fix(cistech-tunnel): remove systemd dependency, use port 6092
Some checks failed
Test / test (push) Has been cancelled
Some checks failed
Test / test (push) Has been cancelled
- entrypoint.sh: Start VNC directly instead of systemd /sbin/init - Changed NOVNC_PORT from 6080 to 6092 everywhere - Dockerfile: Updated EXPOSE and default NOVNC_PORT - Bumped tipi_version to 3 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -10,7 +10,7 @@ ENV container=docker
|
|||||||
# VNC/noVNC settings
|
# VNC/noVNC settings
|
||||||
ENV DISPLAY=:1
|
ENV DISPLAY=:1
|
||||||
ENV VNC_PORT=5901
|
ENV VNC_PORT=5901
|
||||||
ENV NOVNC_PORT=6080
|
ENV NOVNC_PORT=6092
|
||||||
|
|
||||||
# Python/Playwright settings
|
# Python/Playwright settings
|
||||||
ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
|
ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
|
||||||
@@ -98,7 +98,7 @@ RUN chmod +x /opt/scripts/entrypoint.sh
|
|||||||
|
|
||||||
VOLUME ["/sys/fs/cgroup"]
|
VOLUME ["/sys/fs/cgroup"]
|
||||||
|
|
||||||
EXPOSE 5901 6080
|
EXPOSE 5901 6092
|
||||||
|
|
||||||
STOPSIGNAL SIGRTMIN+3
|
STOPSIGNAL SIGRTMIN+3
|
||||||
|
|
||||||
|
|||||||
@@ -1,16 +1,20 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# Entrypoint: VNC password setup + DNS fix + systemd
|
# Entrypoint: VNC password setup + DNS fix + direct VNC start (no systemd)
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
|
export HOME='/root'
|
||||||
|
export USER='root'
|
||||||
|
export DISPLAY=:1
|
||||||
|
|
||||||
# Setup TigerVNC password file from env var (passed by runtipi)
|
# Setup TigerVNC password file from env var (passed by runtipi)
|
||||||
# TigerVNC expects /root/.vnc/passwd when using SecurityTypes=VncAuth.
|
|
||||||
if [ -n "${VNC_PASSWORD:-}" ]; then
|
if [ -n "${VNC_PASSWORD:-}" ]; then
|
||||||
mkdir -p /root/.vnc
|
mkdir -p /root/.vnc
|
||||||
printf '%s\n%s\n' "$VNC_PASSWORD" "$VNC_PASSWORD" | vncpasswd -f > /root/.vnc/passwd
|
printf '%s\n%s\n' "$VNC_PASSWORD" "$VNC_PASSWORD" | vncpasswd -f > /root/.vnc/passwd
|
||||||
chmod 600 /root/.vnc/passwd
|
chmod 600 /root/.vnc/passwd
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# DNS fix
|
||||||
cp /etc/resolv.conf /tmp/resolv.conf.bak 2>/dev/null || true
|
cp /etc/resolv.conf /tmp/resolv.conf.bak 2>/dev/null || true
|
||||||
cp /etc/hosts /tmp/hosts.bak 2>/dev/null || true
|
cp /etc/hosts /tmp/hosts.bak 2>/dev/null || true
|
||||||
umount /etc/resolv.conf 2>/dev/null || true
|
umount /etc/resolv.conf 2>/dev/null || true
|
||||||
@@ -18,7 +22,24 @@ umount /etc/hosts 2>/dev/null || true
|
|||||||
cat /tmp/resolv.conf.bak > /etc/resolv.conf 2>/dev/null || echo "nameserver 8.8.8.8" > /etc/resolv.conf
|
cat /tmp/resolv.conf.bak > /etc/resolv.conf 2>/dev/null || echo "nameserver 8.8.8.8" > /etc/resolv.conf
|
||||||
cat /tmp/hosts.bak > /etc/hosts 2>/dev/null || echo "127.0.0.1 localhost" > /etc/hosts
|
cat /tmp/hosts.bak > /etc/hosts 2>/dev/null || echo "127.0.0.1 localhost" > /etc/hosts
|
||||||
|
|
||||||
|
# Enable IP forwarding
|
||||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||||
echo "[entrypoint] IP forwarding enabled"
|
echo "[entrypoint] IP forwarding enabled"
|
||||||
|
|
||||||
exec /sbin/init
|
# Clean up stale VNC locks
|
||||||
|
rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true
|
||||||
|
|
||||||
|
# Start TigerVNC server
|
||||||
|
echo "[entrypoint] Starting TigerVNC server on display :1..."
|
||||||
|
vncserver :1 -geometry 1280x800 -depth 24 -SecurityTypes VncAuth -localhost no
|
||||||
|
|
||||||
|
sleep 2
|
||||||
|
|
||||||
|
# Start noVNC via websockify
|
||||||
|
echo "[entrypoint] Starting noVNC on port ${NOVNC_PORT:-6092}..."
