SFOLDER="${SUBFOLDER:-/}" 11 | 12 | # create self signed cert 13 | if [ ! -f "/config/ssl/cert.pem" ]; then 14 | mkdir -p /config/ssl 15 | openssl req -new -x509 \ 16 | -days 3650 -nodes \ 17 | -out /config/ssl/cert.pem \ 18 | -keyout /config/ssl/cert.key \ 19 | -subj "/C=US/ST=CA/L=Carlsbad/O=Linuxserver.io/OU=LSIO Server/CN=*" 20 | chmod 600 /config/ssl/cert.key 21 | chown -R abc:abc /config/ssl 22 | fi 23 | 24 | # modify nginx config 25 | cp /defaults/default.conf ${NGINX_CONFIG} 26 | sed -i "s/3000/$CPORT/g" ${NGINX_CONFIG} 27 | sed -i "s/3001/$CHPORT/g" ${NGINX_CONFIG} 28 | sed -i "s|SUBFOLDER|$SFOLDER|g" ${NGINX_CONFIG} 29 | if [ ! -z ${DISABLE_IPV6+x} ]; then 30 | sed -i '/listen \[::\]/d' ${NGINX_CONFIG} 31 | fi 32 | if [ ! -z ${PASSWORD+x} ]; then 33 | printf "${CUSER}:$(openssl passwd -apr1 ${PASSWORD})\n" > /etc/nginx/.htpasswd 34 | sed -i 's/#//g' ${NGINX_CONFIG} 35 | fi 36 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-nginx/type: -------------------------------------------------------------------------------- 1 | oneshot 2 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-nginx/up: -------------------------------------------------------------------------------- 1 | /etc/s6-overlay/s6-rc.d/init-nginx/run 2 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-video/dependencies.d/init-kasmvnc-config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/init-video/dependencies.d/init-kasmvnc-config -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-video/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | FILES=$(find /dev/dri /dev/dvb -type c -print 2>/dev/null) 4 | 5 | for i in $FILES 6 | do 7 | VIDEO_GID=$(stat -c '%g' "${i}") 8 | VIDEO_UID=$(stat -c '%u' "${i}") 9 | # check if user matches device 10 | if id -u abc | grep -qw "${VIDEO_UID}"; then 11 | echo "**** permissions for ${i} are good ****" 12 | else 13 | # check if group matches and that device has group rw 14 | if id -G abc | grep -qw "${VIDEO_GID}" && [ $(stat -c '%A' "${i}" | cut -b 5,6) = "rw" ]; then 15 | echo "**** permissions for ${i} are good ****" 16 | # check if device needs to be added to video group 17 | elif ! id -G abc | grep -qw "${VIDEO_GID}"; then 18 | # check if video group needs to be created 19 | VIDEO_NAME=$(getent group "${VIDEO_GID}" | awk -F: '{print $1}') 20 | if [ -z "${VIDEO_NAME}" ]; then 21 | VIDEO_NAME="video$(head /dev/urandom | tr -dc 'a-z0-9' | head -c4)" 22 | groupadd "${VIDEO_NAME}" 23 | groupmod -g "${VIDEO_GID}" "${VIDEO_NAME}" 24 | echo "**** creating video group ${VIDEO_NAME} with id ${VIDEO_GID} ****" 25 | fi 26 | echo "**** adding ${i} to video group ${VIDEO_NAME} with id ${VIDEO_GID} ****" 27 | usermod -a -G "${VIDEO_NAME}" abc 28 | fi 29 | # check if device has group rw 30 | if [ $(stat -c '%A' "${i}" | cut -b 5,6) != "rw" ]; then 31 | echo -e "**** The device ${i} does not have group read/write permissions, attempting to fix inside the container.If it doesn't work, you can run the following on your docker host: ****\nsudo chmod g+rw ${i}\n" 32 | chmod g+rw "${i}" 33 | fi 34 | fi 35 | done 36 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-video/type: -------------------------------------------------------------------------------- 1 | oneshot 2 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/init-video/up: -------------------------------------------------------------------------------- 1 | /etc/s6-overlay/s6-rc.d/init-video/run 2 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-de/dependencies.d/init-services: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/svc-de/dependencies.d/init-services -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-de/dependencies.d/svc-nginx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/svc-de/dependencies.d/svc-nginx -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-de/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | cd $HOME 4 | exec s6-setuidgid abc \ 5 | /bin/bash /defaults/startwm.sh 6 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-de/type: -------------------------------------------------------------------------------- 1 | longrun 2 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-docker/dependencies.d/init-services: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/svc-docker/dependencies.d/init-services -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-docker/dependencies.d/svc-de: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/svc-docker/dependencies.d/svc-de -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-docker/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | # We need to wait for kclient to be full up as docker init breaks audio 4 | sleep 5 5 | 6 | # Make sure this is a priv container 7 | if [ -e /dev/cpu_dma_latency ]; then 8 | if [ "${START_DOCKER}" == "true" ]; then 9 | exec /usr/local/bin/dockerd-entrypoint.sh -l error 10 | else 11 | sleep infinity 12 | fi 13 | fi 14 | # if anything goes wrong with Docker don't loop 15 | sleep infinity 16 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-docker/type: -------------------------------------------------------------------------------- 1 | longrun 2 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-kasmvnc/dependencies.d/init-services: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/svc-kasmvnc/dependencies.d/init-services -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-kasmvnc/dependencies.d/svc-pulseaudio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/svc-kasmvnc/dependencies.d/svc-pulseaudio -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-kasmvnc/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | # Pass gpu flags if mounted 4 | if ls /dev/dri/renderD* 1> /dev/null 2>&1 && [ -z ${DISABLE_DRI+x} ] && ! which nvidia-smi; then 5 | HW3D="-hw3d" 6 | fi 7 | if [ -z ${DRINODE+x} ]; then 8 | DRINODE="/dev/dri/renderD128" 9 | fi 10 | 11 | exec s6-setuidgid abc \ 12 | /usr/local/bin/Xvnc $DISPLAY \ 13 | ${HW3D} \ 14 | -PublicIP 127.0.0.1 \ 15 | -drinode ${DRINODE} \ 16 | -disableBasicAuth \ 17 | -SecurityTypes None \ 18 | -AlwaysShared \ 19 | -http-header Cross-Origin-Embedder-Policy=require-corp \ 20 | -http-header Cross-Origin-Opener-Policy=same-origin \ 21 | -geometry 1024x768 \ 22 | -sslOnly 0 \ 23 | -RectThreads 0 \ 24 | -websocketPort 6901 \ 25 | -interface 0.0.0.0 \ 26 | -Log *:stdout:10 27 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-kasmvnc/type: -------------------------------------------------------------------------------- 1 | longrun 2 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-kclient/dependencies.d/init-services: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/svc-kclient/dependencies.d/init-services -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-kclient/dependencies.d/svc-kasmvnc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/svc-kclient/dependencies.d/svc-kasmvnc -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-kclient/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | # Mic Setup 4 | if [ ! -f '/dev/shm/mic.lock' ]; then 5 | until [ -f /defaults/pid ]; do 6 | sleep .5 7 | done 8 | s6-setuidgid abc with-contenv pactl \ 9 | load-module module-pipe-source \ 10 | source_name=virtmic \ 11 | file=/defaults/mic.sock \ 12 | source_properties=device.description=LSIOMic \ 13 | format=s16le \ 14 | rate=44100 \ 15 | channels=1 16 | s6-setuidgid abc with-contenv pactl \ 17 | set-default-source virtmic 18 | touch /dev/shm/mic.lock 19 | fi 20 | 21 | # NodeJS wrapper 22 | cd /kclient 23 | exec s6-setuidgid abc \ 24 | node index.js 25 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-kclient/type: -------------------------------------------------------------------------------- 1 | longrun 2 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-nginx/dependencies.d/init-services: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/svc-nginx/dependencies.d/init-services -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-nginx/dependencies.d/svc-kclient: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/svc-nginx/dependencies.d/svc-kclient -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-nginx/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | # shellcheck shell=bash 3 | 4 | if pgrep -f "[n]ginx:" >/dev/null; then 5 | echo "Zombie nginx processes detected, sending SIGTERM" 6 | pkill -ef [n]ginx: 7 | sleep 1 8 | fi 9 | 10 | if pgrep -f "[n]ginx:" >/dev/null; then 11 | echo "Zombie nginx processes still active, sending SIGKILL" 12 | pkill -9 -ef [n]ginx: 13 | sleep 1 14 | fi 15 | 16 | exec /usr/sbin/nginx -g 'daemon off;' 17 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-nginx/type: -------------------------------------------------------------------------------- 1 | longrun 2 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-pulseaudio/dependencies.d/init-services: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/svc-pulseaudio/dependencies.d/init-services -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-pulseaudio/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | exec s6-setuidgid abc \ 4 | /usr/bin/pulseaudio \ 5 | --log-level=0 \ 6 | --log-target=stderr \ 7 | --exit-idle-time=-1 > /dev/null 2>&1 8 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/svc-pulseaudio/type: -------------------------------------------------------------------------------- 1 | longrun 2 | -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/init-config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-config -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/init-kasmvnc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-kasmvnc -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/init-kasmvnc-config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-kasmvnc-config -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/init-kasmvnc-end: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-kasmvnc-end -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/init-video: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/user/contents.d/init-video -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-de: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-de -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-docker: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-docker -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-kasmvnc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-kasmvnc -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-kclient: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-kclient -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-nginx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-nginx -------------------------------------------------------------------------------- /root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-pulseaudio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linuxserver/docker-baseimage-kasmvnc/0656a8141ff88c5249d7aa68913045a6c1efea94/root/etc/s6-overlay/s6-rc.d/user/contents.d/svc-pulseaudio -------------------------------------------------------------------------------- /root/kasminit: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | # Purge temp files on init and exit 5 | function clean () { 6 | rm -rf /tmp/{,.[!.],..?}* || : 7 | } 8 | trap clean SIGINT SIGTERM 9 | clean 10 | 11 | # Lang 12 | if [ ! -z ${LC_ALL+x} ]; then 13 | export LANGUAGE="${LC_ALL%.UTF-8}" 14 | export LANG="${LC_ALL}" 15 | fi 16 | 17 | # Environment 18 | export HOME=/home/kasm-user 19 | export KASM_VNC_PATH=/usr/share/kasmvnc 20 | export PULSE_RUNTIME_PATH=/var/run/pulse 21 | if [ -z ${DRINODE+x} ]; then 22 | DRINODE="/dev/dri/renderD128" 23 | fi 24 | KASMNVC_HW3D='' 25 | if [ ! -z ${HW3D+x} ]; then 26 | KASMVNC_HW3D="-hw3d" 27 | fi 28 | 29 | # Go URL translation 30 | if [ ! -z ${KASM_URL+x} ]; then 31 | export BRAVE_CLI=$KASM_URL 32 | export CHROME_CLI=$KASM_URL 33 | export EDGE_CLI=$KASM_URL 34 | export FIREFOX_CLI=$KASM_URL 35 | export OPERA_CLI=$KASM_URL 36 | export TOR_CLI=$KASM_URL 37 | export VIVALDI_CLI=$KASM_URL 38 | fi 39 | 40 | # Notification daemon 41 | dunst & 42 | 43 | ## Directory setup for home folder ## 44 | # Create folders for upload/download 45 | mkdir -p $HOME/Desktop $HOME/Downloads 46 | for FOLDER in Uploads Downloads; do 47 | if [[ ! -L $HOME/Desktop/$FOLDER ]]; then 48 | mkdir -p $HOME/$FOLDER 49 | ln -sf $HOME/$FOLDER $HOME/Desktop/$FOLDER 50 | fi 51 | done 52 | if [[ ! -L $KASM_VNC_PATH/www/Downloads/Downloads ]]; then 53 | ln -sf $HOME/Downloads $KASM_VNC_PATH/www/Downloads/Downloads 54 | fi 55 | rm -rf $HOME/.config/pulse 56 | # Openbox config files 57 | if [[ ! -f $HOME/.config/openbox/autostart ]]; then 58 | mkdir -p $HOME/.config/openbox 59 | cp /defaults/autostart $HOME/.config/openbox/autostart 60 | fi 61 | if [[ ! -f $HOME/.config/openbox/menu.xml ]]; then 62 | mkdir -p $HOME/.config/openbox 63 | cp /defaults/menu.xml $HOME/.config/openbox/menu.xml 64 | fi 65 | # Startup Script for DE 66 | mkdir -p $HOME/.vnc 67 | cp \ 68 | /defaults/startwm.sh \ 69 | $HOME/.vnc/xstartup 70 | touch $HOME/.vnc/.de-was-selected 71 | # Add proot-apps 72 | if [ ! -f "${HOME}/.local/bin/proot-apps" ]; then 73 | mkdir -p ${HOME}/.local/bin/ 74 | cp /proot-apps/* ${HOME}/.local/bin/ 75 | echo 'export PATH="$HOME/.local/bin:$PATH"' >> $HOME/.bashrc 76 | elif ! diff -q /proot-apps/pversion ${HOME}/.local/bin/pversion > /dev/null; then 77 | cp /proot-apps/* ${HOME}/.local/bin/ 78 | fi 79 | 80 | ## Network egress wait ## 81 | while :; do 82 | interfaces=$(ip link show type veth | awk -F: '/^[0-9]+: / {print $2}' | awk '{print $1}' | sed 's/@.