How to Stream Docker Containers to Your Browser

docker It is a widely adopted platform for application package, sharing and rotation without effort, in a reproducible way, away from the core operating system, and with an excellent degree of isolation for the resulting ephemeral containers. It’s so popular that it really needs no introduction!

Docker containers are very versatile and one of the least known (But certainly not the least cool!) Habits that have emerged over the past few years Stream GUI applications – or even entire operating systems – via browser.

Why would I do that?

This is a fair question. Let’s check some files Advantages Which comes from Docker containers stream over the wire:

  • Increase privacy: Just imagine browsing the web through an instance of Tor Dockerised browser hosted in the cloud and streaming over the wire.
  • Safety and isolation at your fingertipsRotate and access anything from simple GUI applications to full operating systems through your browser without the need for any additional software and in complete isolation, even a docker container escape It would jeopardize your server at most but not your client machines.
  • Share interactive sessions: Colleagues, friends and students can go towebsite” And sharing a collaborative session on the same app, being able to view what others are doing and running the app themselves.
  • Working from low quality machines: No need to buy expensive hardware for your customer(s) When you can outsource your resource demands and workloads.

How it works?

There are several ways to stream Docker containers to your browser. Let’s start with a low-level approach In order to better understand what is really happening behind the curtains.

Build your own Docker container from scratch

In order to make a Docker container streamable, you have to install some components inside your container, which are at least:

  • the Request want to broadcast (eg Google Chrome)
  • mouse poisonUltra-lightweight window manager
  • the x server
  • a VNC . server Like TurboVNC
  • VirtualGL and OpenGL Libraries Like libxv1 And libglu1-mesa
  • It can be accessed from the web VNC . Client like novnc
  • a The wrapper for converting WebSocket to TCP Like websockify

note: On top of the base package shown above, additional dependencies may be required to make everything work, depending on what comes installed with your base image.

here is a file sample photo This allows you to stream Google Chrome Model start Inside containerized Ubuntu:

FROM ubuntu:18.04
ENV USER=root
ENV PASSWORD=password1
ENV DEBIAN_FRONTEND=noninteractive 
ENV DEBCONF_NONINTERACTIVE_SEEN=true
RUN apt-get update && 
	echo "tzdata tzdata/Areas select America" > ~/tx.txt && 
	echo "tzdata tzdata/Zones/America select New York" >> ~/tx.txt && 
	debconf-set-selections ~/tx.txt && 
	apt-get install -y abiword gnupg apt-transport-https wget software-properties-common ratpoison novnc websockify libxv1 libglu1-mesa xauth x11-utils xorg tightvncserver && 
	wget https://kumisystems.dl.sourceforge.net/project/virtualgl/2.6.5/virtualgl_2.6.5_amd64.deb && 
	wget https://kumisystems.dl.sourceforge.net/project/turbovnc/2.2.7/turbovnc_2.2.7_amd64.deb && 
	wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb && 
	apt install -y ./google-chrome-stable_current_amd64.deb	&& 
	dpkg -i virtualgl_*.deb && 
	dpkg -i turbovnc_*.deb && 
	mkdir ~/.vnc/ && 
	mkdir ~/.dosbox && 
	echo $PASSWORD | vncpasswd -f > ~/.vnc/passwd && 
	chmod 0600 ~/.vnc/passwd && 
	echo "set border 1" > ~/.ratpoisonrc  && 
	echo "exec google-chrome --no-sandbox">> ~/.ratpoisonrc && 
	openssl req -x509 -nodes -newkey rsa:2048 -keyout ~/novnc.pem -out ~/novnc.pem -days 3650 -subj "/C=US/ST=NY/L=NY/O=NY/OU=NY/CN=NY emailAddress=email@example.com"
EXPOSE 80
CMD /opt/TurboVNC/bin/vncserver && websockify -D --web=/usr/share/novnc/ --cert=~/novnc.pem 80 localhost:5901 && tail -f /dev/null

To test it you can simply download the above dockerfile, go to his site and run:

docker build -t chrome-vnc .
docker run --name vnc-container -p8080:80 chrome-vnc

Once the image is fully created and the Docker container is up and running, you can visit http://localhost:8080/vnc.html where you will be asked to enter the specified password in the docker file:password1 By default.

chrome inside chrome
Chrome Inside Chrome Inside… See Where This Is Going? 🙂

If everything goes as expected, you should now be able to play a file An instance of Google Chrome running inside your browser!

If you want to dig deeper, here you can find a well detailed explanation of how all this works.

as you can imagine, This approach can be quite cumbersome; upgrade Base image of your Docker container for the latest security patches can easily break things, And discovering what has changed isn’t always instant. Moreover, it is Not suitable for multiple applications; You will have to create as many images as possible, display them on different ports, and keep track of them all Port number => Application appointments.

But … what if I told you, There is a much easier way?

Flow Docker containers with Kasm workspaces

Kasm Workspaces is a feature-rich platform that provides Stream, coordinate, and configure Docker containers over the wire.

If you have followed and tried to broadcast Docker containers the hard way, you will know by now Making it work isn’t all that important – but making it work isn’t that simple: performance is less than desirable; It’s hard to apply major patches and upgrades without the risk of breaking something; It’s just a streaming mechanism, not a full platform, and thus lacks ease of implementation for useful features like web filtering, ability to configure session sharing, etc…

On the other side of the coin, a Kasm Server is very easy to install up and running Offers large number of Enterprise-wide features, feel the flow blazing quickly Thanks to KasmVNC, an open source VNC server solution developed by CSM Techniques.

Composition

Before proceeding with the installation, be sure to double-check the file Kasm Workspace Requirements.

to Run your own Kasm serverJust head to https://www.kasmweb.com/downloads.html and download the latest available version.

You can now decompress the downloaded file, and move it to a file kasm_release folder and run the installer with sudo ./installer.sh. the Installation may take some time It prompts you for further approval and configuration, so be sure to check the device from time to time.

At the end of the installation process Check the device and save the Kasm credentials that have been printed. These include Username And The password It will be required to run the Kasm server remotely via Web User Interface.

use

You can now access a file Kasm Web UI By visiting http://{your-server-here} through the browser of your choice, log in with the credentials you saved earlier, and go to Workspaces tab, and voila!

You are now able to Run interactive browser sessions from anywhere For a predefined set of Docker images, get rid of them In just a few clicks!

Kasm workspaces offer a Great set of original photosAll are open source and publicly available. You can find them here.

If the app or operating system you want to stream appears to be unavailable under “workspaces” You must go to the section “Admin” tab and select “photo” from the menu on the left. From here you can browse all the images that Kasm natively provides and enable images that you may need that are not enabled by default (Like Doom, Kali Linux, and more) By editing it through the menu on the right and checking File “Maybe” Science.

If the app or operating system you want to stream is not already availableAnd do not worry! Kasm Technologies provides instructions on how to create your own custom images which you can then make available by adding them as images to your Kasm server instance through the same web user interface mentioned above.

bonus

If you use Google Chrome Make sure to check out “Kasm: Chrome Open In Isolation Extension”. This will add a file “Open the link in Qasim” Voice to Chrome context menu, allowing you to instantly open links By starting a session to the browser of your choice via your Kasm server, Absolutely safe!

is contained

We have barely scratched the surface of what Kasm Workspaces can do. Feel free to explore “AdminAnd browse through all the useful features that can help you set up the solution you need, such as web filterAnd casting session, And much more. It’s possible that whatever solution you’re trying to build, it’s either already available or can be achieved without much effort!

.

Leave a Comment