├── config ├── runit │ ├── sshd │ │ └── run │ ├── rsyslog │ │ ├── finish │ │ └── run │ ├── haproxy │ │ └── run │ ├── x11vnc │ │ └── run │ ├── websockify │ │ └── run │ ├── openbox │ │ └── run │ ├── xvfb │ │ └── run │ └── websockify-tls │ │ └── run ├── openbox │ └── menu.xml ├── haproxy │ └── haproxy.cfg └── ssh │ └── sshd_config ├── scripts ├── app ├── docker-healthcheck.sh └── entrypoint.sh ├── certs └── .gitignore ├── hooks ├── pre_build └── post_push ├── docker-compose.yml ├── multi-arch-manifest.yaml ├── Dockerfile ├── Dockerfile.arm32v7 ├── Dockerfile.arm64v8 └── README.md /config/runit/sshd/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec /usr/sbin/sshd -D -e -------------------------------------------------------------------------------- /config/runit/rsyslog/finish: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | rm /var/run/rsyslogd.pid -------------------------------------------------------------------------------- /config/runit/rsyslog/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec /usr/sbin/rsyslogd -n -------------------------------------------------------------------------------- /scripts/app: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | . /etc/environment 3 | echo starting app... 4 | -------------------------------------------------------------------------------- /certs/.gitignore: -------------------------------------------------------------------------------- 1 | # ignore everything except .gitignore 2 | * 3 | !.gitignore 4 | -------------------------------------------------------------------------------- /config/runit/haproxy/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec haproxy -f /container/config/haproxy/haproxy.cfg -------------------------------------------------------------------------------- /hooks/pre_build: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | docker run --rm --privileged multiarch/qemu-user-static:register --reset -------------------------------------------------------------------------------- /config/runit/x11vnc/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec /bin/su -l -s /bin/sh -c "exec x11vnc -localhost -autoport 4900 -forever -display :0" app -------------------------------------------------------------------------------- /config/runit/websockify/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec /bin/su -l -s /bin/sh -c "cd /websockify/; exec python -m websockify 8080 --web /novnc/ localhost:4900" app -------------------------------------------------------------------------------- /config/runit/openbox/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | /bin/su -l -s /bin/sh -c "sleep 5; DISPLAY=:0 app" app & 3 | exec /bin/su -l -s /bin/sh -c "export DISPLAY=:0; exec openbox" app -------------------------------------------------------------------------------- /scripts/docker-healthcheck.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | [[ $(ps aux | grep '[X]vfb\|[s]shd:\|[w]ebsockify 4443\|[w]ebsockify 8080\|[x]11vnc -localhost\|[h]aproxy -f' | wc -l) -ge '6' ]] 3 | exit $? 