mermaid.ink
mermaid.ink copied to clipboard
Published
20 hours ago •
jihchi
jihchi
headless issues in docker
I had to hack and slash at this a bit to get things running due to dbus and headless mode issues:
Docker version 25.0.3, build 4debf41 source: main: afd4bdadf0e81755671728643160d0af5de54a97 OS: ubuntu 23
diff --git a/Dockerfile b/Dockerfile
index bc06cf6..8357543 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,6 +2,14 @@
FROM docker.io/library/node:18-buster-slim
LABEL maintainer="Jihchi Lee <[email protected]>"
+# Create a user and group
+#RUN groupadd -g 987 noizu && \
+# useradd -u 982 -g noizu -m noizu
+# Set the user for the container
+
+#USER noizu:noizu
+ENV NODE_OPTIONS "--max-http-header-size=102400000"
+
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
@@ -40,6 +48,16 @@ RUN corepack enable
COPY pnpm-lock.yaml ./
RUN pnpm fetch --prod
+
+# Install D-Bus
+RUN apt-get update && apt-get install -y dbus \
+ && dbus-uuidgen > /var/lib/dbus/machine-id \
+ && mkdir -p /var/run/dbus \
+ && apt-get autoremove -y \
+ && apt-get autoclean \
+ && rm -rf /var/lib/apt/lists/* \
+ && rm -rf /src/*.deb
+
COPY . ./
RUN pnpm install -r --offline --prod
@@ -47,9 +65,9 @@ RUN pnpm install -r --offline --prod
# same layer as npm install to keep re-chowned files from using up several hundred MBs more space
RUN usermod -a -G audio,video node \
&& mkdir -p /home/node/Downloads \
- && chown -R node:node /home/node /usr/src/app/
-
+ && chown -R node:node /home/node /usr/src/app/ \
+ && chown -R node:node /var/run/dbus/
USER node
-CMD ["pnpm", "start"]
-
+#CMD ["pnpm", "start"]
+ENTRYPOINT ["/usr/src/app/docker-entrypoint.sh"]
EXPOSE 3000
diff --git a/src/app.js b/src/app.js
index 5fa85e2..37e4d0f 100644
--- a/src/app.js
+++ b/src/app.js
@@ -72,6 +72,7 @@ async function setup() {
'--noerrdialogs',
'--prerender-from-omnibox=disabled',
// less-secure workaround to enable `import .. from '../node_modules/..'` in `src/static/mermaid.html`
+ '--no-sandbox', '--disable-setuid-sandbox',
'--allow-file-access-from-files',
],
});
@noizu Thank you for reporting and sharing the diff.
May I know which dbus and headless mode issues you encountered? It would be helpful if you could provide reproducible steps and any applicable error messages.
I am not sure of the issues they encountered, but this is one that I have just had come up when trying to use docker on a headless server.
> node src/index.js
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
[30:30:0322/124117.397939:FATAL:zygote_host_impl_linux.cc(202)] Check failed: . : Operation not permitted (1)
*** caught exception ***
Error: Failed to launch the browser process!
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
[30:30:0322/124117.397939:FATAL:zygote_host_impl_linux.cc(202)] Check failed: . : Operation not permitted (1)
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at ChildProcess.onClose (/usr/src/app/node_modules/.pnpm/@[email protected]/node_modules/@puppeteer/browsers/lib/cjs/launch.js:267:24)
at ChildProcess.emit (node:events:529:35)
at ChildProcess._handle.onexit (node:internal/child_process:292:12)
ELIFECYCLE Command failed with exit code 1.
root@noizu-server:/projects/ai/jupyter/mermaid.ink# docker build -t ink-m2 .
