Hey folks, I’m stuck with a Puppeteer problem in Docker. Help!
I made this cool app using Puppeteer on my computer. But when I tried to put it on a Debian server, things went south. The Puppeteer script keeps timing out. I guess it’s because Debian doesn’t have all the stuff Chromium needs.
I tried using Docker, but I’m hitting a wall. When I run it as a regular user, I get this error:
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
Then I tried running as root, but got:
Running as root without --no-sandbox is not supported.
I know it’s not the best idea, but I want to try the --no-sandbox option just to see if it works. How do I add that to my Docker command? Or what should I change in my Dockerfile to make it work with the pptruser I created?
I’ve been running my app like this:
docker run -p 3000:3000 user/app-name
Any ideas on how to fix this? I’m pretty new to Docker and Puppeteer, so simple explanations would be awesome. Thanks!
I’ve encountered similar issues when deploying Puppeteer in Docker. One approach that’s worked well for me is using the official Puppeteer Docker image as a base. It comes pre-configured with the necessary dependencies and a non-root user.
In your Dockerfile, start with:
FROM puppeteer/puppeteer:latest
This image already includes Chrome and the required libraries. You can then add your application code and dependencies on top of this base image.
For running the container, ensure you’re using the --cap-add=SYS_ADMIN flag:
docker run --cap-add=SYS_ADMIN -p 3000:3000 user/app-name
This grants the necessary permissions without resorting to running as root or disabling the sandbox entirely. It’s a good balance between functionality and security for most use cases.
yo dave, been there man. try this: use the puppeteer docker image as ur base. its way easier. just add this to ur dockerfile:
FROM puppeteer/puppeteer:latest
then add ur app stuff. when u run it, do:
docker run --cap-add=SYS_ADMIN -p 3000:3000 user/app-name
should work without the sandbox headache. good luck bro!
I’ve been down this road before, and it can be tricky. Here’s what worked for me:
Instead of running as root or using --no-sandbox (which can be risky), try adjusting your Dockerfile. Add these lines:
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
RUN sh -c ‘echo “deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main” >> /etc/apt/sources.list.d/google.list’
RUN apt-get update && apt-get install -y google-chrome-stable
This installs Chrome in your container. Then, when running Puppeteer, use:
const browser = await puppeteer.launch({executablePath: ‘/usr/bin/google-chrome’, args: [‘–no-sandbox’, ‘–disable-setuid-sandbox’]});
This worked for me without compromising security too much. Remember to run your container with the --cap-add=SYS_ADMIN flag. Hope this helps!