Running Firefox in an Arch Linux container, with Arch as Host, on the default "bridge" network

my friends i’ve tried everything from watching youtube videos, reviewing all the forums found online and i keep getting these:
Error cannot open display: :0
Error: cannot open display: :1
Error: cannot open display: unix:1

The opening command I use is as follows

docker run -it --rm -p 10443:443 --env=“DISPLAY” --net=bridge *–name TESTING archlinux

i’ve tried issuing the following command as well, to no avail: DISPLAY=unix$DISPLAY

i’ve updated the image and installed the entire gnome package group to no avail (56 packages…not sure what ones are mandatory, but i actually installed all 56 of them multiple times in an attempt to launch firefox from arch docker on docker, pls advise. ty, m :smiley:

Maybe you start with stating what you want to achieve? You want to use Firefox GUI on your host?

Correct. And I want to close port 443 to completely close all “known” https/https ports on this computer, as 80 and 8080 etc. are already sealed closed. I wish to use a high port number for https, henche the association with 10443, which will be adjusted regularly if possible. More importantly, I wish to start with the official archlinux base image to acccomplish the task. Thank you!

What do you mean by closing the ports in context with Firefox browser?

Usually ports like 80+443 are opened on the node for server process to listen to incoming requests. Whereas an outgoing request from a browser will locally originate from a random port number. Are you talking about ports for incoming or outgoing connections?

Furthermore what window system is you host using? X11 or wayland? It should be compatible with the browser Docker image to work.

An alternative is to run a full desktop with browser within the container and just access it via VNC protocol. We used this image in the past, but it hasn’t received any (security) updates in 3 years. So you should look for an alternative, if VNC or RDP works for you.

Thanks for your reply.

I’ve tried using the base archlinux image, installing firefox, ALL 56 GNOME packages, xorg-server w/ cpu driver, i’ve updated pacman manually and I keep getting the same Error: cannot open display:1

I’ve issued environmental variables with the run command in various formats:

DISPLAY=unix$DISPLAY Error: cannot open display: unix:1
-e “DISPLAY=:1” Error: cannot open display:1
–env=“DISPLAY” --net=bridge Error: cannot open display:1

My understanding is I can also use the port variable with the run command to redirect https traffic from port 443 to any reasonable port, I chose 10443 to start the experiment but keep getting my brakes slammed without any input other than the general “display errors,” above.

I might be willing to try an alpine setup but will never work with ubuntu, it’s too corporate for me, but ty.

I used the most popular firefox docker image last night on localhost:5800 but found that it used port 443 also…what can you advise?

What do you mean by that? Firefox is opening a listening port on 443? That doesn’t make sense.

Why don’t you name and link the image you are using???

I tried to understand the question, but I couldn’t. Especially the part about blocking ports which in my opinion has nothing to do with firefox running in a container. I could be wrong, if I misunderstand the question, but when everyone misunderstoods the question, it is good to consider that the question might be unclear, instead of insulting everyone else who tries to help. In fact, after reading the posts multiple times I got an idea, but still guess…

Since it was the second time, I removed the last post and hope a different attitude after two weeks.

By the way I wrote an entire tutorial about running firefox in a container using a different approach that works even with Docker Desktop. It is similar to what @bluepuma77 already suggested.

https://learn-docker.it-sziget.hu/en/latest/pages/advanced/kernel-namespaces-network.html#running-a-web-browser-in-a-net-namespace-in-a-vm-docker-desktop

When I’m on Linux and using Docker CE, if I want to run a web browser that has access to a service which is not puvblicly available, only in a container, I usually just run the firefox on my host machine, but as an argument of nsenter so it runs in the network namespace of the container. That works only with a firefox that was not installed as a Snap package.

container_name="mycontainer"
network_namespace="$(docker container inspect "$container_name" --format '{{ .NetworkSettings.SandboxKey }}')"
nsenter --net=$network_namespace firefox

Of course this is not what was asked, but what could be a solution to the original problem which we don’t know.

If we are talking about the original post, just setting an environment variable will not connect the container to the graphical interface of the host. That is why you would mount a specific unix socket unless it is Docker Desktop where it is not possible so that the GUI in the container could be forwarded to a specific IP address, which I tried long time ago and I wouldn’t try to find it out again for now.

A container don’t use host ports automatically unless you forward a port from the host to the container or in case of MacVLAN or IPVLan. Even then it is not the container that uses the port, but the application that listens on it. So it would be pretty hard to suggest anything without knowing What Docker image we are talking about.

For blocking requests from other machines when using MacVLAN or IPVlan, firewalls can be used.