HW Accelarated Firefox on Docker

[esinanturan]

Hi , I dont know if it is right place to ask this question but I really need help. I am trying to build a project and I basicly need a docker image and build that has HW accelared docker container with audio installed a Firefox browser that can be controlled from a browser via HTML5 websockets ( both visual and sound access ) , I have been searching for this and I found your project that has these features i guess , but I am not sure what build commands that I should use. Or can I do this without any additional tools by only using docker ? if so I really appreciate your suggestions thanks for this project really great job

[mviereck]

Hello,

If you want to run an application in docker with hardware acceleration that is accessable over HTML5, you can easily do that with x11docker. You also need xpra, weston and Xwayland. Your image only needs your project and OpenGL drivers (mesa-utils in debian).

Example:

read Xenv < <(x11docker --xdummy --gpu x11docker/xfce glxgears)
echo $Xenv && export $Xenv
xpra start $DISPLAY --use-display --html=on --bind-tcp=localhost:15500 --start-via-proxy=no

Open localhost:15500 in your browser and you see accelerated glxgears.

I don't have a solution for audio over HTML5. I don't know, but if GTK3 broadway supports sound and your project uses the GTK3 toolkit, that would be a way to go. A sample GTK3 broadway setup is https://github.com/moondev/gtk3-docker. GTK3 broadway is a native GTK solution for html5. See also https://github.com/mviereck/x11docker#html5-web-applications-with-gtk3-broadway

If you are using GTK3 and it supports sound with HTML5 over broadway, have a look if it supports hardware acceleration in general. Than I would look if there is a way to allow this in docker images, too.

[esinanturan]

So do you think building a nodejs remote control app with sound and video is a better idea using a hw accelared firefox installed image , but i am not sure is it can be done with nodejs to share screen and audio also mouse control

[mviereck]

Well, I am not sure what you want to accomplish. Do you want to run firefox itself in a docker container? That is possible. Install firefox, mesa drivers and pulseaudio in image, and run x11docker with options --gpu and --pulseaudio.

I don't understand what you want with remote control, html5 and nodejs. Do you want to access firefox in container from the same machine, or do you want to access it over network from another machine? I am not familar with real network setups as I do everything locally. And I don't know how to transfer audio over html5. Though, a pulseaudio tcp setup is possible, parallel to html5, but that would be a quite special setup.

[esinanturan]

Are you familier with rabb.it website which has a remote controlled browser build , so I will create docker containers which has firefox in it and i will be able to connect from any other computer and control the browser watch movie , listen music on those containers

[mviereck]

ok, now I have an idea what you want to accomplish. xpra is capable of sound transfer, maybe over html5, too. The xpra implementation in x11docker is not designed for this usecase.

You can try this: Install xpra in the image, too. Run image with x11docker and hardware acceleration. Set up xpra server in container with sound forwarding and html5 and let it use the already existing display. You will have to get familar with xpra to get a working setup.

Something like this in container could work:

xpra start $DISPLAY --use-display --html=on --bind-tcp=localhost:15500 --start-via-proxy=no --speaker=on

You need port forwarding for the desired port from docker image to host. Example with x11docker:

x11docker  --  "-p 15500:15500" IMAGENAME 

[esinanturan]

Did you have a chance to check the website , do you think how it is builded ? This setup looks pretty confusing for me. I am not familiar with docker technologies , I just now creating basic containers and running little apps in it. So for this task i need to have a xpra and firefox build in container and run this container with x11docker.

[mviereck]

I have created a Dockerfile to set up HTML5 with GPU acceleration and sound, using xpra in container.

It is basically working as it can be accessed through an internet browser at adress http://localhost:15500/?sound=on.

It still needs optimization; it is sluggish and the sound has sometimes a quite long delay. Currently, I get sound in chromium, but not in firefox.

I've installed midori browser instead of firefox in image as firefox tabs like to crash in container. Though, that can be solved with a more up-to-date version of firefox.

I think with this you have a good base to try out. Check xpra options for better performance. On host, you need weston, Xwayland and xdotool.

xpra provides a HTML5 client that allows to set additional client options like chosen sound and video codecs: https://xpra.org/html5/connect.html. Though, it seems to have a bug as it leads to xpra homepage instead of connecting to xpra server in container. Bug ticket here: https://www.xpra.org/trac/ticket/1774#ticket

# Dockerfile for HTML5 with xpra in image including sound and GPU acceleration
#
# Example single application:
#   Without arguments midori internet browser will be started:
#     x11docker --xdummy --gpu --dbus-daemon -- "-p 15500:15500" IMAGENAME
#   With start COMMAND a custom command can be specified, here vlc:
#     x11docker --xdummy --gpu --dbus-daemon -- "-p 15500:15500" IMAGENAME start vlc
# openbox desktop:
#     x11docker --xdummy --gpu --dbus-daemon -- "-p 15500:15500" IMAGENAME startx
#
# Access in browser at adress:  http://localhost:15500/?sound=on

