Running GUI apps within Docker containers

Ava Chan March 26, 2022

Customarily Docker is conventional to encapsulate server-aspect tool in reproducible packages – containers.
A obvious level of isolation is ensured between containers. Moreover, containers can be conventional
as building blocks for methods consisting of multiple tool servers. As an illustration, a web app
can encompass backend server, database server, frontend server, load balancer, redis instance for
caching and heaps others.

On the different hand, what if we’re looking to traipse desktop GUI apps within Docker containers to make spend of them as parts
within greater methods? As an illustration, if we traipse Firefox within Docker we can occupy an explicit separation
of browser say between containers. Right here’s purposeful for things love social media management,
progress hacking (either thru social media automation or handbook labour executed by VAs) or
OSINT investigations. As an illustration, one container can be configured with Firefox instance that makes spend of
a single dedicated cell proxy for helpful one social media story. This may perchance present a level of
protection in opposition to social media platform cracking down on sock puppet accounts being conventional from single
setup due to web site web site visitors is saved separate for every story and cookie spoiled-contamination is being
averted.

Inform now we occupy Docker assign in on macOS or various Unix/Linux system. How will we traipse Firefox within
Docker container? For a predominant attempt, let us take into story the next Dockerfile: 

FROM ubuntu:most contemporary
RUN just-derive update && just-derive install -y firefox x11vnc xvfb
RUN echo "exec firefox"> ~/.xinitrc && chmod +x ~/.xinitrc
CMD ["x11vnc", "-create", "-noxrecord", "-noxfixes", "-noxdamage", "-forever", "-passwd", "trustno1"]

We spend ubuntu substandard image and install Firefox with two extra things:

  • x11vnc – VNC server for distant derive admission to of X11-based desktop environments. Take into accout it as sad-mans TeamViewer.
  • xvfb – a version of X11 server that does now not require any real display masks hardware and renders video into RAM as an different.

We configure X11 to traipse Firefox at startup and birth x11vnc with the accurate arguments that enable interoperability
with macOS on the consumer aspect.

Building and running this container is very easy: 

$ docker derive -t firefox-take a look at-1 .
$ docker traipse -p 5900: 5900 --rm firefox-take a look at-1

We are able to spend VNC characteristic in macOS Finder to derive admission to it by picking “Hotfoot -> Connect to server”, placing in
vnc://127.0.0.1: 5900 into text discipline at the top and pressing Connect. This would perchance additionally quiz for password – enter trustno1.
Right here’s a minor anguish now we want to deal on macOS to procure it work.

Screenshot 1

Right here’s easy to derive working, however relies on VNC functionality on consumer aspect. It may perchance perchance perchance well be wonderful to relieve far from it. Assuming we
occupy X11 server assign in on the host system, let us have interaction away x11vnc from container and install appropriate the naked minimum of
extra packages to procure Firefox work in X11 consumer atmosphere that will create an outgoing connection. This outcomes
within the next simplified Dockerfile: 

FROM ubuntu:most contemporary
RUN just-derive update && just-derive install -y libxext-dev libxrender-dev libxtst-dev firefox
CMD firefox

Let us assign it into separate listing and derive a container from it: 

$ docker derive -t firefox .

Now now we want to map up X11 server with incoming connections enabled. On Linux that it is advisable to want to appropriate traipse xhost +, however
on macOS it be foremost to put in XQuartz, birth it, drag to Preferences and take a look at the box
that says “Enable connections from community purchasers”, then traipse xhost + in terminal. Now we’re willing to traipse the Firefox
container that now we occupy constructed earlier than: 

$ docker traipse --rm -e DISPLAY="$(ifconfig en0 | grep inet | awk '$1=="inet" {print $2}')":0 firefox

Imprint that we map DISPLAY atmosphere variable to a tag that involves IP take care of of host system, and 0, separated by
colon. This tells the X11 consumer part within container to build out to X11 server at that individual IP take care of and spend zeroth
display masks for novel dwelling windows.

Screenshot 2

This does simplify atmosphere within Docker container, however makes requirements for host machine extra advanced,
especially if it’s a system that does now not natively enhance X11. Moreover, if we needed to traipse this extra or less setup
on a server atmosphere we would want to occupy desktop atmosphere running there already, which has its occupy problems.
There must be a closer way.

Looks, there is a web app called novnc that bridges the opening between x11vnc and web
browser. It works as a consumer for x11vnc, however as a server to the slay user that is connecting remotely thru web browser.
Though it does now not occupy an pleasant Dockerfile or Docker Hub image, there are some unofficial ones available.
For this case, we are able to spend theasp/novnc image from Docker Hub.

