[CentOS] Private Browse With Docker, Centos, Mate Desktop, VNC, OpenVPN and Tor

Sun Oct 15 10:34:25 UTC 2017
Andreas Benzler <andreas at benzlerweb.de>

Here is my complete setup with Docker for example.

 what I use: CentOS and Mate Desktop,systemd and VNC. It provides additional OpenVPN and Tor.
Mate works better as gnome desktop. If somebody is interested.

Downloaded adobe and nux repo for VLC (needs to be hacked to run as root).

https://github.com/CentOS/sig-cloud-instance-images/tree/66add29c188e42d4d855f4d4acdb2b73d547edb6/docker <https://github.com/CentOS/sig-cloud-instance-images/tree/66add29c188e42d4d855f4d4acdb2b73d547edb6/docker>

Everything runs as root as a test case. 



Sample setup:

FROM scratch
ADD centos-7.4.1708-docker.tar.xz /

LABEL name="CentOS Base Image" \
    vendor="CentOS" \
    license="GPLv2" \

COPY adobe-release-x86_64-1.0-1.noarch.rpm /root/adobeflash.rpm
COPY nux-dextop-release-0-5.el7.nux.noarch.rpm /root/nux.rpm

RUN yum -y install /root/adobeflash.rpm; \
    yum -y install epel-release; \
    yum -y install /root/nux.rpm; \
    rm -f /root/adobeflash.rpm /root/nux.rpm; \
    yum -y update; \
    yum install -y tigervnc-server xterm ; \
    yum install -y mate-applets mate-backgrounds.noarch mate-control-center mate-control-center-filesystem mate-desktop mate-desktop-libs mate-icon-theme mate-menus mate-menus-libs mate-notification-daemon mate-panel mate-panel-libs mate-polkit mate-session-manager mate-settings-daemon mate-system-monitor mate-terminal mate-themes mate-user-guide caja-open-terminal caja-wallpaper pluma engrampa unrar p7zip; \
    yum -y install gnome-icon-theme.noarch gnome-keyring gnome-themes-standard; 

RUN    yum install -y bind-utils net-tools traceroute tor openvpn openssh-server openssh-clients;

RUN    yum install -y firefox thunderbird vlc eog ; sed -i 's/geteuid/getppid/' /usr/bin/vlc;
RUN rm -f /etc/localtime;cd /etc; ln -s  ln -s ../usr/share/zoneinfo/Europe/Amsterdam localtime

RUN yum -y install ntp; systemctl enable ntpd 

RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*; \
systemctl enable tor; systemctl enable sshd

VOLUME [ "/sys/fs/cgroup" ]

RUN echo -e 'vncpassword\vncpassword\n' | vncpasswd

RUN cp /lib/systemd/system/vncserver at .service /etc/systemd/system/vncserver@:0.service
RUN sed 's/<USER>/root/g' -i /etc/systemd/system/vncserver@:0.service

RUN sed 's/\/usr\/bin\/vncserver %i/\/usr\/bin\/vncserver %i -geometry 1280x1024/g' -i /etc/systemd/system/vncserver@:0.service

RUN sed 's/\/home\/root/\/root/g' -i /etc/systemd/system/vncserver@:0.service

RUN systemctl enable vncserver@:0.service

RUN echo "#!/bin/sh" > /root/.vnc/xstartup
RUN echo "unset SESSION_MANAGER" >> /root/.vnc/xstartup
RUN echo "unset DBUS_SESSION_BUS_ADDRESS" >> /root/.vnc/xstartup
RUN echo "#exec /etc/X11/xinit/xinitrc" >>  /root/.vnc/xstartup
RUN echo "/usr/bin/mate-session" >> /root/.vnc/xstartup
RUN chmod +x /root/.vnc/xstartup


CMD ["/usr/sbin/init"]

# docker build --squash --rm --no-cache -t 'centos/mate‘ .

#example of runs versions...
# docker run --privileged --device=/dev/tun0:/dev/net/tun  -p 24:22 -p 5901:5900 -d 'centos/mate'
# docker run  --rm -it --net=host --name docker-myimage -v /sys/fs/cgroup:/sys/fs/cgroup:ro  -d 'centos7.4.1708/systemd'  -p 5901:5901