FROM debian:stretch

ENV DEBIAN_FRONTEND noninteractive
RUN apt-get  update

# Install locales and set to english
ENV LANG en_US.UTF-8
RUN echo $LANG UTF-8 > /etc/locale.gen
RUN apt-get install -y locales && update-locale --reset LANG=$LANG

# add xpra repository
RUN apt-get install -y curl gnupg
RUN echo "deb http://winswitch.org/ stretch main" >> /etc/apt/sources.list
RUN curl https://winswitch.org/gpg.asc | apt-key add -
RUN apt-get update

# install dbus, xpra, OpenGL and pulseaudio
RUN apt-get install -y dbus-x11 mesa-utils mesa-utils-extra \
    pavucontrol pulseaudio xpra websockify

# desktop
RUN apt-get install -y openbox openbox-menu
RUN sed -i 's%<menu id="/Debian" />%<menu id="pipe-openbox-menu" label="Programme" execute="openbox-menu lxde-applications.menu" />%g' /etc/xdg/openbox/menu.xml

# codecs
RUN apt-get install -y libxvidcore4 gstreamer1.0-plugins-base gstreamer1.0-plugins-good \
    gstreamer1.0-plugins-ugly gstreamer1.0-plugins-bad gstreamer1.0-alsa \
    gstreamer1.0-fluendo-mp3 gstreamer1.0-libav 

# additional applications
RUN apt-get install -y vlc lxterminal
RUN apt-get install -y dillo midori

# default: run desktop
RUN echo '#! /bin/bash \n\
xpra start-desktop $DISPLAY --use-display \
    --html=on --bind-tcp=$(hostname):15500 \
    --start-via-proxy=no --speaker=on --daemon=no \
    --start-child "openbox --sm-disable" --exit-with-children \n\
' > /usr/bin/startx
RUN chmod +x /usr/bin/startx

# start script for single applications
# default without start argument: midori
RUN echo '#! /bin/bash \n\
CHILD="$*" \n\
[ -z "$CHILD" ] && CHILD="midori" \n\
xpra start $DISPLAY --use-display \
    --html=on --bind-tcp=$(hostname):15500 \
    --start-via-proxy=no --speaker=on --daemon=no \
    --start-child "$CHILD" --exit-with-children \n\
' > /usr/bin/start
RUN chmod +x /usr/bin/start

CMD start

[mviereck]

Did you have a chance to check the website , do you think how it is builded ?

I had a look at rabb.it and their "about" and "FAQ" sites. I did not log in as I have no account and don't want one.

From what I understand, they provide multiple services. Beside a shared display there are possibilities for video chat and probably something more. Essentially, you can set up something similar in docker, also with the help of x11docker and xpra.

xpra allows access for multiple users to the same display (not as default, but as an option). For good performance, you need to optimize the provided Dockerfile and xpra options, and of course a powerful server and good internet bandwidh.

Basically, you can set up a system with all features you want in that Dockerfile and share it with others.

Alternatives to xpra could be some VNC/noVNC setup. TurboVNC also allow some sort of GPU acceleration. But I don't know if it supports shared sessions. I don't know if you can get better performance with TurboVNC or other solutions.

[esinanturan]

Yeah they are using webRTC for video and audio conversation I have enough information about building this system but the remote screen feature is very challenging for me. Do you think it can be done and perform well with docker containers ? or it should be done with hypervisors ( VMs )

[mviereck]

Do you think it can be done and perform well with docker containers ? or it should be done with hypervisors ( VMs )

Well, what should I say? I prefer docker containers as they need much less resources than a VM. They perform better as they run on real hardware instead of simulated hardware. For example, a container only grabs as much memory as it actually needs. It does not run its own kernel, it uses the one from host. A VM may be a bit more secure/better isolated than a docker container. Setting up a system in a VM is quite similar to set up a docker container, you can try both variants and compare yourself. Bear in mind that GPU access for VMs must be suppprted by the hardware. And be aware of GPU privacy and security leaks (palinopsia leak, jellyfish GPU malware).

the remote screen feature is very challenging for me

xpra supports that, in docker as well as in a VM. Did you try it? There will be other solutions in the wild, too, but I don't know them.

Edit: I got response to my bug report. You can access options for your xpra client at http://localhost:15500/connect.html

[esinanturan]

If I ınstall an ubuntu op and GUI and firefox on this op in a container , when I run this container is it going to have desktop ( GUI ) even if its running at background ? ( I will not need X11 and a lot of optimization ) and I can write a screensharing tool with phython or nodejs and share it as a video stream this way looks more isolated dont you think ? Bu I still need this container to be HW accelerated to perform well on videos. And containers uses resource they only need ? , how can I increase resources for example RAM because it should perform well ,I really appriciate for your help thank you very much.

