• Stars
    star
    275
  • Rank 149,796 (Top 3 %)
  • Language
    Shell
  • License
    GNU General Publi...
  • Created almost 2 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Base Images for remote web based Linux desktops using KasmVNC for many popular distros.

KasmVNC Base Images from LinuxServer

The purpose of these images is to provide a full featured web native Linux desktop experience for any Linux application or desktop environment. These images replace our old base images at Rdesktop Web for greatly increased performance, fidelity, and feature set. They ship with passwordless sudo to allow easy package installation, testing, and customization. By default they have no logic to mount out anything but the users home directory, meaning on image updates anything outside of /config will be lost.

These images contain the following services:

  • KasmVNC - The core technology for interacting with a containerized desktop from a web browser.
  • Kclient - NodeJS Iframe wrapper for KasmVNC providing audio and file access.
  • NGINX - Used to serve the mix of KasmVNC and Kclient with the appropriate headers and provide basic auth.
  • Docker - Can be used for interacting with a mounted in Docker socket or if the container is run in privileged mode will start a DinD setup.
  • PulseAudio - Sound subsystem used to capture audio from the active desktop session and send it to the browser via the Kclient helper application.

Options

Authentication for these containers is included as a convenience and to keep in sync with the previous xrdp containers they replace. We use bash to substitute in settings user/password and some strings might break that. In general this authentication mechanism should be used to keep the kids out not the internet

If you are looking for a robust secure application gateway please check out SWAG.

All application settings are passed via environment variables:

Variable Description
CUSTOM_PORT Internal port the container listens on for http if it needs to be swapped from the default 3000.
CUSTOM_HTTPS_PORT Internal port the container listens on for https if it needs to be swapped from the default 3001.
CUSTOM_USER HTTP Basic auth username, abc is default.
PASSWORD HTTP Basic auth password, abc is default. If unset there will be no auth
SUBFOLDER Subfolder for the application if running a subfolder reverse proxy, need both slashes IE /subfolder/
TITLE The page title displayed on the web browser, default "KasmVNC Client".
FM_HOME This is the home directory (landing) for the file manager, default "/config".
START_DOCKER If set to false a container with privilege will not automatically start the DinD Docker setup.
DRINODE If mounting in /dev/dri for DRI3 GPU Acceleration allows you to specify the device to use
DISABLE_IPV6 If set to true or any value this will disable IPv6

Available Distros

All base images are built for x86_64 and aarch64 platforms.

Distro Current Tag
Alpine alpine317
Arch arch
Debian debianbullseye
Debian debianbookworm
Fedora fedora38
Ubuntu ubuntujammy

I like to read documentation

Building images

Application containers

Included in these base images is a simple Openbox DE and the accompanying logic needed to launch a single application. Lets look at the bare minimum needed to create an application container starting with a Dockerfile:

FROM ghcr.io/linuxserver/baseimage-kasmvnc:alpine318
RUN apk add --no-cache firefox
COPY /root /

And we can define the application to start using:

mkdir -p root/defaults
echo "firefox" > root/defaults/autostart

Resulting in a folder that looks like this:

β”œβ”€β”€ Dockerfile
└── root
  └── defaults
    └── autostart

Now build and test:

docker build -t firefox .
docker run --rm -it -p 3000:3000 firefox bash

On http://localhost:3000 you should be presented with a Firefox web browser interface.

This similar setup can be used to embed any Linux Desktop application in a web accesible container.

If building images it is important to note that many application will not work inside of Docker without --security-opt seccomp=unconfined, they may have launch flags to not use syscalls blocked by Docker like with chromium based applications and --no-sandbox. In general do not expect every application will simply work like a native Linux installation without some modifications

In container application launching

Also included in the init logic is the ability to define application launchers. As the user has the ability to close the application or if they want to open multiple instances of it this can be useful. Here is an example of a menu definition file for Firefox:

<?xml version="1.0" encoding="utf-8"?>
<openbox_menu xmlns="http://openbox.org/3.4/menu">
<menu id="root-menu" label="MENU">
<item label="xterm" icon="/usr/share/pixmaps/xterm-color_48x48.xpm"><action name="Execute"><command>/usr/bin/xterm</command></action></item>
<item label="FireFox" icon="/usr/share/icons/hicolor/48x48/apps/firefox.png"><action name="Execute"><command>/usr/bin/firefox</command></action></item>
</menu>
</openbox_menu>

Simply create this file and add it to your defaults folder as menu.xml:

β”œβ”€β”€ Dockerfile
└── root
  └── defaults
    └── autostart
    └── menu.xml

This allows users to right click the desktop background to launch the application.

