Chrome Wrapper/projects/chromewrapper

Chrome Wrapper - Just Wrap It

Download the Dockerfile and the script chromewrapper.sh

this is the dockerfile:
FROM ubuntu:18.04
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update
RUN apt-get install --no-install-recommends -y xorg wget
RUN wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
RUN apt-get install -y ./google-chrome-stable_current_amd64.deb
RUN rm -rf /var/lib/apt/lists/*
ENTRYPOINT ["google-chrome", "--no-sandbox", "--user-data-dir=/config/google-chrome"]
this is the script:
#!/bin/bash
#this script runs chrome inside docker and pipes it out of your local x11 server it also enables GPU access so that chrome can use the host gpu
xhost +local:docker
docker run -it --rm --name=chrome --net=host --shm-size 1GB --security-opt no-new-privileges --tmpfs /tmp:size=8k --volume=/tmp/.X11-unix:/tmp/.X11-unix:rw --volume=$HOME/.config/google-chrome:/config/google-chrome:rw --device /dev/snd --device /dev/dri --env="DISPLAY=$DISPLAY" --env="GPU_USE_SYNC_OBJECTS=1" chromewrapper:v0.0.1
xhost -local:docker


The following is a detailed explanation of the previous dockerfile and it's accompanying script.
The descriptions are Under the code outline

FROM ubuntu:18.04

The base image is the latest version of Ubuntu, version 18.04.


ARG DEBIAN_FRONTEND=noninteractive

This line tells the Dockerfile that the following command should use a non-interactive frontend so that it doesn't prompt for input.


RUN apt-get update
RUN apt-get install --no-install-recommends -y xorg wget

These lines update the package list and install the Xorg windowing system and the wget utility.


RUN wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
RUN apt-get install -y ./google-chrome-stable_current_amd64.deb

These lines download the latest stable version of Google Chrome for 64-bit systems and install it using the apt package manager.


RUN rm -rf /var/lib/apt/lists/*

This line removes the package list cache to reduce the image size.


ENTRYPOINT ["google-chrome", "--no-sandbox", "--user-data-dir=/config/google-chrome"]

This line sets the entrypoint for the container to the Google Chrome executable with the sandboxing feature disabled and the user data directory set to a location in the container where it can be persisted.


#!/bin/bash

This line tells the script that it is a Bash script and should be executed by the Bash interpreter.
The second line is a comment describing what the script does.



xhost +local:docker
docker run -it --rm --name=chrome --net=host --shm-size 1GB --security-opt no-new-privileges --tmpfs /tmp:size=8k --volume=/tmp/.X11-unix:/tmp/.X11-unix:rw --volume=$HOME/.config/google-chrome:/config/google-chrome:rw --device /dev/snd --device /dev/dri --env="DISPLAY=$DISPLAY" --env="GPU_USE_SYNC_OBJECTS=1" chromewrapper:v0.0.1
xhost -local:docker

This line runs the chrome container created in the previous step with several options.

The first option
--name=chrome

gives the container a name so that it can be easily referenced by other commands.

The second option
--net=host

tells Docker to use the host's networking stack instead of creating a new network stack for the container.
This is necessary so that the container can connect to the host's X11 server.

The third option
--shm-size 1GB

sets the size of the shared memory segment for the container to 1GB.
This is necessary because Chrome uses a lot of memory and the default shared memory segment size is not enough.

The fourth option
--security-opt no-new-privileges

tells Docker not to give the container any new privileges that it doesn't already have.
This is a security measure to prevent privilege escalation attacks.

The fifth option
--tmpfs /tmp:size=100m

creates a tmpfs filesystem in the container at the /tmp directory with a size of 100m.

The sixth option
 --volume=/tmp/.X11-unix:/tmp/.X11-unix:rw

mounts the host's X11 socket into the container so that Chrome can connect to it.

The seventh option
 --volume=$HOME/.config/google-chrome:/config/google-chrome:rw

mounts the host's Chrome user data directory into the container so that changes made in Chrome are persisted on the host.

The eighth option
 --device /dev/snd

gives the container access to the host's sound devices so that Chrome can play audio.

The ninth option
 --device /dev/dri

gives the container access to the host's GPU so that Chrome can use hardware acceleration.

The tenth option
 --env="DISPLAY=$DISPLAY"

sets the DISPLAY environment variable in the container to point to the host's X11 server.

The eleventh option
 --env="GPU_USE_SYNC_OBJECTS=1"

enables Chrome's GPU process to use synchronization objects which are necessary for proper GPU acceleration.
The final option is the name of the container image to use. In this case, it is chromewrapper:v0.0.1 which is the name of the container image created in the previous step.