Skip to content
This repository has been archived by the owner on Nov 27, 2022. It is now read-only.

Retired and merged into 'accetto/ubuntu-vnc-xfce' (Generation 1).

License

Notifications You must be signed in to change notification settings

accetto/ubuntu-vnc-xfce-firefox

Repository files navigation

Headless Ubuntu/Xfce container with VNC/noVNC and Firefox

accetto/ubuntu-vnc-xfce-firefox-default

Docker Hub - Git Hub - Changelog - Wiki


Remark The repository has been revived and merged into the repository ubuntu-vnc-xfce, because I've noticed, that the images are still being pulled. This original repository ubuntu-vnc-xfce-firefox stays retired.

Attention! The repository is retired and archived. It will not be developed any further and the related images on Docker Hub will not be rebuilt any more. They will phase out and they will be deleted after becoming too old. Please use the newer third generation (G3) repository accetto/ubuntu-vnc-xfce-g3 and the related images on Docker Hub instead. If you still need images based on Ubuntu 18.04 LTS, then feel free using the repository for building the images locally.


badge-docker-pulls badge-docker-stars badge-github-release badge-github-release-date badge-github-stars badge-github-forks badge-github-open-issues badge-github-closed-issues badge-github-releases badge-github-commits badge-github-last-commit

Tip If you want newer images based on Ubuntu 20.04 LTS with the latest TigerVNC/noVNC versions, please check the third generation (G3) accetto/ubuntu-vnc-xfce-g3, accetto/ubuntu-vnc-xfce-chromium-g3 or accetto/ubuntu-vnc-xfce-firefox-g3.

Tip Unless you need nss_wrapper, you can also use my newer image accetto/xubuntu-vnc-novnc-firefox:default, which is a streamlined version of this image (image hierarchy). If you also don't need noVNC, you can use even a slimmer image accetto/xubuntu-vnc-firefox:default, which is a member of another growing family of application images (image hierarchy). The newer images include also sudo command.


WARNING about images with Firefox

Starting from the release 20.10.1, there is no single-process Firefox image and the multi-process mode is always enabled. Be aware, that multi-process requires larger shared memory (/dev/shm). At least 256MB is recommended. Please check the Firefox multi-process page in Wiki for more information and the instructions, how to set the shared memory size in different scenarios.


Attention: Resources for building images with configurable Firefox, previously contained in the common base repository ubuntu-vnc-xfce, have been moved to its own GitHub repository ubuntu-vnc-xfce-firefox-plus. Resources for building the base images are in the GitHub repository accetto/ubuntu-vnc-xfce.

Attention: The Docker Hub repository is actually named ubuntu-vnc-xfce-firefox-default to avoid conflicts with the previous generation image.

This repository contains resources for building a Docker image based on Ubuntu with Xfce desktop environment, VNC/noVNC servers for headless use and the current Firefox web browser in its default installation.

The image can be successfully built and used on Linux, Windows, Mac and NAS devices. It has been tested with Docker Desktop on Ubuntu flavours, Windows 10 and Container Station from QNAP.

Containers created from this image make perfect light-weight web browsers. They can be thrown away easily and replaced quickly, improving browsing privacy. They run under a non-root user by default, improving browsing security.

Running in background is the primary scenario for the containers, but using them interactively in foreground is also possible. For examples see the description below or the HOWTO section in Wiki.

The image is based on the accetto/ubuntu-vnc-xfce image, just adding the Firefox browser in its default installation.

The image inherits the following components from its base image:

  • utilities ping, wget, zip, unzip, curl, git (Ubuntu distribution)
  • current version of JSON processor jq
  • light-weight Xfce desktop environment (Ubuntu distribution)
  • current version of high-performance TigerVNC server and client
  • current version of noVNC HTML5 clients (full and lite) (TCP port 6901)
  • popular text editors vim and nano (Ubuntu distribution)
  • lite but advanced graphical editor mousepad (Ubuntu distribution)
  • support of version sticker (see below)

The image is regularly maintained and rebuilt. The history of notable changes is documented in CHANGELOG.

screenshot-container

Image set

Ports

Following TCP ports are exposed:

  • 5901 used for access over VNC
  • 6901 used for access over noVNC

The default VNC user password is headless.

Volumes

The containers do not create or use any external volumes by default. However, the following folders make good mounting points:

  • /home/headless/Documents/
  • /home/headless/Downloads/
  • /home/headless/Music/
  • /home/headless/Pictures/
  • /home/headless/Public/
  • /home/headless/Templates/
  • /home/headless/Videos/

The following mounting point is specific to Firefox:

  • /home/headless/.mozilla

Both named volumes and bind mounts can be used. More about volumes can be found in Docker documentation (e.g. Manage data in Docker).

Version sticker

Version sticker serves multiple purposes that are closer described in Wiki. The version sticker value identifies the version of the docker image and it is persisted in it when it is built. It is also shown as a badge in the README file.

However, the script version_sticker.sh can be used anytime for convenient checking of the current versions of installed applications.

The script is deployed into the startup folder, which is defined by the environment variable STARTUPDIR with the default value of /dockerstartup.

If the script is executed inside a container without an argument, then it returns the current version sticker value of the container. This value is newly calculated and it is based on the current versions of the essential applications in the container.

The current version sticker value will differ from the persisted value, if any of the included application has been updated to another version.

If the script is called with the argument -v (lower case v), then it prints out verbose versions of the essential applications that are included in the version sticker value.

If it is called with the argument -V (upper case v), then it prints out verbose versions of some more applications.

Examples can be found in Wiki.

Firefox multi-process

Firefox multi-process (also known as Electrolysis or just E10S) can cause heavy crashing in Docker containers if there is not enough shared memory (Gah. Your tab just crashed.).

