Djoss Posted September 21, 2017 Author Share Posted September 21, 2017 Language support added. You can update your container image! 2 Quote Link to comment
dockerstarter Posted September 26, 2017 Share Posted September 26, 2017 Thank you Djoss! Well done. may i ask any donation link? Quote Link to comment
Djoss Posted September 27, 2017 Author Share Posted September 27, 2017 3 hours ago, dockerstarter said: Thank you Djoss! Well done. may i ask any donation link? You are welcome! https://paypal.me/JocelynLeSage Quote Link to comment
dockerstarter Posted September 28, 2017 Share Posted September 28, 2017 (edited) Hi Djoss, i have the following setup: Your docker images running on my NAS. It's working great but now i want to be able to remotely access the software through secure TLS/SSL connections. I have certificates for my sub domains and want to use them. Normally i reach this goal with my pre-installed reverse proxy where i could redirect incoming traffic from a domain on port 443 to an internal mapped port. So i can map port 443 to internal port 5800. The problem is that the web viewer will be loaded but the connection fails due to the needed vnc port 5900. I am not able to double map port 443 from same domain with ssl traffic to two different ports. Accessing the vncserver without https (ssl) works like a charm when opening port 5800 and port 5900 on my router. But that could be used for man-in-the-middle attacks because the traffic will be transmitted "unencrypted". I would love to see support for SSL/encrypted traffic in your containers. I dont know if vncserver has something build in for that already or if there is another easy minimalistic way to reach that goal.. I use certificates from let's encrypt and those need to be updated on a regularly base. ( I believe every 90 days.) So it would be nice to have a certificate folder in a persist folder. I would script myself something to copy newly generated certs to that directory once they are updated. A environment variable to set a automatically restart of the vncserver/ssl cert catcher every "x" days would also be handy to pull the new certs in the server. (...if the vncserver has already support for that) I am thinking bout some more dons if something like this could be added as i am very new to docker and the docker cli. I heavily use the inbuilt docker gui from my nas and only use the cli when no other option is possible. If i get more spare time i want to learn how to compose docker files also with best and kindest regards dockerstarter Edited September 28, 2017 by dockerstarter Quote Link to comment
Djoss Posted September 28, 2017 Author Share Posted September 28, 2017 This is something I wanted to do... so let's put some time on this 1 Quote Link to comment
ljm42 Posted September 28, 2017 Share Posted September 28, 2017 Take a look at the jasonbean/guacamole container. Guacamole can handle the browser-based VNC interface, and it is easy to reverse proxy: https://guacamole.incubator.apache.org/doc/gug/proxying-guacamole.html Quote Link to comment
dockerstarter Posted September 29, 2017 Share Posted September 29, 2017 (edited) 9 hours ago, Djoss said: This is something I wanted to do... so let's put some time on this You are my personal hero! Take your time, good work needs time.. I have another Idea that could be game changing with your dockers: - Support for optical drives / external usb devices over IP (especially MakeMKV would profit from a usb dvd drive, which you could be able to directly use dvds onto your NAS from remote hosts per web vncviewer/virtualhere combination for example) - add the ability to use optical drives from remote hosts via usbip protocol. I have read and cross read many threads about this. They'll saying that on my NAS the "usbip" module is not included and therefor only a server without dependencies can run. My thought is - could it be possible to include a usbip client in a docker container ? (for example the "virtualhere" client app which is freely available and this has also been talked and discussed by the author: Michael in this forum.) The app is very thin and small and has cli API which can be used to pass commands like port mapping. I think with a docker envirounment script added with a cli command we could set the port for this in the container and it has reverse connection support which is great to have as it should then be easily usable for the host system to connect an "optical drive" for example. -> Would be absolutely cool to see this added to your roadmap in the far future 4 hours ago, ljm42 said: Take a look at the jasonbean/guacamole container. Guacamole can handle the browser-based VNC interface, and it is easy to reverse proxy: https://guacamole.incubator.apache.org/doc/gug/proxying-guacamole.html Guacamole is also a nice free piece of software. Tried to use it with another docker container and from what i see i liked it. But in it's actual state it is not that light weight as the actual way Djoss do it. Of course it may would be nice to see a separate branch "Djoss-mkvtoolnix-guacamole/stable" or similiar for testing purposes. But my personal preference is the actual way Djoss handles it's small, thin dockers. best and kindest regards dockerstarter Edited September 29, 2017 by dockerstarter added quote for ljm42 Quote Link to comment
