قالب وردپرس درنا توس
Home / Tips and Tricks / Running GUI applications in a Docker container – CloudSavvy IT

Running GUI applications in a Docker container – CloudSavvy IT



Docker’s is normally used to containerize background applications and CLI programs. However, you can also use it to run graphics programs! You can either use an existing X Server, where the host computer is already running a graphical environment, or you can run a VNC server within the container.

First, it is important to understand what Docker actually does. A Docker “container”

; is a form of encapsulation that superficially resembles a virtual machine. Unlike a virtual machine, containers share the same Linux kernel as their host system.

The next part is the X Window system. X Servers such as Xorg provide the basic graphics capabilities of Unix systems. GUI applications cannot render without an available X Server. (Alternative window systems, such as Wayland, are available – we’ll focus on X in this article.)

Trying to run an X Server in Docker is theoretically possible, but rarely used. You need to run Docker in privileged mode (--privileged) so that it can access your host’s hardware. When you start the server, you try to claim your video devices, which usually results in a loss of video output because your host’s original X server pulls the devices away.

A better approach is to mount your host’s X Server socket in the Docker container. This allows your container to use the X Server you already have. GUI applications running in the container will then appear on your existing desktop.

Why run GUI apps in Docker?

Running a GUI program in Docker can be a useful technique when evaluating a new piece of software. You can install the software in a clean container, instead of cluttering your host with new packages.

This approach also helps you avoid incompatibility with other packages in your environment. If you need to temporarily run two versions of a program, you can use Docker to avoid uninstalling and reinstalling the software on your host.

Forward an X socket to a Docker container

Giving a Docker container access to your host’s X socket is a simple procedure. The X connection can be found in /tmp/.X11-unix on your host. The contents of this folder must be mounted on a Docker volume assigned to the container. You must have the host network mode for this to work.

You must also provide the container with a DISPLAY environment variable. This instructs X clients – your graphics programs – which X server to connect to. Set DISPLAY in the container worth $DISPLAY on your host.

You can summarize all this configuration in one docker-compose.yml File:

version: "3"

services:
  app:
    image: my-app:latest
    build: .
    environment:
      - DISPLAY=${DISPLAY}
    volumes:
      - /tmp/.X11-unix:/tmp/.X11-unix
    network_mode: host

You then need to create a Dockerfile for your application. Here’s an example of the Firefox web browser:

FROM ubuntu:latest
RUN apt-get update && apt-get install -y firefox
CMD ["/usr/bin/firefox"]

Now build and run the image:

docker-compose build
docker-compose up

A new Firefox window should appear on your desktop! The Firefox instance runs in the container independently of other open Firefox windows. The container shares your host’s X socket, so Firefox in containers will still appear on your desktop.

This approach should only be used if you trust your Docker container. Exposing the host’s display server is a security risk if you’re not entirely sure what’s inside the container.

Dealing with X verification

You may need to authenticate the container to access the X Server. First, get an X authentication token from your host computer. Run xauth list and make a note of one of the listed cookies. You must copy the entire line.

Install it xauth package. Then run xauth add, by passing the token you copied in the previous step.

apt install -y xauth
xauth add 

Your container should now be successfully verified with the X Server.

Another approach – running a VNC server

If you can’t use X socket forwarding, you can set up a VNC server in your container. With this approach, you can view graphical apps in the container by connecting from a VNC client running on the host.

Add the VNC server software to your container:

FROM ubuntu:latest
RUN apt-get update && apt-get install -y firefox x11vnc xvfb
RUN echo "exec firefox" > ~/.xinitrc && chmod +x ~/.xinitrc
CMD ["v11vnc", "-create", "-forever"]

When you run this container, a VNC server is automatically created. You must bind a host port to port 5900 of the container – this is the port where the VNC server is listed.

Firefox will start at startup while it is being added .xinitrcThis file is executed when the VNC server boots and initializes a new screen.

To connect to the server, you need a VNC client on your host. Find the IP address of your container by running docker ps, write down the container ID and provide it docker inspect You can find the IP address at the bottom of the output, in the Network node.

Use the IP address of the container with your VNC client. Connect on port 5900 without authentication. You should now be able to interact with the graphics programs running in your Docker container.

Conclusion

You have a choice of two approaches to running graphics programs in a container environment. For general use, sharing the host’s X socket usually provides the simplest solution. You can also choose to run a VNC server in the container. This approach may be safer if you have not created the container image.

Containerized graphics apps are useful when you are evaluating software or running two versions of a package. You can use programs on your existing desktop without having to touch your host’s configuration.


Source link