Selfhosted

42716 readers

231 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

How to run a Chrome sandbox in Docker on a Synology? (aussie.zone)

submitted 5 days ago by Zagorath@aussie.zone to c/selfhosted@lemmy.world

5 comments fedilink hide all child comments

I realise this is a very niche question, but I was hoping someone here either knows the answer or can point me to a better place to ask.

My @DailyGameBot@lemmy.zip uses Puppeteer to take screenshots of the game for its posts. I want to run the bot on my Synology NAS inside of a Docker container so I can just set it and forget it, rather than needing to ensure my desktop is on and running the bot. Unfortunately, the Synology doesn't seem to play nicely with Puppeteer's use of the Chrome sandbox. I need to add the --no-sandbox and --disable-setuid-sandbox flags to get it to run successfully. That seems rather risky and I'd rather not be running it like that.

It works fine on my desktop, including if run in Docker for Windows on my desktop. Any idea how to set up Synology to have the sandbox work?

top 5 comments

sorted by: hot top controversial new old

[–] damnthefilibuster@lemmy.world 6 points 5 days ago* (last edited 5 days ago) (1 children)

Try using this following project as your base image before throwing puppeteer on it (or use the inbuilt functionality to take screenshots). It includes Jessie Frazelle’s seccomp profile. If you want nightmares, go read her blogpost about it. Otherwise just let it be and follow the setup guide in the readme of this project -

https://github.com/jlandure/alpine-chrome

[–] Zagorath@aussie.zone 1 points 5 days ago* (last edited 5 days ago)

Honestly I can't even figure out how to get that alpine-chrome image to work. I edited my Dockerfile to say

FROM zenika/alpine-chrome:with-puppeteer

instead of

FROM node:22

I tried changing USER node to USER chrome. I removed all the apt-get dependencies that were needed to get Puppeteer working in Docker on my PC in the first instance, and added --chown=chrome to my COPY package.json line, all as described in the with-puppeteer example. I also added the ENV lines from that. (I also tried various combinations of some of the aforementioned changes but not others.) Now I get an error with the npm install step.

