Updated README.

README.md

@@ -40,6 +40,8 @@ Foundation and its subsidiary, Mozilla Corporation.
       * [SSVNC](#ssvnc)
       * [Certificates](#certificates)
       * [VNC Password](#vnc-password)
+      * [Web Authentication](#web-authentication)
+         * [Configuring Users Credentials](#configuring-users-credentials)
    * [Reverse Proxy](#reverse-proxy)
       * [Routing Based on Hostname](#routing-based-on-hostname)
       * [Routing Based on URL Path](#routing-based-on-url-path)
@@ -112,6 +114,10 @@ of this parameter has the format `<VARIABLE_NAME>=<VALUE>`.
 |`DISPLAY_WIDTH`| Width (in pixels) of the application's window. | `1920` |
 |`DISPLAY_HEIGHT`| Height (in pixels) of the application's window. | `1080` |
 |`DARK_MODE`| When set to `1`, dark mode is enabled for the application. | `0` |
+|`WEB_AUDIO`| When set to `1`, audio support is enabled, meaning that any audio produced by the application is played through the browser. Note that audio is not supported for VNC clients. | `0` |
+|`WEB_AUTHENTICATION`| When set to `1`, the application' GUI is protected via a login page when accessed via a web browser.  Access is allowed only when providing valid credentials.  **NOTE**: This feature requires secure connection (`SECURE_CONNECTION` environment variable) to be enabled. | `0` |
+|`WEB_AUTHENTICATION_USERNAME`| Optional username to configure for the web authentication.  This is a quick and easy way to configure credentials for a single user.  To configure credentials in a more secure way, or to add more users, see the [Web Authentication](#web-authentication) section. | (no value) |
+|`WEB_AUTHENTICATION_PASSWORD`| Optional password to configure for the web authentication.  This is a quick and easy way to configure credentials for a single user.  To configure credentials in a more secure way, or to add more users, see the [Web Authentication](#web-authentication) section. | (no value) |
 |`SECURE_CONNECTION`| When set to `1`, an encrypted connection is used to access the application's GUI (either via a web browser or VNC client).  See the [Security](#security) section for more details. | `0` |
 |`SECURE_CONNECTION_VNC_METHOD`| Method used to perform the secure VNC connection.  Possible values are `SSL` or `TLS`.  See the [Security](#security) section for more details. | `SSL` |
 |`SECURE_CONNECTION_CERTS_CHECK_INTERVAL`| Interval, in seconds, at which the system verifies if web or VNC certificates have changed.  When a change is detected, the affected services are automatically restarted.  A value of `0` disables the check. | `60` |
@@ -121,6 +127,7 @@ of this parameter has the format `<VARIABLE_NAME>=<VALUE>`.
 |`ENABLE_CJK_FONT`| When set to `1`, open-source computer font `WenQuanYi Zen Hei` is installed.  This font contains a large range of Chinese/Japanese/Korean characters. | `0` |
 |`FF_OPEN_URL`| The URL to open when Firefox starts. | (no value) |
 |`FF_KIOSK`| Set to `1` to enable kiosk mode.  This mode launches Firefox in a very restricted and limited mode best suitable for public areas or customer-facing displays. | `0` |
+|`FF_CUSTOM_ARGS`| Custom argument(s) to pass when launching Firefox. | `0` |
 
 #### Deployment Considerations
 
@@ -432,6 +439,50 @@ connection to prevent sending the password in clear over an unencrypted channel.
     (see section [7.2.2](https://tools.ietf.org/html/rfc6143#section-7.2.2)).
     Any characters beyond the limit are ignored.
 
+### Web Authentication
+
+Access to the application's GUI via a web browser can be protected with a login
+page. When web authentication is enabled, users have to provide valid
+credentials, otherwise access is denied.
+
+Web authentication can be enabled by setting the `WEB_AUTHENTICATION`
+environment variable to `1`.
+
+See the [Environment Variables](#environment-variables) section for more details
+on how to set an environment variable.
+
+**NOTE**: Secure connection must be also enabled to use web authentication.
+          See the [Security](#security) section for more details.
+
+#### Configuring Users Credentials
+
+Two methods can be used to configure users credentials:
+
+  1. Via container environment variables.
+  2. Via password database.
+
+Containers environment variables can be used to quickly and easily configure
+a single user. Username and pasword are defined via the following environment
+variables:
+  - `WEB_AUTHENTICATION_USERNAME`
+  - `WEB_AUTHENTICATION_PASSWORD`
+
+See the [Environment Variables](#environment-variables) section for more details
+on how to set an environment variable.
+
+The second method is more secure and allows multiple users to be configured.
+The usernames and password hashes are saved into a password database, located at
+`/config/webauth-htpasswd` inside the container. This database file has the
+same format as htpasswd files of the Apache HTTP server. Note that password
+themselves are not saved into the database, but only their hash. The bcrypt
+password hashing function is used to generate hashes.
+
+Users are managed via the `webauth-user` tool included in the container:
+  - To add a user password: `docker exec -ti <container name or id> webauth-user add <username>`.
+  - To update a user password: `docker exec -ti <container name or id> webauth-user update <username>`.
+  - To remove a user: `docker exec <container name or id> webauth-user del <username>`.
+  - To list users: `docker exec <container name or id> webauth-user user`.
+
 ## Reverse Proxy
 
 The following sections contain NGINX configurations that need to be added in