4 | -------------------------------------------------------------------------------- /hooks/post_push: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | curl -Lo manifest-tool https://github.com/estesp/manifest-tool/releases/download/v0.9.0/manifest-tool-linux-amd64 3 | chmod +x manifest-tool 4 | 5 | ./manifest-tool push from-spec multi-arch-manifest.yaml -------------------------------------------------------------------------------- /config/runit/xvfb/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | [ -z ${VNC_SCREEN_DEPTH+x} ] && export VNC_SCREEN_DEPTH="24" 3 | [ -z ${VNC_SCREEN_RESOLUTION+x} ] && export VNC_SCREEN_RESOLUTION="1280x1024" 4 | exec /bin/su -l -s /bin/sh -c "exec Xvfb -screen 0 $VNC_SCREEN_RESOLUTION""x""$VNC_SCREEN_DEPTH" app -------------------------------------------------------------------------------- /config/runit/websockify-tls/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | [ -z ${SERVER_NAME+x} ] && export SERVER_NAME="localhost" 3 | exec /bin/su -l -s /bin/sh -c "cd /websockify/; exec python -m websockify 4443 --web /novnc/ --ssl-only --cert /certs/$SERVER_NAME.crt --key /certs/$SERVER_NAME.key localhost:4900" app -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | desktop-base: 5 | build: . 6 | image: desktopcontainers/base-debian 7 | restart: always 8 | environment: 9 | SERVER_NAME: localhost 10 | 11 | VNC_SCREEN_DEPTH: 24 12 | 13 | #ENABLE_SUDO: enable 14 | #ENABLE_KIOSK: enable 15 | volumes: 16 | - ./certs:/certs 17 | ports: 18 | - "2222:22" 19 | - "8080:80" 20 | - "4443:443" 21 | #- "5900:5900" 22 | -------------------------------------------------------------------------------- /config/openbox/menu.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 7 | 8 | 9 | 10 | app 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /multi-arch-manifest.yaml: -------------------------------------------------------------------------------- 1 | image: desktopcontainers/base-debian:latest 2 | manifests: 3 | - image: desktopcontainers/base-debian:latest-amd64 4 | platform: 5 | architecture: amd64 6 | os: linux 7 | - image: desktopcontainers/base-debian:latest-arm64v8 8 | platform: 9 | architecture: arm64 10 | os: linux 11 | variant: v8 12 | - image: desktopcontainers/base-debian:latest-arm32v7 13 | platform: 14 | architecture: arm 15 | os: linux 16 | variant: v7 -------------------------------------------------------------------------------- /config/haproxy/haproxy.cfg: -------------------------------------------------------------------------------- 1 | global 2 | log /dev/log local0 3 | chroot /var/lib/haproxy 4 | pidfile /var/run/haproxy.pid 5 | user haproxy 6 | group haproxy 7 | 8 | defaults 9 | log global 10 | mode tcp 11 | option dontlognull 12 | timeout connect 5000 13 | timeout client 50000 14 | timeout server 50000 15 | 16 | 17 | frontend vnc_frontend 18 | bind :::5900 v4v6 19 | default_backend vnc_backend 20 | 21 | backend vnc_backend 22 | balance roundrobin 23 | server localhost 127.0.0.1:4900 24 | 25 | 26 | frontend http_frontend 27 | bind :::80 v4v6 28 | default_backend http_backend 29 | 30 | backend http_backend 31 | balance roundrobin 32 | server localhost 127.0.0.1:8080 33 | 34 | 35 | frontend https_frontend 36 | bind :::443 v4v6 37 | default_backend https_backend 38 | 39 | backend https_backend 40 | balance roundrobin 41 | server localhost 127.0.0.1:4443 -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:buster 2 | 3 | ENV PATH="/container/scripts:${PATH}" 4 | 5 | RUN export DEBIAN_FRONTEND=noninteractive \ 6 | && apt-get -q -y update \ 7 | && apt-get -q -y install --no-install-recommends runit \ 8 | \ 9 | xvfb \ 10 | x11vnc \ 11 | \ 12 | && apt-get -q -y install openbox \ 13 | ttf-dejavu \ 14 | \ 15 | haproxy \ 16 | openssl \ 17 | openssh-server \ 18 | sudo \ 19 | \ 20 | python3 \ 21 | python3-numpy \ 22 | sed \ 23 | wget \ 24 | rsyslog \ 25 | \ 26 | && apt-get -q -y clean \ 27 | && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ 28 | \ 29 | && ln -s /usr/bin/python3 /usr/bin/python \ 30 | \ 31 | && head -n $(grep -n RULES /etc/rsyslog.conf | cut -d':' -f1) /etc/rsyslog.conf > /etc/rsyslog.conf.new \ 32 | && mv /etc/rsyslog.conf.new /etc/rsyslog.conf \ 33 | && echo '*.* /dev/stdout' >> /etc/rsyslog.conf \ 34 | && sed -i '/.*imklog*/d' /etc/rsyslog.conf \ 35 | \ 36 | && mkdir -p /run/sshd \ 37 | \ 38 | && adduser --disabled-password -q --gecos '' app \ 39 | && passwd -d app \ 40 | \ 41 | && wget -O novnc.tar.gz https://github.com/novnc/noVNC/archive/v1.2.0.tar.gz \ 42 | && tar xvf novnc.tar.gz \ 43 | && ln -s noVNC-* novnc \ 44 | \ 45 | && ln -s /novnc/vnc_lite.html /novnc/index.html \ 46 | \ 47 | && wget -O websockify.tar.gz https://github.com/novnc/websockify/archive/v0.9.0.tar.gz \ 48 | && tar xvf websockify.tar.gz \ 49 | && ln -s websockify-* websockify \ 50 | \ 51 | && chown app -R /websockify* \ 52 | && chown app -R /no* 53 | 54 | VOLUME ["/certs"] 55 | 56 | EXPOSE 22 80 443 5900 57 | 58 | COPY . /container/ 59 | 60 | HEALTHCHECK CMD ["docker-healthcheck.sh"] 61 | ENTRYPOINT ["entrypoint.sh"] 62 | 63 | CMD [ "runsvdir","-P", "/container/config/runit" ] 64 | -------------------------------------------------------------------------------- /scripts/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | export IFS=$'\n' 4 | 5 | cat <> CONTAINER: starting initialisation" 18 | 19 | echo ">> CONTAINER: added environment vars to /etc/environment" 20 | env >> /etc/environment 21 | 22 | cp /container/config/openbox/menu.xml /etc/xdg/openbox/menu.xml 23 | 24 | [ -z ${SERVER_NAME+x} ] && SERVER_NAME="localhost" 25 | 26 | if [ ! -f "/certs/$SERVER_NAME.key" ] && [ ! -f "/certs/$SERVER_NAME.crt" ]; then 27 | echo ">> CONTAINER: generating server tls certs (/certs/$SERVER_NAME.[key|crt])" 28 | openssl req -x509 -newkey rsa:4096 \ 29 | -days 3650 \ 30 | -subj "/C=XX/ST=XXXX/L=XXXX/O=XXXX/CN=$SERVER_NAME" \ 31 | -keyout "/certs/$SERVER_NAME.key" \ 32 | -out "/certs/$SERVER_NAME.crt" \ 33 | -nodes -sha256 34 | fi 35 | 36 | echo ">> CONTAINER: openssh sshd config" 37 | [ ! -f "/certs/ssh_host_rsa_key" ] && ssh-keygen -f /certs/ssh_host_rsa_key -N '' -t rsa -b 4096 38 | cp /certs/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key 39 | 40 | cp /container/config/ssh/sshd_config /etc/ssh/sshd_config 41 | 42 | if [ "$ENABLE_SUDO" = "enable" ]; 43 | then 44 | echo ">> CONTAINER: enable sudo for user app" 45 | echo 'app ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/app 46 | else 47 | echo ">> CONTAINER: remove sudo from container" 48 | apk del sudo >/dev/null 2>/dev/null 49 | fi 50 | 51 | [ "$ENABLE_KIOSK" = "enable" ] && echo ">> CONTAINER: enable Kiosk-Mode" && echo -e '#!