Allow firefox addons installation

[sergix44]

Hi, It's possible to add a config to allow the installation of the firefox addons? It can be useful for using youtube enhancer plugins, change adblocker or remove it, etc.

[nurdism]

My only concern with this is it could open up the container for security exploits. Anyone else have any input on this. I wanted to make the browser somewhat locked down because it is public.

[sad]

Inside docker-compose.yml, you can use 'volumes' to mount your own configuration files for Firefox (or anything else) without having to rebuild the container yourself. In my opinion, this is the easiest fix for your problem. You can use the Enterprise Policy Generator addon for Firefox to generate a policies.json, and then mount it inside the container. My docker-compose.yml looks like this:

version: '2.0'
services:
  neko:
    container_name: neko
    env_file: .env
    image: nurdism/neko
    restart: always
    shm_size: '2gb'
    ports:
      - "4242:8080"
    environment:
      NEKO_URL: 'https://google.co.uk'
      NEKO_DISPLAY: 0
      NEKO_WIDTH: 1280
      NEKO_HEIGHT: 720
      NEKO_PASSWORD: $PASS
      NEKO_BIND: :8080
      NEKO_ADMIN: $ADMIN
    volumes:
      - "./configs/firefox/policies.json:/usr/share/firefox-esr/distribution/policies.json"
      - "./configs/firefox/autoconfig.js:/usr/lib/firefox-esr/defaults/pref/autoconfig.js"
      - "./configs/firefox/config.js:/usr/lib/firefox-esr/mozilla.cfg"

I created a folder called configs/firefox in the same location as my compose file, and placed my own configurations in there. You could always just edit any of the configuration files neko ships with. You can do the same for any other files (including openbox config, etc).

If you change the configuration this way, it allows neko to ship with sensible defaults for Firefox, but still allows customisability for the end user.

[sergix44]

Thanks sad for your reply. This can be useful when building a new stack. Maybe in addition can be useful an env var (like NEKO_CONFIG=true|false), that allow to start firefox without the policies enabled, to allow customization, and then restart the container changing that var to re-enable the policies.

[nurdism]

I've enabled the use of addons and about:addons

[sergix44]

I've re-tested the container, but neither the firefox version nor the chromium version allow to install or remove extensions.

[sad]

Are you sure you have the latest image? Try running docker image rm nurdism/neko and then re-creating the container and see if that fixes your issue.

[sergix44]

Are you sure you have the latest image? Try running docker image rm nurdism/neko and then re-creating the container and see if that fixes your issue.

Yeah, but I've checked the policies.json, and the firefox & chromium version has still the extension management locked. On the firefox side, it's only enabled the about:addons page, so you can see what is installed, but can't install or remove anything.

https://github.com/nurdism/neko/blob/master/.docker/files/firefox/policies.json#L120 https://github.com/nurdism/neko/blob/master/.docker/files/chromium/policies.json#L31

[sergix44]

I still think that the most useful thing about this type of customization is add something like an env-var/admin mode that allow to start the container without policies enabled. Because rebuilding the whole neko docker stack to add an extension is not very practical.

[sad]

I still think that the most useful thing about this type of customization is add something like an env-var/admin mode that allow to start the container without policies enabled. Because rebuilding the whole neko docker stack to add an extension is not very practical.

Like I said in my initial reply, you can simply mount your own configuration in the container using the compose file or the -v flag, but I do agree it would be good to have an env variable which launches the browser without any policies installed. I hadn't seen that the policies were largely unchanged, sorry.

[nurdism]

not sure how I could go about using an env var for that but I could provide a container w/o policies.

[nurdism]

well now that I think about it, the base of neko is provided with nurdism/neko:base if you look here. You can create your own docker container w/o policies and you don't need to rebuild the base image. You could even add your own app.