Error message

15.44 npm ERR! code 1
15.44 npm ERR! path /usr/src/app/node_modules/canvas
15.44 npm ERR! command failed
15.44 npm ERR! command sh -c prebuild-install -r napi || node-gyp rebuild
15.45 npm ERR! prebuild-install warn install No prebuilt binaries found (target=7 runtime=napi arch=x64 libc=musl platform=linux)
15.45 npm ERR! gyp info it worked if it ends with ok
15.45 npm ERR! gyp info using node-gyp@8.4.1
15.45 npm ERR! gyp info using node@20.15.1 | linux | x64
15.45 npm ERR! gyp info find Python using Python version 3.11.10 found at "/usr/bin/python3"
15.45 npm ERR! gyp http GET https://nodejs.org/download/release/v20.15.1/node-v20.15.1-headers.tar.gz
15.45 npm ERR! gyp http 200 https://nodejs.org/download/release/v20.15.1/node-v20.15.1-headers.tar.gz
15.45 npm ERR! gyp http GET https://nodejs.org/download/release/v20.15.1/SHASUMS256.txt
15.45 npm ERR! gyp http 200 https://nodejs.org/download/release/v20.15.1/SHASUMS256.txt
15.45 npm ERR! gyp info spawn /usr/bin/python3
15.45 npm ERR! gyp info spawn args [
15.45 npm ERR! gyp info spawn args   '/usr/src/app/node_modules/node-gyp/gyp/gyp_main.py',
15.45 npm ERR! gyp info spawn args   'binding.gyp',
15.45 npm ERR! gyp info spawn args   '-f',
15.45 npm ERR! gyp info spawn args   'make',
15.45 npm ERR! gyp info spawn args   '-I',
15.45 npm ERR! gyp info spawn args   '/usr/src/app/node_modules/canvas/build/config.gypi',
15.45 npm ERR! gyp info spawn args   '-I',
15.45 npm ERR! gyp info spawn args   '/usr/src/app/node_modules/node-gyp/addon.gypi',
15.45 npm ERR! gyp info spawn args   '-I',
15.45 npm ERR! gyp info spawn args   '/home/chrome/.cache/node-gyp/20.15.1/include/node/common.gypi',
15.45 npm ERR! gyp info spawn args   '-Dlibrary=shared_library',
15.45 npm ERR! gyp info spawn args   '-Dvisibility=default',
15.45 npm ERR! gyp info spawn args   '-Dnode_root_dir=/home/chrome/.cache/node-gyp/20.15.1',
15.45 npm ERR! gyp info spawn args   '-Dnode_gyp_dir=/usr/src/app/node_modules/node-gyp',
15.45 npm ERR! gyp info spawn args   '-Dnode_lib_file=/home/chrome/.cache/node-gyp/20.15.1/<(target_arch)/node.lib',
15.45 npm ERR! gyp info spawn args   '-Dmodule_root_dir=/usr/src/app/node_modules/canvas',
15.45 npm ERR! gyp info spawn args   '-Dnode_engine=v8',
15.45 npm ERR! gyp info spawn args   '--depth=.',
15.45 npm ERR! gyp info spawn args   '--no-parallel',
15.45 npm ERR! gyp info spawn args   '--generator-output',
15.45 npm ERR! gyp info spawn args   'build',
15.45 npm ERR! gyp info spawn args   '-Goutput_dir=.'
15.45 npm ERR! gyp info spawn args ]
15.45 npm ERR! Package pixman-1 was not found in the pkg-config search path.
15.45 npm ERR! Perhaps you should add the directory containing `pixman-1.pc'
15.45 npm ERR! to the PKG_CONFIG_PATH environment variable
15.45 npm ERR! Package 'pixman-1', required by 'virtual:world', not found
15.45 npm ERR! gyp: Call to 'pkg-config pixman-1 --libs' returned exit status 1 while in binding.gyp. while trying to load binding.gyp
15.45 npm ERR! gyp ERR! configure error
15.45 npm ERR! gyp ERR! stack Error: `gyp` failed with exit code: 1
15.45 npm ERR! gyp ERR! stack     at ChildProcess.onCpExit (/usr/src/app/node_modules/node-gyp/lib/configure.js:259:16)
15.45 npm ERR! gyp ERR! stack     at ChildProcess.emit (node:events:519:28)
15.45 npm ERR! gyp ERR! stack     at ChildProcess._handle.onexit (node:internal/child_process:294:12)
15.45 npm ERR! gyp ERR! System Linux 6.10.14-linuxkit
15.45 npm ERR! gyp ERR! command "/usr/bin/node" "/usr/src/app/node_modules/.bin/node-gyp" "rebuild"
15.45 npm ERR! gyp ERR! cwd /usr/src/app/node_modules/canvas
15.45 npm ERR! gyp ERR! node -v v20.15.1
15.45 npm ERR! gyp ERR! node-gyp -v v8.4.1
15.45 npm ERR! gyp ERR! not ok
15.45
[+] Running 0/1A complete log of this run can be found in: /home/chrome/.npm/_logs/2025-02-18T01_04_35_846Z-debug-0.log
 - Service node  Building                                                                                         18.9s
failed to solve: process "/bin/sh -c npm install" did not complete successfully: exit code: 1

[–] Ditti@lemmy.dbzer0.com 2 points 5 days ago* (last edited 5 days ago) (1 children)

I have no idea how Puppeteer handles this but Playwright has a little section on Chrome within Docker: https://playwright.dev/docs/docker#run-the-image

Basically, the Chrome sandbox needs a non-root user as well as a different seccomp profile configuration. No idea if this helps or if you already tried this but it's worth giving it a shot.

Which I just now (after posting) noticed was already mentioned in a different comment. Sorry!

[–] Zagorath@aussie.zone 1 points 5 days ago

Which I just now (after posting) noticed was already mentioned in a different comment. Sorry!

I'm guessing the user who made that other comment is on lemmy.world? I can't see any comment other than yours, and LW has known issues with federation (issues that would be fixed if the instance weren't 5 version behind...) that mean I probably won't be able to see it for about 2 days right now. So thanks!

I haven't looked into the suggestion in great detail yet, but I will say I'm already running as a non-root user (USER node is a line in my Dockerfile). I'm not sure what a seccomp profile is, but in case it wasn't clear from the original post, I just want to emphasise that the current configuration works in Docker on my Windows PC. It's only on the Synology NAS that it fails.

[–] damnthefilibuster@lemmy.world 2 points 5 days ago

By the way, if you get XVfb running for puppeteer (a little further down in the readme), let me know.