/bin/sh\nexport DISPLAY=:0\nexec /usr/local/bin/app' > /container/config/runit/openbox/run 52 | 53 | # INIT PHASE 54 | 55 | touch "$INITALIZED" 56 | else 57 | echo ">> CONTAINER: already initialized - direct start of samba" 58 | fi 59 | 60 | # update app 61 | cp /container/scripts/app /usr/local/bin/app 62 | 63 | # PRE-RUN PHASE 64 | 65 | ## 66 | # CMD 67 | ## 68 | echo ">> CMD: exec docker CMD" 69 | echo "$@" 70 | exec "$@" 71 | -------------------------------------------------------------------------------- /Dockerfile.arm32v7: -------------------------------------------------------------------------------- 1 | FROM alpine AS builder 2 | 3 | # Download QEMU, see https://github.com/docker/hub-feedback/issues/1261 4 | ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz 5 | RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1 6 | 7 | FROM arm32v7/debian:buster 8 | 9 | COPY --from=builder qemu-arm-static /usr/bin 10 | 11 | ENV PATH="/container/scripts:${PATH}" 12 | 13 | RUN export DEBIAN_FRONTEND=noninteractive \ 14 | && apt-get -q -y update \ 15 | && apt-get -q -y install --no-install-recommends runit \ 16 | \ 17 | xvfb \ 18 | x11vnc \ 19 | \ 20 | && apt-get -q -y install openbox \ 21 | ttf-dejavu \ 22 | \ 23 | haproxy \ 24 | openssl \ 25 | openssh-server \ 26 | sudo \ 27 | \ 28 | python3 \ 29 | python3-numpy \ 30 | sed \ 31 | wget \ 32 | rsyslog \ 33 | \ 34 | && apt-get -q -y clean \ 35 | && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ 36 | \ 37 | && ln -s /usr/bin/python3 /usr/bin/python \ 38 | \ 39 | && head -n $(grep -n RULES /etc/rsyslog.conf | cut -d':' -f1) /etc/rsyslog.conf > /etc/rsyslog.conf.new \ 40 | && mv /etc/rsyslog.conf.new /etc/rsyslog.conf \ 41 | && echo '*.* /dev/stdout' >> /etc/rsyslog.conf \ 42 | && sed -i '/.*imklog*/d' /etc/rsyslog.conf \ 43 | \ 44 | && mkdir -p /run/sshd \ 45 | \ 46 | && adduser --disabled-password -q --gecos '' app \ 47 | && passwd -d app \ 48 | \ 49 | && wget -O novnc.tar.gz https://github.com/novnc/noVNC/archive/v1.2.0.tar.gz \ 50 | && tar xvf novnc.tar.gz \ 51 | && ln -s noVNC-* novnc \ 52 | \ 53 | && ln -s /novnc/vnc_lite.html /novnc/index.html \ 54 | \ 55 | && wget -O websockify.tar.gz https://github.com/novnc/websockify/archive/v0.9.0.tar.gz \ 56 | && tar xvf websockify.tar.gz \ 57 | && ln -s websockify-* websockify \ 58 | \ 59 | && chown app -R /websockify* \ 60 | && chown app -R /no* 61 | 62 | VOLUME ["/certs"] 63 | 64 | EXPOSE 22 80 443 5900 65 | 66 | COPY . /container/ 67 | 68 | HEALTHCHECK CMD ["docker-healthcheck.sh"] 69 | ENTRYPOINT ["entrypoint.sh"] 70 | 71 | CMD [ "runsvdir","-P", "/container/config/runit" ] 72 | -------------------------------------------------------------------------------- /Dockerfile.arm64v8: -------------------------------------------------------------------------------- 1 | FROM alpine AS builder 2 | 3 | # Download QEMU, see https://github.com/docker/hub-feedback/issues/1261 4 | ENV QEMU_URL https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-aarch64.tar.gz 5 | RUN apk add curl && curl -L ${QEMU_URL} | tar zxvf - -C . --strip-components 1 6 | 7 | FROM arm64v8/debian:buster 8 | 9 | COPY --from=builder qemu-aarch64-static /usr/bin 10 | 11 | ENV PATH="/container/scripts:${PATH}" 12 | 13 | RUN export DEBIAN_FRONTEND=noninteractive \ 14 | && apt-get -q -y update \ 15 | && apt-get -q -y install --no-install-recommends runit \ 16 | \ 17 | xvfb \ 18 | x11vnc \ 19 | \ 20 | && apt-get -q -y install openbox \ 21 | ttf-dejavu \ 22 | \ 23 | haproxy \ 24 | openssl \ 25 | openssh-server \ 26 | sudo \ 27 | \ 28 | python3 \ 29 | python3-numpy \ 30 | sed \ 31 | wget \ 32 | rsyslog \ 33 | \ 34 | && apt-get -q -y clean \ 35 | && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ 36 | \ 37 | && ln -s /usr/bin/python3 /usr/bin/python \ 38 | \ 39 | && head -n $(grep -n RULES /etc/rsyslog.conf | cut -d':' -f1) /etc/rsyslog.conf > /etc/rsyslog.conf.new \ 40 | && mv /etc/rsyslog.conf.new /etc/rsyslog.conf \ 41 | && echo '*.