Commands Cheatsheet
Start VNC
x11vnc -shared -forever -noxdamage -localhost -noxrecord -nopw -many -loop -display :0
Start noVNC (with ssl)
novnc --listen 443 --cert /etc/letsencrypt/live/suda.formatc.hr/fullchain.pem --key /etc/letsencrypt/live/suda.formatc.hr/privkey.pem
Control novnc service
sudo systemctl start/stop/restart/... novnc
Control x11vnc service
sudo systemctl start/stop/restart/... x11vnc
Renew Let's encrypt certificate
certbot certonly --standalone -d suda.formatc.hr
Enabling low level ports for a particular process
setcap cap_net_bind_service=+ep /usr/bin/novnc
Adding a restricted user
#add user
useradd -m $USERNAME
#Create the script named /usr/local/bin/rbash that contains the following:
#!/bin/bash
/bin/bash --restricted
#Make it executable
chmod +r /usr/local/bin/rbash
#add /usr/local/bin/rbash to /etch/shells
#Change shell to the restricted shell
chsh -s "/usr/local/bin/rbash" suda
Editing noVNC code
Files are in /usr/share/webapps/novnc (don't edit this!!)
Put your files wherever you want and run novnc with
novnc --listen 443 --cert /etc/letsencrypt/live/suda.formatc.hr/fullchain.pem --key /etc/letsencrypt/live/suda.formatc.hr/privkey.pem --web ./index.html
(meaning current directory index.html file is what it serversserves to the client connecting via the browser)