*//') 83 | if [ -z "$interfaces" ]; then 84 | sleep 1 85 | continue 86 | fi 87 | for interface in $interfaces; do 88 | if [[ $interface == eth* ]]; then 89 | break 2 90 | fi 91 | if [[ $interface == k-p-* ]]; then 92 | egress_file="/dockerstartup/.egress_status" 93 | while [ ! -f "$egress_file" ]; do 94 | sleep 1 95 | done 96 | egress_status=$(cat $egress_file) 97 | if [ "$egress_status" == "ready" ]; then 98 | if [ -z "$KASM_PROFILE_LDR" ]; then 99 | http_proxy="" https_proxy="" curl -k "https://${KASM_API_HOST}:${KASM_API_PORT}/api/set_kasm_session_status?token=${KASM_API_JWT}" -H 'Content-Type: application/json' -d '{"status": "running"}' 100 | fi 101 | break 2 102 | fi 103 | if [ "$egress_status" == "error" ]; then 104 | echo "Failed to establish egress gateway. Exiting..." 105 | exit 1 106 | fi 107 | fi 108 | done 109 | sleep 1 110 | done 111 | 112 | ## KasmVNC init ## 113 | # Password 114 | if [[ -f $HOME/.kasmpasswd ]]; then 115 | rm -f $HOME/.kasmpasswd 116 | fi 117 | if [[ -z ${VNC_PW+x} ]]; then 118 | VNC_PW="vncpassword" 119 | fi 120 | if [[ -z ${VNC_VIEW_ONLY_PW+x} ]]; then 121 | VNC_VIEW_ONLY_PW="vncviewonlypassword" 122 | fi 123 | VNC_PW_HASH=$(python3 -c "import crypt; print(crypt.crypt('${VNC_PW}', '\$5\$kasm\$'));") 124 | VNC_VIEW_PW_HASH=$(python3 -c "import crypt; print(crypt.crypt('${VNC_VIEW_ONLY_PW}', '\$5\$kasm\$'));") 125 | echo "kasm_user:${VNC_PW_HASH}:ow" > $HOME/.kasmpasswd 126 | echo "kasm_viewer:${VNC_VIEW_PW_HASH}:" >> $HOME/.kasmpasswd 127 | chmod 600 $HOME/.kasmpasswd 128 | # SSL cert 129 | rm -f ${HOME}/.vnc/self.pem 130 | openssl req -x509 \ 131 | -nodes \ 132 | -days 3650 \ 133 | -newkey rsa:2048 \ 134 | -keyout ${HOME}/.vnc/self.pem \ 135 | -out ${HOME}/.vnc/self.pem \ 136 | -subj "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none" 137 | # Start KasmVNC 138 | vncserver $DISPLAY \ 139 | $KASMVNC_HW3D \ 140 | -drinode $DRINODE \ 141 | -websocketPort 6901 \ 142 | -httpd ${KASM_VNC_PATH}/www \ 143 | -FrameRate=60 \ 144 | -interface 0.0.0.0 \ 145 | -BlacklistThreshold=0 \ 146 | -FreeKeyMappings \ 147 | -PreferBandwidth \ 148 | -DynamicQualityMin=4 \ 149 | -DynamicQualityMax=7 \ 150 | -DLP_ClipDelay=0 \ 151 | -sslOnly \ 152 | -UnixRelay printer:/tmp/printer 153 | 154 | ## Microservice Init ## 155 | # Audio 156 | /kasmbins/kasm_websocket_relay/kasm_audio_out-linux \ 157 | kasmaudio \ 158 | 8081 \ 159 | 4901 \ 160 | ${HOME}/.vnc/self.pem \ 161 | ${HOME}/.vnc/self.pem \ 162 | "kasm_user:$VNC_PW" & 163 | HOME=/var/run/pulse pulseaudio --start 164 | HOME=/var/run/pulse no_proxy=127.0.0.1 ffmpeg \ 165 | -v verbose \ 166 | -f pulse \ 167 | -fragment_size ${PULSEAUDIO_FRAGMENT_SIZE:-2000} \ 168 | -ar 44100 \ 169 | -i default \ 170 | -f mpegts \ 171 | -correct_ts_overflow 0 \ 172 | -codec:a mp2 \ 173 | -b:a 128k \ 174 | -ac 1 \ 175 | -muxdelay 0.001 \ 176 | http://127.0.0.1:8081/kasmaudio > /dev/null 2>&1 & 177 | # Audio in 178 | /kasmbins/kasm_audio_input_server \ 179 | --ssl \ 180 | --auth-token "kasm_user:$VNC_PW" \ 181 | --cert ${HOME}/.vnc/self.pem \ 182 | --certkey ${HOME}/.vnc/self.pem & 183 | # Uploads 184 | /kasmbins/kasm_upload_server \ 185 | --ssl \ 186 | --auth-token "kasm_user:$VNC_PW" & 187 | # Gamepad 188 | if [[ ${KASM_SVC_GAMEPAD:-1} == 1 ]]; then 189 | /kasmbins/kasm_gamepad_server \ 190 | --ssl \ 191 | --auth-token "kasm_user:$VNC_PW" \ 192 | --cert ${HOME}/.vnc/self.pem \ 193 | --certkey ${HOME}/.vnc/self.pem & 194 | fi 195 | # Webcam 196 | if [[ -e /dev/video0 ]]; then 197 | /kasmbins/kasm_webcam_server \ 198 | --port 4905 \ 199 | --ssl \ 200 | --cert ${HOME}/.vnc/self.pem \ 201 | --certkey ${HOME}/.vnc/self.pem & 202 | fi 203 | # Printer 204 | /kasmbins/kasm_printer_service \ 205 | --directory $HOME/PDF \ 206 | --relay /tmp/printer & 207 | 208 | # Show KasmVNC Logs 209 | tail -f $HOME/.vnc/*$DISPLAY.log 210 | -------------------------------------------------------------------------------- /root/usr/local/bin/dockerd-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eu 3 | 4 | _tls_ensure_private() { 5 | local f="$1"; shift 6 | [ -s "$f" ] || openssl genrsa -out "$f" 4096 7 | } 8 | _tls_san() { 9 | { 10 | ip -oneline address | awk '{ gsub(/\/.+$/, "", $4); print "IP:" $4 }' 11 | { 12 | cat /etc/hostname 13 | echo 'docker' 14 | echo 'localhost' 15 | hostname -f 16 | hostname -s 17 | } | sed 's/^/DNS:/' 18 | [ -z "${DOCKER_TLS_SAN:-}" ] || echo "$DOCKER_TLS_SAN" 19 | } | sort -u | xargs printf '%s,' | sed "s/,\$//" 20 | } 21 | _tls_generate_certs() { 22 | local dir="$1"; shift 23 | 24 | # if ca/key.pem || !ca/cert.pem, generate CA public if necessary 25 | # if ca/key.pem, generate server public 26 | # if ca/key.pem, generate client public 27 | # (regenerating public certs every startup to account for SAN/IP changes and/or expiration) 28 | 29 | # https://github.com/FiloSottile/mkcert/issues/174 30 | local certValidDays='825' 31 | 32 | if [ -s "$dir/ca/key.pem" ] || [ ! -s "$dir/ca/cert.pem" ]; then 33 | # if we either have a CA private key or do *not* have a CA public key, then we should create/manage the CA 34 | mkdir -p "$dir/ca" 35 | _tls_ensure_private "$dir/ca/key.pem" 36 | openssl req -new -key "$dir/ca/key.pem" \ 37 | -out "$dir/ca/cert.pem" \ 38 | -subj '/CN=docker:dind CA' -x509 -days "$certValidDays" 39 | fi 40 | 41 | if [ -s "$dir/ca/key.pem" ]; then 42 | # if we have a CA private key, we should create/manage a server key 43 | mkdir -p "$dir/server" 44 | _tls_ensure_private "$dir/server/key.pem" 45 | openssl req -new -key "$dir/server/key.pem" \ 46 | -out "$dir/server/csr.pem" \ 47 | -subj '/CN=docker:dind server' 48 | cat > "$dir/server/openssl.cnf" <<-EOF 49 | [ x509_exts ] 50 | subjectAltName = $(_tls_san) 51 | EOF 52 | openssl x509 -req \ 53 | -in "$dir/server/csr.pem" \ 54 | -CA "$dir/ca/cert.pem" \ 55 | -CAkey "$dir/ca/key.pem" \ 56 | -CAcreateserial \ 57 | -out "$dir/server/cert.pem" \ 58 | -days "$certValidDays" \ 59 | -extfile "$dir/server/openssl.cnf" \ 60 | -extensions x509_exts 61 | cp "$dir/ca/cert.pem" "$dir/server/ca.pem" 62 | openssl verify -CAfile "$dir/server/ca.pem" "$dir/server/cert.pem" 63 | fi 64 | 65 | if [ -s "$dir/ca/key.pem" ]; then 66 | # if we have a CA private key, we should create/manage a client key 67 | mkdir -p "$dir/client" 68 | _tls_ensure_private "$dir/client/key.pem" 69 | chmod 0644 "$dir/client/key.pem" # openssl defaults to 0600 for the private key, but this one needs to be shared with arbitrary client contexts 70 | openssl req -new \ 71 | -key "$dir/client/key.pem" \ 72 | -out "$dir/client/csr.pem" \ 73 | -subj '/CN=docker:dind client' 74 | cat > "$dir/client/openssl.cnf" <<-'EOF' 75 | [ x509_exts ] 76 | extendedKeyUsage = clientAuth 77 | EOF 78 | openssl x509 -req \ 79 | -in "$dir/client/csr.pem" \ 80 | -CA "$dir/ca/cert.pem" \ 81 | -CAkey "$dir/ca/key.pem" \ 82 | -CAcreateserial \ 83 | -out "$dir/client/cert.pem" \ 84 | -days "$certValidDays" \ 85 | -extfile "$dir/client/openssl.cnf" \ 86 | -extensions x509_exts 87 | cp "$dir/ca/cert.pem" "$dir/client/ca.pem" 88 | openssl verify -CAfile "$dir/client/ca.pem" "$dir/client/cert.pem" 89 | fi 90 | } 91 | 92 | # no arguments passed 93 | # or first arg is `-f` or `--some-option` 94 | if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then 95 | # set "dockerSocket" to the default "--host" *unix socket* value (for both standard or rootless) 96 | uid="$(id -u)" 97 | if [ "$uid" = '0' ]; then 98 | dockerSocket='unix:///var/run/docker.sock' 99 | else 100 | # if we're not root, we must be trying to run rootless 101 | : "${XDG_RUNTIME_DIR:=/run/user/$uid}" 102 | dockerSocket="unix://$XDG_RUNTIME_DIR/docker.sock" 103 | fi 104 | case "${DOCKER_HOST:-}" in 105 | unix://*) 106 | dockerSocket="$DOCKER_HOST" 107 | ;; 108 | esac 109 | 110 | # add our default arguments 111 | if [ -n "${DOCKER_TLS_CERTDIR:-}" ] \ 112 | && _tls_generate_certs "$DOCKER_TLS_CERTDIR" \ 113 | && [ -s "$DOCKER_TLS_CERTDIR/server/ca.pem" ] \ 114 | && [ -s "$DOCKER_TLS_CERTDIR/server/cert.pem" ] \ 115 | && [ -s "$DOCKER_TLS_CERTDIR/server/key.pem" ] \ 116 | ; then 117 | # generate certs and use TLS if requested/possible (default in 19.03+) 118 | set -- dockerd \ 119 | --host="$dockerSocket" \ 120 | --host=tcp://0.0.0.0:2376 \ 121 | --tlsverify \ 122 | --tlscacert "$DOCKER_TLS_CERTDIR/server/ca.pem" \ 123 | --tlscert "$DOCKER_TLS_CERTDIR/server/cert.pem" \ 124 | --tlskey "$DOCKER_TLS_CERTDIR/server/key.pem" \ 125 | "$@" 126 | DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS="${DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS:-} -p 0.0.0.0:2376:2376/tcp" 127 | else 128 | # TLS disabled (-e DOCKER_TLS_CERTDIR='') or missing certs 129 | set -- dockerd \ 130 | --host="$dockerSocket" \ 131 | "$@" 132 | DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS="${DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS:-} -p 0.0.0.0:2375:2375/tcp" 133 | fi 134 | fi 135 | 136 | if [ "$1" = 'dockerd' ]; then 137 | # explicitly remove Docker's default PID file to ensure that it can start properly if it was stopped uncleanly (and thus didn't clean up the PID file) 138 | find /run /var/run -iname 'docker*.pid' -delete || : 139 | 140 | if dockerd --version | grep -qF ' 20.10.'; then 141 | set -- docker-init -- "$@" 142 | fi 143 | 144 | if ! iptables -nL > /dev/null 2>&1; then 145 | # if iptables fails to run, chances are high the necessary kernel modules aren't loaded (perhaps the host is using nftables with the translating "iptables" wrappers, for example) 146 | # https://github.com/docker-library/docker/issues/350 147 | # https://github.com/moby/moby/issues/26824 148 | modprobe ip_tables || : 149 | fi 150 | 151 | uid="$(id -u)" 152 | if [ "$uid" != '0' ]; then 153 | # if we're not root, we must be trying to run rootless 154 | if ! command -v rootlesskit > /dev/null; then 155 | echo >&2 "error: attempting to run rootless dockerd but missing 'rootlesskit' (perhaps the 'docker:dind-rootless' image variant is intended?)" 