From ffb409a5005b4e215c93d66cd954d0cfb8057551 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= <anders.f.bjorklund@gmail.com>
Date: Wed, 11 Oct 2023 12:28:39 +0200
Subject: [PATCH] Add the possibility to listen on a specific host

For instance, for listening only on "localhost"

That is, bind on 127.0.0.1 instead of 0.0.0.0
---
 docs/novnc_proxy.1 |  4 ++--
 utils/novnc_proxy  | 45 ++++++++++++++++++++++++++++++---------------
 2 files changed, 32 insertions(+), 17 deletions(-)

diff --git a/docs/novnc_proxy.1 b/docs/novnc_proxy.1
index 11a003b3a..78f06355e 100644
--- a/docs/novnc_proxy.1
+++ b/docs/novnc_proxy.1
@@ -3,12 +3,12 @@
 .SH NAME
 novnc_proxy - noVNC proxy server
 .SH SYNOPSIS
-.B novnc_proxy [--listen PORT] [--vnc VNC_HOST:PORT] [--cert CERT] [--ssl-only]
+.B novnc_proxy [--listen [HOST:]PORT] [--vnc VNC_HOST:PORT] [--cert CERT] [--ssl-only]
 
 Starts the WebSockets proxy and a mini-webserver and
 provides a cut-and-paste URL to go to.
 
-    --listen PORT         Port for proxy/webserver to listen on
+    --listen [HOST:]PORT  Port for proxy/webserver to listen on
                           Default: 6080
     --vnc VNC_HOST:PORT   VNC server host:port proxy target
                           Default: localhost:5900
diff --git a/utils/novnc_proxy b/utils/novnc_proxy
index ea3ea706c..fc7c33ea1 100755
--- a/utils/novnc_proxy
+++ b/utils/novnc_proxy
@@ -8,12 +8,12 @@ usage() {
         echo "$*"
         echo
     fi
-    echo "Usage: ${NAME} [--listen PORT] [--vnc VNC_HOST:PORT] [--cert CERT] [--ssl-only]"
+    echo "Usage: ${NAME} [--listen [HOST:]PORT] [--vnc VNC_HOST:PORT] [--cert CERT] [--ssl-only]"
     echo
     echo "Starts the WebSockets proxy and a mini-webserver and "
     echo "provides a cut-and-paste URL to go to."
     echo
-    echo "    --listen PORT         Port for proxy/webserver to listen on"
+    echo "    --listen [HOST:]PORT  Port for proxy/webserver to listen on"
     echo "                          Default: 6080"
     echo "    --vnc VNC_HOST:PORT   VNC server host:port proxy target"
     echo "                          Default: localhost:5900"
@@ -47,7 +47,9 @@ usage() {
 NAME="$(basename $0)"
 REAL_NAME="$(readlink -f $0)"
 HERE="$(cd "$(dirname "$REAL_NAME")" && pwd)"
+HOST=""
 PORT="6080"
+LISTEN="$PORT"
 VNC_DEST="localhost:5900"
 CERT=""
 KEY=""
@@ -86,7 +88,7 @@ cleanup() {
 while [ "$*" ]; do
     param=$1; shift; OPTARG=$1
     case $param in
-    --listen)  PORT="${OPTARG}"; shift            ;;
+    --listen)  LISTEN="${OPTARG}"; shift            ;;
     --vnc)     VNC_DEST="${OPTARG}"; shift        ;;
     --cert)    CERT="${OPTARG}"; shift            ;;
     --key)     KEY="${OPTARG}"; shift             ;;
@@ -107,14 +109,23 @@ while [ "$*" ]; do
     esac
 done
 
+if [ "$LISTEN" != "$PORT" ]; then
+    HOST=${LISTEN%:*}
+    PORT=${LISTEN##*:}
+    # if no host was given, restore
+    [ "$HOST" = "$PORT" ] && HOST=""
+fi
+
 # Sanity checks
-if bash -c "exec 7<>/dev/tcp/localhost/${PORT}" &> /dev/null; then
-    exec 7<&-
-    exec 7>&-
-    die "Port ${PORT} in use. Try --listen PORT"
-else
-    exec 7<&-
-    exec 7>&-
+if [ -n "${HOST}" ]; then
+    if bash -c "exec 7<>/dev/tcp/localhost/${PORT}" &> /dev/null; then
+        exec 7<&-
+        exec 7>&-
+        die "Port ${PORT} in use. Try --listen PORT"
+    else
+        exec 7<&-
+        exec 7>&-
+    fi
 fi
 
 trap "cleanup" TERM QUIT INT EXIT
@@ -191,9 +202,9 @@ else
     fi
 fi
 
-echo "Starting webserver and WebSockets proxy on port ${PORT}"
-#${HERE}/websockify --web ${WEB} ${CERT:+--cert ${CERT}} ${PORT} ${VNC_DEST} &
-${WEBSOCKIFY} ${SYSLOG_ARG} ${SSLONLY} ${FILEONLY_ARG} --web ${WEB} ${CERT:+--cert ${CERT}} ${KEY:+--key ${KEY}} ${PORT} ${VNC_DEST} ${HEARTBEAT_ARG} ${IDLETIMEOUT_ARG} ${RECORD_ARG} ${TIMEOUT_ARG} ${WEBAUTH_ARG} ${AUTHPLUGIN_ARG} ${AUTHSOURCE_ARG} &
+echo "Starting webserver and WebSockets proxy on${HOST:+ host ${HOST}} port ${PORT}"
+#${HERE}/websockify --web ${WEB} ${CERT:+--cert ${CERT}} ${LISTEN} ${VNC_DEST} &
+${WEBSOCKIFY} ${SYSLOG_ARG} ${SSLONLY} ${FILEONLY_ARG} --web ${WEB} ${CERT:+--cert ${CERT}} ${KEY:+--key ${KEY}} ${LISTEN} ${VNC_DEST} ${HEARTBEAT_ARG} ${IDLETIMEOUT_ARG} ${RECORD_ARG} ${TIMEOUT_ARG} ${WEBAUTH_ARG} ${AUTHPLUGIN_ARG} ${AUTHSOURCE_ARG} &
 proxy_pid="$!"
 sleep 1
 if [ -z "$proxy_pid" ] || ! ps -eo pid= | grep -w "$proxy_pid" > /dev/null; then
@@ -202,11 +213,15 @@ if [ -z "$proxy_pid" ] || ! ps -eo pid= | grep -w "$proxy_pid" > /dev/null; then
     exit 1
 fi
 
+if [ -z "$HOST" ]; then
+    HOST=$(hostname)
+fi
+
 echo -e "\n\nNavigate to this URL:\n"
 if [ "x$SSLONLY" == "x" ]; then
-    echo -e "    http://$(hostname):${PORT}/vnc.html?host=$(hostname)&port=${PORT}\n"
+    echo -e "    http://${HOST}:${PORT}/vnc.html?host=${HOST}&port=${PORT}\n"
 else
-    echo -e "    https://$(hostname):${PORT}/vnc.html?host=$(hostname)&port=${PORT}\n"
+    echo -e "    https://${HOST}:${PORT}/vnc.html?host=${HOST}&port=${PORT}\n"
 fi
 
 echo -e "Press Ctrl-C to exit\n\n"