[Bug] SECURE_CONNECTION_VNC_METHOD and VNC_PASSWORD create problems accessing via browser (5800)

[SiriosDev]

Current Behavior

SECURE_CONNECTION_VNC_METHOD=TLS 🟥 and VNC_PASSWORD 🟨 (with WEB_AUTHENTICATION active) create problems to access from browser (5800). The first completely incapacitates the access (after login) by showing failed connection. While the second one shows the vnc password prompt even after web login

Expected Behavior

No response

Steps To Reproduce

No response

Environment

• OS: Debian
• OS version: 12
• CPU: x86-64
• Docker version: 27.3.1
• Browser: Chromium Based & Firefox

Container creation

services:
  jd2:
    container_name: jd2
    hostname: jd2
    deploy:
      resources:
        limits:
          memory: 512M
    ports:
      - 5800:5800
      - 5900:5900
    volumes:
      - ./binds/config:/config:rw
      - /media:/media:rw
    image: jlesage/jdownloader-2
    restart: unless-stopped
    environment:
      - TZ=Europe/Rome
      - KEEP_APP_RUNNING=1
      - DARK_MODE=1
      - WEB_AUTHENTICATION=1
      - WEB_AUTHENTICATION_USERNAME=[REDACTED]
      - WEB_AUTHENTICATION_PASSWORD=[REDACTED]
      - SECURE_CONNECTION=1
      - SECURE_CONNECTION_VNC_METHOD=TLS
      - VNC_PASSWORD=[REDACTED]
      - MYJDOWNLOADER_EMAIL=[REDACTED]
      - MYJDOWNLOADER_PASSWORD=[REDACTED]
      - MYJDOWNLOADER_DEVICE_NAME=[REDACTED]

