search

jlesage / docker-baseimage-gui

A minimal docker baseimage to ease creation of X graphical application containers
MIT License
1.2k stars 179 forks source link

"Failed to connect" #124

Closed salamander2 closed 9 months ago

salamander2 commented 9 months ago

My image works perfectly on my laptop, but not on my AWS server. I want to be able to demonstrate a Java Swing program online.

This seems to be a VNC related problem, which means that you'll probably know more about it than most people, since VNC is so tightly integrated into your code. I am so sorry to bother you again with another issue. I have tried all of the troubleshooting steps that I can think of.

I cannot get my container to run on my server, though it runs perfectly on my laptop. On the server it just says "Failed to Connect". It's not a reverse proxy problem since other containers work just fine.

OS

Laptop: Linux Mint 20.3 (based on Ubuntu 20.04) Server: Ubuntu 18.04.6 (yes, I need to upgrade it right away)

Kernel

The kernels are almost the same, both 5.4.0.x: uname -a Laptop: Linux aspic 5.4.0-171-generic #189-Ubuntu SMP Fri Jan 5 14:23:02 UTC 2024 x86_64 Server: Linux demo 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64

Log From Laptop

docker run --rm -p 5800:5800 harwoomi/sci_olympics

... [supervisor ] all services loaded. [supervisor ] starting services... [supervisor ] starting service 'xvnc'... [xvnc ] Xvnc TigerVNC 1.13.1 - built Dec 21 2023 00:39:59 [xvnc ] Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst) [xvnc ] See https://www.tigervnc.org for information on TigerVNC. [xvnc ] Underlying X server release 12014000 [xvnc ] Mon Feb 19 12:10:27 2024 [xvnc ] vncext: VNC extension running! [xvnc ] vncext: Listening for VNC connections on /tmp/vnc.sock (mode 0660) [xvnc ] vncext: Listening for VNC connections on all interface(s), port 5900 [xvnc ] vncext: created VNC server for screen 0 [supervisor ] starting service 'openbox'... [supervisor ] starting service 'nginx'... [nginx ] Listening for HTTP connections on port 5800. [supervisor ] starting service 'app'... [supervisor ] all services started. [xvnc ] Mon Feb 19 12:10:42 2024 [xvnc ] Connections: accepted: /tmp/vnc.sock ** Here is where the connetion happens and the program is displayed *** [xvnc ] SConnection: Client needs protocol version 3.8 [xvnc ] SConnection: Client requests security type None(1) [xvnc ] VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888 [xvnc ] VNCSConnST: Client pixel format depth 24 (32bpp) little-endian bgr888 [xvnc ] ComparingUpdateTracker: 0 pixels in / 0 pixels out [xvnc ] ComparingUpdateTracker: (1:-nan ratio)

Log From Headless Linux Server

docker run --rm -p 5800:5800 harwoomi/sci_olympics

[supervisor ] all services loaded. [supervisor ] starting services... [supervisor ] starting service 'xvnc'... [xvnc ] Xvnc TigerVNC 1.13.1 - built Dec 21 2023 00:39:59 [xvnc ] Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst) [xvnc ] See https://www.tigervnc.org for information on TigerVNC. [xvnc ] Underlying X server release 12014000 [xvnc ] Mon Feb 19 12:19:55 2024 [xvnc ] vncext: VNC extension running! [xvnc ] vncext: Listening for VNC connections on /tmp/vnc.sock (mode 0660) [xvnc ] vncext: Listening for VNC connections on all interface(s), port 5900 [xvnc ] vncext: created VNC server for screen 0 [supervisor ] starting service 'openbox'... [supervisor ] starting service 'nginx'... [nginx ] Listening for HTTP connections on port 5800. [supervisor ] starting service 'app'... [supervisor ] all services started. [xvnc ] Mon Feb 19 12:20:09 2024 [xvnc ] Connections: accepted: /tmp/vnc.sock *** Here is a connection is attempted, but "Failed to connect" is displayed in red in browser. ****