* /dev/stdout' >> /etc/rsyslog.conf \ 42 | && sed -i '/.*imklog*/d' /etc/rsyslog.conf \ 43 | \ 44 | && mkdir -p /run/sshd \ 45 | \ 46 | && adduser --disabled-password -q --gecos '' app \ 47 | && passwd -d app \ 48 | \ 49 | && wget -O novnc.tar.gz https://github.com/novnc/noVNC/archive/v1.2.0.tar.gz \ 50 | && tar xvf novnc.tar.gz \ 51 | && ln -s noVNC-* novnc \ 52 | \ 53 | && ln -s /novnc/vnc_lite.html /novnc/index.html \ 54 | \ 55 | && wget -O websockify.tar.gz https://github.com/novnc/websockify/archive/v0.9.0.tar.gz \ 56 | && tar xvf websockify.tar.gz \ 57 | && ln -s websockify-* websockify \ 58 | \ 59 | && chown app -R /websockify* \ 60 | && chown app -R /no* 61 | 62 | VOLUME ["/certs"] 63 | 64 | EXPOSE 22 80 443 5900 65 | 66 | COPY . /container/ 67 | 68 | HEALTHCHECK CMD ["docker-healthcheck.sh"] 69 | ENTRYPOINT ["entrypoint.sh"] 70 | 71 | CMD [ "runsvdir","-P", "/container/config/runit" ] 72 | -------------------------------------------------------------------------------- /config/ssh/sshd_config: -------------------------------------------------------------------------------- 1 | # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ 2 | 3 | # This is the sshd server system-wide configuration file. See 4 | # sshd_config(5) for more information. 5 | 6 | # This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin 7 | 8 | # The strategy used for options in the default sshd_config shipped with 9 | # OpenSSH is to specify options with their default value where 10 | # possible, but leave them commented. Uncommented options override the 11 | # default value. 12 | 13 | #Port 22 14 | #AddressFamily any 15 | #ListenAddress 0.0.0.0 16 | #ListenAddress :: 17 | 18 | #HostKey /etc/ssh/ssh_host_rsa_key 19 | #HostKey /etc/ssh/ssh_host_ecdsa_key 20 | #HostKey /etc/ssh/ssh_host_ed25519_key 21 | 22 | # Ciphers and keying 23 | #RekeyLimit default none 24 | 25 | # Logging 26 | #SyslogFacility AUTH 27 | #LogLevel INFO 28 | 29 | # Authentication: 30 | 31 | #LoginGraceTime 2m 32 | PermitRootLogin no 33 | #StrictModes yes 34 | #MaxAuthTries 6 35 | #MaxSessions 10 36 | 37 | #PubkeyAuthentication yes 38 | 39 | # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 40 | # but this is overridden so installations will only check .ssh/authorized_keys 41 | AuthorizedKeysFile .ssh/authorized_keys 42 | 43 | #AuthorizedPrincipalsFile none 44 | 45 | #AuthorizedKeysCommand none 46 | #AuthorizedKeysCommandUser nobody 47 | 48 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 49 | #HostbasedAuthentication no 50 | # Change to yes if you don't trust ~/.ssh/known_hosts for 51 | # HostbasedAuthentication 52 | #IgnoreUserKnownHosts no 53 | # Don't read the user's ~/.rhosts and ~/.shosts files 54 | #IgnoreRhosts yes 55 | 56 | # To disable tunneled clear text passwords, change to no here! 57 | PasswordAuthentication yes 58 | PermitEmptyPasswords yes 59 | 60 | # Change to no to disable s/key passwords 61 | #ChallengeResponseAuthentication yes 62 | 63 | # Kerberos options 64 | #KerberosAuthentication no 65 | #KerberosOrLocalPasswd yes 66 | #KerberosTicketCleanup yes 67 | #KerberosGetAFSToken no 68 | 69 | # GSSAPI options 70 | #GSSAPIAuthentication no 71 | #GSSAPICleanupCredentials yes 72 | 73 | # Set this to 'yes' to enable PAM authentication, account processing, 74 | # and session processing. If this is enabled, PAM authentication will 75 | # be allowed through the ChallengeResponseAuthentication and 76 | # PasswordAuthentication. Depending on your PAM configuration, 77 | # PAM authentication via ChallengeResponseAuthentication may bypass 78 | # the setting of "PermitRootLogin without-password". 