Feature: Enable self-signed certificates

This will use OpenSSL and generate a new certificate, then start the server in SSL-Only mode

utils/novnc_proxy

@@ -17,6 +17,8 @@ usage() {
     echo "                          Default: 6080 (on all interfaces)"
     echo "    --vnc VNC_HOST:PORT   VNC server host:port proxy target"
     echo "                          Default: localhost:5900"
+    echo "    --self-sign hostname  Generate self-signed certificates for hostname"
+    echo "                          Requires OpenSSL to be installed"
     echo "    --cert CERT           Path to combined cert/key file, or just"
     echo "                          the cert file if used with --key"
     echo "                          Default: self.pem"
@@ -51,6 +53,7 @@ HOST=""
 PORT="6080"
 LISTEN="$PORT"
 VNC_DEST="localhost:5900"
+SELF_SIGN=""
 CERT=""
 KEY=""
 WEB=""
@@ -90,6 +93,7 @@ while [ "$*" ]; do
     case $param in
     --listen)  LISTEN="${OPTARG}"; shift            ;;
     --vnc)     VNC_DEST="${OPTARG}"; shift        ;;
+    --self-sign) SELF_SIGN="${OPTARG}"; shift     ;;
     --cert)    CERT="${OPTARG}"; shift            ;;
     --key)     KEY="${OPTARG}"; shift             ;;
     --web)     WEB="${OPTARG}"; shift            ;;
@@ -147,6 +151,18 @@ else
     die "Could not find vnc.html"
 fi
 
+# Create self-signed certificates
+if [ -n "${SELF_SIGN}" ]; then
+	if [ ! -f $(pwd)/self.pem ]; then
+		echo "Generating Certificate for: ${SELF_SIGN}"
+		openssl req -x509 -newkey rsa:4096 -keyout key.pem -out self.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=NoVNC/L=NoVNC/O=NoVNC/OU=NoVNC/CN=${SELF_SIGN}"
+	fi
+	CERT=$(pwd)/self.pem
+	KEY=$(pwd)/key.pem
+	echo "Forcing SSL"
+	SSLONLY="--ssl-only"
+fi
+
 # Find self.pem
 if [ -n "${CERT}" ]; then
     if [ ! -e "${CERT}" ]; then