VNC packages

Since it's an xvnc message, I made sure that both hosts have the same vnc packages:

dpkg --list | grep vnc

> dpkg --list | grep vnc
ii  libgtk-vnc-2.0-0:amd64                                      1.0.0-1build1                                amd64        VNC viewer widget for GTK+3 (runtime libraries)
ii  libgvnc-1.0-0:amd64                                         1.0.0-1build1                                amd64        VNC GObject wrapper (runtime libraries)
ii  libvncclient1:amd64                                         0.9.12+dfsg-9ubuntu0.3                       amd64        API to write one's own VNC server - client library
ii  libvncserver1:amd64                                         0.9.12+dfsg-9ubuntu0.3                       amd64        API to write one's own VNC server
ii  tightvncserver                                              1.3.10-0ubuntu5                              amd64        virtual network computing server software
ii  x11vnc                                                      0.9.16-3                                     amd64        VNC server to allow remote access to an existing X session
ii  xtightvncviewer                                             1.3.10-0ubuntu5                              amd64        virtual network computing client software for X

They are all the same, though the server versions of the first two lines are 0.7.2 instead of 1.0.0

salamander2 commented 9 months ago
jlesage commented 9 months ago

You don't need to install anything related to VNC. The baseimage already provides everything needed to run the VNC server.

Are you trying to access the container via its web interface or with a VNC client ?

salamander2 commented 9 months ago

Web interface.

I'm using web interface on my laptop http://localhost:5800 as well as on the server: https://demo.iquark.ca/sciOlympics

Apache2 reverse proxy:

 1 <IfModule mod_ssl.c>
  2 <VirtualHost *:443>
  3     # The ServerName directive sets the request scheme, hostname and port that
  4     # the server uses to identify itself. This is used when creating
  5     # redirection URLs. In the context of virtual hosts, the ServerName
  6     # specifies what hostname must appear in the request's Host: header to
  7     # match this virtual host. For the default virtual host (this file) this
  8     # value is not decisive as it is used as a last resort host regardless.
  9     # However, you must set it for any further virtual host explicitly.
 10     ServerName xxx.xxx.ca
 11     ServerAdmin webmaster@localhost
 12     ServerAlias nn.nn.nn.nn
 13     DocumentRoot /var/www/html
 14 
 15         Alias /Library1 /home/library/Library1
 16 
 17         <Directory /home/library/Library1>
 18              Options FollowSymLinks
 19              AllowOverride all
 20              Require all granted
 21              Order allow,deny
 22                  allow from all
 23         </Directory>
 24 
 25     # attempt 1:
 26     #Redirect /campbell /campbell/
 27     # attempt 2:
 28     RewriteEngine On
 29     RewriteRule "^/campbell$" "/campbell/" [L,R]
 30     #no difference if trailing / here or not. It matches both.
 31     ProxyPass "/campbell" "http://127.0.0.1:8081"
 32     ProxyPassReverse "/campbell" "http://127.0.0.1:8081"
 33 
 34     RewriteRule "^/ics-demo$" "/ics-demo/" [L,R]
 38     #no difference if trailing / here or not. It matches both.
 39     ProxyPass "/ics-demo" "http://127.0.0.1:8082"
 40     ProxyPassReverse "/ics-demo" "http://127.0.0.1:8082"
 41 
 42     RewriteRule "^/sciOlympics$" "/sciOlympics/" [L,R]
 43     ProxyPass "/sciOlympics" "http://127.0.0.1:5800"
 44     ProxyPassReverse "/sciOlympics" "http://127.0.0.1:5800"

(The normal HTTP reverse proxy works perfectly for a LAMP docker container based on Ubuntu)

salamander2 commented 9 months ago

Aha! I tried your simple XTERM example and it still does not work on my server.

The Dockerfile and startapp.sh are copied right from your github.

