From 1ef9d21ba48f8cce21afa719d8dff9a58cafdadc Mon Sep 17 00:00:00 2001 From: alexz Date: Sat, 17 Jan 2026 11:13:54 +0000 Subject: [PATCH] fix(cistech-tunnel): remove systemd dependency, use port 6092 - entrypoint.sh: Start VNC directly instead of systemd /sbin/init - Changed NOVNC_PORT from 6080 to 6092 everywhere - Dockerfile: Updated EXPOSE and default NOVNC_PORT - Bumped tipi_version to 3 Co-Authored-By: Claude Opus 4.5 --- apps/cistech-tunnel/build/Dockerfile | 4 +-- .../build/scripts/entrypoint.sh | 27 ++++++++++++++++--- apps/cistech-tunnel/config.json | 4 +-- apps/cistech-tunnel/docker-compose.json | 4 +-- apps/cistech-tunnel/docker-compose.yml | 6 ++--- 5 files changed, 33 insertions(+), 12 deletions(-) diff --git a/apps/cistech-tunnel/build/Dockerfile b/apps/cistech-tunnel/build/Dockerfile index ba01395..f9d19a1 100644 --- a/apps/cistech-tunnel/build/Dockerfile +++ b/apps/cistech-tunnel/build/Dockerfile @@ -10,7 +10,7 @@ ENV container=docker # VNC/noVNC settings ENV DISPLAY=:1 ENV VNC_PORT=5901 -ENV NOVNC_PORT=6080 +ENV NOVNC_PORT=6092 # Python/Playwright settings ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright @@ -98,7 +98,7 @@ RUN chmod +x /opt/scripts/entrypoint.sh VOLUME ["/sys/fs/cgroup"] -EXPOSE 5901 6080 +EXPOSE 5901 6092 STOPSIGNAL SIGRTMIN+3 diff --git a/apps/cistech-tunnel/build/scripts/entrypoint.sh b/apps/cistech-tunnel/build/scripts/entrypoint.sh index 71ce4f6..b5b5e92 100644 --- a/apps/cistech-tunnel/build/scripts/entrypoint.sh +++ b/apps/cistech-tunnel/build/scripts/entrypoint.sh @@ -1,16 +1,20 @@ #!/bin/bash -# Entrypoint: VNC password setup + DNS fix + systemd +# Entrypoint: VNC password setup + DNS fix + direct VNC start (no systemd) set -euo pipefail +export HOME='/root' +export USER='root' +export DISPLAY=:1 + # Setup TigerVNC password file from env var (passed by runtipi) -# TigerVNC expects /root/.vnc/passwd when using SecurityTypes=VncAuth. if [ -n "${VNC_PASSWORD:-}" ]; then mkdir -p /root/.vnc printf '%s\n%s\n' "$VNC_PASSWORD" "$VNC_PASSWORD" | vncpasswd -f > /root/.vnc/passwd chmod 600 /root/.vnc/passwd fi +# DNS fix cp /etc/resolv.conf /tmp/resolv.conf.bak 2>/dev/null || true cp /etc/hosts /tmp/hosts.bak 2>/dev/null || true umount /etc/resolv.conf 2>/dev/null || true @@ -18,7 +22,24 @@ umount /etc/hosts 2>/dev/null || true cat /tmp/resolv.conf.bak > /etc/resolv.conf 2>/dev/null || echo "nameserver 8.8.8.8" > /etc/resolv.conf cat /tmp/hosts.bak > /etc/hosts 2>/dev/null || echo "127.0.0.1 localhost" > /etc/hosts +# Enable IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward echo "[entrypoint] IP forwarding enabled" -exec /sbin/init +# Clean up stale VNC locks +rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true + +# Start TigerVNC server +echo "[entrypoint] Starting TigerVNC server on display :1..." +vncserver :1 -geometry 1280x800 -depth 24 -SecurityTypes VncAuth -localhost no + +sleep 2 + +# Start noVNC via websockify +echo "[entrypoint] Starting noVNC on port ${NOVNC_PORT:-6092}..." +websockify --web=/usr/share/novnc/ ${NOVNC_PORT:-6092} localhost:5901 & + +echo "[entrypoint] VNC ready. Use noVNC at http://localhost:${NOVNC_PORT:-6092}/vnc.html" + +# Keep container running and tail logs +tail -f /root/.vnc/*.log 2>/dev/null || tail -f /dev/null diff --git a/apps/cistech-tunnel/config.json b/apps/cistech-tunnel/config.json index 405ac2f..9d22e40 100755 --- a/apps/cistech-tunnel/config.json +++ b/apps/cistech-tunnel/config.json @@ -4,13 +4,13 @@ "available": true, "short_desc": "Cistech VPN client container with noVNC.", "author": "alexz", - "port": 6080, + "port": 6092, "categories": [ "utilities", "network" ], "description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO reconnects.", - "tipi_version": 2, + "tipi_version": 3, "version": "latest", "source": "local", "exposable": true, diff --git a/apps/cistech-tunnel/docker-compose.json b/apps/cistech-tunnel/docker-compose.json index 2c93c05..823d21b 100755 --- a/apps/cistech-tunnel/docker-compose.json +++ b/apps/cistech-tunnel/docker-compose.json @@ -10,11 +10,11 @@ { "key": "OC_PASSWORD", "value": "${OC_PASSWORD}" }, { "key": "OC_TOTP_SECRET", "value": "${OC_TOTP_SECRET}" }, { "key": "VNC_PASSWORD", "value": "${VNC_PASSWORD}" }, - { "key": "NOVNC_PORT", "value": "6080" }, + { "key": "NOVNC_PORT", "value": "6092" }, { "key": "TZ", "value": "${TZ}" }, { "key": "TARGET_IP", "value": "${TARGET_IP}" } ], - "internalPort": 6080, + "internalPort": 6092, "volumes": [ { "hostPath": "${APP_DATA_DIR}/config", "containerPath": "/config", "readOnly": false }, { "hostPath": "${APP_DATA_DIR}", "containerPath": "/runtime", "readOnly": false }, diff --git a/apps/cistech-tunnel/docker-compose.yml b/apps/cistech-tunnel/docker-compose.yml index 279e4e3..50f90c6 100755 --- a/apps/cistech-tunnel/docker-compose.yml +++ b/apps/cistech-tunnel/docker-compose.yml @@ -13,11 +13,11 @@ services: OC_PASSWORD: ${OC_PASSWORD} OC_TOTP_SECRET: ${OC_TOTP_SECRET} VNC_PASSWORD: ${VNC_PASSWORD} - NOVNC_PORT: "6080" + NOVNC_PORT: "6092" TZ: ${TZ} TARGET_IP: ${TARGET_IP} ports: - - ${APP_PORT}:6080 + - ${APP_PORT}:6092 volumes: - ${APP_DATA_DIR}/config:/config - ${APP_DATA_DIR}:/runtime @@ -35,7 +35,7 @@ services: traefik.enable: true traefik.docker.network: runtipi_tipi_main_network traefik.http.middlewares.cistech-tunnel-runtipi-web-redirect.redirectscheme.scheme: https - traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6080" + traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6092" traefik.http.routers.cistech-tunnel-runtipi-insecure.rule: Host(`${APP_DOMAIN}`) traefik.http.routers.cistech-tunnel-runtipi-insecure.entrypoints: web traefik.http.routers.cistech-tunnel-runtipi-insecure.service: cistech-tunnel-runtipi