forked from jlesage/docker-baseimage-gui
-
Notifications
You must be signed in to change notification settings - Fork 0
/
baseimagedefs.xml
587 lines (571 loc) · 28.4 KB
/
baseimagedefs.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
<!--
Definitions for docker-baseimage-gui.
This file is used as data source to generate README.md and unRAID template files
from Jinja2 templates.
-->
<defs>
<baseimage>
<name>baseimage-gui</name>
<title>A minimal docker baseimage to ease creation of X graphical application containers</title>
<description>
This is a docker baseimage that can be used to create containers able to run any
X application on a headless server very easily. The application's GUI is
accessed through a modern web browser (no installation or configuration needed
on client side) or via any VNC client.
</description>
<gui>True</gui>
<!-- Extra stuff to be added to the documentation. -->
<documentation>
<section>
<title level="2">Accessing the GUI</title>
<content>
Assuming that container's ports are mapped to the same host's ports, the
graphical interface of the application can be accessed via:
* A web browser:
```
http://<HOST IP ADDR>:5800
```
* Any VNC client:
```
<HOST IP ADDR>:5900
```
</content>
</section>
<section>
<title level="2">Security</title>
<content>
By default, access to the application's GUI is done over an unencrypted
connection (HTTP or VNC).
Secure connection can be enabled via the `SECURE_CONNECTION` environment
variable. See the [Environment Variables](#environment-variables) section for
more details on how to set an environment variable.
When enabled, application's GUI is performed over an HTTPs connection when
accessed with a browser. All HTTP accesses are automatically redirected to
HTTPs.
When using a VNC client, the VNC connection is performed over SSL. Note that
few VNC clients support this method. [SSVNC] is one of them.
</content>
</section>
<section>
<title level="3">SSVNC</title>
<content>
[SSVNC] is a VNC viewer that adds encryption security to VNC connections.
While the Linux version of [SSVNC] works well, the Windows version has some
issues. At the time of writing, the latest version `1.0.30` is not functional,
as a connection fails with the following error:
```
ReadExact: Socket error while reading
```
However, for your convienence, an unoffical and working version is provided
here:
https://github.com/jlesage/docker-baseimage-gui/raw/master/tools/ssvnc_windows_only-1.0.30-r1.zip
The only difference with the offical package is that the bundled version of
`stunnel` has been upgraded to version `5.49`, which fixes the connection
problems.
</content>
</section>
<section>
<title level="3">Certificates</title>
<content>
Here are the certificate files needed by the container. By default, when they
are missing, self-signed certificates are generated and used. All files have
PEM encoded, x509 certificates.
| Container Path | Purpose | Content |
|---------------------------------|----------------------------|---------|
|`/config/certs/vnc-server.pem` |VNC connection encryption. |VNC server's private key and certificate, bundled with any root and intermediate certificates.|
|`/config/certs/web-privkey.pem` |HTTPs connection encryption.|Web server's private key.|
|`/config/certs/web-fullchain.pem`|HTTPs connection encryption.|Web server's certificate, bundled with any root and intermediate certificates.|
**NOTE**: To prevent any certificate validity warnings/errors from the browser
or VNC client, make sure to supply your own valid certificates.
**NOTE**: Certificate files are monitored and relevant daemons are automatically
restarted when changes are detected.
</content>
</section>
<section>
<title level="3">VNC Password</title>
<content>
To restrict access to your application, a password can be specified. This can
be done via two methods:
* By using the `VNC_PASSWORD` environment variable.
* By creating a `.vncpass_clear` file at the root of the `/config` volume.
This file should contains the password in clear-text. During the container
startup, content of the file is obfuscated and moved to `.vncpass`.
The level of security provided by the VNC password depends on two things:
* The type of communication channel (encrypted/unencrypted).
* How secure access to the host is.
When using a VNC password, it is highly desirable to enable the secure
connection to prevent sending the password in clear over an unencrypted channel.
Access to the host by unexpected users with sufficient privileges can be
dangerous as they can retrieve the password with the following methods:
* By looking at the `VNC_PASSWORD` environment variable value via the
`docker inspect` command. By defaut, the `docker` command can be run only
by the root user. However, it is possible to configure the system to allow
the `docker` command to be run by any users part of a specific group.
* By decrypting the `/config/.vncpass` file. This requires the user to have
the appropriate permission to read the file: it has to be root or be the
user defined by the `USER_ID` environment variable. Also, to be able to
retrieve the correct decryption key, one needs to know that the content of
the file was generated by `x11vnc`.