79 | # If you just want the PAM account and session checks to run without 80 | # PAM authentication, then enable this but set PasswordAuthentication 81 | # and ChallengeResponseAuthentication to 'no'. 82 | #UsePAM no 83 | 84 | #AllowAgentForwarding yes 85 | # Feel free to re-enable these if your use case requires them. 86 | AllowTcpForwarding no 87 | GatewayPorts no 88 | X11Forwarding yes 89 | X11UseLocalhost no 90 | #X11DisplayOffset 10 91 | #X11UseLocalhost yes 92 | #PermitTTY yes 93 | PrintMotd no 94 | #PrintLastLog yes 95 | #TCPKeepAlive yes 96 | #PermitUserEnvironment no 97 | #Compression delayed 98 | #ClientAliveInterval 0 99 | #ClientAliveCountMax 3 100 | #UseDNS no 101 | #PidFile /run/sshd.pid 102 | #MaxStartups 10:30:100 103 | #PermitTunnel no 104 | #ChrootDirectory none 105 | #VersionAddendum none 106 | 107 | # no default banner path 108 | #Banner none 109 | 110 | # override default of no subsystems 111 | Subsystem sftp /usr/lib/ssh/sftp-server 112 | 113 | # Example of overriding settings on a per-user basis 114 | #Match User anoncvs 115 | # X11Forwarding no 116 | # AllowTcpForwarding no 117 | # PermitTTY no 118 | # ForceCommand cvs server 119 | 120 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Base Image for Desktop Applications on lightweight OpenBox Window Manager - (desktopcontainers/base-debian) [x86 + arm] 2 | 3 | This container is created, to make it easy to use Desktop Applications on Systems that can run Docker Containers. 4 | It is based on `_/debian` and comes with various way to use your X11 applications: 5 | 6 | I recommend using the [desktopcontainers/base-alpine](https://github.com/DesktopContainers/base-alpine) if possible. Only if you really need debian as base image, use this container. 7 | 8 | The main reason to create this `debian` based desktop container was to support commercial software e.g. citrix icaclient, zoom etc. those often don't support the `musl`-libc and have problems running on alpine. Also those containers/software are often only `x86` compatible. 9 | 10 | - VNC (port: `5900`, no password) 11 | - HTTP VNC (port: `80`, no password) 12 | - HTTPS VNC (port: `443`, no password) 13 | - SSH X11 Forwarding (user: `app`, no password) 14 | * use it with `ssh -X -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no app@127.0.0.1 -p 2222 /container/scripts/app` (exported port `22` to `2222` on localhost) 15 | * use it with `ssh -X -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no app@ /container/scripts/app` 16 | - Local Native X11 17 | - start container using `docker run --rm -ti -v "/tmp/.X11-unix:/tmp/.X11-unix" -v "$HOME/.Xauthority:/home/app/.Xauthority" -e "DISPLAY=$DISPLAY" -h $HOSTNAME --net=host --entrypoint=/container/scripts/app --user=app desktopcontainer/...