We preserve the Firefox container as-is, however we create a docker-derive.yml file that brings every parts together (based on
example from theasp/novnc Github repo): 

version: '2'
services:
  firefox:
    image: firefox
    atmosphere:
      - DISPLAY=novnc:0
    depends_on:
      - novnc
    networks:
      - x11
  novnc:
    image: theasp/novnc:most contemporary
    atmosphere:
      # Alter to your display masks dimension
      - DISPLAY_WIDTH=1600
      - DISPLAY_HEIGHT=968
      - RUN_XTERM=no
    ports:
      - "8080: 8080"
    networks:
      - x11
networks:
  x11:

Running docker-arise builds and launches every containers and we can derive admission to the Dockerized Firefox thru usual
web browser at: http://localhost: 8080/vnc.html

Screenshot 3

With this setup, now we occupy one static part (x11vnc + novnc container) and one part that we would exchange if we needed to
traipse some various GUI program within Docker atmosphere. Moreover, we now now not require any consumer aspect tool various
than web browser. We are able to also traipse this extra or less configuration on cloud deployment (e.g. Docker server from Digital
Ocean marketplace) if we solved the security jabber of no derive admission to control being enforced. These are critical improvements
over our first attempt.

Let us also check up on into some birth source projects dedicated to running GUI apps within Docker containers.

x11docker

x11docker is an answer for running GUI apps within Linux host system that
is extra evolved in loads of ways (GPU derive admission to, peripheral enhance, security improvements), however is constrained to an present
Linux desktop atmosphere and does now not correctly enhance working methods various than Linux.

To begin a GUI app thru x11docker, one would want to derive or pull Docker container for that app written in a contrivance that
is love minded with x11docker (some examples are on Github and Docker Hub) and birth it thru x11docker CLI tool.

Kasm Workspaces

Kasm Workspaces is an birth source platform that takes this thought reasonably a limited extra and even
provides a SaaS version that they host for you. It is on the total available thru Digital Ocean marketplace at:
https://marketplace.digitalocean.com/apps/kasm-workspaces

Enjoy x11docker, it affords a bunch of pre-developed Docker photos for customary apps love Firefox (and various browsers),
Slack, Discord, VS Code and others. Total Linux desktop environments can be found in thru one-click install on
management interface. Enjoy with out previous example, distant desktops are made available thru web browser. On the different hand
Kasm Workspaces spend KasmVNC – a VNC solution that is developed by the the same firm.

docker-android

To this point we talked about running Linux GUI apps inside containers. But what about running Android apps? Flip out, it’s
that that it is advisable to additionally imagine to traipse an complete Android emulator within Docker container and expose it thru novnc interface by the utilization of
solution called docker-android. Even supposing it warns about nested virtualization
now not being fully supported, I became once in a build aside to traipse it thru the next uncover on Digital Ocean VPS: 

$ docker traipse --privileged -d -p 6080: 6080 -p 5554: 5554 -p 5555: 5555 -e DEVICE="Samsung Galaxy S6" --name android-container budtmo/docker-android-x86-8.1

Android emulator requires some CPU and RAM thus making it infeasible to traipse it on $5/month droplets – it merely became once too silly.
On the different hand the performace became once acceptable on some of the greater servers – it may perchance perchance perchance probably perchance well even play Youtube movies without sound.

Screenshot 4

Since we also occupy port 5554 and 5555 exposed, shall we also spend ADB to aspect-load APK files and build some debugging.

Code level dialogue of web scraping, grey hat automation, progress hacking and bounty hunting

By rl1987,
2022-03-26

Read More

Categories: Travelling
Tags: , ,
Ava Chan
I'm a researcher at Utokyo :) and a big fan of Ava MaxBio: About:

Related Articles

Windows 11 Guide

Windows 11 Guide

A guide on setting up your Windows 11 Desktop with all the essential Applications, Tools, and Games to make your experience with Windows 11 great! Note: You can easily convert this markdown file to a PDF in VSCode using this handy extension Markdown PDF. Getting Started Windows 11 Desktop Bypass Windows 11’s TPM, CPU and…

Knowasiak June 11, 2022
0 Comments
What’s recent in Emacs 28.1?

What’s recent in Emacs 28.1?

By Mickey Petersen It’s that time again: there’s a new major version of Emacs and, with it, a treasure trove of new features and changes.Notable features include the formal inclusion of native compilation, a technique that will greatly speed up your Emacs experience.A critical issue surrounding the use of ligatures also fixed; without it, you…

Knowasiak April 9, 2022

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .