I’m trying to create a docker
container that will let me run firefox
, so I can eventually use a jupyter notebook
. Right now, although I have successfully installed firefox
, I cannot get a window to open.
Following instructions from running-gui-apps-within-docker, I created an image (i.e. "sample") with Firefox
and then tried to run it using
$ docker run -it --rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix --net=host sample
When I did so, I got the following error:
root@machine:~# firefox
No protocol specified
Unable to init server: Could not connect: Connection refused
Error: cannot open display: :1
Using man docker run
to understand the flags, I was not able to find the --net
flag, though I did see a --network
flag. However, replacing --net
with --network
didn’t change anything. How do I specify a protocol, that will let me create an image from whose containers I will be able to run firefox
?
PS – For what it’s worth, when I check the value of DISPLAY, I get the predictable:
~# echo $DISPLAY
:1
2
Answers
Try run
xhost +
in your docker host to allow conections with X server.I have been running firefox inside docker for quite some time so this is possible. With regards to the security aspects I think the following is the relevant parts:
Building
The build needs to match up uid/gid values with the user that is running the container. I do this with
UID
andGID
build args:Dockerfile
Makefile
entrypoint.sh
So I am running firefox as a dedicated non-root user, and I wrap it via xterm so that the container does not die if firefox accidentally exit or if you want to restart. It is a bit annoying having all these extra xterm windows, but I have not found any other way in preventing accidental loss of the
.mozilla
directory content (mapping out to a volume would prevent running multiple independent docker instances which I definitely want, and also from a privacy point of view not dragging along a long history is something I want. Whenever I do want to save something I make a copy of the.mozilla
directory and save it on the host computer (and restore later in a new container)).Running
run.sh
With this you can for instance run
./run.sh https://stackoverflow.com/
and get a container namedfirefox-httpsstackoverflow.com
. If you then want to log into your bank completely isolated from all other firefox instances (protected by operating system process boundaries, not just some internal browser separation) you run./run.sh https://yourbank.example.com/
.