-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile.minibrowser
156 lines (130 loc) · 4.8 KB
/
Dockerfile.minibrowser
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
FROM debian:latest
#############################################################
# image name: jamesmortensen/webkitwebdriver-minibrowser:latest
#
# This image uses WebKitWebDriver to launch a webdriver
# server listening on port 4444, with noVNC on port 7900
#
# It also includes the Epiphany Web browser, which uses the
# same browser engine as Safari on macOS.
#
# - Epiphany 3.38.2 is equivalent to Safari 15.0
# - Epiphany is built on top of WebKitGTK 2.38.0
# - WebDriver command: /usr/bin/WebKitWebDriver -p 4444 --host=127.0.0.1
# - http://localhost:4444/status
#
#############################################################
USER root
ARG SELUSER=seluser
ARG SELUSER_PASS=seluser
# Includes minimal tools
RUN apt-get -qqy update \
&& apt-get -qqy --no-install-recommends install \
ca-certificates \
sudo \
unzip \
wget \
jq \
curl \
supervisor \
&& rm -rf /var/lib/apt/lists/* /var/cache/apt/*
# Create directories that will be needed in later steps
RUN mkdir -p /opt/bin \
&& mkdir -p /var/run/supervisor \
&& mkdir -p /var/log/supervisor
# Enable permissions
RUN chmod 777 /var/log/supervisor \
&& chmod 777 /var/run/supervisor
# Add a non-root user
RUN useradd $SELUSER \
&& mkdir -p /home/$SELUSER \
&& chown -v -R $SELUSER:$SELUSER /home/seluser \
&& echo 'ALL ALL = (ALL) NOPASSWD: ALL' >> /etc/sudoers \
&& echo $SELUSER:$SELUSER_PASS | chpasswd \
&& usermod -aG sudo $SELUSER \
&& bash -c 'cp -n /root/.bashrc /home/$SELUSER/ && chown $SELUSER:$SELUSER /home/$SELUSER/.bashrc && cp -n /root/.profile /home/$SELUSER/ && chown $SELUSER:$SELUSER /home/$SELUSER/.profile && chsh -s /bin/bash $SELUSER'
#==============
# Xvfb
#==============
RUN apt-get update -qqy \
&& apt-get -qqy install \
xvfb \
pulseaudio \
&& rm -rf /var/lib/apt/lists/* /var/cache/apt/*
#=====
# VNC
#=====
RUN apt-get update -qqy \
&& apt-get -qqy install \
x11vnc \
&& rm -rf /var/lib/apt/lists/* /var/cache/apt/*
#=========
# fluxbox
# A fast, lightweight and responsive window manager
#=========
RUN apt-get update -qqy \
&& apt-get -qqy install \
fluxbox \
&& rm -rf /var/lib/apt/lists/* /var/cache/apt/*
#RUN apt-get update -y && apt-get install -y ca-certificates
########################################
# noVNC exposes VNC through a web page #
########################################
# Download https://github.com/novnc/noVNC dated 2021-03-30 commit 84f102d6a9ffaf3972693d59bad5c6fddb6d7fb0
# Download https://github.com/novnc/websockify dated 2021-03-22 commit c5d365dd1dbfee89881f1c1c02a2ac64838d645f
ENV NOVNC_SHA="84f102d6a9ffaf3972693d59bad5c6fddb6d7fb0" \
WEBSOCKIFY_SHA="c5d365dd1dbfee89881f1c1c02a2ac64838d645f"
RUN wget -nv -O noVNC.zip \
"https://github.com/novnc/noVNC/archive/${NOVNC_SHA}.zip" \
&& unzip -x noVNC.zip \
&& mv noVNC-${NOVNC_SHA} /opt/bin/noVNC \
&& cp /opt/bin/noVNC/vnc.html /opt/bin/noVNC/index.html \
&& rm noVNC.zip \
&& wget -nv -O websockify.zip \
"https://github.com/novnc/websockify/archive/${WEBSOCKIFY_SHA}.zip" \
&& unzip -x websockify.zip \
&& rm websockify.zip \
&& rm -rf websockify-${WEBSOCKIFY_SHA}/tests \
&& mv websockify-${WEBSOCKIFY_SHA} /opt/bin/noVNC/utils/websockify
# Copy Supervisor config files and entry point file
COPY supervisord.conf /etc
COPY services.conf /etc/supervisor/conf.d/
COPY entry_point.sh /opt/bin/entry_point.sh
#==============================
# Generating the VNC password as seluser
# So the service can be started with seluser
#==============================
RUN mkdir -p /home/$SELUSER/.vnc \
&& x11vnc -storepasswd secret /home/$SELUSER/.vnc/passwd \
&& chown -R $SELUSER:$SELUSER /home/$SELUSER/.vnc/passwd
#==============================
# Scripts to run fluxbox, x11vnc and noVNC, as well as xvfb
#==============================
COPY start-vnc.sh \
start-novnc.sh \
start-xvfb.sh \
/opt/bin/
#============================
# Some configuration options
#============================
ENV SCREEN_WIDTH 1360
ENV SCREEN_HEIGHT 1020
ENV SCREEN_DEPTH 24
ENV SCREEN_DPI 96
ENV DISPLAY :99.0
ENV DISPLAY_NUM 99
ENV START_XVFB true
ENV START_NO_VNC true
# Creating base directory for Xvfb
RUN sudo mkdir -p /tmp/.X11-unix && sudo chmod 1777 /tmp/.X11-unix
## Install WebKitWebDriver
RUN apt-get update -y && apt-get install -y webkit2gtk-driver \
&& echo "alias l='ls -ltr'" >> /home/$SELUSER/.bashrc \
&& echo "alias MiniBrowser='/usr/lib/`uname -m`-linux-gnu/webkit2gtk-4.0/MiniBrowser'" >> /home/$SELUSER/.bashrc \
&& rm -rf /var/lib/apt/lists/* /var/cache/apt/*
## Install container image debugging tools
# RUN apt-get update -y && apt-get install -y vim telnet procps \
# && rm -rf /var/lib/apt/lists/* /var/cache/apt/*
# Start xvfb, VNC, noVNC and WebKitWebDriver, enabled to listen to all interfaces on port 4444
CMD /opt/bin/entry_point.sh
USER $SELUSER