stackoom
  简体   繁体   中英

How can I Run docker CMD command as an unprivileged user?

 原文  2022-02-04 23:52:35       node.js/ docker/ puppeteer

Question

I'm trying to dockerize my app that requires puppeteer but I get the following error when running my app:

Launching Browser
/usr/src/app/node_modules/puppeteer/lib/cjs/puppeteer/node/BrowserRunner.js:229
reject(new Error([

^

Error: Failed to launch the browser process!

[0204/174647.675714:ERROR:zygote_host_impl_linux.cc(90)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.



TROUBLESHOOTING: https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md

at onClose (/usr/src/app/node_modules/puppeteer/lib/cjs/puppeteer/node/BrowserRunner.js:229:20)
at Interface.<anonymous> (/usr/src/app/node_modules/puppeteer/lib/cjs/puppeteer/node/BrowserRunner.js:219:68)
at Interface.emit (node:events:402:35)
at Interface.close (node:readline:586:8)
at Socket.onend (node:readline:277:10)
at Socket.emit (node:events:402:35)
at endReadableNT (node:internal/streams/readable:1343:12)
at processTicksAndRejections (node:internal/process/task_queues:83:21)

And here's my dockerfile:

FROM node:16
WORKDIR /usr/src/app
COPY . .

# Do stuff that puppeteer requires for some reason
RUN apt-get update \
    && apt-get install -y wget gnupg \
    && wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
    && sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' \
    && apt-get update \
    && apt-get install -y google-chrome-stable fonts-ipafont-gothic fonts-wqy-zenhei fonts-thai-tlwg fonts-kacst fonts-freefont-ttf libxss1 \
      --no-install-recommends \
    && rm -rf /var/lib/apt/lists/*
    
# Insall other deps
RUN apt-get update && apt-get install -y imagemagick ghostscript
RUN npm ci
CMD ["node","index.js"]

What do I need to do to get the CMD command of the dockerfile to run as an unprivileged user? I've already tried to enable no-sandbox on my browser

const browser = await puppeteer.launch({
        defaultViewport: { width: 1920, height: 1080 },
        headless: true,
        args:['no-sandbox']
    });

1 answers

solution1
 1  2022-02-05 00:08:45

All of the current statements in your Dockerfile are executed by the root user. You should define the USER instruction specifying a non-root user before the targeted instructions. You can use USER multiple times in a Dockerfile as needed.

In a node image, typically the eponymous node user is available; hence your Dockerfile could look as follows to run CMD with the non-root node user:

[..]

# Insall other deps
RUN apt-get update && apt-get install -y imagemagick ghostscript
RUN npm ci
USER node
CMD ["node","index.js"]

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to run multiple npm scripts in docker CMD command How can I run an npm command in a docker container? How can I tell in Dockerfile which comand I want to execute when input “docker run” command? Use docker run command to pass arguments to CMD in Dockerfile How can I run docker command inside dokku node.js app? How can I run multiple Docker containers? How do I run an npm command inside docker from crontab? How can i run java command with Nodejs Docker change directory in CMD command How can I conditionally run the Sequelize seed data command in docker compose up with a variable in package.json(or somewhere else)?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM