[Support] Djoss - Firefox

Djoss · February 17, 2018

Support for Firefox docker container

Application Name: Firefox
Application Site: https://www.mozilla.org/en-US/firefox/
Docker Hub: https://hub.docker.com/r/jlesage/firefox/
Github: https://github.com/jlesage/docker-firefox

This container is based on Alpine Linux, meaning that its size is very small. It also has a very nice, mobile-friendly web UI to access Firefox graphical interface and is actively supported!

Make sure to look at the complete documentation, available on Github !

Post any questions or issues relating to this docker in this thread.

Edited August 29, 2018 by Djoss

Squid · February 17, 2018

Maybe this is a real stupid question, but why would I want to install a firefox container, access it via a browser and use it to surf instead of the browser I'm accessing it with?

DZMM · February 17, 2018

I guess 'Sandbox' browsing - docker is isolated from rest of PC, so if browser is compromised your PC isn't touched.

Squid · February 17, 2018

Makes sense. Had to ask.

Djoss · February 17, 2018

7 minutes ago, Squid said:

Maybe this is a real stupid question, but why would I want to install a firefox container, access it via a browser and use it to surf instead of the browser I'm accessing it with?

In my case, I use it to keep a bunch of open tabs of sites I use frequently. I also have some browser extensions that are configured to access local applications (e.g. Transmission).

Having a container allows me to access them from different devices and potentially remotely (e.g. from work).

Before I was using a VM to the same thing.

JonathanM · February 17, 2018

Maybe you could collaborate with @binhex and add a VPN support module.

scytherbladez · February 17, 2018

This is great. I run a few Firefox extensions in a Windows VM that I need running 24/7. Although that works perfectly fine, I'm hoping running those in Firefox docker will be super reliable

Djoss · February 17, 2018

11 hours ago, jonathanm said:

Maybe you could collaborate with @binhex and add a VPN support module.

I think it's already possible to route any container through one of the binhex's vpn container.

JonathanM · February 17, 2018

1 hour ago, Djoss said:

I think it's already possible to route any container through one of the binhex's vpn container.

It definitely is, but if somebody doesn't want to rely on one of his privoxy enabled containers, it would be nice to have a standalone option. The privoxy proxy does some filtering that may not be desirable in all circumstances, and a direct connection to the VPN would be preferred.

McKentin · February 24, 2018

Is this doable with Chrome or is there specfic reason Firefox is better over chrome?

Djoss · February 25, 2018

17 hours ago, McKentin said:

Is this doable with Chrome or is there specfic reason Firefox is better over chrome?

Not really. Firefox was already supported by Alpine, so it was easier to do

But I don't know how the new Quantum version compare to Chrome..

McKentin · February 25, 2018

4 hours ago, Djoss said:

Not really. Firefox was already supported by Alpine, so it was easier to do

But I don't know how the new Quantum version compare to Chrome..

Ah ok thanks for the explanation, i looked into firefox since like 7 years. Seems that alot extensions and plugins arent updated for the new Quantum version lol.

ColeBrodine · March 4, 2018

Firefox will let you put in a proxy server, so if you are using one of Binhex's Privoxy servers you should be able to go into the Firefox settings and configure it directly to use the VPN Proxy.

remati · June 5, 2018

Is there a way to limit how much ram this firefox or docker can use?

Djoss · June 5, 2018

1 hour ago, remati said:

Is there a way to limit how much ram this firefox or docker can use?

In container settings, you can add something like "--memory=4G" in "Extra Parameters" (you need to toggle the advanced view).

remati · June 6, 2018

On 6/4/2018 at 6:15 PM, Djoss said:

In container settings, you can add something like "--memory=4G" in "Extra Parameters" (you need to toggle the advanced view).

Looks like there is an extra parameter "--shm-size 2g" already. Will this shm-size limit firefox to 2gb or should I use "--memory=2G" instead?

Djoss · June 6, 2018

7 minutes ago, remati said:

Looks like there is an extra parameter "--shm-size 2g" already. Will this shm-size limit firefox to 2gb or should I use "--memory=2G" instead?

This is something else. This sets the size of /dev/shm. You should keep it and just append the - -memory setting.

hus2020 · July 11, 2018

Hi, How do i access this through nginx reverse proxy. Using my standard reverse proxy conf I get to the main page, but stuck with the loading animation.

Below is my nginx conf file:

server {  
    listen 443 ssl;
    server_name firefox.mydomain.com;

    #root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.100:7814/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }
	
	location ~ /.well-known {
        allow all;
    }
}

Djoss · July 11, 2018

6 hours ago, hus2020 said:

Hi, How do i access this through nginx reverse proxy. Using my standard reverse proxy conf I get to the main page, but stuck with the loading animation.

Below is my nginx conf file:


server {  
    listen 443 ssl;
    server_name firefox.mydomain.com;

    #root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

        ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.100:7814/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }
	
	location ~ /.well-known {
        allow all;
    }
}

You miss the proxy for the websocket part. See https://github.com/jlesage/docker-firefox#routing-based-on-hostname for more details and example.

Random.Name · July 23, 2018

Just tried to use this docker to use https://play.spotify.com but there seems to be a problem with DRM/ Google Wiedevine. Both are enabled, but it seems like spotfy wont recognize that
Any idea how to fix that?

Djoss · July 24, 2018

12 hours ago, Random.Name said:

Just tried to use this docker to use https://play.spotify.com but there seems to be a problem with DRM/ Google Wiedevine. Both are enabled, but it seems like spotfy wont recognize that
Any idea how to fix that?

Is you intention was to listen music through the browser? Because sound is not supported with the container.

Random.Name · July 24, 2018

5 hours ago, Djoss said:

Is you intention was to listen music through the browser? Because sound is not supported with the container.

Oh, i seemd to have missed that point thanks for the heads up

binhex · July 24, 2018

On 2/17/2018 at 2:39 PM, jonathanm said:

It definitely is, but if somebody doesn't want to rely on one of his privoxy enabled containers, it would be nice to have a standalone option. The privoxy proxy does some filtering that may not be desirable in all circumstances, and a direct connection to the VPN would be preferred.

i did toy with this idea a while ago of setting up a chromevpn docker image with options to run incognito mode, wipe history etc on restart, or even possibly write user data to ram (all optional of course) for the uber paranoid but i didnt really know how popular it would be, so i shelved it, do you think it would be of use to the community?.

tr0910 · July 24, 2018

There are many exploring what might be useful from a security standpoint. At one end you have the Snowden approved solutions like Qubes, but we all don't have Snowden's problems.

@jonp is suggesting that some additional features may be added to unRaid that I would love to use for increased security in the blog

Quote

VM Snap shots; BTRFS and COW; other? If can't talk about it - that's cool, just call me curious (or nosy).

Maybe

Edited July 24, 2018 by tr0910

JonathanM · July 24, 2018

44 minutes ago, binhex said:

do you think it would be of use to the community?

I think you would get 100,000+ pulls in the first month of a well thought out container. Your other VPN enabled offerings are wildly popular both in and out of the unraid community, I see this as a logical addition.

The only hiccup I can currently visualize is that people may mistakenly think they should be able to get audio to play in the browser.

A docker based high security browser with locked down VPN and your signature privoxy add on to pass the tunnel along to other apps and browsers would be a killer combo.

Sign In

[Support] Djoss - Firefox

Recommended Posts

Link to comment

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

JonathanM

binhex

Djoss

Posted Images

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Join the conversation