I've been using the LSIO Webtop images for a few years. They're awesome for composable desktops that I run behind a VPN for a quick and easy dirty connection at home.
Combine the Webtop images by forcing it's traffic through the Gluetun [0] container and you're up and running. These Webtop containers are nice and snappy as well thanks to Kasm. Awesome OSS.
Do not put this on the Internet if you do not know what you are doing.
By default this container has no authentication and the optional environment variables CUSTOM_USER and PASSWORD to enable basic http auth via the embedded NGINX server should only be used to locally secure the container from unwanted access on a local network. If exposing this to the Internet we recommend putting it behind a reverse proxy, such as SWAG, and ensuring a secure authentication solution is in place. From the web interface a terminal can be launched and it is configured for passwordless sudo, so anyone with access to it can install and run whatever they want along with probing your local network."
I hope everyone intrigued by this interesting and potentially very useful project takes heed of this warning.
That warning applies to anything you run locally. And going further, in this day and age, I would never put up any home service without it being behind Cloudflare Access or some form of wireguard tunnel.
Yeah, I made a mistake with my config. I had setup SWAG, with Authelia (i think?). Got password login working with 2fa. But my dumbass didn't realize I had left ports open. Logged in one day to find a terminal open with a message from someone who found my instance and got in. Called me stupid (I mean they're not wrong) and all kinds of things and deleted everything from my home drive to "teach me a lesson". Lesson painfully learnt.
But before that happened Webtop was amazing! I had Obsidian setup so I could have access on any computer. It felt great having "my" computer anywhere I went. The only reason I don't have it set up is because I made the mistake of closing my free teir oracle cloud thinking I could spin up a fresh new instance and since then I haven't been able to get the free teir again.
I created personalized image with tailscale and kasmvnc for this particular reason, ... not on a public VPS. you can find images on my github as inspiration; do not directly copy unless you understand what you are doing.
Also note that their example docker config will allow anyone from the internet to connect, and even add a incoming rule in your host firewall to allow it. This is because they don't specify the port like -p 127.0.0.1:hostport:containerport (or the analog in the docker-compose config).
No they won’t. Octoprint (3d printing server) had a similar warning but they had to introduce actual user accounts to secure the system because people ignored it.
We had an application that had quite the complex build process, and targeted only macOS and Linux. The mechanical engineers all used Windows, and needed to use the application. Rather than buying them macbooks or having them manage a Linux box, I wound up building something like Webtop with webvnc, and deployed containers to google cloud. Engineers could go to a URL and access the application, no need to download or install anything. It worked pretty well, all things considered.
Selkies[1] is another interesting project in this space. It uses webrtc for low latency streaming and remote desktop suitable for gaming in the browser.
While our focus is for delivering high-performance remote 3D graphical workloads for vanilla Kubernetes and HPC clusters in general, our project should be trivial for anyone to also deploy in their X11 desktop, especially with NVIDIA.
Since the website doesn’t have pictures or videos… Is “webtop” a way to package GUI desktop apps in a Docker container so that the only dependencies to run the app are Docker Desktop and a web browser?
Yes. From the documentation there are some Screenshots and this is possible. Like starting a standalone Firefox browser inside docker desktop and accessing it via a browser vnc session.
But you get to control the keyboard/clipboard and it can add apparently watermarks to the vnc session for DLP functionality and you have a web http to take screenshots of your vnc sessions.
My pipedream is to have a containerized desktop environment like this that outputs directly to a physical monitor over HDMI/DP without needing an X server on the host machine. So far I haven't found any clear answers on whether that's possible at all.
I feel I've been nerdsniped or, some other term for your quest being contagious, I also now need to know if this is possible
I found a thread from someone who seems to know what they're talking about saying it's not going to happen "on your hardware", but doesn't mention what hardware might be required
Edit actually reading that link again it sounds like a USB adapter worked right away as a monitor for the VM and the OP is asking how to prevent this ! So seems you just need to enable GPU passthrough, and a USB HDMI will appear to your VM ? Will have to try this later today
I can only answer for NVIDIA, as that was the platform we developed on, but it should be possible to encapsulate the X11 server within the container without starting an X server on the host machine, and then plug in to the monitor you designate.
Kasm [1] also has ready-to-use images that work similar. They are also customizable to contain own applications or configuration.
Intended to be used with their Kasm Workspaces solution, but they also work standalone just fine.
No systemd, these just start a shell script on init that launches the WM.
They're based around the open-source component of this product:
https://www.kasmweb.com/docs/latest/index.html
I find that they are slightly more sluggish than Moonlight/Sunshine for remote streaming, but generally faster/better than x11vnc. Not quite good enough for gaming yet, but plenty for web browsing, Blender, etc.
