sar / code-container Goto Github PK

Launch your own Code Server container with preloaded SDKs for React, Python, C#, Cloud CLIs, secured by SSL Reverse Proxy.

License: MIT License

Shell 35.39% Dockerfile 64.61%

podman vs-code code-server codespaces docker docker-compose homelab linux debian dotnet-core

code-container's Introduction

Sar Malik

I'm Sar, a startup founder in the Generative AI space 🤗 focused on building SaaS tech to drive innovation. At the core of my skillset is a deep understanding of cloud architecture. I have extensive capability in leveraging Cloud Native solutions on AWS and Azure, and can design turn-key implementations to deliver scalable, secure, and highly available systems. If you're a Silicon Valley VC, angel investor, or simply someone who's excited about the future of artificial intelligence ecosystem, I'd love to connect and explore how we can work together to build something truly special.

🔭 Tech Stack

Data Science

Cloud Architecture

Front End

Back End

Github Stats

Find Me On...

🤝 Contributing

If you're interested in contributing to any of my projects, feel free to reach out or submit a pull request! I'm always looking for new ideas and collaborators.

code-container's People

Contributors

Stargazers

Watchers

Forkers

zakaluka gaviscada dainn90 viktortat charlklein devopstoday11 hugmatj shellenv devotionzhu liangtsao 6vpuna clozano80 lowcloudnine matthewhand

code-container's Issues

[CLI] Include Github CLI `gh` from homebrew repository by default

Github CLI is published on homebrew repositories, include in dockerfile layer by default.

https://github.com/DigitalTransformation/vs-code-container-with-ssl/blob/215a095e51d3cfd17d45d223d1d4084f24a7cbf2/dockerfile#L75-L76

`/var/run/docker.sock`: connect: permission denied inside container

User $DEFAULT_USER cannot access docker.sock inside container without sudo.

Trace

❯ docker ps -a
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json?all=1: dial unix /var/run/docker.sock: connect: permission denied

Current workaround

    systemctl enable docker && \
    chown $DEFAULT_USER:$DEFAULT_USER /var/run/docker.sock

[emerg] No such file or directory:fopen('/etc/nginx/certs/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file

nginx path /etc/nginx/certs/ expects default extension crt, workaround: users have to manually rename emitted file by generate_certs.sh

offending line

https://github.com/DigitalTransformation/vs-code-container-with-ssl/blob/215a095e51d3cfd17d45d223d1d4084f24a7cbf2/scripts/generate_certs.sh#L11

trace

code.proxy | forego     | starting nginx.1 on port 5200
code.proxy | forego     | sending SIGTERM to dockergen.1
code.proxy | forego     | sending SIGTERM to nginx.1
code.proxy | forego     | starting dockergen.1 on port 5000
code.proxy | forego     | starting nginx.1 on port 5100
code.proxy | nginx.1    | 2021/04/24 01:20:31 [emerg] 27#27: cannot load certificate "/etc/nginx/certs/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
code.proxy | forego     | starting nginx.1 on port 5200
code.proxy | forego     | sending SIGTERM to dockergen.1
code.proxy | forego     | sending SIGTERM to nginx.1

[emerg] 31-31: host not found in upstream "code" in /etc/nginx/nginx.conf:20

Ref local branch (uncommitted stash), usage of nginx reverse proxy throws exception.

Trace

code.proxy | WARNING: /etc/nginx/dhparam/dhparam.pem was not found. A pre-generated dhparam.pem will be used for now while a new one
code.proxy | is being generated in the background.  Once the new dhparam.pem is in place, nginx will be reloaded.
code.proxy | forego     | starting dockergen.1 on port 5000
code.proxy | forego     | starting nginx.1 on port 5100
code.proxy | nginx.1    | 2021/05/23 20:07:09 [emerg] 31#31: host not found in upstream "code" in /etc/nginx/nginx.conf:20
code.proxy | forego     | starting nginx.1 on port 5200
code.proxy | forego     | sending SIGTERM to dockergen.1
code.proxy | forego     | sending SIGTERM to nginx.1

USER abc should be USER $DEFAULT_USER

See https://github.com/DigitalTransformation/vs-code-container-with-ssl/blob/85793d29d2e3be038fe40c23461fce8f71883625/dockerfile#L71

Also, (untested) not to sure about the /home/linuxbrew lines, I would expect $Default_user there as well.

Unix `/tmp/docker.sock:` connect: permission denied

Proxy fails to resolve filesystem access on immutable GNU/Linux host instances where docker cannot be directly accessed without privileged escalation.

