chrome-service: replace static health stub with noVNC view
The static nginx stub at chrome.viktorbarzin.me wasn't useful for debugging anti-bot interactions. Swap it for a live noVNC HTML5 view of the headed Chromium session: x11vnc taps Xvfb's :99 over localhost TCP (added `-listen tcp -ac` to Xvfb), websockify wraps it as a WS endpoint, and noVNC's vendored web client serves it on :6080. The ingress chain is unchanged — chrome.viktorbarzin.me stays Authentik-gated, dns_type=proxied, port 3000 (the Playwright WS) stays internal-only behind the NetworkPolicy + token. Custom image `registry.viktorbarzin.me/chrome-service-novnc:v4` (ubuntu:24.04 + x11vnc + websockify + novnc apt packages) needs imagePullSecrets, so also added registry-credentials reference to the deployment spec. x11vnc flags: `-noshm -noxdamage -nopw -shared -forever`. SHM is disabled because each container has its own /dev/shm so the X server can't grant access; XDAMAGE isn't compiled into the noble Xvfb. The sidecar entrypoint waits up to 30s for both Xvfb (:6099) and x11vnc (:5900) to bind before exec'ing websockify. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
parent
d77a02357c
commit
867bdba7bb
3 changed files with 89 additions and 47 deletions
19
stacks/chrome-service/files/novnc/Dockerfile
Normal file
19
stacks/chrome-service/files/novnc/Dockerfile
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
FROM docker.io/library/ubuntu:24.04
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
x11vnc \
|
||||
novnc \
|
||||
websockify \
|
||||
ca-certificates \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# noVNC ships /usr/share/novnc/vnc.html; alias to index.html so / works.
|
||||
RUN ln -sf /usr/share/novnc/vnc.html /usr/share/novnc/index.html
|
||||
|
||||
EXPOSE 6080
|
||||
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
CMD ["/entrypoint.sh"]
|
||||
Loading…
Add table
Add a link
Reference in a new issue