From 275aa0715ac0e69484b0f5f6efddd132a3e80275 Mon Sep 17 00:00:00 2001 From: Seungmin Kim <8457324+ehfd@users.noreply.github.com> Date: Wed, 3 Jul 2024 23:47:13 +0900 Subject: [PATCH] Fix collision in host networking --- Dockerfile | 3 +- docker-compose.yml | 76 +++++++++++++++++++++++++++++++++ entrypoint.sh | 2 +- kasmvnc-entrypoint.sh | 4 +- selkies-gstreamer-entrypoint.sh | 2 +- xgl.yml | 4 +- 6 files changed, 83 insertions(+), 8 deletions(-) create mode 100644 docker-compose.yml diff --git a/Dockerfile b/Dockerfile index 9f64c8c..dbdbf4d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -260,7 +260,7 @@ ENV NVIDIA_DRIVER_CAPABILITIES=all # Disable VSYNC for NVIDIA GPUs ENV __GL_SYNC_TO_VBLANK=0 # Set default DISPLAY environment -ENV DISPLAY=":0" +ENV DISPLAY=":20" # Anything above this line should always be kept the same between docker-nvidia-glx-desktop and docker-nvidia-egl-desktop @@ -586,7 +586,6 @@ turnserver \ --external-ip=\"\${SELKIES_TURN_HOST:-\$(curl -fsSL checkip.amazonaws.com)}\" \ --min-port=\"\${TURN_MIN_PORT:-49152}\" \ --max-port=\"\${TURN_MAX_PORT:-65535}\" \ - --no-udp-relay \ --channel-lifetime=\"\${TURN_CHANNEL_LIFETIME:--1}\" \ --lt-cred-mech \ --user \"selkies:\${TURN_RANDOM_PASSWORD}\" \ diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..f9155ed --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,76 @@ +services: + xgl: + container_name: xgl + hostname: xgl + # Change tag `latest` to Ubuntu versions such as `24.04` + image: ghcr.io/selkies-project/nvidia-glx-desktop:latest + ports: + - '8080:8080' + stdin_open: true + tty: true + deploy: + resources: + reservations: + devices: + - driver: nvidia + count: 1 + capabilities: [gpu] + tmpfs: + - '/dev/shm:rw' +# volumes: +# - 'xgl-cache-vol:/cache' +# - 'xgl-root-vol:/home/ubuntu' + # Uncomment the below line to disable network isolation for WebRTC connectivity, display `:20` and `:21` should not be used in the host, may show an error if disallowed by the cluster +# network_mode: 'host' + environment: + - TZ=UTC + - DISPLAY_SIZEW=1920 + - DISPLAY_SIZEH=1080 + - DISPLAY_REFRESH=60 + - DISPLAY_DPI=96 + - DISPLAY_CDEPTH=24 + # With driver versions lower than 550, change to `DP-0` or any other `DP-*` port for larger resolution support if NOT using datacenter GPUs + - VIDEO_PORT=DFP + # User password of container + - PASSWD=mypasswd + # Uncomment to enable KasmVNC instead of Selkies-GStreamer, `SELKIES_BASIC_AUTH_PASSWORD` is used for authentication with KasmVNC, defaulting to `PASSWD` if not provided + # Uses: `SELKIES_ENABLE_BASIC_AUTH`, `SELKIES_BASIC_AUTH_USER`, `SELKIES_BASIC_AUTH_PASSWORD`, `SELKIES_ENABLE_RESIZE`, `SELKIES_ENABLE_HTTPS`, `SELKIES_HTTPS_CERT`, `SELKIES_HTTPS_KEY` +# - KASMVNC_ENABLE=true + ### + # Selkies-GStreamer parameters, for additional configurations see `selkies-gstreamer --help` + ### + # Change `SELKIES_ENCODER` to `x264enc`, `vp8enc`, or `vp9enc` if using software fallback without allocated GPUs or your GPU does not support `H.264 (AVCHD)` under the `NVENC - Encoding` section in https://developer.nvidia.com/video-encode-and-decode-gpu-support-matrix-new + - SELKIES_ENCODER=nvh264enc + - SELKIES_ENABLE_RESIZE=false + # Initial video bitrate in kilobits per second, may be changed later within web interface + - SELKIES_VIDEO_BITRATE=8000 + # Initial frames per second, may be changed later within web interface + - SELKIES_FRAMERATE=60 + # Initial audio bitrate in bits per second, may be changed later within web interface + - SELKIES_AUDIO_BITRATE=128000 + # Uncomment if network conditions rapidly fluctuate +# - SELKIES_CONGESTION_CONTROL=true + # Enable basic authentication with the web interface + - SELKIES_ENABLE_BASIC_AUTH=true + # Defaults to `PASSWD` if unspecified +# - SELKIES_BASIC_AUTH_PASSWORD=mypasswd + # Enable HTTPS web