search

m1k1o / neko

A self hosted virtual browser that runs in docker and uses WebRTC.
https://neko.m1k1o.net/
Apache License 2.0
5.94k stars 449 forks source link

CDP port not getting forwarded to host #377

Closed vkWeb closed 3 months ago

vkWeb commented 3 months ago

Hi @m1k1o, thanks for maintaining this amazing piece of tech. We are planning to use it for our product @ QAmom.com.

We will be eventually deploying the neko's chromium browser to AWS EC2 if things work out well. But before that, I am testing it out locally. We have tried Hyperbeam, Kasm and BrowserBox. When we landed to Neko, we were impressed by its extensionibility. We can tweak a lot of stuff.

So, we want to control the browser via CDP from our backend. We enabled developer tools in policies.json, we added --remote-debugging-port=9222 flag to the command on supervisord.conf. And we are forwarding the port on docker compose as well. Visiting 127.0.0.1:9222/json inside neko container works but from my host its not working.

What's going wrong here? Below are relevant files for you to see.

policies.json

{
    "AutofillAddressEnabled": false,
    "AutofillCreditCardEnabled": false,
    "BrowserSignin": 0,
    "DefaultNotificationsSetting": 2,
    "DeveloperToolsAvailability": 0, /* Enabling dev tools. */
    "EditBookmarksEnabled": false,
    "FullscreenAllowed": true,
    "IncognitoModeAvailability": 1,
    "SyncDisabled": true,
    "AutoplayAllowed": true,
    "BrowserAddPersonEnabled": false,
    "BrowserGuestModeEnabled": false,
    "DefaultPopupsSetting": 2,
    "DownloadRestrictions": 3,
    "VideoCaptureAllowed": true,
    "AllowFileSelectionDialogs": false,
    "PromptForDownloadLocation": false,
    "BookmarkBarEnabled": false,
    "PasswordManagerEnabled": false,
    "BrowserLabsEnabled": false,
    "URLAllowlist": [
        "file:///home/neko/Downloads"
    ],
    "URLBlocklist": [
        "file://*",
        "chrome://policy"
    ],
    "ExtensionInstallForcelist": [],
    "ExtensionInstallAllowlist": [],
    "ExtensionInstallBlocklist": [
        "*"
    ]
}

supervisord.conf

[program:chromium]
environment=HOME="/home/%(ENV_USER)s",USER="%(ENV_USER)s",DISPLAY="%(ENV_DISPLAY)s"
command=/usr/bin/chromium
  --remote-debugging-port=9222  /* CDP port. */
  --window-position=0,0
  --display=%(ENV_DISPLAY)s
  --user-data-dir=/home/neko/.config/chromium
  --no-first-run
  --start-maximized
  --bwsi
  --force-dark-mode
  --disable-file-system
  --disable-gpu
  --disable-software-rasterizer
  --disable-dev-shm-usage
stopsignal=INT
autorestart=true
priority=800
user=%(ENV_USER)s
stdout_logfile=/var/log/neko/chromium.log
stdout_logfile_maxbytes=100MB
stdout_logfile_backups=10
redirect_stderr=true

[program:openbox]
environment=HOME="/home/%(ENV_USER)s",USER="%(ENV_USER)s",DISPLAY="%(ENV_DISPLAY)s"
command=/usr/bin/openbox --config-file /etc/neko/openbox.xml
autorestart=true
priority=300
user=%(ENV_USER)s
stdout_logfile=/var/log/neko/openbox.log
stdout_logfile_maxbytes=100MB
stdout_logfile_backups=10
redirect_stderr=true

docker-compose.yml ("chromvium:latest" is name of our custom image that we created by changing above settings)

version: "3.4"
services:
  neko:
    image: "chromvium:latest"
    restart: "unless-stopped"
    shm_size: "2gb"
    ports:
      - "8080:8080"
      - "8081:8081/tcp"
      - "8082:8082/udp"
      - "9523:9222"
    cap_add:
      - SYS_ADMIN
    environment:
      NEKO_SCREEN: '800x600@60'
      NEKO_PASSWORD: neko
      NEKO_PASSWORD_ADMIN: admin
      NEKO_TCPMUX: 8081
      NEKO_UDPMUX: 8082
      NEKO_ICELITE: 1
      NEKO_NAT1TO1: 127.0.0.1
m1k1o commented 3 months ago

Hello, great to hear that!

Google's remote-debugging tool binds only to 127.0.0.1 (for obvious security reasons). Therefore its accessible only inside container. I think there exists several workarounds how to bind it to 0.0.0.0 or you could just use reverse proxy inside container (e.g. nginx) or some kind of port forwaring (using netcat) in custom supervisord service to have it accessible from outside.

vkWeb commented 3 months ago

@m1k1o we have decided to put a websocket application into the container that'll be exposed to 0.0.0.0.

Our backend server will send commands to the websocket application that will forward it to CDP. The websocket application will take care of our custom needs and security.

@m1k1o Thanks for the helpful suggestions. I will nudge you in the coming days if something pops up as we deploy to aws.