我可以使用node用户让它工作,并使用--cap-add=SYS_ADMIN设置沙箱,但AWS ECS Fargate不支持添加SYS_ADMIN作为linux参数。因此,我试图将no--sandbox传递给puppeteer,这样我就可以以root身份运行,但仍然得到错误Running as root without --no-sandbox is not supported。
环境
- 木偶版本:1.20.0
- 平台/操作系统版本:Docker/Debian 9.12
- Node.js版本:10.21
繁殖步骤
如果我执行到Docker容器并显式运行node puppeteer.js,我不会得到错误,但如果我通过Postman向我的容器发出请求(http://localhost:8081)我明白错误。
Dockerfile
FROM node:10.21
RUN apt-get update &&
apt-get install -y gconf-service libasound2 libatk1.0-0 libc6
libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1
libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4
libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1
libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3
libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates
fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget
# Create app directory
WORKDIR /usr/src/app
# Bundle app source
COPY . .
# Install app dependencies
RUN npm install
# Tried running as node user
#USER node
# Provide google authentication credentials to your application code
ENV GOOGLE_APPLICATION_CREDENTIALS=/usr/src/app/google/keys.json
CMD [ "npm", "start" ]
Puppeteer.js
const puppeteer = require('puppeteer');
/**
* Initializes and returns a puppeteer instance
* @name {getPuppeteerInstance}
* @returns {Promise} resolves with puppeteer instance
*/
module.exports = async () => {
try {
const options = {
headless: true,
args: ['--no-sandbox', '--disable-setuid-sandbox'],
defaultViewport: {
width: 1440,
height: 900,
},
timeout: 0, // 0ms timeout is no timeout
};
const browser = await puppeteer.launch(options);
const page = await browser.newPage(); ``
page.setDefaultTimeout(0);
page.setDefaultNavigationTimeout(0);
return { browser, page };
} catch (error) {
console.log(`error`, error);
return {};
}
};
预期结果是什么通过--no-sandbox,我希望它能够以root身份启动puppeteer,而无需设置沙箱。
会发生什么
error Error: Failed to launch chrome!
blackbox-app | [0113/220603.530554:ERROR:zygote_host_impl_linux.cc(89)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.
这里也有同样的问题,尝试了几件事来实现
Dockerfile
启用内核
RUN echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/userns.conf
添加用户并使用该用户启动铬
RUN adduser --disabled-password --disabled-login puppeteer
USER puppeteer
CMD ["your command"]
在码头-组合.yaml
cap_add:
- SYS_ADMIN