You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docker run -d -p 5901:5901 consol/debian-xfce-vnc
nc 127.0.0.1 5901
times out. The TCP port 5901 on the outside-host is handled by docker-proxy and is reachable, but inside the docker container the corresponding port 5901 TigerVNC is listening on cannot be connected to.
Detailed error description
Inside the docker container TigerVNC only listened on the interface lo which is not enough for docker-proxy to forward any TCP connection from outside the container to the exported port inside the container.
Additional content
Looking at vnc_starup.sh it executes /usr/bin/vncserver, which then will fork /usr/bin/Xtigervnc … -localhost=1 ….
Inside the docker container the VNC server is only bound to the interface lo, which makes it inaccessible to any service using the docker containers IP address, which the docker port forwarding mechanism uses: Docker runs the following process outside the container:
As you see it will try to connect to the docker containers internal IP address 172.17.0.2 and not to 127.0.0.1, which is (technically) impossible: As the process has to run outside the container on the host to open the listening port there, 127.0.0.1 will reference the host there and it has to use normal network routing to access any service inside the container. But as Xtigervnc is only listening on lo, it is unreachable — even for the docker-proxy process.
Reading /etc/tigervnc/vncserver-config-defaults has this section:
# $localhost should the TigerVNC server only listen on localhost for incoming VNC connections.
…
# Default: $localhost = "yes"; # if $SecurityTypes does not contain any TLS*
# # or X509* security types or the $SecurityTypes
# # does contain at least on *None security type.
# Default: $localhost = "no"; # Otherwise
Thanks for bringing this to my attention. Tbh i only tested the webvnc thing when i took over this project.
Since you did all the work already, the fix was easy. I added some unit tests in 5b8537f to make sure it keeps on working.
Image
consol/debian-xfce-vnc:latest
Tag
3f2464498c9d
Short overview
Following you README.md:
times out. The TCP port
5901
on the outside-host is handled bydocker-proxy
and is reachable, but inside the docker container the corresponding port5901
TigerVNC is listening on cannot be connected to.Detailed error description
Inside the docker container TigerVNC only listened on the interface
lo
which is not enough fordocker-proxy
to forward any TCP connection from outside the container to the exported port inside the container.Additional content
Looking at vnc_starup.sh it executes
/usr/bin/vncserver
, which then will fork/usr/bin/Xtigervnc … -localhost=1 …
.Inside the docker container the VNC server is only bound to the interface
lo
, which makes it inaccessible to any service using the docker containers IP address, which the docker port forwarding mechanism uses: Docker runs the following process outside the container:As you see it will try to connect to the docker containers internal IP address
172.17.0.2
and not to127.0.0.1
, which is (technically) impossible: As the process has to run outside the container on the host to open the listening port there,127.0.0.1
will reference the host there and it has to use normal network routing to access any service inside the container. But asXtigervnc
is only listening onlo
, it is unreachable — even for thedocker-proxy
process.Reading
/etc/tigervnc/vncserver-config-defaults
has this section:As no TLS is setup TigerVNC defaults to
yes
.lsof -p $(pidof Xtigervnc) -a -d 0-255 … Xtigervnc 38 default 9u IPv4 31697694 0t0 TCP localhost:5901 (LISTEN)
Fix:
This is my finding while working on sibson/vncdotool#96 myself.
The text was updated successfully, but these errors were encountered: