infra

History

Viktor Barzin 8146d05191 chrome-service: replace static health stub with noVNC view The static nginx stub at chrome.viktorbarzin.me wasn't useful for debugging anti-bot interactions. Swap it for a live noVNC HTML5 view of the headed Chromium session: x11vnc taps Xvfb's :99 over localhost TCP (added `-listen tcp -ac` to Xvfb), websockify wraps it as a WS endpoint, and noVNC's vendored web client serves it on :6080. The ingress chain is unchanged — chrome.viktorbarzin.me stays Authentik-gated, dns_type=proxied, port 3000 (the Playwright WS) stays internal-only behind the NetworkPolicy + token. Custom image `registry.viktorbarzin.me/chrome-service-novnc:v4` (ubuntu:24.04 + x11vnc + websockify + novnc apt packages) needs imagePullSecrets, so also added registry-credentials reference to the deployment spec. x11vnc flags: `-noshm -noxdamage -nopw -shared -forever`. SHM is disabled because each container has its own /dev/shm so the X server can't grant access; XDAMAGE isn't compiled into the noble Xvfb. The sidecar entrypoint waits up to 30s for both Xvfb (:6099) and x11vnc (:5900) to bind before exec'ing websockify. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-07 23:29:33 +00:00
..
novnc	chrome-service: replace static health stub with noVNC view	2026-05-07 23:29:33 +00:00
stealth.js	chrome-service: in-cluster headed Chromium pool for f1-stream verifier	2026-05-07 23:29:32 +00:00

Viktor Barzin 8146d05191 chrome-service: replace static health stub with noVNC view

The static nginx stub at chrome.viktorbarzin.me wasn't useful for
debugging anti-bot interactions. Swap it for a live noVNC HTML5 view
of the headed Chromium session: x11vnc taps Xvfb's :99 over localhost
TCP (added `-listen tcp -ac` to Xvfb), websockify wraps it as a WS
endpoint, and noVNC's vendored web client serves it on :6080.

The ingress chain is unchanged — chrome.viktorbarzin.me stays
Authentik-gated, dns_type=proxied, port 3000 (the Playwright WS) stays
internal-only behind the NetworkPolicy + token. Custom image
`registry.viktorbarzin.me/chrome-service-novnc:v4` (ubuntu:24.04 +
x11vnc + websockify + novnc apt packages) needs imagePullSecrets, so
also added registry-credentials reference to the deployment spec.

x11vnc flags: `-noshm -noxdamage -nopw -shared -forever`. SHM is
disabled because each container has its own /dev/shm so the X server
can't grant access; XDAMAGE isn't compiled into the noble Xvfb. The
sidecar entrypoint waits up to 30s for both Xvfb (:6099) and x11vnc
(:5900) to bind before exec'ing websockify.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-07 23:29:33 +00:00

novnc

chrome-service: replace static health stub with noVNC view

2026-05-07 23:29:33 +00:00

stealth.js

chrome-service: in-cluster headed Chromium pool for f1-stream verifier

2026-05-07 23:29:32 +00:00