[Support] Djoss - MKVToolNix


Recommended Posts

Hi Djoss,

i have the following setup:

 

Your docker images running on my NAS. It's working great but now i want to be able to remotely access the software through secure TLS/SSL connections. I have certificates for my sub domains and want to use them. Normally i reach this goal with my pre-installed reverse proxy where i could redirect incoming traffic from a domain on port 443 to an internal mapped port.

 

So i can map port 443 to internal port 5800. The problem is that the web viewer will be loaded but the connection fails due to the needed vnc port 5900. I am not able to double map port 443 from same domain with ssl traffic to two different ports.

Accessing the vncserver without https (ssl) works like a charm when opening port 5800 and port 5900 on my router. But that could be used for man-in-the-middle attacks because the traffic will be transmitted "unencrypted".

 

I would love to see support for SSL/encrypted traffic in your containers. ;)

 

I dont know if vncserver has something build in for that already or if there is another easy minimalistic way to reach that goal..

I use certificates from let's encrypt and those need to be updated on a regularly base. ( I believe every 90 days.)

So it would be nice to have a certificate folder in a persist folder. I would script myself something to copy newly generated certs to that directory once they are updated.

A environment variable to set a automatically restart of the vncserver/ssl cert catcher every "x" days would also be handy to pull the new certs in the server. (...if the vncserver has already support for that)

 

 

I am thinking bout some more dons if something like this could be added as i am very new to docker and the docker cli. I heavily use the inbuilt docker gui from my nas and only use the cli when no other option is possible. If i get more spare time i want to learn how to compose docker files also :)

 

 

with best and kindest regards

 

dockerstarter

Edited by dockerstarter
Link to comment
9 hours ago, Djoss said:

This is something I wanted to do... so let's put some time on this :)

 

You are my personal hero!

Take your time, good work needs time..

 

I have another Idea that could be game changing with your dockers:

 

- Support for optical drives / external usb devices over IP (especially MakeMKV would profit from a usb dvd drive, which you could be able to directly use dvds onto your NAS from remote hosts per web vncviewer/virtualhere combination for example)

 

- add the ability to use optical drives from remote hosts via usbip protocol. I have read and cross read many threads about this. They'll saying that on my NAS the "usbip" module is not included and therefor only a server without dependencies can run. My thought is - could it be possible to include a usbip client in a docker container ? (for example the "virtualhere" client app which is freely available and this has also been talked and discussed by the author: Michael in this forum.)

The app is very thin and small and has cli API which can be used to pass commands like port mapping. I think with a docker envirounment script added with a cli command we could set the port for this in the container and it has reverse connection support which is great to have as it should then be easily usable for the host system to connect an "optical drive" for example.

 

-> Would be absolutely cool to see this added to your roadmap in the far future 8)

 

 

4 hours ago, ljm42 said:

Take a look at the jasonbean/guacamole container.  Guacamole can handle the browser-based VNC interface, and it is easy to reverse proxy:
   https://guacamole.incubator.apache.org/doc/gug/proxying-guacamole.html

 

Guacamole is also a nice free piece of software. Tried to use it with another docker container and from what i see i liked it. But in it's actual state it is not that light weight as the actual way Djoss do it.

Of course it may would be nice to see a separate branch "Djoss-mkvtoolnix-guacamole/stable" or similiar for testing purposes. But my personal preference is the actual way Djoss handles it's small, thin dockers. :x

 

 

best and kindest regards

 

dockerstarter

Edited by dockerstarter
added quote for ljm42
Link to comment
On 28/09/2017 at 10:55 PM, dockerstarter said:

-> Would be absolutely cool to see this added to your roadmap in the far future 8)

 

To keep track of suggestion, I would suggest that you add it to https://feathub.com/jlesage/docker-apps

 

On 28/09/2017 at 10:55 PM, dockerstarter said:

Guacamole is also a nice free piece of software. Tried to use it with another docker container and from what i see i liked it. But in it's actual state it is not that light weight as the actual way Djoss do it.

Agree with that.  Guacamole is another beast and probably too overkill for a single application running in a Docker container.

Link to comment
4 hours ago, Djoss said:

Agree with that.  Guacamole is another beast and probably too overkill for a single application running in a Docker container.

 

Sorry I wasn't clear.  I was suggesting that instead of spending the time to make your individual dockers support ssl, users could install the Guacamole docker for web-based access to VNC, and then use the LSIO LetsEncrypt docker to reverse proxy Guacamole.

Link to comment

@ljm42

Hey,

i have mixed feeling 'bout that solution. Also not too smart but thanks anyway for your support / suggestion. My local server already has a certification environment and a reverse proxy installed. That one is handling the certificates and automates renewal of those certificates. That's why it's at least for me not the smartest solution to set two extra containers up for this :-)

 

 

with best regards

dockerstarter

Link to comment
On 30/09/2017 at 12:18 PM, ljm42 said:

Sorry I wasn't clear.  I was suggesting that instead of spending the time to make your individual dockers support ssl, users could install the Guacamole docker for web-based access to VNC, and then use the LSIO LetsEncrypt docker to reverse proxy Guacamole.

Great suggestion @ljm42!