Trace

code.proxy | nginx.1    | 2021/05/23 19:46:21 [emerg] 32#32: open() "/etc/nginx/nginx.conf" failed (13: Permission denied)
code.proxy | dockergen.1 | 2021/05/23 19:46:21 Error retrieving docker server version info: Get "http://unix.sock/version": dial unix /tmp/docker.sock: connect: permission denied
code.proxy | dockergen.1 | 2021/05/23 19:46:21 Watching docker events
code.proxy | dockergen.1 | 2021/05/23 19:46:21 Error retrieving docker server info: Get "http://unix.sock/info": dial unix /tmp/docker.sock: connect: permission denied
code.proxy | dockergen.1 | 2021/05/23 19:46:21 Error listing containers: Get "http://unix.sock/containers/json?all=1": dial unix /tmp/docker.sock: connect: permission denied
code.proxy | forego     | starting nginx.1 on port 5200
code.proxy | forego     | sending SIGTERM to dockergen.1
code.proxy | dockergen.1 | 2021/05/23 19:46:21 Received signal: terminated
code.proxy | dockergen.1 | 2021/05/23 19:46:21 Received signal: terminated

Error: /home/linuxbrew/.linuxbrew/Homebrew is not writable.

Permission scopes on path /home/linuxbrew/.linuxbrew/Homebrew are not changed, update source paths in homebrew layer.

Source
https://github.com/DigitalTransformation/vs-code-container-with-ssl/blob/215a095e51d3cfd17d45d223d1d4084f24a7cbf2/dockerfile#L66-L69

Log

> brew install gh
Error: /home/linuxbrew/.linuxbrew/Homebrew is not writable. You should change the
ownership and permissions of /home/linuxbrew/.linuxbrew/Homebrew back to your
user account:
  sudo chown -R $(whoami) /home/linuxbrew/.linuxbrew/Homebrew
Error: The following directories are not writable by your user:
/home/linuxbrew/.linuxbrew/Homebrew
/home/linuxbrew/.linuxbrew/etc/bash_completion.d
/home/linuxbrew/.linuxbrew/share/doc
/home/linuxbrew/.linuxbrew/share/man
/home/linuxbrew/.linuxbrew/share/man/man1
/home/linuxbrew/.linuxbrew/var/homebrew/locks

You should change the ownership of these directories to your user.
  sudo chown -R $(whoami) /home/linuxbrew/.linuxbrew/Homebrew /home/linuxbrew/.linuxbrew/etc/bash_completion.d /home/linuxbrew/.linuxbrew/share/doc /home/linuxbrew/.linuxbrew/share/man /home/linuxbrew/.linuxbrew/share/man/man1 /home/linuxbrew/.linuxbrew/var/homebrew/locks

And make sure that your user has write permission.
  chmod u+w /home/linuxbrew/.linuxbrew/Homebrew /home/linuxbrew/.linuxbrew/etc/bash_completion.d /home/linuxbrew/.linuxbrew/share/doc /home/linuxbrew/.linuxbrew/share/man /home/linuxbrew/.linuxbrew/share/man/man1 /home/linuxbrew/.linuxbrew/var/homebrew/locks

[Compose] Invalid reference property `restart_policy: always` conflicts with `retry_count`

Trace

Creating code.proxy ... error

ERROR: for code.proxy  Cannot create container for service proxy: maximum retry count cannot be used with restart policy 'always'

ERROR: for proxy  Cannot create container for service proxy: maximum retry count cannot be used with restart policy 'always'
ERROR: Encountered errors while bringing up the project.

Exec `dotnet <tool>` resolution failure `~/.dotnet/tools/` not found in `${PATH}`, error thrown

Command dotnet <tool> does not resolve default ${PATH}=/home/${USER}/.dotnet/tools/:${PATH}, failure thrown to console.

$ dotnet ef database update 
Could not execute because the specified command or file was not found.
Possible reasons for this include:
  * You misspelled a built-in dotnet command.
  * You intended to execute a .NET program, but dotnet-ef does not exist.
  * You intended to run a global tool, but a dotnet-prefixed executable with this name could not be found on the PATH.

Resolution:

Include default export ${PATH}=~/.dotnet/tools/:${PATH} to shell config

[Docker] Image build fails on error: EACCES: permission denied, npm install 'netlify-cli'

Docker image rolling build fails when installing dependency for npm package: netlify-cli, see traces below.

Base Image: 2ab8f19aa5bc090a3e2686f6b46116650dec5d0c1c5e12f04fde76cfeab7fb93

Impacted Layer
https://github.com/DigitalTransformation/vs-code-container-with-ssl/blob/215a095e51d3cfd17d45d223d1d4084f24a7cbf2/dockerfile#L47-L48

Build Log / Traces:

> [email protected] postinstall /usr/lib/node_modules/netlify-cli/node_modules/esbuild
> node install.js

Trying to install "esbuild-linux-64" using npm
Failed to install "esbuild-linux-64" using npm: EACCES: permission denied, mkdir '/usr/lib/node_modules/netlify-cli/node_modules/esbuild/esbuild-9bm3l3e0sl'
Trying to download "https://registry.npmjs.org/esbuild-linux-64/-/esbuild-linux-64-0.8.46.tgz"
/usr/lib/node_modules/netlify-cli/node_modules/esbuild/install.js:217
      throw e;
      ^

