search

linuxserver / docker-baseimage-kasmvnc

Base Images for remote web based Linux desktops using KasmVNC for many popular distros.
GNU General Public License v3.0
326 stars 57 forks source link

[BUG] Base image doesn't work #85

Closed ne0YT closed 5 days ago

ne0YT commented 6 days ago

Is there an existing issue for this?

Current Behavior

I use nginx as a reverse-proxy to have mulitple webtops availble. this also works correctly when I use the prebuilt webtops like this:

docker run -d --name webtop1 \
  -e SUBFOLDER=/1/ \
  -v /dev/shm:/dev/shm \
  --security-opt seccomp=unconfined \
  linuxserver/webtop:latest

but it doesn't work when I use the tutorial to build a simple webtop with just firefox.

I see a: [519] Sandbox: seccomp sandbox violation: pid 519, tid 519, syscall 25, args 140734628765696 4096 8192 0 0 0.

which i dont have when using the prebuilt.. as you can see I already launch it with the correct parameter to circumvent this behaviour, it still occurs.

Expected Behavior

I can access 3 webtops of firefox

Steps To Reproduce

run an nginx revproxy and the script in "Docker creation"

Environment

- OS: 5.15.0-100-generic #110-Ubuntu
- How docker service was installed: from download.docker.com
Docker version 27.3.1, build ce12230

Docker creation

# Set variables
IMAGE_NAME="firefox"
BASE_IMAGE="ghcr.io/linuxserver/baseimage-kasmvnc:alpine318"

# Create necessary folder structure
mkdir -p root/defaults

# Create the autostart file for firefox
echo "firefox" > root/defaults/autostart

# Create Dockerfile
cat <<EOF > Dockerfile
FROM $BASE_IMAGE
RUN apk add --no-cache firefox
COPY /root /
EOF

# Build the Docker image
docker build -t $IMAGE_NAME .

# Run webtop1 container
docker run -d --name webtop1 \
  -e SUBFOLDER=/1/ \
  -v /dev/shm:/dev/shm \
  --security-opt seccomp=unconfined \
  $IMAGE_NAME

# Run webtop2 container
docker run -d --name webtop2 \
  -e SUBFOLDER=/2/ \
  -v /dev/shm:/dev/shm \
  --security-opt seccomp=unconfined \
  $IMAGE_NAME

# Run webtop3 container
docker run -d --name webtop3 \
  -e SUBFOLDER=/3/ \
  -v /dev/shm:/dev/shm \
  --security-opt seccomp=unconfined \
  $IMAGE_NAME

Container logs

docker logs webtop1
[migrations] started
[migrations] no migrations found
usermod: no changes
───────────────────────────────────────
  _____ __ __ _____ _____ _____ _____ 
 |     |  |  |   __|_   _|     |     |
 |   --|  |  |__   | | | |  |  | | | |
 |_____|_____|_____| |_| |_____|_|_|_|
       _____ __ __ _ __    ____  
      | __  |  |  | |  |  |    \ 
      | __ -|  |  | |  |__|  |  |
      |_____|_____|_|_____|____/ 

  Based on images from linuxserver.io
───────────────────────────────────────

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    911
User GID:    911
───────────────────────────────────────

...+.......+...+........+......+.+.....+....+...+........+..........+..............+++++++++++++++++++++++++++++++++++++++*...+.....+.......+..+...+.+......+......+++++++++++++++++++++++++++++++++++++++*....+...+.....+.+..............+......+....+...+..+.+..............+...+..........+..+...+...+....+......+..+...+......+...+...+....++++++
......+..+.+..............+.+......+.....+..........+......+..+...+.......+...+++++++++++++++++++++++++++++++++++++++*..+++++++++++++++++++++++++++++++++++++++*....+........+...............+...+...+....+..+.+.....+.......+..+....+.....+.........+.......+.....+...................+..+....+...+.................+...+......+.......+............+...+.....+..........+....................+.......+...+...+..+...+.+......+..+............+.+........+.+........+............+....+.........+..+.+...+..............+.+..+...+....+...+........+.......+........+.+..............+...............+.+.....+....+..+...+....+......+..+......................+........+.........+........................+.+...+........+...+.+...+........+.......+...+..+...+............+.....................+.+......+..................+..+...+......+.+........+.+.....+.+.....+.........+.............+........+...++++++
-----
[custom-init] No custom files found, skipping...
_XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be created.

Xvnc KasmVNC 1.3.2 - built Oct 12 2024 18:57:06
Copyright (C) 1999-2018 KasmVNC Team and many others (see README.me)
See http://kasmweb.com for information on KasmVNC.
Underlying X server release 12014000, The X.Org Foundation

[ls.io-init] done.
Obt-Message: Xinerama extension is not present on the server
[519] Sandbox: seccomp sandbox violation: pid 519, tid 519, syscall 25, args 140734628765696 4096 8192 0 0 0.
ne0YT commented 6 days ago

I also tried with other apps which dont have the seccomp issue and no errors in there whatsoever but the wbetop will not load correctly and only show like this: image

j0nnymoe commented 6 days ago

Any reason why you'd wouldn't just use this? https://docs.linuxserver.io/images/docker-firefox/

ne0YT commented 6 days ago

@j0nnymoe yes.. I just wanted to try it with firefox first to see that it works. I want to use it to run different softwares in the end.

ne0YT commented 6 days ago

the nginx I use rn:

docker run -d --name nginx-proxy \
  -p 3001:443 \
  -v /opt/kasm/nginx.conf.d:/etc/nginx/conf.d \
  -v /opt/kasm/ssl:/etc/nginx/ssl \
  --link webtop1 --link webtop2 --link webtop3 \
  nginx:latest

default.conf:

    server {
    listen 443 ssl;
    server_name _;

    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    location /1/ {
        proxy_pass http://webtop1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }

    location /2/ {
        proxy_pass http://webtop2:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }

    location /3/ {
        proxy_pass http://webtop3:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }
}
j0nnymoe commented 6 days ago

Only time I've seen the lastactiveat error is when the reverse proxy has issues dealing with websockets.

Though if it's worked with the normal webtop image, it might not be that (assuming that's behind a proxy too).

I'll let someone else wade in on the issue.

ne0YT commented 6 days ago

@j0nnymoe yes, the webtop image is running behind the exact same config. I can switch back and forth between the self-built firefox one and the normal webtop one. -> webtop works, self-built doesn't. thx!

thelamer commented 5 days ago

We swapped Alpine based images off of Firefox because it was not working properly, might be related.

ne0YT commented 5 days ago

it works using alpine320 instead of alpine318 :) is there a simpler way to know the latest tag than scraping from this github page?

also maybe someone has an idea why it's laggy.. I run kasm directly on my vm and get amazing performance.. while using the docker way i's quite laggy.

thelamer commented 5 days ago

Updated readme.