Feature: Enable self-signed certificates

This will use OpenSSL and generate a new certificate, then start the server in SSL-Only mode
2025-08-01 13:32:43 +01:00 · 2025-08-01 13:32:43 +01:00 · 5a97f16651
parent 4cb5aa45ae
commit 5a97f16651
1 changed files with 16 additions and 0 deletions
--- a/utils/novnc_proxy
+++ b/utils/novnc_proxy
@ -17,6 +17,8 @@ usage() {
    echo "                          Default: 6080 (on all interfaces)"
    echo "    --vnc VNC_HOST:PORT   VNC server host:port proxy target"
    echo "                          Default: localhost:5900"
+    echo "    --self-sign hostname  Generate self-signed certificates for hostname"
+    echo "                          Requires OpenSSL to be installed"
    echo "    --cert CERT           Path to combined cert/key file, or just"
    echo "                          the cert file if used with --key"
    echo "                          Default: self.pem"
@ -51,6 +53,7 @@ HOST=""
 PORT="6080"
 LISTEN="$PORT"
 VNC_DEST="localhost:5900"
+SELF_SIGN=""
 CERT=""
 KEY=""
 WEB=""
@ -90,6 +93,7 @@ while [ "$*" ]; do
    case $param in
    --listen)  LISTEN="${OPTARG}"; shift            ;;
    --vnc)     VNC_DEST="${OPTARG}"; shift        ;;
+    --self-sign) SELF_SIGN="${OPTARG}"; shift     ;;
    --cert)    CERT="${OPTARG}"; shift            ;;
    --key)     KEY="${OPTARG}"; shift             ;;
    --web)     WEB="${OPTARG}"; shift            ;;
@ -147,6 +151,18 @@ else
    die "Could not find vnc.html"
 fi

+# Create self-signed certificates
+if [ -n "${SELF_SIGN}" ]; then
+	if [ ! -f $(pwd)/self.pem ]; then
+		echo "Generating Certificate for: ${SELF_SIGN}"
+		openssl req -x509 -newkey rsa:4096 -keyout key.pem -out self.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=NoVNC/L=NoVNC/O=NoVNC/OU=NoVNC/CN=${SELF_SIGN}"
+	fi
+	CERT=$(pwd)/self.pem
+	KEY=$(pwd)/key.pem
+	echo "Forcing SSL"
+	SSLONLY="--ssl-only"
+fi
+
 # Find self.pem
 if [ -n "${CERT}" ]; then
    if [ ! -e "${CERT}" ]; then