</content>
</section>
<section>
<title level="3">DH Parameters</title>
<content>
Diffie-Hellman (DH) parameters define how the [DH key-exchange] is performed.
More details about this algorithm can be found on the [OpenSSL Wiki].
DH Parameters are saved into the PEM encoded file located inside the container
at `/config/certs/dhparam.pem`. By default, when this file is missing, 2048
bits DH parameters are automatically generated. Note that this one-time
operation takes some time to perform and increases the startup time of the
container.
</content>
</section>
<link>
<name>SSVNC</name>
<url>http://www.karlrunge.com/x11vnc/ssvnc.html</url>
</link>
<link>
<name>DH key-exchange</name>
<url>https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange</url>
</link>
<link>
<name>OpenSSL Wiki</name>
<url>https://wiki.openssl.org/index.php/Diffie_Hellman</url>
</link>
</documentation>
<!-- Changelog. -->
<history>
<release>
<version>3.5.3</version>
<date>2019-10-04</date>
<change>Now using version 2.4.3 of `jlesage/baseimage`, which bring the following changes:</change>
<change level="2">Updated installed packages to get latest security fixes.</change>
<change level="2">Make sure the tzdata is installed.</change>
</release>
<release>
<version>3.5.2</version>
<date>2019-04-24</date>
<change>Now using version 2.4.2 of `jlesage/baseimage`, which bring the following changes:</change>
<change level="2">Updated installed packages to get latest security fixes.</change>
<change>Fixed issue where the container could have a zombie process.</change>
<change>Fixed issue where the password would not be submitted when pressing the enter key in the password modal.</change>
<change>Use relative path for favicon ressources to be more friendly with reverse proxy senarios.</change>
</release>
<release>
<version>3.5.1</version>
<date>2018-09-18</date>
<change>Now using version 2.4.1 of `jlesage/baseimage`, which bring the following changes:</change>
<change level="2">Updated installed packages to get latest security fixes.</change>
</release>
<release>
<version>3.5.0</version>
<date>2018-08-14</date>
<change>Added baseimage based on Ubuntu 18.04.</change>
</release>
<release>
<version>3.4.0</version>
<date>2018-07-06</date>
<change>Added images based on Alpine Linux 3.8.</change>
<change>Added images based on Debian 9.</change>
</release>
<release>
<version>3.3.6</version>
<date>2018-04-12</date>
<change>Now using version 2.2.8 of jlesage/baseimage, which brings the following changes:</change>
<change level="2">Fixed architecture of ubuntu baseimage: it is meant to be 64-bit.</change>
</release>
<release>
<version>3.3.5</version>
<date>2018-04-03</date>
<change>Now using version 2.2.7 of jlesage/baseimage, which brings the following changes:</change>
<change level="2">Upgraded s6-overlay to version 1.21.4.0.</change>
<change level="2">Wait for a limited time when terminating a service.</change>
<change level="2">Set and create the XDG_RUNTIME_DIR directory.</change>
</release>
<release>
<version>3.3.4</version>
<date>2018-03-02</date>
<change>Now using version 2.2.6 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Fixed issue where log monitor states were not cleared during container startup.</change>
</release>
<release>
<version>3.3.3</version>
<date>2018-02-15</date>
<change>Make sure the log monitor is started after the X server.</change>
<change>Fixed an issue where the log monitor `yad` target would use XDG folders of the application.</change>
</release>
<release>
<version>3.3.2</version>
<date>2018-02-02</date>
<change>Now using version 2.2.5 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Restored timezone support in Alpine Linux images with glibc.</change>
<change level="2">Fixed issue in `add-pkg` helper where a package could be incorrectly detected as installed.</change>
</release>
<release>
<version>3.3.1</version>
<date>2018-01-30</date>
<change>Adjusted the way some ressources are accessed to better support reverse proxy to containers.</change>
</release>
<release>
<version>3.3.0</version>
<date>2018-01-22</date>
<change>Now using version 2.2.4 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Fixed the LANG environment variable not being set properly.</change>
<change>Added the ability to automatically install a CJK (Chinese/Japanese/Korean) font.</change>
</release>
<release>
<version>3.2.3</version>
<date>2018-01-12</date>
<change>Now using version 2.2.3 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">For Alpine Linux images with glibc, automatically update dynamic linker's cache after new libraries are installed.</change>
</release>
<release>
<version>3.2.2</version>
<date>2018-01-11</date>