It's possible to use tini, supervisord, dumb-init, and other init 1 services for containers. Bit of a heavy workaround to make it work with desktop environments, but works.
Back when I was in middle school in Israel the system used for communication between teachers students and parents was called Webtop. They actually went all the way to implement OS desktop experience in the browser (this is long long ago) it was very silly but cute
GNOME forces OpenGL 3D compositing with no way to turn off, which is very uncomfortable without a GPU. Every other X11 desktop environment allows to turn them off, which is more tolerable when using llvmpipe, the software CPU Mesa OpenGL implementation.
windexh8er|1 year ago
Combine the Webtop images by forcing it's traffic through the Gluetun [0] container and you're up and running. These Webtop containers are nice and snappy as well thanks to Kasm. Awesome OSS.
[0] https://github.com/qdm12/gluetun
Havoc|1 year ago
yonatan8070|1 year ago
chrisweekly|1 year ago
Do not put this on the Internet if you do not know what you are doing.
By default this container has no authentication and the optional environment variables CUSTOM_USER and PASSWORD to enable basic http auth via the embedded NGINX server should only be used to locally secure the container from unwanted access on a local network. If exposing this to the Internet we recommend putting it behind a reverse proxy, such as SWAG, and ensuring a secure authentication solution is in place. From the web interface a terminal can be launched and it is configured for passwordless sudo, so anyone with access to it can install and run whatever they want along with probing your local network."
I hope everyone intrigued by this interesting and potentially very useful project takes heed of this warning.
satertek|1 year ago
hifikuno|1 year ago
But before that happened Webtop was amazing! I had Obsidian setup so I could have access on any computer. It felt great having "my" computer anywhere I went. The only reason I don't have it set up is because I made the mistake of closing my free teir oracle cloud thinking I could spin up a fresh new instance and since then I haven't been able to get the free teir again.
gbraad|1 year ago
fulafel|1 year ago
asyx|1 year ago
macinjosh|1 year ago
dymk|1 year ago
chromakode|1 year ago
[1]: https://selkies-project.github.io/selkies-gstreamer/
selkiesproject|1 year ago
While our focus is for delivering high-performance remote 3D graphical workloads for vanilla Kubernetes and HPC clusters in general, our project should be trivial for anyone to also deploy in their X11 desktop, especially with NVIDIA.
mch82|1 year ago
weitzj|1 year ago
But you get to control the keyboard/clipboard and it can add apparently watermarks to the vnc session for DLP functionality and you have a web http to take screenshots of your vnc sessions.
ranger_danger|1 year ago
mopoke|1 year ago
Dansvidania|1 year ago
bo0tzz|1 year ago
jazzyjackson|1 year ago
I found a thread from someone who seems to know what they're talking about saying it's not going to happen "on your hardware", but doesn't mention what hardware might be required
https://forum.level1techs.com/t/can-intel-integrated-gpu-out...
Edit actually reading that link again it sounds like a USB adapter worked right away as a monitor for the VM and the OP is asking how to prevent this ! So seems you just need to enable GPU passthrough, and a USB HDMI will appear to your VM ? Will have to try this later today
sabrehagen|1 year ago
selkiesproject|1 year ago
I can answer further if you are satisfied with the directions found within https://github.com/selkies-project/docker-nvidia-glx-desktop. It has a lot of effort to NOT require a monitor, but it should also work with one.
ctm92|1 year ago
[1] https://hub.docker.com/u/kasmweb
PhilippGille|1 year ago
NKosmatos|1 year ago
mhitza|1 year ago
This would be interesting to try out, as docker (via compose) is a bit easier to manage than - for example - VMs with virt-manager/cockpit-machines.
r3c0nc1l3r|1 year ago
I find that they are slightly more sluggish than Moonlight/Sunshine for remote streaming, but generally faster/better than x11vnc. Not quite good enough for gaming yet, but plenty for web browsing, Blender, etc.
selkiesproject|1 year ago
iddan|1 year ago
fosron|1 year ago
euph0ria|1 year ago
hugs|1 year ago
bitsandbooks|1 year ago
Jnr|1 year ago
selkiesproject|1 year ago
doubled112|1 year ago
That'd be my first guess.
adultSwim|1 year ago
imran9m|1 year ago
deelowe|1 year ago
mcflubbins|1 year ago
https://raw.githubusercontent.com/linuxserver/docker-templat...
BLKNSLVR|1 year ago
curry798|1 year ago
[deleted]