Djoss Posted September 30, 2017 Author Share Posted September 30, 2017 On 28/09/2017 at 10:55 PM, dockerstarter said: -> Would be absolutely cool to see this added to your roadmap in the far future To keep track of suggestion, I would suggest that you add it to https://feathub.com/jlesage/docker-apps On 28/09/2017 at 10:55 PM, dockerstarter said: Guacamole is also a nice free piece of software. Tried to use it with another docker container and from what i see i liked it. But in it's actual state it is not that light weight as the actual way Djoss do it. Agree with that. Guacamole is another beast and probably too overkill for a single application running in a Docker container. Quote Link to comment
ljm42 Posted September 30, 2017 Share Posted September 30, 2017 4 hours ago, Djoss said: Agree with that. Guacamole is another beast and probably too overkill for a single application running in a Docker container. Sorry I wasn't clear. I was suggesting that instead of spending the time to make your individual dockers support ssl, users could install the Guacamole docker for web-based access to VNC, and then use the LSIO LetsEncrypt docker to reverse proxy Guacamole. Quote Link to comment
dockerstarter Posted October 8, 2017 Share Posted October 8, 2017 @ljm42 Hey, i have mixed feeling 'bout that solution. Also not too smart but thanks anyway for your support / suggestion. My local server already has a certification environment and a reverse proxy installed. That one is handling the certificates and automates renewal of those certificates. That's why it's at least for me not the smartest solution to set two extra containers up for this :-) with best regards dockerstarter Quote Link to comment
Djoss Posted October 8, 2017 Author Share Posted October 8, 2017 On 30/09/2017 at 12:18 PM, ljm42 said: Sorry I wasn't clear. I was suggesting that instead of spending the time to make your individual dockers support ssl, users could install the Guacamole docker for web-based access to VNC, and then use the LSIO LetsEncrypt docker to reverse proxy Guacamole. Great suggestion @ljm42! Quote Link to comment
Djoss Posted October 8, 2017 Author Share Posted October 8, 2017 @dockerstarter, try the latest version of the container (should be available in less than one hour). You can enable encryption in container's settings. Look at the documentation to see where to copy your own certificates. Let me know how it goes! 2 Quote Link to comment
deusxanime Posted October 9, 2017 Share Posted October 9, 2017 (edited) I fired up your MKVToolNix container today (I thought I applied an update after shutting it down last time I used it a couple days ago, but can't remember for sure) and it was running but I couldn't connect to the web UI and got this error constantly going in the container log: [emerg] 3758#3758: socket() [::]:5800 failed (97: Address family not supported by protocol) I checked for another update in hopes there was a fix and there was one available, so I applied it. I started it after updating and it just immediately comes to a stop now with this in the container log: [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 00-app-niceness.sh: executing... [cont-init.d] 00-app-niceness.sh: exited 0. [cont-init.d] 00-app-script.sh: executing... [cont-init.d] 00-app-script.sh: exited 0. [cont-init.d] 00-app-user-map.sh: executing... [cont-init.d] 00-app-user-map.sh: exited 0. [cont-init.d] 00-clean-tmp-dir.sh: executing... [cont-init.d] 00-clean-tmp-dir.sh: exited 0. [cont-init.d] 00-set-app-deps.sh: executing... [cont-init.d] 00-set-app-deps.sh: exited 0. [cont-init.d] 00-set-home.sh: executing... [cont-init.d] 00-set-home.sh: exited 0. [cont-init.d] 00-take-config-ownership.sh: executing... [cont-init.d] 00-take-config-ownership.sh: exited 0. [cont-init.d] 10-certs.sh: executing... [cont-init.d] 10-certs.sh: exited 0. [cont-init.d] 10-nginx.sh: executing... ERROR: No modification applied to /etc/nginx/default_site.conf. [cont-init.d] 10-nginx.sh: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. Tried deleting and re-pulling the container image but no joy. Then tried deleting the appdata mkvtoolnix directory and re-pulling again, but still same thing. Any ideas? Edited October 9, 2017 by deusxanime more info Quote Link to comment
Djoss Posted October 9, 2017 Author Share Posted October 9, 2017 Yeah sorry about that, new image is coming! Quote Link to comment
deusxanime Posted October 9, 2017 Share Posted October 9, 2017 10 hours ago, Djoss said: Yeah sorry about that, new image is coming! Guessing you got it fixed? Saw a new update available, applied, and now it is working again. Thanks! Quote Link to comment