Container log

[init        ] container is starting...
[cont-env    ] loading container environment variables...
[cont-env    ] APP_NAME: loading...
[cont-env    ] DISPLAY: executing...
[cont-env    ] DISPLAY: terminated successfully.
[cont-env    ] DISPLAY: loading...
[cont-env    ] DOCKER_IMAGE_PLATFORM: loading...
[cont-env    ] DOCKER_IMAGE_VERSION: loading...
[cont-env    ] EGL_LOG_LEVEL: executing...
[cont-env    ] EGL_LOG_LEVEL: terminated successfully.
[cont-env    ] EGL_LOG_LEVEL: loading...
[cont-env    ] GSK_RENDERER: executing...
[cont-env    ] GSK_RENDERER: terminated successfully.
[cont-env    ] GSK_RENDERER: loading...
[cont-env    ] GTK2_RC_FILES: executing...
[cont-env    ] GTK2_RC_FILES: terminated successfully.
[cont-env    ] GTK2_RC_FILES: loading...
[cont-env    ] GTK_THEME: executing...
[cont-env    ] GTK_THEME: terminated successfully.
[cont-env    ] GTK_THEME: loading...
[cont-env    ] HOME: loading...
[cont-env    ] INSTALL_PACKAGES_INTERNAL: executing...
[cont-env    ] INSTALL_PACKAGES_INTERNAL: terminated successfully.
[cont-env    ] INSTALL_PACKAGES_INTERNAL: not setting variable.
[cont-env    ] LIBGL_DRIVERS_PATH: executing...
[cont-env    ] LIBGL_DRIVERS_PATH: terminated successfully.
[cont-env    ] LIBGL_DRIVERS_PATH: loading...
[cont-env    ] PULSE_CONFIG_PATH: executing...
[cont-env    ] PULSE_CONFIG_PATH: terminated successfully.
[cont-env    ] PULSE_CONFIG_PATH: not setting variable.
[cont-env    ] PULSE_COOKIE: executing...
[cont-env    ] PULSE_COOKIE: terminated successfully.
[cont-env    ] PULSE_COOKIE: not setting variable.
[cont-env    ] PULSE_SERVER: executing...
[cont-env    ] PULSE_SERVER: terminated successfully.
[cont-env    ] PULSE_SERVER: not setting variable.
[cont-env    ] QT_STYLE_OVERRIDE: executing...
[cont-env    ] QT_STYLE_OVERRIDE: terminated successfully.
[cont-env    ] QT_STYLE_OVERRIDE: loading...
[cont-env    ] TAKE_CONFIG_OWNERSHIP: loading...
[cont-env    ] XDG_CACHE_HOME: loading...
[cont-env    ] XDG_CONFIG_HOME: loading...
[cont-env    ] XDG_DATA_HOME: loading...
[cont-env    ] XDG_RUNTIME_DIR: loading...
[cont-env    ] XDG_STATE_HOME: loading...
[cont-env    ] container environment variables initialized.
[cont-secrets] loading container secrets...
[cont-secrets] container secrets loaded.
[cont-init   ] executing container initialization scripts...
[cont-init   ] 10-certs.sh: executing...
[cont-init   ] 10-certs.sh: terminated successfully.
[cont-init   ] 10-check-app-niceness.sh: executing...
[cont-init   ] 10-check-app-niceness.sh: terminated successfully.
[cont-init   ] 10-clean-logmonitor-states.sh: executing...
[cont-init   ] 10-clean-logmonitor-states.sh: terminated successfully.
[cont-init   ] 10-clean-tmp-dir.sh: executing...
[cont-init   ] 10-clean-tmp-dir.sh: terminated successfully.
[cont-init   ] 10-fontconfig-cache-dir.sh: executing...
[cont-init   ] 10-fontconfig-cache-dir.sh: terminated successfully.
[cont-init   ] 10-init-users.sh: executing...
[cont-init   ] 10-init-users.sh: terminated successfully.
[cont-init   ] 10-nginx.sh: executing...
[cont-init   ] 10-nginx.sh: terminated successfully.
[cont-init   ] 10-openbox.sh: executing...
[cont-init   ] 10-openbox.sh: terminated successfully.
[cont-init   ] 10-pkgs-mirror.sh: executing...
[cont-init   ] 10-pkgs-mirror.sh: terminated successfully.
[cont-init   ] 10-pulse.sh: executing...
[cont-init   ] 10-pulse.sh: terminated successfully.
[cont-init   ] 10-set-tmp-dir-perms.sh: executing...
[cont-init   ] 10-set-tmp-dir-perms.sh: terminated successfully.
[cont-init   ] 10-vnc-password.sh: executing...
[cont-init   ] 10-vnc-password.sh: creating VNC password file from environment variable...
[cont-init   ] 10-vnc-password.sh: terminated successfully.
[cont-init   ] 10-web-data.sh: executing...
[cont-init   ] 10-web-data.sh: terminated successfully.
[cont-init   ] 10-webauth.sh: executing...
[cont-init   ] 10-webauth.sh: Updating password for user [REDACTED]
[cont-init   ] 10-webauth.sh: terminated successfully.
[cont-init   ] 10-x11-unix.sh: executing...
[cont-init   ] 10-x11-unix.sh: terminated successfully.
[cont-init   ] 10-xdg-runtime-dir.sh: executing...
[cont-init   ] 10-xdg-runtime-dir.sh: terminated successfully.
[cont-init   ] 15-cjk-font.sh: executing...
[cont-init   ] 15-cjk-font.sh: terminated successfully.
[cont-init   ] 15-install-pkgs.sh: executing...
[cont-init   ] 15-install-pkgs.sh: terminated successfully.
[cont-init   ] 55-jdownloader2.sh: executing...
[cont-init   ] 55-jdownloader2.sh: terminated successfully.
[cont-init   ] 85-take-config-ownership.sh: executing...
[cont-init   ] 85-take-config-ownership.sh: terminated successfully.
[cont-init   ] 89-info.sh: executing...
    ╭――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╮
    │                                                                      │
    │ Application:           JDownloader 2                                 │
    │ Application Version:   n/a                                           │