` 18 | 19 | ## Changelogs 20 | 21 | * 2020-11-24 22 | * fixed failing arm builds on debian 23 | * 2020-11-12 24 | * default `VNC_SCREEN_DEPTH` to `24` 25 | * 2020-11-11 26 | * complete rework 27 | * 2020-11-10 28 | * added kiosk mode 29 | * `VNC_SCREEN_DEPTH` support 30 | * 2020-11-09 31 | * initial creation on debian 32 | 33 | ## Environment variables and defaults 34 | 35 | ### General 36 | 37 | * __SERVER\_NAME__ 38 | * _optional_ dns name for certificate generation 39 | * _default:_ `localhost` 40 | 41 | * __ENABLE\_SUDO__ 42 | * set this to _enable_ to allow the user to use sudo 43 | * default: not set 44 | 45 | * __ENABLE\_KIOSK__ 46 | * set this to _enable_ to enable Kiosk mode 47 | * only run `app` and make sure it will always restart 48 | * it is advised to not combine with `ENABLE_SUDO` - but it's still possible to use with sudo enabled. 49 | * default: not set 50 | * perfect for (fullscreen) software like `rdesktop`, `vncviewer`, Browser etc. 51 | 52 | ### VNC Settings 53 | 54 | * __VNC\_SCREEN\_DEPTH__ 55 | * set the screen depth for the xfvb x-server 56 | * default: `24` 57 | * other possible values: 58 | * 8 59 | * 16 60 | * 24 61 | 62 | * __VNC\_SCREEN\_RESOLUTION__ 63 | * set this to a specific resolution like '1280x1024' if you want a specific default one 64 | * default: `1280x1024` 65 | * depth is configured with `VNC_SCREEN_DEPTH` env 66 | * other possible values: 67 | * 640x480 68 | * 800x600 69 | * 1024x768 70 | * 1280x1024 71 | * 1280x720 72 | * 1280x800 73 | * 1280x960 74 | * 1360x768 75 | * 1400x1050 76 | * 1600x1200 77 | * 1680x1050 78 | * 1900x1200 79 | * 1920x1080 80 | * 1920x1200 81 | 82 | ## Volumes 83 | 84 | * __/certs/__ 85 | * store your certs with the `$SERVER_NAME`.[key|crt] here. 86 | * store your ssh host key `ssh_host_rsa_key` & `ssh_host_rsa_key.pub` here. 87 | * if they are missing, they get created 88 | 89 | ## FAQ 90 | 91 | * use X11 Forwarding on a new macOS 92 | * install XQuartz (https://www.xquartz.org/) 93 | * add `XAuthLocation /usr/X11/bin/xauth` to your `~/.ssh/config` 94 | 95 | ## API 96 | 97 | If you wan't to use this container as base for your own containerized Desktop Applications, you can use the following informations to get it done. 98 | 99 | It's best to configure everything in a Dockerfile and not at runtime. 100 | 101 | ### Your custom Application 102 | 103 | add all your code used for starting your application/s to `/container/scripts/app`. 104 | 105 | _Note:_ There are applications which get in trouble running in multiple instances. 106 | Since your Application get's started on container start on the VNC X11 Server, it might collide with the one 107 | which is started via SSH. If your application can only run once, make sure the `app` script kills all other instances before starting a new instance. 108 | 109 | ### Init Points 110 | 111 | Add commands to init phase of of entrypoint (only on first run/creation). 112 | 113 | ``` 114 | sed -i 's/# INIT PHASE/# INIT PHASE\nYOUR_COMMANDS_HERE/g' /container/scripts/entrypoint.sh 115 | ``` 116 | 117 | Add commands to run phase of of entrypoint (on every run). 118 | 119 | ``` 120 | sed -i 's/# PRE-RUN PHASE/# PRE-RUN PHASE\nYOUR_COMMANDS_HERE/g' /container/scripts/entrypoint.sh 121 | ``` 122 | 123 | ### Openbox Menu 124 | 125 | Rename Menu Entry 126 | 127 | ``` 128 | sed -i 's/Application/NEW_ENTRY_NAME/g' /etc/xdg/openbox/menu.xml 129 | ``` 130 | 131 | Add Menu Entry 132 | 133 | ``` 134 | sed -i '0,/NEW_ENTRY_COMMAND\n