Djoss Posted October 10, 2017 Author Share Posted October 10, 2017 Yes, everything should be fine now Quote Link to comment
dockerstarter Posted October 10, 2017 Share Posted October 10, 2017 (edited) @Djoss I'll try that and reporting back Edit: I tried it with renaming my certificates which where generated by my webserver in combination with let's encrypt. No luck so far. Either the openssl doesn't accept my certs, i am doing something wrong or a bug is present in the docker file. Until now - thanks for developing ssl into your dockers. That's really great ! I did send you a pm with detailed error reporting. Maybe your willing and able to provide helpful hints Edit2: Okay we got it working. I only had the cert.pem and chain.pem, after merging them together to fullchain.pem and renaming to web-fullchain.pem it is working like charm! Thank you for your help. I am willing to donate again. I like good work and that needs some thanks for taking free time to help others and developing. with kindest regards dockerstarter Edited October 13, 2017 by dockerstarter additions Quote Link to comment
cyriltra Posted November 16, 2017 Share Posted November 16, 2017 Hello, thanks a lot for this container, I notice right click (to append) is not working in my setup, is this same for you ? I'm using a mac and accessing the container by it's url:port Thank you Quote Link to comment
alturismo Posted November 16, 2017 Share Posted November 16, 2017 (edited) Hi, may anyone else using chrome to access and knows howto bypass the 1006 disconnect error ? Inet, Edge everything is fine, just chrome doesnt work, either security 0 or 1 ... from the logs error.log 2017/11/16 08:11:19 [error] 731#731: *49 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 192.168.1.101, server: , request: "GET /websockify HTTP/1.1", upstream: "http://127.0.0.1:5900/websockify", host: "192.168.1.2:7805" access.log 192.168.1.101 - - [16/Nov/2017:08:11:18 +0100] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" "-" 192.168.1.101 - - [16/Nov/2017:08:11:19 +0100] "GET /websockify HTTP/1.1" 502 568 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" "-" it works with other browsers so ... also with guacamole vnc, but normal chrome access would be nice for an tip thanks ahead edit. using EDGE as example from access log 192.168.1.101 - - [16/Nov/2017:08:15:09 +0100] "GET /websockify HTTP/1.1" 101 252624 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.17035" "-" working and no error log entries (obviosly) Edited November 16, 2017 by alturismo Quote Link to comment
Djoss Posted November 16, 2017 Author Share Posted November 16, 2017 4 hours ago, cyriltra said: Hello, thanks a lot for this container, I notice right click (to append) is not working in my setup, is this same for you ? I'm using a mac and accessing the container by it's url:port Thank you It should work. If I remember correctly, on my Macbook it's by clicking with 2 fingers. Quote Link to comment
Djoss Posted November 16, 2017 Author Share Posted November 16, 2017 3 hours ago, alturismo said: Hi, may anyone else using chrome to access and knows howto bypass the 1006 disconnect error ? Inet, Edge everything is fine, just chrome doesnt work, either security 0 or 1 ... from the logs error.log 2017/11/16 08:11:19 [error] 731#731: *49 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 192.168.1.101, server: , request: "GET /websockify HTTP/1.1", upstream: "http://127.0.0.1:5900/websockify", host: "192.168.1.2:7805" access.log 192.168.1.101 - - [16/Nov/2017:08:11:18 +0100] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" "-" 192.168.1.101 - - [16/Nov/2017:08:11:19 +0100] "GET /websockify HTTP/1.1" 502 568 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" "-" it works with other browsers so ... also with guacamole vnc, but normal chrome access would be nice for an tip thanks ahead edit. using EDGE as example from access log 192.168.1.101 - - [16/Nov/2017:08:15:09 +0100] "GET /websockify HTTP/1.1" 101 252624 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.17035" "-" working and no error log entries (obviosly) Did you try to clear browser's cache? Quote Link to comment
alturismo Posted November 16, 2017 Share Posted November 16, 2017 10 hours ago, Djoss said: Did you try to clear browser's cache? really worked thanks ... couldnt imagine that ll help Quote Link to comment
cyriltra Posted November 17, 2017 Share Posted November 17, 2017 21 hours ago, Djoss said: It should work. If I remember correctly, on my Macbook it's by clicking with 2 fingers. ah yes it works with 2 fingers, I usually do right click cmd + click, but this didnt work... Thanks a lot for your docker images, I love them ! Quote Link to comment
cyriltra Posted November 19, 2017 Share Posted November 19, 2017 Hello, is it possible to add MediaInfo in this image ? Thank you Quote Link to comment
Djoss Posted November 19, 2017 Author Share Posted November 19, 2017 How you would launch it? Can this be done from mkvtoolnix? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.