Experience with NoVNC

Hackerspace Computer Science
#1

NoVNC_remove
NoVNC_remove1920×1080 152 KB

I am getting stuck on the web based client… I can not tell if i need to configure fire fox. If i am not putting the correct information into correct field or if the problems on the server side. Anyone have experience with NoVNC

#2

You have to allow insecure sockets in Firefox for websockets to make novnc work on an insecure page, and from your screenshot it isn’t served over a valid TLS connection.

in about:config set network.websocket.allowInsecureFromHTTPS to true

Other than that, there’s a couplefactors to consider:

do you have backend logs to show the error isn’t on the noVNC side?

is this noVNC instance baked into something else (freenas perhaps?)

#3

Using installed websockify at /usr/bin/websockify
Starting webserver and WebSockets proxy on port 6080
WebSocket server settings:

  • Listen on :6080
  • Flash security policy server
  • Web server. Web root: /usr/share/novnc
  • SSL/TLS support
  • proxying from :6080 to localhost::5901

127.0.0.1 - - [24/Jul/2020 15:33:55] 127.0.0.1: Plain non-SSL (ws://) WebSocket connection
127.0.0.1 - - [24/Jul/2020 15:33:55] 127.0.0.1: Version hybi-13, base64: ‘False’
127.0.0.1 - - [24/Jul/2020 15:33:55] 127.0.0.1: Path: ‘/websockify’
127.0.0.1 - - [24/Jul/2020 15:33:55] connecting to: localhost::5901
handler exception: [Errno -2] Name or service not known
127.0.0.1 - - [24/Jul/2020 15:36:50] 127.0.0.1: Plain non-SSL (ws://) WebSocket connection
127.0.0.1 - - [24/Jul/2020 15:36:50] 127.0.0.1: Version hybi-13, base64: ‘False’
127.0.0.1 - - [24/Jul/2020 15:36:50] 127.0.0.1: Path: ‘//usr/share/novnc’
127.0.0.1 - - [24/Jul/2020 15:36:50] connecting to: localhost::5901
handler exception: [Errno -2] Name or service not known

#4

I tried to put https:// before the local ip address i was using…
I get

Secure Connection Failed

An error occurred during a connection to 192.168.1.11:6080. PR_CONNECT_RESET_ERROR

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem
#5

Are two colons correct here?

#6

I also noticed this; I’d also suggest you set it to 127.0.0.1 or similar rather than localhost unless there is a reason you’d need to connect to a local interface over IPv6 since it will add surface area into the troubleshooting.

so first things first: is this enabled?

unless you have a valid certificate and support in the entire stack configured properly, it will not work without that firefox tweak.

#7

the vncsever program is used

vncserver -geometry 800x600 :1
generates a vnc that has local ip of 5901.
website then redirects this to port 6080 on local router.
192.168.1.11:6080 my address on my router… before you used the router as the default gateway…
I know go to WAN do port forwarding…

(please do not destroy my router.(that what factory resets are for?))(am i paranoid android?. Well it twas the choice amongst the custom rom for my selfie phone. but i went with lineage. lineage OS. and now my service provider wish to hit me for an inheritance tax… and tax for dry humor.)

#8

You’re still not answering the core questions.

did you or did you not set this flag in firefox to allow insecure websockets to open:

Second, two of us noted a typo in your config via the log which has two : characters in your localhost setting. I also advised you to swap localhost for 127.0.0.1 though that part is optional.

#9

it is now set to true.

#10

So to get NoVnc server to run the following was entered intially

vncserver -geometry 800x600 1:

openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem

user/share/novnc/utils/launch.sh --vnc localhost:5901

#11

thank you for the help… i could reboot the server and try to enter the information again as well are post the information from the servers terminal.

#12

you’re overwriting your certificate with your associated keyfile by specifying them both as having the same name. You need the certificate to output to a separate file. This is breaking the TLS support and I’d suspect from prior experience with websockify’s poor handling of TLS errors breaking other things under the hood if you’re leaving TLS enabled.

Something like this is better

openssl req -x509 -days 365 -newkey rsa:4096 -keyout key.pem -out cert.pem

#13

NoVNC_remove
NoVNC_remove1920×1080 152 KB

NoVNC_remove02
NoVNC_remove021920×1040 39.1 KB

server side.

openssl req -x509 -days 365 -newkey rsa:4096 -keyout key.pem -out cert.pem
Generating a RSA private key
…++++
…++++
writing new private key to ‘key.pem’
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:TX
Locality Name (eg, city) []:NA
Organization Name (eg, company) [Internet Widgits Pty Ltd]:NA
Organizational Unit Name (eg, section) []:tom
Common Name (e.g. server FQDN or YOUR name) []:tom
Email Address []:[email protected]
pi@raspberrypi:~ $ vncserver -geometry 800x600 :1
Found /usr/share/tightvnc-java for http connections.

New ‘X’ desktop is raspberrypi:1

Starting applications specified in /home/pi/.vnc/xstartup
Log file is /home/pi/.vnc/raspberrypi:1.log

pi@raspberrypi:~ $ /usr/share/novnc/utils/launch.sh --vnc localhost::5901
Using installed websockify at /usr/bin/websockify
Starting webserver and WebSockets proxy on port 6080

Navigate to this URL:

http://raspberrypi:6080/vnc.html?host=raspberrypi&port=6080

Press Ctrl-C to exit

WebSocket server settings:

  • Listen on :6080
  • Flash security policy server
  • Web server. Web root: /usr/share/novnc
  • SSL/TLS support
  • proxying from :6080 to localhost::5901
    192.168.1.3 - - [24/Jul/2020 18:02:05] 192.168.1.3: Plain non-SSL (ws://) WebSocket connection
    192.168.1.3 - - [24/Jul/2020 18:02:05] 192.168.1.3: Version hybi-13, base64: ‘False’
    192.168.1.3 - - [24/Jul/2020 18:02:05] 192.168.1.3: Path: ‘/websockify’
    192.168.1.3 - - [24/Jul/2020 18:02:05] connecting to: localhost::5901
    handler exception: [Errno -2] Name or service not known
    192.168.1.3 - - [24/Jul/2020 18:03:05] 192.168.1.3: Plain non-SSL (ws://) WebSocket connection
    192.168.1.3 - - [24/Jul/2020 18:03:05] 192.168.1.3: Version hybi-13, base64: ‘False’
    192.168.1.3 - - [24/Jul/2020 18:03:05] 192.168.1.3: Path: ‘/websockify’
    192.168.1.3 - - [24/Jul/2020 18:03:05] connecting to: localhost::5901
    handler exception: [Errno -2] Name or service not known
#14

You still have an incorrect address here in that it needs to be a single : and not ::
So it should be
localhost:5901
Though I’d still recommend forcing it to use ipv4 instead via 127.0.0.1:5901

#15

thank you… that did it.

image
image1920×1040 370 KB

#16

there maybe one more changed it seems that command line is looking for the pem to be name specifically self.pem. so you mentioned… that in the command the certification that one file was an input one file was an out put… I am still trying to figure out if self.pem is the key or the certifcation.

#17

Don’t use self.pem for names; find the novnc.conf and set the cert and key names respectively. This is why you should generate key and certs with naming conventions