In Firefox versions till 76.0.1 it has been possible to disable multi-process by setting the environment variable MOZ_FORCE_DISABLE_E10S. However, in Firefox 77.0.1 it has caused ugly scrambling of almost all web pages, because they were not decompressed.

Mozilla has fixed the problem in the next release, but they warned about not supporting the switch in future. That is why I've decided, that the mainstream image tagged as latest will use multi-process by default, even if it requires larger shared memory. On the positive side, performance should be higher and Internet browsing should be sand-boxed.

For some time I've maintained also singleprocess images intended for scenarios, where increasing the shared memory size is not possible or not wanted. However, by Firefox 81.0 I've noticed, that the environment variable MOZ_FORCE_DISABLE_E10S has no effect any more. Since then all images run Firefox in multi-process mode.

Please check the Wiki page Firefox multi-process for more information and the instructions, how the shared memory size can be set in different scenarios.

Setting shared memory size

Instability of multi-process Firefox is caused by setting the shared memory size too low. Docker assigns only 64MB by default. Testing on my computers has shown, that using at least 256MB completely eliminates the problem. However, it could be different on your system.

The Wiki page Firefox multi-process describes several ways, how to increase the shared memory size. It's really simple, if you need it for a single container started from the command line.

For example, the following container will have its shared memory size set to 256MB:

docker run -d -P --shm-size=256m accetto/xubuntu-vnc-xfce-firefox-default

You can check the current shared memory size by executing the following command inside the container:

df -h /dev/shm

Running containers in background (detached)

Created containers will run under the non-root user headless:headless by default.

The following container will listen on automatically selected TCP ports of the host computer:

docker run -d -P accetto/ubuntu-vnc-xfce-firefox-default

The following container will listen on the host's explicit TCP ports 25901 (VNC) and 26901 (noVNC):

docker run -d -p 25901:5901 -p 26901:6901 accetto/ubuntu-vnc-xfce-firefox-default

The following container wil create or re-use the local named volume my_Downloads mounted as /home/headless/Downloads. The container will be accessible through the same TCP ports as the one above:

docker run -d -P -v my_Downloads:/home/headless/Downloads accetto/ubuntu-vnc-xfce-firefox-default

or using the newer syntax with --mount flag:

docker run -d -P --mount source=my_Downloads,target=/home/headless/Downloads accetto/ubuntu-vnc-xfce-firefox-default

More usage examples can be found in Wiki (section HOWTO).

Running containers in foreground (interactively)

The image supports the following container start-up options: --wait (default), --skip, --debug (also --tail-log) and --help. This functionality is inherited from the base image.

The following container will print out the help and then it'll remove itself:

docker run --rm accetto/ubuntu-vnc-xfce-firefox-default --help

Excerpt from the output, which describes the other options:

OPTIONS:
-w, --wait      (default) Keeps the UI and the vnc server up until SIGINT or SIGTERM are received.
                An optional command can be executed after the vnc starts up.
                example: docker run -d -P accetto/ubuntu-vnc-xfce
                example: docker run -it -P --rm accetto/ubuntu-vnc-xfce bash

-s, --skip      Skips the vnc startup and just executes the provided command.
                example: docker run -it -P --rm accetto/ubuntu-vnc-xfce --skip echo $BASH_VERSION

-d, --debug     Executes the vnc startup and tails the vnc/noVNC logs.
                Any parameters after '--debug' are ignored. CTRL-C stops the container.
                example: docker run -it -P --rm accetto/ubuntu-vnc-xfce --debug

-t, --tail-log  same as '--debug'

-h, --help      Prints out this help.
                example: docker run --rm accetto/ubuntu-vnc-xfce

It should be noticed, that the --debug start-up option does not show the command prompt even if the -it run arguments are provided. This is because the container is watching the incoming vnc/noVNC connections and prints out their logs in real time. However, it is easy to attach to the running container like in the following example.

In the first terminal window on the host computer, create a new container named foo:

docker run --name foo accetto/ubuntu-vnc-xfce-firefox-default --debug

In the second terminal window on the host computer, execute the shell inside the foo container:

docker exec -it foo /bin/bash

Using headless containers

There are two ways, how to use the created headless containers. Note that the default VNC user password is headless.

Over VNC

To be able to use the containers over VNC, a VNC Viewer is needed (e.g. TigerVNC or TightVNC).

The VNC Viewer should connect to the host running the container, pointing to the host's TCP port mapped to the container's TCP port 5901.

For example, if the container has been created on the host called mynas using the parameters described above, the VNC Viewer should connect to mynas:25901.

Over noVNC

To be able to use the containers over noVNC, an HTML5 capable web browser is needed. It actually means, that any current web browser can be used.

The browser should navigate to the host running the container, pointing to the host's TCP port mapped to the container's TCP port 6901.

However, the containers offer two noVNC clients - lite and full. The connection URL differs slightly in both cases. To make it easier, a simple startup page is implemented.

If the container have been created on the host called mynas using the parameters described above, then the web browser should navigate to http://mynas:26901.

The startup page will show two hyperlinks pointing to the both noVNC clients:

  • http://mynas:26901/vnc_lite.html
  • http://mynas:26901/vnc.html

It's also possible to provide the password through the links:

  • http://mynas:26901/vnc_lite.html?password=headless
  • http://mynas:26901/vnc.html?password=headless

Issues

If you have found a problem or you just have a question, please check the Issues and the Troubleshooting, FAQ and HOWTO sections in Wiki first. Please do not overlook the closed issues.

If you do not find a solution, you can file a new issue. The better you describe the problem, the bigger the chance it'll be solved soon.

Credits

Credit goes to all the countless people and companies who contribute to open source community and make so many dreamy things real.