58 lines
1.7 KiB
Markdown
58 lines
1.7 KiB
Markdown
**Purpose**: Sometimes you just want an instance of Firefox running on an Alpine Linux container, that has persistence (Extensions, bookmarks, history, etc) outside of the container (with bind-mapped folders). This is useful for a number of reasons, but insecure by default, so you have to protect it behind something like a [Keycloak Server](https://docs.bunny-lab.io/Docker%20%2526%20Kubernetes/Docker/Docker%20Compose/Keycloak/) so it is not misused.
|
|
|
|
## Docker Configuration
|
|
```jsx title="docker-compose.yml"
|
|
version: '3'
|
|
services:
|
|
firefox:
|
|
environment:
|
|
- TZ=America/Denver
|
|
image: jlesage/firefox
|
|
ports:
|
|
- "5800:5800" # VNC WebUI
|
|
volumes:
|
|
- /srv/containers/firefox:/config:rw
|
|
restart: always
|
|
networks:
|
|
docker_network:
|
|
ipv4_address: 192.168.5.4
|
|
|
|
networks:
|
|
default:
|
|
external:
|
|
name: docker_network
|
|
docker_network:
|
|
external: true
|
|
```
|
|
|
|
```jsx title=".env"
|
|
N/A
|
|
```
|
|
|
|
## Traefik Reverse Proxy Configuration
|
|
If the container does not run on the same host as Traefik, you will need to manually add configuration to Traefik's dynamic config file, outlined below.
|
|
``` yaml
|
|
http:
|
|
routers:
|
|
work-environment:
|
|
entryPoints:
|
|
- websecure
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: work-environment
|
|
rule: Host(`work-environment.bunny-lab.io`)
|
|
middlewares:
|
|
- work-environment # Referencing the Keycloak Server
|
|
|
|
services:
|
|
work-environment:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://192.168.5.4:5800
|
|
passHostHeader: true
|
|
# Adding forwardingTimeouts to set the send and read timeouts to 1 hour (3600 seconds)
|
|
forwardingTimeouts:
|
|
dialTimeout: "3600s"
|
|
responseHeaderTimeout: "3600s"
|
|
|
|
``` |