novnc: add encrypt parameter

Add encrypt parameter to novnc adapter class, so that it can
be configured in the url params.

This allows the VNC driver to set --encrypt/--no-encrypt
parameter through command line (default False) for more
flexibility on the type of connection the user needs.

Signed-off-by: Albert Esteve <aesteve@redhat.com>

Author: aesteve-rh

packages/jumpstarter-driver-network/jumpstarter_driver_network/adapters/novnc.py

@@ -10,7 +10,7 @@
 
 @blocking
 @asynccontextmanager
-async def NovncAdapter(*, client: DriverClient, method: str = "connect"):
+async def NovncAdapter(*, client: DriverClient, method: str = "connect", encrypt: bool = False):
     async def handler(conn):
         async with conn:
             async with client.stream_async(method) as stream:
@@ -19,13 +19,23 @@ async def handler(conn):
                         pass
 
     async with TemporaryTcpListener(handler) as addr:
+        scheme = "https" if encrypt else "http"
+        params = {
+            "autoconnect": 1,
+            "reconnect": 1,
+            "host": addr[0],
+            "port": addr[1],
+        }
+        if not encrypt:
+            params["encrypt"] = 0
+
         yield urlunparse(
             (
-                "https",
+                scheme,
                 "novnc.com",
                 "/noVNC/vnc.html",
                 "",
-                urlencode({"autoconnect": 1, "reconnect": 1, "host": addr[0], "port": addr[1]}),
+                urlencode(params),
                 "",
             )
         )

packages/jumpstarter-driver-vnc/README.md

@@ -55,4 +55,9 @@ j vnc session
 
 # To prevent it from opening a browser automatically:
 j vnc session --no-browser
+
+# To use an encrypted (wss://) connection (requires a trusted certificate):
+j vnc session --encrypt
 ```
+
+> **Note:** Using `--encrypt` is intended for advanced scenarios where the local proxy can be configured with a TLS certificate that your browser trusts. For standard local development, modern browsers will likely reject the self-signed certificate and the connection will fail.

packages/jumpstarter-driver-vnc/jumpstarter_driver_vnc/client.py

@@ -25,9 +25,9 @@ def tcp(self) -> TCPClient:
         return typing.cast("TCPClient", self.children["tcp"])
 
     @contextlib.contextmanager
-    def session(self) -> typing.Iterator[str]:
+    def session(self, *, encrypt: bool = False) -> typing.Iterator[str]:
         """Create a new VNC session."""
-        with NovncAdapter(client=self.tcp, method="connect") as adapter:
+        with NovncAdapter(client=self.tcp, method="connect", encrypt=encrypt) as adapter:
             yield adapter
 
     def cli(self) -> click.Command:
@@ -39,12 +39,17 @@ def vnc():
 
         @vnc.command()
         @click.option("--browser/--no-browser", default=True, help="Open the session in a web browser.")
-        def session(browser: bool):
+        @click.option(
+            "--encrypt/--no-encrypt",
+            default=False,
+            help="Use an encrypted connection (wss://).",
+        )
+        def session(browser: bool, encrypt: bool):
             """Open a VNC session."""
             # The NovncAdapter is a blocking context manager that runs in a thread.
             # We can enter it, open the browser, and then just wait for the user
             # to press Ctrl+C to exit. The adapter handles the background work.
-            with self.session() as url:
+            with self.session(encrypt=encrypt) as url:
                 click.echo(f"To connect, please visit: {url}")
                 if browser:
                     webbrowser.open(url)