Thanks so much @Lazarus535
I found that for me adding the following to my docker command worked:
--volume="$HOME/.Xauthority:/root/.Xauthority:rw"
I found this trick here
EDIT:
As Lazarus pointed out correctly you also have to set the --net=host option to make this work.
Thanks so much @Lazarus535
I found that for me adding the following to my docker command worked:
--volume="$HOME/.Xauthority:/root/.Xauthority:rw"
I found this trick here
EDIT:
As Lazarus pointed out correctly you also have to set the --net=host option to make this work.
Ok, here is the thing:
1) Log in to remote machine
2) Check which display was set with echo $DISPLAY
3) Run xauth list
4) Copy the line corresponding to your DISPLAY
5) Enter your docker container
6) xauth add <the line you copied>*
7) Set DISPLAY with export DISPLAY=<ip-to-host>:<no-of-display>
*so far so good right?
This was nothing new...however here is the twist:
The line printed by xauth list for the login user looks something like this (in my case):
<hostname-of-machine>/unix:<no-of-display> MIT-MAGIC-COOKIE-1 <some number here>
Because i use the bridged docker setup, the X forwarding port is not listening locally, because the sshd is not running in the container. Change the line above to:
<ip-of-host>:<no-of-display> MIT-MAGIC-COOKIE-1 <some number here>
In essence: Remove the /unix part.
<ip-of-host> is the IP address where the sshd is running.
Set the DISPLAY variable as above.
So the error was that the DISPLAY name in the environment variable was not the "same" as the entry in the xauth list / .Xauthority file and the client could therefor not authenticate properly.
I switched back to an untrusted X11 forwarding setting.
The X11UseLocalhost no setting in the sshd_config file however is important, because the incomming connection will come from a "different" machine (the docker container).
X11 forwarding with docker - Containers - CERN Open Data
dockerfile - Run Omnet++ inside docker with x11 forwarding on windows. SSH not working - Stack Overflow
ssh - X11 forwarding from a docker container in remote server - Unix & Linux Stack Exchange
X11 forwarding doesn't work when image runs in docker machine but it works fine if the image is run w/o a docker machine
I have a docker container on a remote host that can SSH into via Putty and X11 forwarding works fine. How can I push X11 from a docker image on that host through SSH? I have tried to set up a tunnel through the host and was able to get in to the docker image but wasn't able to get an X window on my local machine.
I don’t think you’re going to find a way to do this short of running an ssh daemon inside the container.
Here’s a basic example of how to do it that way though:
https://gist.github.com/udkyo/c20935c7577c71d634f0090ef6fa8393
Did you enable X11 forwarding in the ssh configuration file of the docker container? Did you forward a port from the container to the remote host via ssh or via docker port forwarding? What are the docker run parameters you use? What ssh command do you use for connection? Do you get any error messages?
There could be a lot of reasons why it's not working, so you have to provide more information, I guess.
Depending on what you would like to accomplish - maybe a vnc connection is applicable as well..
It looks like you're doing all of the same stuff I'm doing EXCEPT you're sharing the .Xauthority at the time of container creation. That means if you ever ssh -X into your machine after creating the container the .Xauthority will not be valid anymore. You can't ssh -X from another terminal into the same machine and go back and use the .Xauthority, ssh -X changes the .Xauthority every time for the most recent terminal. I've only got it to work by copying the .Xauthority every time I ssh -X into my machine and try and share the screen with my container.
note: I'm sharing a device and a machine id because I was forwarding a webcam output
1.Create the container and tell xhost to allow forwarding from container id:
sudo docker run -it -d \
--net=host \
--env="DISPLAY" \
--env="QT_X11_NO_MITSHM=1" \
--volume="/tmp/.X11-unix:/tmp/.X11-unix:rw" \
--device="/dev/video0:/dev/video0" \
--volume="/path/to/your/sharedDockerFiles:/root/sharedDockerFiles" \
--volume="/etc/machine-id:/etc/machine-id" \
yourdockerrepo/image:tag \
bash
export containerId=$(docker ps -l -q)
sudo xhost +local:`sudo docker inspect --format='{{ .Config.Hostname }}' $containerId`
sudo docker start $containerId
2.Copy .Xauthority from host home to sharedDockerFiles directory:
sudo cp ~/.Xauthority /path/to/your/sharedDockerFiles
3.Start and attach your container
4.Copy the .Xauthority in your shared folder to your container home
sudo cp /root/sharedDockerFiles/.Xauthority ~/
5.(necessary once): Edit container's /etc/ssh/ssh_config under Host * to include:
ForwardX11 yes
X11Forwarding yes
6.Restart your container and reattach and run GUI app
7.If you still have problems, make sure $DISPLAY variable in the container is the same as the host's
echo $DISPLAY #do this in the container
exit
echo $DISPLAY #do this in the host, should be the same as container's
#if they aren't equal, start container and:
export DISPLAY= #put the output of your host's $DISPLAY variable here
Copy .Xauthority in container at the beginning of ssh session before using GUI:
sudo docker exec -i container_name bash -c 'cat > ~/.Xauthority' < ~/.Xauthority
Then, you can pass DISPLAY if using 'docker exec'. E.g. to open new bash:
sudo docker exec -it --env="DISPLAY" container_name bash
2 more possible causes for error: (in addition to accepted answer)
basic: You don't have ssh server or xauth in container (for ubuntu run 'apt install openssh-server xauth')
sneaky one: If your container hostname is different than the one from host (e.g. set via -h badge in 'docker run') you'll get the error and you have to deal with that (e.g. set the same hostname or add cookie to xauth)
You need to resolve these things for it to work:
- That the X application can find the X server
- For SSH there needs to be a tunnel ("ssh -X" and "X11Forwarding yes" in /etc/ssh/sshd_config)
- The address must be in $DISPLAY (using -e). You must replace "localhost" with the actual IP address of the Docker host seen from the Docker container.
- That the X application is authorised to talk to the X server
- Propagate the xauth magic cookie into the Docker container
- Open up any firewall ports from the Docker host to the Docker container for the X11 port
- Make sure the SSH server is configured to accept X11 TCP connections on a remote IP.
See my question (and answer) here on StackOverflow for details of how it can be done: https://stackoverflow.com/questions/48235040/run-x11-application-in-a-docker-container-reliably-on-a-server-connected-via-ssh
To run a GUI app in a remote docker container, you do not need X11 forwarding from the server.
You can make the X11 server listen on TCP:6000, and run the remote docker container with -e DISPLAY=$IP:0 , which the $IP is the ip address of computer that run X11 server.
I have got it work on an macbook with XQuarz to display a remote docker container on remote ubuntu:
On macbook use socat to make the X11 server listen on TCP, follow Running GUI’s with Docker on Mac OS X.
On remote ubuntu
docker run -it --rm -e DISPLAY=$macbook_ip:0 fr3nd/xeyes
Then the xeyes show on the macbook
Hi all
Due to company policy I have a requirement to run a legacy app inside a container, with X window support, where the X window can be run over an SSH connection with forwarding...
I found that if the dockerfile switches to the username that will run the container (provided as a build arg), and the following is added to the run command, I can get X working quite well locally.
-v /tmp/.X11-unix/:/tmp/.X11-unix -e DISPLAY=$DISPLAY -h $HOSTNAME -v $HOME/.Xauthority --ipc=host
Im not an X11 expert by any means, so im unsure how to make the SSH forwarding aspect of this work. If I try to SSH to the host with -XY and launch the container, I get this error:
Error: Can't open display: localhost:10.0
Any pointers?