<change>Now using version 2.2.2 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Adjusted the way ownership of /config is taken to better support cases where the folder is mapped to a network share.</change>
</release>
<release>
<version>3.2.1</version>
<date>2018-01-04</date>
<change>Now using version 2.2.1 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Upgraded S6 overlay to version 1.21.2.2.</change>
<change level="2">Upgraded glibc to version 2.26 (Alpine Linux glibc images).</change>
</release>
<release>
<version>3.2.0</version>
<date>2017-12-08</date>
<change>Added images based on Alpine Linux 3.7.</change>
</release>
<release>
<version>3.1.4</version>
<date>2017-11-30</date>
<change>Set 2 worker processes for nginx.</change>
</release>
<release>
<version>3.1.3</version>
<date>2017-11-19</date>
<change>Now using version 2.1.4 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Upgraded S6 overlay to version 1.21.2.1.</change>
</release>
<release>
<version>3.1.2</version>
<date>2017-11-06</date>
<change>Now using version 2.1.3 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Upgraded S6 overlay to version 1.21.2.0.</change>
<change level="2">Use a more efficient way to monitor status files.</change>
</release>
<release>
<version>3.1.1</version>
<date>2017-10-31</date>
<change>Now using version 2.1.2 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Fixed an issue where a self-disabled service could be restarted.</change>
</release>
<release>
<version>3.1.0</version>
<date>2017-10-28</date>
<change>Now using version 2.1.1 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Upgraded S6 overlay to version 1.21.1.1.</change>
<change level="2">Enhanced integration of service dependencies functionality.</change>
<change level="2">Added a simple log monitor.</change>
<change level="2">Fixed race condition where container's exit code would not be the expected one.</change>
<change>Fixed issue where application's GUI fails to displayed when accessing it through the web interface via standard ports 80/443.</change>
</release>
<release>
<version>3.0.2</version>
<date>2017-10-09</date>
<change>Fixed issue where nginx config change was not applied correctly on systems without IPV6 support and secure connection disabled.</change>
</release>
<release>
<version>3.0.1</version>
<date>2017-10-08</date>
<change>Fixed nginx config on systems without IPV6 support.</change>
</release>
<release>
<version>3.0.0</version>
<date>2017-10-06</date>
<change>Now using version 2.0.0 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Added better support for service dependencies.</change>
<change level="3">Services startup order is automatically determined.</change>
<change level="3">Services are stopped in reverse order.</change>
<change level="3">The application's service is always started last.</change>
<change level="3">The following elements are no longer needed and have been removed:</change>
<change level="4">`s6-svrunning` and `s6-waitdeps` programs.</change>
<change level="4">Pre-stage3 with pre-finish scripts support.</change>
<change>Added support for secure access to the application's GUI:</change>
<change level="2">Via HTTPs or VNC over SSL.</change>
<change level="2">Secure connection is enabled via the `SECURE_CONNECTION` environment variable.</change>
<change>Note that these changes can break building and/or execution of containers based on v2.x or earlier of this baseimage.</change>
</release>
<release>
<version>2.0.9</version>
<date>2017-09-20</date>
<change>Now using version 1.1.6 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Restore default `/etc/shadow` during container startup.</change>
</release>
<release>
<version>2.0.8</version>
<date>2017-09-08</date>
<change>Now using version 1.1.5 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Fixed duplicated entries in /etc/passwd and /etc/group that were created after a restart of the container.</change>
</release>
<release>
<version>2.0.7</version>
<date>2017-09-06</date>
<change>Now using version 1.1.4 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Fixed timezone support on alpine-glibc images.</change>
</release>
<release>
<version>2.0.6</version>
<date>2017-08-13</date>
<change>Now using version 1.1.3 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Upgraded S6 overlay to version 1.20.0.0.</change>
</release>
<release>
<version>2.0.5</version>
<date>2017-07-31</date>
<change>Now using version 1.1.2 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Clear the environment of the container during startup.</change>
<change level="2">Clear the `/tmp` folder during startup.</change>
<change>Cleanly terminate the X server when container is restarted/stopped.</change>
<change>Improved robustness of X server starting process.</change>
</release>
<release>
<version>2.0.4</version>
<date>2017-07-28</date>
