Webbian - Linux VMs in Docker on the Web
A web accessible Virtual Machine powered by Docker, Debian, and noVNC. Webbian allows you to execute a single docker run command to get an entire linux system with a web interface.
Usage
A webbian can be brought up using docker with:
docker run \
--rm \
-ti \
--hostname webbian \
--name webbian \
-p 127.0.0.1:4900:4900 \
-p 127.0.0.1:5900:5900 \
-v ./data/home/root:/root \
-v ./bin:/scripts/bin \
-e BOOT_SCRIPT=/scripts/bin/boot.sh \
-e X11_SCRIPT=/scripts/bin/x11.sh \
-e GEOMETRY=1920x1080 \
-e PASSWORD=ZmFkNzkyZTVhNzkyYzhlMzQ1NGY2YjdkN \
nowsci/webbian:latest
You can now visit http://localhost:4900/vnc.html (or http://localhost:4900/vnc.html?resize=remote for automatic resolution) to access the system. Or use port 5900 with a standard VNC client.
The configuration environment variables:
| Variable | Required | Description |
|---|---|---|
| GEOMETRY | Always | The initial resolution of the display in-browser. This can autoscale if you use the ?resize=remote URL parameter. |
| PASSWORD | On first run | The password to access the system via the web. This is saved in the mapped home directory of root. |
| BOOT_SCRIPT | No | An optional script to run at system start. |
| X11_SCRIPT | No | An optional script to run at Xwindows start. |
Docker compose
The same setup can be achieved with docker compose.
services:
webbian:
image: nowsci/webbian:latest
container_name: webbian
hostname: webbian
ports:
- 127.0.0.1:4900:4900
- 127.0.0.1:5900:5900
volumes:
- ./data/home/root:/root \
- ./bin:/scripts/bin
environment:
- BOOT_SCRIPT=/scripts/bin/boot.sh
- X11_SCRIPT=/scripts/bin/x11.sh
- GEOMETRY=1920x1080
- PASSWORD=ZmFkNzkyZTVhNzkyYzhlMzQ1NGY2YjdkN
restart: unless-stopped
Securing with SSL
If you plan on using webbian publicly on the internet, you can do so with any proxy, such as nginx. A common nginx config would look like the below.
server {
listen 443 ssl;
server_name webbian.domain.ext;
gzip off;
ssl_certificate /letsencrypt/live/domain.ext/fullchain.pem;
ssl_certificate_key /letsencrypt/live/domain.ext/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
modsecurity on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
client_max_body_size 20M;
location / {
autoindex off;
index vnc.html;
# Optional extra security
# auth_basic "Administrator Area";
# auth_basic_user_file /etc/nginx/htpasswd/novnc.htpasswd;
proxy_pass http://webbian:4900/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
proxy_connect_timeout 43200000;
proxy_send_timeout 43200000;
proxy_read_timeout 43200000;
proxy_redirect off;
proxy_set_header Proxy "";
}
}