Link to comment

I fired up your MKVToolNix container today (I thought I applied an update after shutting it down last time I used it a couple days ago, but can't remember for sure) and it was running but I couldn't connect to the web UI and got this error constantly going in the container log:

[emerg] 3758#3758: socket() [::]:5800 failed (97: Address family not supported by protocol)

 

I checked for another update in hopes there was a fix and there was one available, so I applied it. I started it after updating and it just immediately comes to a stop now with this in the container log:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-app-niceness.sh: executing...
[cont-init.d] 00-app-niceness.sh: exited 0.
[cont-init.d] 00-app-script.sh: executing...
[cont-init.d] 00-app-script.sh: exited 0.
[cont-init.d] 00-app-user-map.sh: executing...
[cont-init.d] 00-app-user-map.sh: exited 0.
[cont-init.d] 00-clean-tmp-dir.sh: executing...
[cont-init.d] 00-clean-tmp-dir.sh: exited 0.
[cont-init.d] 00-set-app-deps.sh: executing...
[cont-init.d] 00-set-app-deps.sh: exited 0.
[cont-init.d] 00-set-home.sh: executing...
[cont-init.d] 00-set-home.sh: exited 0.
[cont-init.d] 00-take-config-ownership.sh: executing...
[cont-init.d] 00-take-config-ownership.sh: exited 0.
[cont-init.d] 10-certs.sh: executing...
[cont-init.d] 10-certs.sh: exited 0.
[cont-init.d] 10-nginx.sh: executing...
ERROR: No modification applied to /etc/nginx/default_site.conf.

[cont-init.d] 10-nginx.sh: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

Tried deleting and re-pulling the container image but no joy.

 

Then tried deleting the appdata mkvtoolnix directory and re-pulling again, but still same thing. 

 

Any ideas?

 

Edited by deusxanime
more info
Link to comment

@Djoss

I'll try that and reporting back :)

 

Edit: I tried it with renaming my certificates which where generated by my webserver in combination with let's encrypt. No luck so far. Either the openssl doesn't accept my certs, i am doing something wrong or a bug is present in the docker file. Until now - thanks for developing ssl into your dockers. That's really great !

 

I did send you a pm with detailed error reporting. Maybe your willing and able to provide helpful hints ;-)

 

 

 

Edit2: Okay we got it working. I only had the cert.pem and chain.pem, after merging them together to fullchain.pem and renaming to web-fullchain.pem it is working like charm!

 

Thank you for your help. I am willing to donate again. I like good work and that needs some thanks for taking free time to help others and developing.

 

with kindest regards

 

dockerstarter

Edited by dockerstarter
additions
Link to comment
  • 1 month later...

Hi, may anyone else using chrome to access and knows howto bypass the 1006 disconnect error ?

 

Inet, Edge everything is fine, just chrome doesnt work, either security 0 or 1 ...

 

from the logs

error.log

2017/11/16 08:11:19 [error] 731#731: *49 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 192.168.1.101, server: , request: "GET /websockify HTTP/1.1", upstream: "http://127.0.0.1:5900/websockify", host: "192.168.1.2:7805"

 

access.log

192.168.1.101 - - [16/Nov/2017:08:11:18 +0100] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" "-"
192.168.1.101 - - [16/Nov/2017:08:11:19 +0100] "GET /websockify HTTP/1.1" 502 568 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" "-"

 

it works with other browsers so ... also with guacamole vnc, but normal chrome access would be nice ;)

 

for an tip thanks ahead

 

edit.

using EDGE as example from access log

192.168.1.101 - - [16/Nov/2017:08:15:09 +0100] "GET /websockify HTTP/1.1" 101 252624 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.17035" "-"

 

working and no error log entries (obviosly)

Edited by alturismo
Link to comment
4 hours ago, cyriltra said:

Hello,

 

thanks a lot for this container, I notice right click (to append) is not working in my setup, is this same for you ?

I'm using a mac and accessing the container by it's url:port

 

Thank you

It should work.  If I remember correctly, on my Macbook it's by clicking with 2 fingers.

Link to comment
3 hours ago, alturismo said:

Hi, may anyone else using chrome to access and knows howto bypass the 1006 disconnect error ?

 

Inet, Edge everything is fine, just chrome doesnt work, either security 0 or 1 ...

 

from the logs

error.log

2017/11/16 08:11:19 [error] 731#731: *49 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 192.168.1.101, server: , request: "GET /websockify HTTP/1.1", upstream: "http://127.0.0.1:5900/websockify", host: "192.168.1.2:7805"

 

access.log

192.168.1.101 - - [16/Nov/2017:08:11:18 +0100] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" "-"
192.168.1.101 - - [16/Nov/2017:08:11:19 +0100] "GET /websockify HTTP/1.1" 502 568 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" "-"

 

it works with other browsers so ... also with guacamole vnc, but normal chrome access would be nice ;)

 

for an tip thanks ahead

 

edit.

using EDGE as example from access log

192.168.1.101 - - [16/Nov/2017:08:15:09 +0100] "GET /websockify HTTP/1.1" 101 252624 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.17035" "-"

 

working and no error log entries (obviosly)

Did you try to clear browser's cache?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.