[+] Building 32.7s (15/15) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 1.66kB 0.0s
=> [internal] load metadata for docker.io/library/node:18-buster-slim 0.3s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 109B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 147.45kB 0.0s
=> [ 1/10] FROM docker.io/library/node:18-buster-slim@sha256:4b25873ab6fa3b59a80732b2f3057001924b09fb0fd520d60e18038bcf29ad7e 0.0s
=> CACHED [ 2/10] RUN mkdir -p /usr/src/app 0.0s
=> CACHED [ 3/10] WORKDIR /usr/src/app 0.0s
=> CACHED [ 4/10] RUN apt-get update && apt-get -yq upgrade && apt-get install -y curl gnupg && curl -sSL https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && sh -c ' 0.0s
=> CACHED [ 5/10] RUN corepack enable 0.0s
=> [ 6/10] COPY pnpm-lock.yaml ./ 0.0s
=> [ 7/10] RUN pnpm fetch --prod 15.3s
=> [ 8/10] COPY . ./ 0.0s
=> [ 9/10] RUN pnpm install -r --offline --prod 3.8s
=> [10/10] RUN usermod -a -G audio,video node && mkdir -p /home/node/Downloads && chown -R node:node /home/node /usr/src/app/ 4.9s
=> exporting to image 8.4s
=> => exporting layers 8.4s
=> => writing image sha256:758112fecca9d385e4954bb5dba5328bfbfc931f7242d6fd5c6e5b02fdeb32b6 0.0s
=> => naming to docker.io/library/ink-m2 0.0s
WARNING: current commit information was not captured by the build: failed to read current commit information with git rev-parse --is-inside-work-tree
What's Next?
1. Sign in to your Docker account → docker login
2. View a summary of image vulnerabilities and recommendations → docker scout quickview
root@noizu-server:/projects/ai/jupyter/mermaid.ink# docker run -it ink-m2 /bin/bash
node@cfc72e7e296d:/usr/src/app$ cd /usr/src/app
node@cfc72e7e296d:/usr/src/app$ pnpm start
> [email protected] start /usr/src/app
> node src/index.js
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
[32:32:0323/091543.070514:FATAL:zygote_host_impl_linux.cc(202)] Check failed: . : Operation not permitted (1)
*** caught exception ***
Error: Failed to launch the browser process!
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
[32:32:0323/091543.070514:FATAL:zygote_host_impl_linux.cc(202)] Check failed: . : Operation not permitted (1)
TROUBLESHOOTING: https://pptr.dev/troubleshooting
at ChildProcess.onClose (/usr/src/app/node_modules/.pnpm/@[email protected]/node_modules/@puppeteer/browsers/lib/cjs/launch.js:267:24)
at ChildProcess.emit (node:events:529:35)
at ChildProcess._handle.onexit (node:internal/child_process:292:12)
ELIFECYCLE Command failed with exit code 1.
node@cfc72e7e296d:/usr/src/app$ ^C
node@cfc72e7e296d:/usr/src/app$ exit
root@noizu-server:/projects/ai/jupyter/mermaid.ink# docker start ink-m2
Error response from daemon: No such container: ink-m2
Error: failed to start containers: ink-m2
root@noizu-server:/projects/ai/jupyter/mermaid.ink# docker run ink-m2
> [email protected] start /usr/src/app
> node src/index.js
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
[30:30:0323/091626.172561:FATAL:zygote_host_impl_linux.cc(202)] Check failed: . : Operation not permitted (1)
*** caught exception ***
Error: Failed to launch the browser process!
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
[30:30:0323/091626.172561:FATAL:zygote_host_impl_linux.cc(202)] Check failed: . : Operation not permitted (1)
root@noizu-server:/projects/ai/jupyter/mermaid.ink# docker run ink-m2
> [email protected] start /usr/src/app
> node src/index.js
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
[30:30:0323/091626.172561:FATAL:zygote_host_impl_linux.cc(202)] Check failed: . : Operation not permitted (1)
*** caught exception ***
Error: Failed to launch the browser process!
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
[30:30:0323/091626.172561:FATAL:zygote_host_impl_linux.cc(202)] Check failed: . : Operation not permitted (1)
(base) noizu@noizu-server:/projects/ai/jupyter/mermaid.ink$ git log
commit 958401a320fa7528810450572b3404d7e4901377 (HEAD -> main, tag: v8.1.2, origin/main, origin/HEAD)
root@noizu-server:/projects/ai/jupyter/mermaid.ink# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 23.10
Release: 23.10
Codename: mantic
docker-entrypoint.sh: (missing from my first diff)
#!/bin/bash
dbus-daemon --session --fork
pnpm start
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}