Hey everyone, I’m stuck with a tricky situation. I’ve got this app that uses Puppeteer, and it works fine on my local machine. But when I try to deploy it on a Debian server, things go south.
I’ve been trying to get it running in a Docker container, but I’m hitting some roadblocks. When I run it as a non-root user, I get this error:
Failed to move to new namespace: PID namespaces supported, Network namespace supported, but failed: errno = Operation not permitted
And when I switch to root, I get:
Running as root without --no-sandbox is not supported.
I know it’s not the best practice, but I’m wondering if anyone knows how to pass the --no-sandbox flag to Chrome when running in Docker? Or maybe there’s a way to tweak my Dockerfile to make it work with a non-root user?
I’ve tried a bunch of things, but I’m really out of ideas here. Any help would be awesome! Thanks in advance!
I’ve encountered similar issues when deploying Puppeteer in Docker. While using --no-sandbox isn’t ideal, it’s sometimes necessary in containerized environments. Here’s what worked for me:
- In your Dockerfile, set up a non-root user and give them the necessary permissions.
- Install the required dependencies for Chromium.
- When launching Puppeteer, use both --no-sandbox and --disable-setuid-sandbox flags.
Here’s a snippet from my Dockerfile:
RUN apt-get update && apt-get install -y wget gnupg2 apt-utils
RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
RUN echo 'deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main' >> /etc/apt/sources.list.d/google.list
RUN apt-get update && apt-get install -y google-chrome-stable
RUN groupadd -r pptruser && useradd -r -g pptruser -G audio,video pptruser
USER pptruser
This setup has worked reliably for me in production. Just remember to handle any potential security implications appropriately.
hey sofiap, i’ve dealt with this before. try adding these args to ur puppeteer.launch():
{args: [‘–no-sandbox’, ‘–disable-setuid-sandbox’]}
it’s not perfect but it should work. just be careful with security. good luck!
I’ve been in your shoes, and it’s definitely a tricky situation. One approach that worked for me was using the --cap-add=SYS_ADMIN flag when running the Docker container. This gives the container the necessary privileges to run Chrome without sandbox mode.
Here’s how you can modify your Docker run command:
docker run --cap-add=SYS_ADMIN your-image-name
In your Puppeteer code, you can then launch the browser like this:
const browser = await puppeteer.launch({
executablePath: '/usr/bin/google-chrome-stable',
args: ['--no-sandbox', '--disable-setuid-sandbox']
});
This combination should allow Puppeteer to run without sandbox mode in your Docker container. Just be aware of the security implications and use this approach cautiously in production environments.