### Error: EACCES: permission denied, open '/usr/lib/node_modules/netlify-cli/node_modules/esbuild/bin/esbuild'
    at Object.openSync (fs.js:462:3)
    at Object.writeFileSync (fs.js:1384:35)
    at /usr/lib/node_modules/netlify-cli/node_modules/esbuild/install.js:66:8
    at Generator.next (<anonymous>)
    at fulfilled (/usr/lib/node_modules/netlify-cli/node_modules/esbuild/install.js:6:24)
    at processTicksAndRejections (internal/process/task_queues.js:97:5) {
  errno: -13,
  syscall: 'open',
  code: 'EACCES',
  path: '/usr/lib/node_modules/netlify-cli/node_modules/esbuild/bin/esbuild'
}
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@~2.3.1 (node_modules/@aws-amplify/cli/node_modules/chokidar/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@~2.3.1 (node_modules/gatsby/node_modules/chokidar/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.2.7 (node_modules/gatsby/node_modules/watchpack-chokidar2/node_modules/chokidar/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.2.7 (node_modules/gatsby/node_modules/webpack-dev-server/node_modules/chokidar/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.2.7 (node_modules/gulp/node_modules/chokidar/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@~2.3.1 (node_modules/netlify-cli/node_modules/rollup/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: @netlify/traffic-mesh-agent-win32-x64@^0.27.10 (node_modules/netlify-cli/node_modules/@netlify/traffic-mesh-agent/node_modules/@netlify/traffic-mesh-agent-win32-x64):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for @netlify/[email protected]: wanted {"os":"win32","arch":"x64"} (current: {"os":"linux","arch":"x64"})
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: @netlify/traffic-mesh-agent-darwin-x64@^0.27.10 (node_modules/netlify-cli/node_modules/@netlify/traffic-mesh-agent/node_modules/@netlify/traffic-mesh-agent-darwin-x64):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for @netlify/[email protected]: wanted {"os":"darwin","arch":"x64"} (current: {"os":"linux","arch":"x64"})
npm WARN [email protected] requires a peer of [email protected] || 5.x.x but none is installed. You must install peer dependencies yourself.
npm WARN @webpack-cli/[email protected] requires a peer of [email protected] || 5.x.x but none is installed. You must install peer dependencies yourself.
npm WARN @octokit/[email protected] requires a peer of @octokit/core@>=3 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of react@^16.4.2 || ^17.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of react-dom@^16.4.2 || ^17.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @reach/[email protected] requires a peer of [email protected] || 16.x || 16.4.0-alpha.0911da3 but none is installed. You must install peer dependencies yourself.
npm WARN @reach/[email protected] requires a peer of [email protected] || 16.x || 16.4.0-alpha.0911da3 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of react@^16.4.2 || ^17.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of react-dom@^16.4.2 || ^17.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of react@^16.4.2 || ^17.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of react-dom@^16.4.2 || ^17.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of react@^15.0.0 || ^16.0.0 || ^17.0.0  but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of react-dom@^15.0.0 || ^16.0.0 || ^17.0.0  but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of react@^0.14.0 || ^15.0.0 || ^16.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of typescript@>=2.7 but none is installed. You must install peer dependencies yourself.

npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] postinstall: `node install.js`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the [email protected] postinstall script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /config/.npm/_logs/2021-02-16T20_00_08_862Z-debug.log
The command '/bin/sh -c npm install -g webpack-cli create-react-app gatsby gulp netlify-cli @aws-amplify/cli' returned a non-zero code: 1

Unable to obtain lock file access on '/tmp/NuGetScratch/lock/<<HASH>>' for operations on '/config/.nuget/NuGet/NuGet.Config`

dotnet runtime fails on default build requiring user to perform manual chown on dir.

Trace

❯ dotnet watch run
watch : Started
/usr/share/dotnet/sdk/5.0.203/NuGet.targets(565,5): error : Unable to obtain lock file access on '/tmp/NuGetScratch/lock/<<HASH>>' for operations on '/config/.nuget/NuGet/NuGet.Config'. This may mean that a different user or administrator is holding this lock and that this process does not have permission to access it. If no other process is currently performing an operation on this file it may mean that an earlier NuGet process crashed and left an inaccessible lock file, in this case removing the file '/tmp/NuGetScratch/lock/<<HASH>>` will allow NuGet to continue. 

The build failed. Fix the build errors and run again.
watch : Exited with error code 1

Current workaround:

$ sudo chown $(whoami):$(whoami) /tmp/NuGetScratch

sar / code-container Goto Github PK

code-container's Introduction

Sar Malik

🔭 Tech Stack

Data Science

Cloud Architecture

Front End

Back End

Github Stats

Find Me On...

🤝 Contributing

code-container's People

Contributors

Stargazers

Watchers

Forkers

code-container's Issues

Recommend Projects

Recommend Topics

Recommend Org