156 | exit 1 157 | fi 158 | user="$(id -un 2>/dev/null || :)" 159 | if ! grep -qE "^($uid${user:+|$user}):" /etc/subuid || ! grep -qE "^($uid${user:+|$user}):" /etc/subgid; then 160 | echo >&2 "error: attempting to run rootless dockerd but missing necessary entries in /etc/subuid and/or /etc/subgid for $uid" 161 | exit 1 162 | fi 163 | : "${XDG_RUNTIME_DIR:=/run/user/$uid}" 164 | export XDG_RUNTIME_DIR 165 | if ! mkdir -p "$XDG_RUNTIME_DIR" || [ ! -w "$XDG_RUNTIME_DIR" ] || ! mkdir -p "$HOME/.local/share/docker" || [ ! -w "$HOME/.local/share/docker" ]; then 166 | echo >&2 "error: attempting to run rootless dockerd but need writable HOME ($HOME) and XDG_RUNTIME_DIR ($XDG_RUNTIME_DIR) for user $uid" 167 | exit 1 168 | fi 169 | if [ -f /proc/sys/kernel/unprivileged_userns_clone ] && unprivClone="$(cat /proc/sys/kernel/unprivileged_userns_clone)" && [ "$unprivClone" != '1' ]; then 170 | echo >&2 "error: attempting to run rootless dockerd but need 'kernel.unprivileged_userns_clone' (/proc/sys/kernel/unprivileged_userns_clone) set to 1" 171 | exit 1 172 | fi 173 | if [ -f /proc/sys/user/max_user_namespaces ] && maxUserns="$(cat /proc/sys/user/max_user_namespaces)" && [ "$maxUserns" = '0' ]; then 174 | echo >&2 "error: attempting to run rootless dockerd but need 'user.max_user_namespaces' (/proc/sys/user/max_user_namespaces) set to a sufficiently large value" 175 | exit 1 176 | fi 177 | # TODO overlay support detection? 178 | exec rootlesskit \ 179 | --net="${DOCKERD_ROOTLESS_ROOTLESSKIT_NET:-vpnkit}" \ 180 | --mtu="${DOCKERD_ROOTLESS_ROOTLESSKIT_MTU:-1500}" \ 181 | --disable-host-loopback \ 182 | --port-driver=builtin \ 183 | --copy-up=/etc \ 184 | --copy-up=/run \ 185 | ${DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS:-} \ 186 | "$@" 187 | elif [ -x '/usr/local/bin/dind' ]; then 188 | # if we have the (mostly defunct now) Docker-in-Docker wrapper script, use it 189 | set -- '/usr/local/bin/dind' "$@" 190 | fi 191 | else 192 | # if it isn't `dockerd` we're trying to run, pass it through `docker-entrypoint.sh` so it gets `DOCKER_HOST` set appropriately too 193 | set -- docker-entrypoint.sh "$@" 194 | fi 195 | 196 | exec "$@" 197 | -------------------------------------------------------------------------------- /root/usr/local/etc/kasmvnc/kasmvnc.yaml: -------------------------------------------------------------------------------- 1 | network: 2 | ssl: 3 | pem_certificate: ${HOME}/.vnc/self.pem 4 | pem_key: ${HOME}/.vnc/self.pem 5 | udp: 6 | public_ip: 127.0.0.1 7 | -------------------------------------------------------------------------------- /root/usr/local/etc/kasmvnc/kasmvnc.yaml.lsio: -------------------------------------------------------------------------------- 1 | network: 2 | protocol: http 3 | interface: 0.0.0.0 4 | websocket_port: 6901 5 | use_ipv4: true 6 | use_ipv6: true 7 | udp: 8 | public_ip: auto 9 | port: auto 10 | stun_server: auto 11 | ssl: 12 | pem_certificate: /config/ssl/cert.pem 13 | pem_key: /config/ssl/cert.key 14 | require_ssl: false 15 | 16 | logging: 17 | log_writer_name: all 18 | log_dest: logfile 19 | level: 1 20 | 21 | command_line: 22 | prompt: false 23 | --------------------------------------------------------------------------------