[mviereck]

If I ınstall an ubuntu op and GUI and firefox on this op in a container , when I run this container is it going to have desktop ( GUI ) even if its running at background ? ( I will not need X11

To have a GUI you need X11 or Wayland. What do you mean with "running at background"? You can run x11docker without desktop environment on host, if you mean that. Though, it needs either X or Wayland; for the example above you need Weston and Xwayland to be installed, but no running desktop.

I can write a screensharing tool with phython or nodejs and share it as a video stream this way looks more isolated dont you think ?

I don't understand your point. You can isolate a system from host either with docker or a VM. Its on you how to share the screen in either one of them. xpra is capable of screen sharing with multiple users, try it out if it fits your needs or if you want to develop something else.

With GTK3 and broadway maybe you can work without X11 at all, but for details you need to ask someone who is more experienced than me with GTK3.

Did you try my example Dockerfile and xpra? I cannot provide more than that.

And containers uses resource they only need ? , how can I increase resources for example RAM because it should perform well

Applications in docker get their RAM from the kernel and as much as they want to have, up to all RAM available. You can restrict the maximal amount of RAM with a docker option. A VM takes as much RAM as you give it before starting it. It will not have more or less, regardless what it really needs.

The point is: Your application itself has to be performant, and you need good network connection and CPU and GPU power. You can run it in docker or in a VM, that is up to you. From an applications point of view there is no difference.

[esinanturan]

By running at background , I meant for example I install a ubuntu or any linux system with GUI but I dont have access to GUI like X11 provides , so the container has GUI installed but it doesnt give me any access and but I can have a screen sharing tool ( that can be my own tool too ) and see what it has on the screen and control it ( a program written in phyton or node js that shares screen and control it through websocket and webRTC ). Basicly do I need X11 on any cases ?

Did you try my example Dockerfile and xpra?

I had some errors I will try it again

[mviereck]

Basicly do I need X11 on any cases ?

As far as I know you need either X11 or Wayland for GPU access. I don't know if GTK3-Broadway allows GPU access without them. Also there may be completely different ways to use the GPU, but I don't know them.

To allow GPU access x11docker needs either Xorg or Weston on host. Without GPU it is enough to have Xvfb as a minimal virtual X server. You an use it with x11docker option --xvfb.

To avoid X on host at all and have GPU access, you can use image x11docker/xwayland that runs Xwayland in docker and needs only Weston on host.

Some toolkits like GTK3, QT5, SDL and Elementary can run on Wayland without X11 at all.

the container has GUI installed but it doesnt give me any access and but I can have a screen sharing tool ( that can be my own tool too ) and see what it has on the screen and control it

That is what x11docker does with options --xdummy and --xvfb. The special combination --xdummy --gpu runs Weston and Xwayland instead of Xdummy. All of them are invisible and can be accessed with custom setups of HTML5, VNC or SSH.

Did you try my example Dockerfile and xpra?

I had some errors I will try it again

Errors while building or errors while running?

[esinanturan]

I see , what about having good video performance with using only cpu is that posibble ( as much I see video quality is not good , but still trying ) to avoid using GPU for less resource usage and max performance , and I hope I can optimize it as much as rabb.it website does ( I assume it can be done with x11docker ) , I will work on it.
I would like to ask that what exactyle x11docker does , As much as I understand It is just a tool that uses docker commands and creates docker containers and sets up the settings GUI based apps need , So I think I can extract the commands that I need from bash script of x11docker.

Errors while building or errors while running?

It was my mistake forgot to install needed tools , i am able to use now thank you.

Or maybe the video quality problem is because of I am using VM as host computer , I will try to use real hardware and see how it works.

[mviereck]

what about having good video performance with using only cpu is that posibble

GPU usage will always improve video performance, but a quite strong CPU might be better than a weak GPU.

If you drop GPU access, you can set up a docker image that contains xpra and/or Xvfb without using x11docker at all as you don't need X or Wayland on host.

Though I cannot give real advice how to go on as video performance and network transfers of any kind are not my special subject.

As much as I understand It is just a tool that uses docker commands and creates docker containers and sets up the settings GUI based apps need

Basically that it is. Additionally, it reduces container capabilities and avoids root in container to improve security. And it sets up different possible X servers depending on chosen options.

So I think I can extract the commands that I need from bash script of x11docker.

Of course you can. You can try out your optimal x11docker option combination and run it with option --verbose. It will show some created scripts to set up X and docker that contain everything you need. If you run x11docker with option --ps the script files will be preserved in ~/.cache/x11docker.

---

I just got a pull request (#24) to bugfix a GPU issue that affected some but not all systems. You can download latest x11docker and try out whether video performance improved.

[mviereck]

As the topic question itself is answered, I'll close this ticket. If you have specific questions about setups with X and docker, feel free to ask.

You may get better video performance over network if using an xpra server-client connection instead of a browser with html5. Your customers/visitors would have to install xpra, though.