alexz
1ef9d21ba4
Some checks failed
Test / test (push) Has been cancelled
- entrypoint.sh: Start VNC directly instead of systemd /sbin/init - Changed NOVNC_PORT from 6080 to 6092 everywhere - Dockerfile: Updated EXPOSE and default NOVNC_PORT - Bumped tipi_version to 3 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
106 lines
3.3 KiB
Docker
106 lines
3.3 KiB
Docker
FROM ubuntu:22.04
|
|
|
|
LABEL maintainer="alexz"
|
|
LABEL description="OpenConnect SSO VPN in Docker with noVNC"
|
|
LABEL version="1.0.0"
|
|
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
ENV container=docker
|
|
|
|
# VNC/noVNC settings
|
|
ENV DISPLAY=:1
|
|
ENV VNC_PORT=5901
|
|
ENV NOVNC_PORT=6092
|
|
|
|
# Python/Playwright settings
|
|
ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
|
|
ENV VIRTUAL_ENV=/opt/venv
|
|
ENV PATH=/opt/venv/bin:$PATH
|
|
|
|
# Install systemd and dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
systemd \
|
|
systemd-sysv \
|
|
dbus \
|
|
dbus-x11 \
|
|
libgtk-3-0 \
|
|
libglib2.0-0 \
|
|
libstdc++6 \
|
|
iptables \
|
|
libxml2 \
|
|
network-manager \
|
|
zlib1g \
|
|
policykit-1 \
|
|
xdg-utils \
|
|
libwebkit2gtk-4.0-37 \
|
|
tigervnc-standalone-server \
|
|
tigervnc-common \
|
|
novnc \
|
|
websockify \
|
|
openbox \
|
|
xterm \
|
|
procps \
|
|
net-tools \
|
|
curl \
|
|
iproute2 \
|
|
iputils-ping \
|
|
nano \
|
|
x11vnc \
|
|
xvfb \
|
|
fluxbox \
|
|
xdotool \
|
|
oathtool \
|
|
openconnect \
|
|
python3 \
|
|
python3-pip \
|
|
python3-venv \
|
|
vpnc-scripts \
|
|
libasound2 \
|
|
libnss3 \
|
|
libatk1.0-0 \
|
|
libatk-bridge2.0-0 \
|
|
libxcomposite1 \
|
|
libxrandr2 \
|
|
libgbm1 \
|
|
libxdamage1 \
|
|
libpango-1.0-0 \
|
|
fonts-liberation \
|
|
&& apt-get clean \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Remove unnecessary systemd services that cause issues in containers
|
|
RUN rm -f /lib/systemd/system/multi-user.target.wants/* \
|
|
/etc/systemd/system/*.wants/* \
|
|
/lib/systemd/system/local-fs.target.wants/* \
|
|
/lib/systemd/system/sockets.target.wants/*udev* \
|
|
/lib/systemd/system/sockets.target.wants/*initctl* \
|
|
/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup* \
|
|
/lib/systemd/system/systemd-update-utmp*
|
|
|
|
# Install openconnect-sso with playwright
|
|
RUN python3 -m venv "$VIRTUAL_ENV" && \
|
|
pip install --no-cache-dir openconnect-sso[full] playwright keyring keyrings.alt && \
|
|
python -m playwright install --with-deps chromium
|
|
|
|
RUN mkdir -p /opt/scripts /shared
|
|
RUN echo 'IyEvYmluL2Jhc2gKc2V0IC1lCmV4cG9ydCBIT01FPScvcm9vdCcKZXhwb3J0IFVTRVI9J3Jvb3QnCnJtIC1mIC90bXAvLlAxLWxvY2sgL3RtcC8uWDExLXVuaXgvWDEgMj4vZGV2L251bGwgfHwgdHJ1ZQpybSAtcmYgL3RtcC8uWCotbG9jayAvdG1wLy5YMTQtdW5peC8qIDI+L2Rldi9udWxsIHx8IHRydWUKZWNobyAiU3RhcnRpbmcgVGlnZXJWTkMgc2VydmVyIG9uIGRpc3BsYXkgOjEuLi4iCnZuY3NlcnZlciA6MSAtZ2VvbWV0cnkgMTI4MHg4MDAgLWRlcHRoIDI0IC1TZWN1cml0eVR5cGVzIFZuY0F1dGggLWxvY2FsaG9zdCBubwpzbGVlcCAyCmVjaG8gIlN0YXJ0aW5nIG5vVk5DIG9uIHBvcnQgJHtOT1ZOQ19QT1JUOi02MDgwfS4uLiIKd2Vic29ja2lmeSAtLXdlYj0vdXNyL3NoYXJlL25vdm5jLyAke05PVk5DX1BPUlQ6LTYwODB9IGxvY2FsaG9zdDo1OTAxICYKdGFpbCAtZiAvcm9vdC8udm5jLyoubG9nCg==' \
|
|
| base64 -d > /opt/scripts/startup-vnc.sh && \
|
|
chmod +x /opt/scripts/startup-vnc.sh
|
|
|
|
RUN echo 'W1VuaXRdCkRlc2NyaXB0aW9uPVZOQyBhbmQgbm9WTkMgU2VydmVyCkFmdGVyPW5ldHdvcmsudGFyZ2V0CgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9vcHQvc2NyaXB0cy9zdGFydHVwLXZuYy5zaApSZXN0YXJ0PWFsd2F5cwpSZXN0YXJ0U2VjPTUKRW52aXJvbm1lbnQ9SE9NRT0vcm9vdApFbnZpcm9ubWVudD1VU0VSPXJvb3QKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=' \
|
|
| base64 -d > /lib/systemd/system/vnc.service
|
|
RUN chmod 644 /lib/systemd/system/vnc.service && \
|
|
systemctl enable vnc.service
|
|
|
|
# Copy entrypoint script
|
|
COPY scripts/entrypoint.sh /opt/scripts/
|
|
RUN chmod +x /opt/scripts/entrypoint.sh
|
|
|
|
VOLUME ["/sys/fs/cgroup"]
|
|
|
|
EXPOSE 5901 6092
|
|
|
|
STOPSIGNAL SIGRTMIN+3
|
|
|
|
CMD ["/opt/scripts/entrypoint.sh"]
|