2

I have used these instructions for Running Gui Apps with Docker to create images that allow me to launch GUI based applications.

It all works flawlessly when running Docker on the same machine, but it stops working when running it on a remote host.

Locally, I can run

docker --rm --ti -e DISPLAY -e <X tmp> <image_name> xclock

And I can get xclock running on my host machine.

When connecting remotely to a host with XForwarding, I am able to run X applications that show up on my local X Server, as anyone would expect.

However if in the remote host I try to run the above docker command, it fails to connect to the DISPLAY (usually localhost:10.0)

I think the problem is that the XForwarding is setup on the localhost interface of the remote host. So the docker host has no way to connect to DISPLAY=localhost:10.0 because that localhost means the remote host, unreachable from docker itself.

Can anyone suggest an elegant way to solve this?

Regards Alessandro

EDIT1: One possible way I guess is to use socat to forward the remote /tmp/.X11-unix to the local machine. This way I would not need to use port forwarding. It also looks like openssh 6.7 will natively support unix socket forwarding.

Alessandro
  • 2,378
  • 2
  • 15
  • 13
  • Alessandro did you find the solution of the problem. I am facing the same problem with remote machine. On host i can run xclock but not on remote machine.....Please help! – Coffee_lover Apr 26 '16 at 18:52
  • Of course I found your question after myself having been through the same problem, figured out one solution, and filled in a full Q&A here: https://stackoverflow.com/questions/48235040/run-x11-application-in-a-docker-container-reliably-on-a-server-connected-via-ssh I hope that this perhaps also can solve it for you. – rubund Jan 12 '18 at 23:21

1 Answers1

2

When running X applications through SSH (ssh -X), you are not using the /tmp/.X11-unix socket to communicate with the X server. You are rather using a tunnel through SSH reached via "localhost:10.0".

In order to get this to work, you need to make sure the SSH server supports X connections to the external address by setting

X11UseLocalhost no

in /etc/ssh/sshd_config.

Then $DISPLAY inside the container should be set to the IP address of the Docker host computer on the docker interface - typically 172.17.0.1. So $DISPLAY will then be 172.17.0.1:10

You need to add the X authentication token inside the docker container with "xauth add" (see here)

If there is any firewall on the Docker host computer, you will have to open up the TCP ports related to this tunnel. Typically you will have to run something like

ufw allow from 172.17.0.0/16 to any port $TCPPORT proto tcp

if you use ufw.

Then it should work. I hope it helps. See also my other answer here https://stackoverflow.com/a/48235281/5744809 for more details.

Zoe
  • 27,060
  • 21
  • 118
  • 148
rubund
  • 7,603
  • 3
  • 15
  • 24