|
||||||
|
websockify --web=/usr/share/novnc/ ${NOVNC_PORT:-6092} localhost:5901 &
|
||||||
|
|
||||||
|
echo "[entrypoint] VNC ready. Use noVNC at http://localhost:${NOVNC_PORT:-6092}/vnc.html"
|
||||||
|
|
||||||
|
# Keep container running and tail logs
|
||||||
|
tail -f /root/.vnc/*.log 2>/dev/null || tail -f /dev/null
|
||||||
|
|||||||
@@ -4,13 +4,13 @@
|
|||||||
"available": true,
|
"available": true,
|
||||||
"short_desc": "Cistech VPN client container with noVNC.",
|
"short_desc": "Cistech VPN client container with noVNC.",
|
||||||
"author": "alexz",
|
"author": "alexz",
|
||||||
"port": 6080,
|
"port": 6092,
|
||||||
"categories": [
|
"categories": [
|
||||||
"utilities",
|
"utilities",
|
||||||
"network"
|
"network"
|
||||||
],
|
],
|
||||||
"description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO reconnects.",
|
"description": "OpenConnect-SSO VPN running in an isolated namespace with noVNC for first-time SSO reconnects.",
|
||||||
"tipi_version": 2,
|
"tipi_version": 3,
|
||||||
"version": "latest",
|
"version": "latest",
|
||||||
"source": "local",
|
"source": "local",
|
||||||
"exposable": true,
|
"exposable": true,
|
||||||
|
|||||||
@@ -10,11 +10,11 @@
|
|||||||
{ "key": "OC_PASSWORD", "value": "${OC_PASSWORD}" },
|
{ "key": "OC_PASSWORD", "value": "${OC_PASSWORD}" },
|
||||||
{ "key": "OC_TOTP_SECRET", "value": "${OC_TOTP_SECRET}" },
|
{ "key": "OC_TOTP_SECRET", "value": "${OC_TOTP_SECRET}" },
|
||||||
{ "key": "VNC_PASSWORD", "value": "${VNC_PASSWORD}" },
|
{ "key": "VNC_PASSWORD", "value": "${VNC_PASSWORD}" },
|
||||||
{ "key": "NOVNC_PORT", "value": "6080" },
|
{ "key": "NOVNC_PORT", "value": "6092" },
|
||||||
{ "key": "TZ", "value": "${TZ}" },
|
{ "key": "TZ", "value": "${TZ}" },
|
||||||
{ "key": "TARGET_IP", "value": "${TARGET_IP}" }
|
{ "key": "TARGET_IP", "value": "${TARGET_IP}" }
|
||||||
],
|
],
|
||||||
"internalPort": 6080,
|
"internalPort": 6092,
|
||||||
"volumes": [
|
"volumes": [
|
||||||
{ "hostPath": "${APP_DATA_DIR}/config", "containerPath": "/config", "readOnly": false },
|
{ "hostPath": "${APP_DATA_DIR}/config", "containerPath": "/config", "readOnly": false },
|
||||||
{ "hostPath": "${APP_DATA_DIR}", "containerPath": "/runtime", "readOnly": false },
|
{ "hostPath": "${APP_DATA_DIR}", "containerPath": "/runtime", "readOnly": false },
|
||||||
|
|||||||
@@ -13,11 +13,11 @@ services:
|
|||||||
OC_PASSWORD: ${OC_PASSWORD}
|
OC_PASSWORD: ${OC_PASSWORD}
|
||||||
OC_TOTP_SECRET: ${OC_TOTP_SECRET}
|
OC_TOTP_SECRET: ${OC_TOTP_SECRET}
|
||||||
VNC_PASSWORD: ${VNC_PASSWORD}
|
VNC_PASSWORD: ${VNC_PASSWORD}
|
||||||
NOVNC_PORT: "6080"
|
NOVNC_PORT: "6092"
|
||||||
TZ: ${TZ}
|
TZ: ${TZ}
|
||||||
TARGET_IP: ${TARGET_IP}
|
TARGET_IP: ${TARGET_IP}
|
||||||
ports:
|
ports:
|
||||||
- ${APP_PORT}:6080
|
- ${APP_PORT}:6092
|
||||||
volumes:
|
volumes:
|
||||||
- ${APP_DATA_DIR}/config:/config
|
- ${APP_DATA_DIR}/config:/config
|
||||||
- ${APP_DATA_DIR}:/runtime
|
- ${APP_DATA_DIR}:/runtime
|
||||||
@@ -35,7 +35,7 @@ services:
|
|||||||
traefik.enable: true
|
traefik.enable: true
|
||||||
traefik.docker.network: runtipi_tipi_main_network
|
traefik.docker.network: runtipi_tipi_main_network
|
||||||
traefik.http.middlewares.cistech-tunnel-runtipi-web-redirect.redirectscheme.scheme: https
|
traefik.http.middlewares.cistech-tunnel-runtipi-web-redirect.redirectscheme.scheme: https
|
||||||
traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6080"
|
traefik.http.services.cistech-tunnel-runtipi.loadbalancer.server.port: "6092"
|
||||||
traefik.http.routers.cistech-tunnel-runtipi-insecure.rule: Host(`${APP_DOMAIN}`)
|
traefik.http.routers.cistech-tunnel-runtipi-insecure.rule: Host(`${APP_DOMAIN}`)
|
||||||
traefik.http.routers.cistech-tunnel-runtipi-insecure.entrypoints: web
|
traefik.http.routers.cistech-tunnel-runtipi-insecure.entrypoints: web
|
||||||
traefik.http.routers.cistech-tunnel-runtipi-insecure.service: cistech-tunnel-runtipi
|
traefik.http.routers.cistech-tunnel-runtipi-insecure.service: cistech-tunnel-runtipi
|
||||||
|
|||||||
Reference in New Issue
Block a user