78 lines
2.3 KiB
Docker
78 lines
2.3 KiB
Docker
# Stage 1: Build Go session manager
|
|
FROM golang:1.22-bookworm AS builder
|
|
|
|
WORKDIR /build
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
COPY . .
|
|
RUN CGO_ENABLED=0 go build -o /winbox-worker ./cmd/worker/
|
|
|
|
# Stage 2: Runtime with Xpra + WinBox
|
|
FROM ubuntu:24.04 AS runtime
|
|
|
|
ARG WINBOX_VERSION=4.0.1
|
|
ARG WINBOX_SHA256=8ec2d08929fd434c4b88881f3354bdf60b057ecd2fb54961dd912df57e326a70
|
|
|
|
# Install Xpra + X11 deps
|
|
# Use distro xpra (works on all architectures including arm64 via emulation)
|
|
RUN apt-get update && \
|
|
apt-get install -y --no-install-recommends \
|
|
ca-certificates \
|
|
curl \
|
|
unzip \
|
|
xvfb \
|
|
xpra \
|
|
libjs-jquery \
|
|
libjs-jquery-ui \
|
|
libxcb1 \
|
|
libxcb-icccm4 \
|
|
libxcb-image0 \
|
|
libxcb-keysyms1 \
|
|
libxcb-render-util0 \
|
|
libxcb-cursor0 \
|
|
libxcb-shape0 \
|
|
libx11-6 \
|
|
libx11-xcb1 \
|
|
libxkbcommon0 \
|
|
libxkbcommon-x11-0 \
|
|
libgl1 \
|
|
libgl1-mesa-dri \
|
|
libegl1 \
|
|
libegl-mesa0 \
|
|
libfontconfig1 \
|
|
libdbus-1-3 \
|
|
xauth \
|
|
python3-pil \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Download and verify WinBox binary
|
|
RUN curl -fsSL -o /tmp/WinBox_Linux.zip \
|
|
"https://download.mikrotik.com/routeros/winbox/${WINBOX_VERSION}/WinBox_Linux.zip" \
|
|
&& echo "${WINBOX_SHA256} /tmp/WinBox_Linux.zip" | sha256sum -c - \
|
|
&& mkdir -p /opt/winbox \
|
|
&& unzip /tmp/WinBox_Linux.zip -d /opt/winbox \
|
|
&& chmod +x /opt/winbox/WinBox \
|
|
&& rm /tmp/WinBox_Linux.zip
|
|
|
|
# Patch Xpra HTML5 client: _poll_clipboard is called on every mouse click
|
|
# but never checks clipboard_enabled, causing clipboard permission prompts
|
|
RUN sed -i 's/XpraClient.prototype._poll_clipboard = function(e) {/XpraClient.prototype._poll_clipboard = function(e) {\n\tif (!this.clipboard_enabled) { return; }/' \
|
|
/usr/share/xpra/www/js/Client.js
|
|
|
|
# Create non-root user
|
|
RUN groupadd --gid 1001 worker && \
|
|
useradd --uid 1001 --gid worker --create-home worker
|
|
|
|
# Create session directory and XDG runtime dir
|
|
RUN mkdir -p /tmp/winbox-sessions && chown worker:worker /tmp/winbox-sessions && \
|
|
mkdir -p /run/user/1001/xpra && chown -R worker:worker /run/user/1001
|
|
|
|
# Copy Go binary
|
|
COPY --from=builder /winbox-worker /usr/local/bin/winbox-worker
|
|
|
|
USER worker
|
|
|
|
EXPOSE 9090
|
|
|
|
ENTRYPOINT ["/usr/local/bin/winbox-worker"]
|