Full Desktop environments

When building an application container we are leveraging the Openbox DE to handle window management, but it is also possible to completely replace the DE that is launched on container init using the startwm.sh script, located again in defaults:

β”œβ”€β”€ Dockerfile
└── root
  └── defaults
    └── startwm.sh

If included in the build logic it will be launched in place of Openbox. Examples for this kind of configuration can be found in our Webtop repository

Kasm Workspaces compatibility

Included in these base images are binary blobs /kasmbins and a special init process /kasminit to maintain compatibility with Kasm Workspaces, If using this base image as reccomended with the startwm.sh or autostart entrypoints. They will be able to be used on that platform without issue.

Docker in Docker (DinD)

These base images include an installation of Docker that can be used in two ways. The simple method is simply leveraging the Docker/Docker Compose cli bins to manage the host level Docker installation by mounting in -v /var/run/docker.sock:/var/run/docker.sock.

The base images can also run an isolated in container DinD setup simply by passing --privileged to the container when launching. If for any reason the application needs privilege but Docker is not wanted the -e START_DOCKER=false can be set at runtime or in the Dockerfile. In container Docker (DinD) will most likely use the fuse-overlayfs driver for storage which is not as fast as native overlay2. To increase perormance the /var/lib/docker/ directory in the container can be mounted out to a Linux host and will use overlay2. Keep in mind Docker runs as root and the contents of this directory will not respect the PUID/PGID environment variables available on all LinuxServer.io containers.

DRI3 GPU Acceleration

For accelerated apps or games, render devices can be mounted into the container and leveraged by applications using:

--device /dev/dri:/dev/dri

This feature only supports Open Source GPU drivers:

Driver Description
Intel i965 and i915 drivers for Intel iGPU chipsets
AMD AMDGPU, Radeon, and ATI drivers for AMD dedicated or APU chipsets
NVIDIA nouveau2 drivers only, closed source NVIDIA drivers lack DRI3 support

The DRINODE environment variable can be used to point to a specific GPU. Up to date information can be found here

Display Compositing (desktop effects)

When using this image in tandem with a supported video card, compositing will function albeit with a performance hit when syncing the frames with pixmaps for the applications using it. This can greatly increase app compatibility if the application in question requires compositing, but requires a real GPU to be mounted into the container. By default we disable compositing at a DE level for performance reasons on our downstream images, but it can be enabled by the user and programs using compositing will still function even if the DE has it disabled in its settings. When building desktop images be sure you understand that with it enabled by default only users that have a compatible GPU mounted in will be able to use your image.

Lossless

These images support all the native KasmVNC encoding methods including a true 24 bit RGB lossless mode using the Quite OK Image Format. This mode will use all the bandwidth you give it so just keep that in mind for remote sessions. This mode also might require special configuration depending on how you are accessing the container. Lossless will only work over http (default port 3000) on localhost, when accessing remotely or even over a local network you need to use https (default port 3001) to support SharedArrayBuffer. This is needed to leverage a fast memory pipeline in the browser during the threaded WebAssembly based decoding. This can be enabled in the sidebar under settings>stream quality>lossless.

If putting this container behind a proxy of some kind some headers will need to be set to again support SharedArrayBuffers here is a default NGINX configuration format:

add_header 'Cross-Origin-Embedder-Policy' 'require-corp';
add_header 'Cross-Origin-Opener-Policy' 'same-origin';
add_header 'Cross-Origin-Resource-Policy' 'same-site';

More information here

The following line is only in this repo for loop testing:

  • { date: "01.01.50:", desc: "I am the release message for this internal repo." }

More Repositories

1

Heimdall

An Application dashboard and launcher
PHP
7,832
star
2

docker-wireguard

Dockerfile
2,824
star
3

docker-swag

Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
Dockerfile
2,734
star
4

docker-webtop

Ubuntu, Alpine, Arch, and Fedora based Webtop images, Linux in a web browser supporting popular desktop environments.
Dockerfile
1,720
star
5

docker-code-server

Dockerfile
1,566
star
6

reverse-proxy-confs

These confs are pulled into our SWAG image: https://github.com/linuxserver/docker-swag
1,319
star
7

docker-plex

Dockerfile
992
star
8

docker-mods

Documentation and Examples of base container modifications
Dockerfile
940
star
9

docker-unifi-controller

Dockerfile
897
star
10

docker-calibre-web

Dockerfile
877
star
11

docker-qbittorrent

Dockerfile
868
star
12

docker-letsencrypt

DEPRECATED: Please use linuxserver/swag instead
Dockerfile
727
star
13

docker-bookstack

A Docker container for the BookStack documentation wiki
Dockerfile
687
star
14

docker-sonarr

Dockerfile
672
star
15

docker-jellyfin

Dockerfile
628
star
16

budge

JavaScript
617
star
17

docker-unifi-network-application

Dockerfile
616
star
18

docker-radarr

Dockerfile
595
star
19

docker-nextcloud

Dockerfile
571
star
20

docker-emulatorjs

Web based retro emulation frontend with rom scanning and automated art ingestion.
Dockerfile
502
star
21

docker-transmission

Dockerfile
486
star
22

docker-openssh-server

Dockerfile
484
star
23

emulatorjs

Self hosted web based retro emulation front end with rom and art management.
JavaScript
389
star
24

docker-calibre

Dockerfile
352
star
25

docker-jackett

Dockerfile
346
star
26

docker-heimdall

Dockerfile
311
star
27

docker-grocy

A container for grocy - the ERP application for your kitchen https://grocy.info
Dockerfile
308
star
28

docker-prowlarr

Docker image for Prowlarr/Prowlarr
Dockerfile
299
star
29

Heimdall-Apps

Apps for Heimdall
PHP
299
star
30

docker-smokeping

Shell
287
star
31

docker-duplicati

Dockerfile
283
star
32

docker-kasm

Kasm Workspaces platform provides enterprise-class orchestration, data loss prevention, and web streaming technology to enable the delivery of containerized workloads to your browser.
Shell
282
star
33

docker-netbootxyz

Dockerfile
257
star
34

docker-syncthing

Dockerfile
235
star
35

docker-bazarr

Dockerfile
232
star
36

docker-deluge

Dockerfile
223
star
37

docker-rdesktop

Dockerfile
222
star
38

docker-sabnzbd

Dockerfile
210
star
39

docker-lidarr

Dockerfile
204
star
40

docker-homeassistant

Dockerfile
200
star
41

docker-tautulli

Dockerfile
184
star
42

docker-duckdns

Shell
183
star
43

docker-mariadb

Dockerfile
181
star
44

docker-healthchecks

Dockerfile
176
star
45

docker-couchpotato

Dockerfile
153
star
46

docker-ombi

Dockerfile
153
star
47

davos

Web-based FTP automation for Linux servers.
Java
151
star
48

docker-rutorrent

DEPRECATED
PHP
151
star
49

docker-nzbget

Dockerfile
140
star
50

docker-ffmpeg

Dockerfile
139
star
51

docker-firefox

Dockerfile
135
star
52

docker-tvheadend

Dockerfile
134
star
53

fleet

Status and image fleet metadata management application for Docker images
Java
127
star
54

Clarkson

Web-based fuel logging dashboard
TypeScript
126
star
55

docker-freshrss

HTML
124
star
56

docker-baseimage-alpine

Dockerfile
124
star
57

docker-docker-compose

Shell
123
star
58

docker-nginx

Dockerfile
122
star
59

docker-kodi-headless

Dockerfile
122
star
60

docker-snipe-it

Alpine/Nginx container for the Asset Management software Snipe-IT
Dockerfile
115
star
61

docker-documentation

The repo behind...
108
star
62

docker-ddclient

Dockerfile
106
star
63

docker-emby

Dockerfile
106
star
64

docker-readarr

Container for readarr.com
105
star
65

docker-dokuwiki

Dockerfile
104
star
66

docker-piwigo

Dockerfile
104
star
67

docker-obsidian

Dockerfile
104
star
68

docker-resilio-sync

Dockerfile
102
star
69

docker-wireshark

Dockerfile
101
star
70

docker-overseerr

Dockerfile
98
star
71

docker-baseimage-guacgui

Dockerfile
98
star
72

docker-openvscode-server

Dockerfile
98
star
73

docker-beets

Dockerfile
97
star
74

docker-baseimage-ubuntu

Dockerfile
97
star
75

docker-daapd

Dockerfile
96
star
76

docker-chromium

Web accessible Chromium inside an Alpine Container
Dockerfile
96
star
77

docker-ubooquity

Dockerfile
94
star
78

docker-steamos

Vanilla Arch modified into SteamOS with web based Desktop access, useful for remote play and lower end games
Dockerfile
93
star
79

docker-netbox

Python
81
star
80

docker-libreoffice

Dockerfile
81
star
81

docker-pyload-ng

Dockerfile
80
star
82

docker-wikijs

Dockerfile
79
star
83

docker-lazylibrarian

Dockerfile
77
star
84

heimdalljs

JavaScript
77
star
85

docker-mastodon

Dockerfile
76
star
86

docker-baseimage-rdesktop-web

Custom all in one container for running GUI apps from a web browser
Dockerfile
72
star
87

docker-speedtest-tracker

Dockerfile
72
star
88

docker-librespeed

HTML
70
star
89

docker-projectsend

Dockerfile
69
star
90

docker-ldap-auth

Python
68
star
91

docker-diskover

A Docker container for the Diskover space mapping application
Dockerfile
68
star
92

gclient

NodeJS application replacement for the default Guacamole Client
JavaScript
67
star
93

docker-tt-rss

Dockerfile
65
star
94

docker-nzbhydra2

Dockerfile
65
star
95

docker-mstream

Dockerfile
62
star
96

docker-remmina

Dockerfile
62
star
97

docker-organizr

DEPRECATED
Dockerfile
61
star
98

docker-snapdrop

HTML
60
star
99

docker-blender

Responsive web accessible Blender Docker container with hardware acceleration.
Dockerfile
57
star
100

docker-budge

Dockerfile
56
star