From c77d9fcc4e752047388a404d7eeed6db6af39b2a Mon Sep 17 00:00:00 2001
From: Ward Fisher <wfisher@ucar.edu>
Date: Mon, 11 Apr 2016 14:32:14 -0600
Subject: [PATCH 1/2] Added an '--ssl-only' option to noVNC launch script. 
 This will pass through to Websockify, allowing a user to specify that only
 ssl-secured connections will be allowed.

---
 utils/launch.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/utils/launch.sh b/utils/launch.sh
index ecee06cd..bbce453e 100755
--- a/utils/launch.sh
+++ b/utils/launch.sh
@@ -5,7 +5,7 @@ usage() {
         echo "$*"
         echo
     fi
-    echo "Usage: ${NAME} [--listen PORT] [--vnc VNC_HOST:PORT] [--cert CERT]"
+    echo "Usage: ${NAME} [--listen PORT] [--vnc VNC_HOST:PORT] [--cert CERT] [--ssl-only]"
     echo
     echo "Starts the WebSockets proxy and a mini-webserver and "
     echo "provides a cut-and-paste URL to go to."
@@ -18,6 +18,8 @@ usage() {
     echo "                          Default: self.pem"
     echo "    --web WEB             Path to web files (e.g. vnc.html)"
     echo "                          Default: ./"
+    echo "    --ssl-only            Disable non-https connections."
+    echo "                                    "
     exit 2
 }
 
@@ -29,6 +31,7 @@ VNC_DEST="localhost:5900"
 CERT=""
 WEB=""
 proxy_pid=""
+SSLONLY=""
 
 die() {
     echo "$*"
@@ -55,6 +58,7 @@ while [ "$*" ]; do
     --vnc)     VNC_DEST="${OPTARG}"; shift        ;;
     --cert)    CERT="${OPTARG}"; shift            ;;
     --web)     WEB="${OPTARG}"; shift            ;;
+    --ssl-only) SSLONLY="--ssl-only"             ;;
     -h|--help) usage                              ;;
     -*) usage "Unknown chrooter option: ${param}" ;;
     *) break                                      ;;
@@ -134,7 +138,7 @@ fi
 
 echo "Starting webserver and WebSockets proxy on port ${PORT}"
 #${HERE}/websockify --web ${WEB} ${CERT:+--cert ${CERT}} ${PORT} ${VNC_DEST} &
-${WEBSOCKIFY} --web ${WEB} ${CERT:+--cert ${CERT}} ${PORT} ${VNC_DEST} &
+${WEBSOCKIFY} ${SSLONLY} --web ${WEB} ${CERT:+--cert ${CERT}} ${PORT} ${VNC_DEST} &
 proxy_pid="$!"
 sleep 1
 if ! ps -p ${proxy_pid} >/dev/null; then

From 27a1f6cb9505171fef9f604941bf54a2e1f0abcb Mon Sep 17 00:00:00 2001
From: Ward Fisher <wfisher@ucar.edu>
Date: Mon, 11 Apr 2016 14:42:42 -0600
Subject: [PATCH 2/2] Tweaked message printed based on whether or not http is
 available.

---
 utils/launch.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/utils/launch.sh b/utils/launch.sh
index bbce453e..db610662 100755
--- a/utils/launch.sh
+++ b/utils/launch.sh
@@ -148,7 +148,12 @@ if ! ps -p ${proxy_pid} >/dev/null; then
 fi
 
 echo -e "\n\nNavigate to this URL:\n"
-echo -e "    http://$(hostname):${PORT}/vnc.html?host=$(hostname)&port=${PORT}\n"
+if [ "x$SSLONLY" == "x" ]; then
+    echo -e "    http://$(hostname):${PORT}/vnc.html?host=$(hostname)&port=${PORT}\n"
+else
+    echo -e "    https://$(hostname):${PORT}/vnc.html?host=$(hostname)&port=${PORT}\n"
+fi
+
 echo -e "Press Ctrl-C to exit\n\n"
 
 wait ${proxy_pid}