docker run --rm -p 5800:5800 -p 5900:5900 docker-xterm

    ╭――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╮
    │                                                                      │
    │ Application:           Xterm                                         │
    │ Application Version:   n/a                                           │
    │ Docker Image Version:  n/a                                           │
    │ Docker Image Platform: linux/amd64                                   │
    │                                                                      │
    ╰――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╯
[cont-init   ] 89-info.sh: terminated successfully.
[cont-init   ] all container initialization scripts executed.
[init        ] giving control to process supervisor.
[supervisor  ] loading services...
[supervisor  ] loading service 'default'...
[supervisor  ] loading service 'app'...
[supervisor  ] loading service 'gui'...
[supervisor  ] loading service 'certsmonitor'...
[supervisor  ] service 'certsmonitor' is disabled.
[supervisor  ] loading service 'xvnc'...
[supervisor  ] loading service 'openbox'...
[supervisor  ] loading service 'nginx'...
[supervisor  ] loading service 'logrotate'...
[supervisor  ] loading service 'logmonitor'...
[supervisor  ] service 'logmonitor' is disabled.
[supervisor  ] all services loaded.
[supervisor  ] starting services...
[supervisor  ] starting service 'xvnc'...
[xvnc        ] Xvnc TigerVNC 1.13.1 - built Dec 21 2023 00:51:30
[xvnc        ] Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst)
[xvnc        ] See https://www.tigervnc.org for information on TigerVNC.
[xvnc        ] Underlying X server release 12014000
[xvnc        ] Mon Feb 19 16:38:17 2024
[xvnc        ]  vncext:      VNC extension running!
[xvnc        ]  vncext:      Listening for VNC connections on /tmp/vnc.sock (mode 0660)
[xvnc        ]  vncext:      Listening for VNC connections on all interface(s), port 5900
[xvnc        ]  vncext:      created VNC server for screen 0
[supervisor  ] starting service 'openbox'...
[supervisor  ] starting service 'nginx'...
[nginx       ] Listening for HTTP connections on port 5800.
[supervisor  ] starting service 'app'...
[app         ] xterm: cannot load font "-misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso10646-1"
[supervisor  ] all services started.
[xvnc        ] Mon Feb 19 16:38:33 2024
[xvnc        ]  Connections: accepted: /tmp/vnc.sock

Nothing happens after this. The browser just displays "Failed to Connect"

jlesage commented 9 months ago

Nothing happens after this. The browser just displays "Failed to Connect"

Is this the generic message from the browser or a message in a red banner ?

salamander2 commented 9 months ago

Thanks for your help.

It's the message in a red banner, which I believe comes from the docker container. Have a look here: https://demo.iquark.ca/sciOlympics/

Since I've changed the container from the more complicated Java stuff, to the simple Xterm example, it seems evident that the problem must be something is missing on the host end that the image requires. I just don't know what. I'll try this afternoon or tomorrow with a different linux server (I have a VM I can use as well as the one that hosts my main website.)

jlesage commented 9 months ago

I just tried again the example and it is working fine for me.

Are you accessing the xterm example through the reverse proxy ? I don't use Apache, but it seems that the reverse proxy configuration is missing support for websocket support.

salamander2 commented 9 months ago

Yes. I think that's it.

I am able to get it working just fine by using port forwarding: ssh -l 5801:localhost:5800 user@mysite and then in my browser going to localhost:5801. This works, and is running the version on the server.

So it's definitely something on the host or in apache2 that is messing it up.

I am trying to setup websockets according to about 20 different websites. No matter what I do, I get the following error. 

 [proxy:warn] [pid 4891:tid 140053615458048] [client xx.xx.xx.xx:54276] AH01144: No protocol handler was valid for the URL /sciOlympics (scheme 'ws'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

I'll ask about it on /r/Apache2

salamander2 commented 9 months ago

I'll close this now.

Once I find the solution, I'll come back and update the comments (and let you know), and I'll also delete any personal IP info from my comments.

salamander2 commented 8 months ago

Hi!

I've now tried making a whole new subdomain just to get this to work. One of the problems that I had earlier with the reverse proxy was that it couldn't load data from your /app folder. See https://demo.iquark.ca/xterm3 and look at the JS errors in the browser console. If you add a / to the end of the URL, then you get the red "failed to connect" message from your software.

The URL "https://demo2.iquark.ca/" now uses this Apache code for the reverse webproxy:

ProxyPass / http://127.0.0.1:5800/ upgrade=websocket

The result is the same red "failed to connect" message. It appears to come from your websocket.js file "Firefox can’t establish a connection to the server at wss://demo2.iquark.ca/websockify." The same thing happens using Chrome,

So ... I assume that the conclusion is that one simply cannot get reverse proxy websockets in Apache.

If you have any experience with the error message from websocket.js, let me know. I know nothing about websockets.