interface from inside the container + - SELKIES_ENABLE_HTTPS=false + # Volume mount trusted HTTPS certificate to new path for no web browser warnings +# - SELKIES_HTTPS_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem +# - SELKIES_HTTPS_KEY=/etc/ssl/private/ssl-cert-snakeoil.key + ### + # Uncomment and configure below to use a TURN server for improved network compatibility + ### +# - SELKIES_TURN_HOST=turn.example.com +# - SELKIES_TURN_PORT=3478 + # Provide only `SELKIES_TURN_SHARED_SECRET` for time-limited shared secret authentication or both `SELKIES_TURN_USERNAME` and `SELKIES_TURN_PASSWORD` for legacy long-term authentication, but do not provide both authentication methods at the same time +# - SELKIES_TURN_SHARED_SECRET=n0TaRealCoTURNAuthSecretThatIsSixtyFourLengthsLongPlaceholdPlace +# - SELKIES_TURN_USERNAME=username +# - SELKIES_TURN_PASSWORD=mypasswd + # TURN REST URI authentication, all TURN server settings above are ignored if enabled +# - 'SELKIES_TURN_REST_URI=http://localhost:8008' + # Change to `tcp` if the UDP protocol is throttled or blocked in your client network, or when the TURN server does not support UDP +# - SELKIES_TURN_PROTOCOL=udp + # You need a valid hostname and a certificate from authorities such as ZeroSSL (Let's Encrypt may have issues) to enable this +# - SELKIES_TURN_TLS=false diff --git a/entrypoint.sh b/entrypoint.sh index b38e2ba..cc5cef9 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -29,7 +29,7 @@ mkdir -pm777 /dev/input || sudo-root mkdir -pm777 /dev/input || echo 'Failed to touch /dev/input/js0 /dev/input/js1 /dev/input/js2 /dev/input/js3 || sudo-root touch /dev/input/js0 /dev/input/js1 /dev/input/js2 /dev/input/js3 || echo 'Failed to create joystick interposer devices' # Set default display -export DISPLAY="${DISPLAY:-:0}" +export DISPLAY="${DISPLAY:-:20}" # PipeWire-Pulse server socket location export PIPEWIRE_LATENCY="32/48000" export XDG_RUNTIME_DIR="${XDG_RUNTIME_DIR:-/tmp}" diff --git a/kasmvnc-entrypoint.sh b/kasmvnc-entrypoint.sh index bf3273e..773462a 100644 --- a/kasmvnc-entrypoint.sh +++ b/kasmvnc-entrypoint.sh @@ -10,7 +10,7 @@ set -e until [ -d "${XDG_RUNTIME_DIR}" ]; do sleep 0.5; done # Set default display -export DISPLAY="${DISPLAY:-:0}" +export DISPLAY="${DISPLAY:-:20}" # PipeWire-Pulse server socket path export PIPEWIRE_LATENCY="32/48000" export XDG_RUNTIME_DIR="${XDG_RUNTIME_DIR:-/tmp}" @@ -52,7 +52,7 @@ server { }" | tee /etc/nginx/sites-available/default > /dev/null # Configure KasmVNC -export KASM_DISPLAY=":50" +export KASM_DISPLAY=":21" yq -i " .command_line.prompt = false | .desktop.resolution.width = ${DISPLAY_SIZEW} | diff --git a/selkies-gstreamer-entrypoint.sh b/selkies-gstreamer-entrypoint.sh index edcaa3c..6bdcdb0 100755 --- a/selkies-gstreamer-entrypoint.sh +++ b/selkies-gstreamer-entrypoint.sh @@ -10,7 +10,7 @@ set -e until [ -d "${XDG_RUNTIME_DIR}" ]; do sleep 0.5; done # Set default display -export DISPLAY="${DISPLAY:-:0}" +export DISPLAY="${DISPLAY:-:20}" # PipeWire-Pulse server socket path export PIPEWIRE_LATENCY="32/48000" export XDG_RUNTIME_DIR="${XDG_RUNTIME_DIR:-/tmp}" diff --git a/xgl.yml b/xgl.yml index 6bf2675..9374b8e 100644 --- a/xgl.yml +++ b/xgl.yml @@ -17,11 +17,11 @@ spec: app: xgl spec: hostname: xgl - # Uncomment the below line to disable network isolation for WebRTC connectivity, may show an error if disallowed by the cluster + # Uncomment the below line to disable network isolation for WebRTC connectivity, display `:20` and `:21` should not be used in the host, may show an error if disallowed by the cluster # hostNetwork: true containers: - name: xgl - # Change tag `latest` to Ubuntu version such as `24.04` + # Change tag `latest` to Ubuntu versions such as `24.04` image: ghcr.io/selkies-project/nvidia-glx-desktop:latest env: - name: TZ