gui-docker with debian 12 bookworm and docker compose #8
Description
Hello!
Thanks for this repo!
Recently I have used this for a project.
Here are the things I have changed.
They may be good info for you or for someone who is looking for a solution for the problem I had.
Note that there is a docker image with noVNC, but I'm not sure if that is better or not.
I have changed the image to python:3.9-bookworm.
I have changed the new user part to use docker ARGs and secrets:
Both should also be in the compose.yaml under the build schema.
frontend:
build:
context: frontend
target: runner
secrets:
- vnc-password
- frontend-root-password
- frontend-user-password
args:
- VNC_PASSWD_FILE=/run/secrets/vnc-password
- DOCKER_ROOT_PASSWD_FILE=/run/secrets/frontend-root-password
- DOCKER_USER_UID=1000
- DOCKER_USER_NAME=docker
- DOCKER_USER_PASSWD_FILE=/run/secrets/frontend-user-password
(Partial) Dockerfile:
ARG VNC_PASSWD_FILE
ARG DOCKER_ROOT_PASSWD_FILE
ARG DOCKER_USER_UID
ARG DOCKER_USER_NAME
ARG DOCKER_USER_PASSWD_FILE
# Add in non-root user
RUN useradd -m -s /bin/bash -d /home/${DOCKER_USER_NAME} -g users -G sudo -u ${DOCKER_USER_UID} ${DOCKER_USER_NAME}
#RUN chown -R ${DOCKER_USER_NAME}:users /home/${DOCKER_USER_NAME} && chown ${DOCKER_USER_NAME}:users /opt
RUN chown ${DOCKER_USER_NAME}:users /opt
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# password setup for root and docker user
RUN --mount=type=secret,required=true,id=frontend-root-password echo 'root:'$(cat $DOCKER_ROOT_PASSWD_FILE) | chpasswd
RUN --mount=type=secret,required=true,id=frontend-user-password echo ${DOCKER_USER_NAME}':'$(cat $DOCKER_USER_PASSWD_FILE) | chpasswd
# Create and save VNC password for docker user
RUN --mount=type=secret,required=true,id=vnc-password mkdir -p /home/${DOCKER_USER_NAME}/.vnc \
&& cat $VNC_PASSWD_FILE | vncpasswd -f > /home/${DOCKER_USER_NAME}/.vnc/passwd
RUN chown -R ${DOCKER_USER_NAME}:users /home/${DOCKER_USER_NAME}/.vnc
I have also added passwords for the docker user and root.
This probably should only be used for debugging.
I have moved the following line here from the container_startup.sh (to use docker secret)
mkdir -p $HOME/.vnc && echo "$VNC_PASSWD" | vncpasswd -f > $HOME/.vnc/passwd
I needed to add the following permissions to be able to run the startup scripts: (Dockerfile)
# Add execute permission
RUN chmod u+x /opt/container_startup.sh
RUN chmod u+x /opt/x11vnc_entrypoint.sh
In the container_startup.sh the VNC password is printed out by default.
This was removed for obvious security reasons.
Please check out these modifications and maybe implement them if you want.
Please keep this issue (you can close it of course), so that others may find this info.
Thank you.