docker-traefik icon indicating copy to clipboard operation
docker-traefik copied to clipboard

Published 20 hours ago verified publisher icon htpcBeginner

Secrets not working on jlesage images

Open robflate opened this issue 5 years ago • 3 comments

I can't seem to get secrets working on some containers. E.g.;

  • handbrake
  • makemkv
  • jdownloader
  • mkvtoolnix
  • qdirstat

Before using secrets the above containers would require a password before opening, VNC_PASSWORD: $HANDBRAKE_VNC_PASSWORD

After replacing the above with, VNC_PASSWORD_FILE: /run/secrets/handbrake_vnc_password and adding handbrake_vnc_password as a secret to the container and mounting the file in the stack, the container no longer requires a password.

If I change VNC_PASSWORD_FILE to VNC_PASSWORD the password is set to /run/secrets/handbrake_vnc_password as a string rather than the contents of the file.

Other secrets are working correctly and I get no errors on docker up so I'm pretty sure they are setup correctly. Any advise appreciated, thanks.

robflate avatar Jul 24 '20 01:07 robflate

Hi @robflate,

the listed images are all built upon the same base image:

This behavior is due to the rootfs/etc/cont-init.d/10-vnc-password.sh in GUI Base Image (jlesage/baseimage-gui). At Line 21 you can see that the input of x11vnc -storepasswd command is taken from the environment variable $VNC_PASSWORD that means:

  1. VNC_PASSWORD_FILE is not a recognized environment variable so VNC no longer requires a password
  2. VNC_PASSWORD has per content the string representing the path of the docker secret so the password of VNC would be "/run/secrets/handbrake_vnc_password"

The only way I can see to fix this issue is to raise a Pull Request for the jlesage's Base GUI Image introducing a new env variable called "VNC_PASSWORD_FILE" or modify the script "10-vnc-password.sh" introducing the ability to read from a path if detected inside the env variable "VNC_PASSWORD".

GZ

gzecchi avatar Aug 01 '20 13:08 gzecchi

Thanks for the explanation. Really appreciate it. So the way the repo currently is, the jlesage images have no VNC passwords set?

robflate avatar Aug 03 '20 21:08 robflate

Hi @robflate,

jleasege images have no VNC password set if you use Docker Secrets, you can still use the .env file as workaround.

I will try to raise a pull request for jlesage/baseimage-gui adding the VNC_PASSWORD_FILE as env variable.

GZ

gzecchi avatar Aug 04 '20 07:08 gzecchi