    │ Docker Image Version:  24.09.1                                       │
    │ Docker Image Platform: linux/amd64                                   │
    │                                                                      │
    ╰――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――╯
[cont-init   ] 89-info.sh: terminated successfully.
[cont-init   ] all container initialization scripts executed.
[init        ] giving control to process supervisor.
[supervisor  ] loading services...
[supervisor  ] loading service 'default'...
[supervisor  ] loading service 'logrotate'...
[supervisor  ] loading service 'logmonitor'...
[supervisor  ] service 'logmonitor' is disabled.
[supervisor  ] loading service 'app'...
[supervisor  ] loading service 'gui'...
[supervisor  ] loading service 'xcompmgr'...
[supervisor  ] loading service 'openbox'...
[supervisor  ] loading service 'xvnc'...
[supervisor  ] loading service 'certsmonitor'...
[supervisor  ] loading service 'pulseaudio'...
[supervisor  ] service 'pulseaudio' is disabled.
[supervisor  ] loading service 'audiorecorder'...
[supervisor  ] service 'audiorecorder' is disabled.
[supervisor  ] loading service 'nginx'...
[supervisor  ] loading service 'webauth'...
[supervisor  ] all services loaded.
[supervisor  ] starting services...
[supervisor  ] starting service 'xvnc'...
[xvnc        ] Xvnc TigerVNC 1.13.1 - built Aug 31 2024 13:06:50
[xvnc        ] Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst)
[xvnc        ] See https://www.tigervnc.org for information on TigerVNC.
[xvnc        ] Underlying X server release 12014000
[xvnc        ] Sun Oct 13 17:04:44 2024
[xvnc        ]  vncext:      VNC extension running!
[xvnc        ]  vncext:      Listening for VNC connections on /tmp/vnc.sock (mode 0660)
[xvnc        ]  vncext:      Listening for VNC connections on all interface(s), port 5900
[xvnc        ]  vncext:      created VNC server for screen 0
[supervisor  ] starting service 'openbox'...
[supervisor  ] starting service 'xcompmgr'...
[supervisor  ] starting service 'webauth'...
[supervisor  ] starting service 'nginx'...
[nginx       ] Listening for HTTPs connections on port 5800.
[supervisor  ] starting service 'app'...
[supervisor  ] all services started.
[xvnc        ] Sun Oct 13 17:05:07 2024
[xvnc        ]  Connections: accepted: /tmp/vnc.sock
[xvnc        ]  SConnection: Client needs protocol version 3.8
[xvnc        ]  SConnection: Client requests security type VeNCrypt(19)
[xvnc        ]  VNCSConnST:  closing /tmp/vnc.sock: Clean disconnection
[xvnc        ]  EncodeManager: Framebuffer updates: 0
[xvnc        ]  EncodeManager:   Total: 0 rects, 0 pixels
[xvnc        ]  EncodeManager:          0 B (1:-nan ratio)
[xvnc        ]  Connections: closed: /tmp/vnc.sock
[xvnc        ]  ComparingUpdateTracker: 0 pixels in / 0 pixels out
[xvnc        ]  ComparingUpdateTracker: (1:-nan ratio)
[supervisor  ] SIGTERM received, shutting down...
[supervisor  ] stopping service 'app'...
[supervisor  ] service 'app' exited (with status 127).
[supervisor  ] stopping service 'nginx'...
[supervisor  ] service 'nginx' exited (with status 0).
[supervisor  ] stopping service 'webauth'...
[supervisor  ] service 'webauth' exited (got signal SIGTERM).
[supervisor  ] stopping service 'xcompmgr'...
[supervisor  ] service 'xcompmgr' exited (got signal SIGTERM).
[supervisor  ] stopping service 'openbox'...
[supervisor  ] service 'openbox' exited (with status 0).
[supervisor  ] stopping service 'xvnc'...
[xvnc        ] Sun Oct 13 17:05:43 2024
[xvnc        ]  ComparingUpdateTracker: 0 pixels in / 0 pixels out
[xvnc        ]  ComparingUpdateTracker: (1:-nan ratio)
[supervisor  ] service 'xvnc' exited (with status 0).
[finish      ] executing container finish scripts...
[finish      ] all container finish scripts executed.

Container inspect

No response

Anything else?

No response

[jlesage]

The first completely incapacitates the access (after login) by showing failed connection.

You are right. Looks like SECURE_CONNECTION_VNC_METHOD=TLS never worked with the web.
Are you accessing the container via both the web and VNC clients ?

While the second one shows the vnc password prompt even after web login

This is expected. VNC_PASSWORD works at the VNC protocol level, while WEB_AUTHENTICATION provide restriction to the web interface.

[SiriosDev]

Sorry for the extreme delay, I was convinced I had answered, I remembered seeing the today release.

Are you accessing the container via both the web and VNC clients ?

Yes, but not at the same time

This is expected. VNC_PASSWORD works at the VNC

Ah okay, so there is no way to have the two together? Maybe auto enter the vnc password if web authenciation is present?

[jlesage]

With the latest release, usage of SECURE_CONNECTION_VNC_METHOD=TLS no longer cause web access failure.

For the VNC password, because there is a single VNC server running used to server both the VNC and WEB clients, it might be harder to avoid the password only from web clients... I can check what can be done.