<change>Now using version 1.1.1 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Make sure to remove the container shutdown indication during startup. This fixes the behavior of `KEEP_APP_RUNNING` variable after a restart of the container.</change>
<change>Removed unneeded files from the image.</change>
</release>
<release>
<version>2.0.3</version>
<date>2017-07-27</date>
<change>Improved robustness of the X server starting process.</change>
</release>
<release>
<version>2.0.2</version>
<date>2017-07-21</date>
<change>Fixed exposed VNC port.</change>
</release>
<release>
<version>2.0.1</version>
<date>2017-07-17</date>
<change>Now using version 1.1.0 of `jlesage/baseimage`, which brings the following changes:</change>
<change level="2">Added declaration of XDG environment variables.</change>
<change>Thus, declaration of these variables are no longer needed.</change>
<change>Clean temporary files left by npm</change>
</release>
<release>
<version>2.0.0</version>
<date>2017-07-16</date>
<change>Now using `jlesage/baseimage` as the baseimage.</change>
<change>Removed all non-GUI related stuff that has been moved to `jlesage/baseimage`.</change>
<change>[*] Configuration used by openbox is now located at `/etc/xdg/openboxrc.xml` (instead of `/home/guiapp/.config/openbox/rc.xml`).</change>
<change>[*] Moved the application's icon install script from `/opt/install_app_icon.sh` to `/usr/local/bin/install_app_icon.sh`.</change>
<change>[*] The following XDG environment variables are now set, potentially affecting where the GUI application store its data/config:</change>
<change level="2">XDG_DATA_HOME=/config/xdg/data</change>
<change level="2">XDG_CONFIG_HOME=/config/xdg/config</change>
<change level="2">XDG_CACHE_HOME=/config/xdg/cache</change>
<change>Changes brought by the usage of the new baseimage:</change>
<change level="2">Improved the way a service is waiting for another by adding a generic mechanism.</change>
<change level="2">Taking ownership of `/config` can now be controlled via the environment variable `TAKE_CONFIG_OWNERSHIP`.</change>
<change level="2">Added helper to ease installation and removal of packages.</change>
<change level="2">Added helper to ease verification of modifications applied to files using `sed`.</change>
<change level="2">[*] The name of the user running the application changed from `guiapp` to `app`.</change>
<change level="2">[*] The `$HOME` environment variable is no longer set.</change>
<change level="2">[*] The `/home/guiapp` directory has been removed.</change>
<change>Changes marked with `[*]` can break building and/or execution of containers based on v1.x of this baseimage.</change>
</release>
<release>
<version>1.5.0</version>
<date>2017-07-04</date>
<change>Added the UMASK environment variable to control how file permissions are set for newly created files.</change>
<change>Added the X11VNC_EXTRA_OPTS environment variable used to pass additional arguments to the x11vnc server.</change>
<change>By default, activate auto-scaling of application's window.</change>
<change>Applied latest Alpine Linux security updates.</change>
</release>
<release>
<version>1.4.3</version>
<date>2017-06-22</date>
<change>Updated Alpine Linux to version 3.6.2 for related container images.</change>
</release>
<release>
<version>1.4.2</version>
<date>2017-06-15</date>
<change>Associate the application's icon to a unique version to avoid browser cache issues.</change>
</release>
<release>
<version>1.4.1</version>
<date>2017-06-15</date>
<change>Fixed prefix of some service related messages.</change>
<change>Added support for supplying supplementary groups of the application.</change>
</release>
<release>
<version>1.4.0</version>
<date>2017-06-06</date>
<change>Added images based on Alpine Linux 3.6.</change>
<change>Improved process startup and shutdown.</change>
<change>When container is stopped or restarted, processes are now terminated gracefully and in proper order. This allow the GUI application to execute its termination routine.</change>
<change>No more error messages when container is stopped or restarted.</change>
</release>
<release>
<version>1.3.2</version>
<date>2017-05-30</date>
<change>Fixed password modal window not showing up when required.</change>
<change>Fixed debian build.</change>
</release>
<release>
<version>1.3.1</version>
<date>2017-05-17</date>
<change>Install better font for alpine images.</change>
</release>
<release>
<version>1.3.0</version>
<date>2017-05-15</date>
<change>Added support for application's niceness configuration.</change>
</release>
<release>
<version>1.2.3</version>
<date>2017-05-12</date>
<change>Adjusted the default display width to 1280 pixels, as documented.</change>
</release>
<release>
<version>1.2.2</version>
<date>2017-05-11</date>
<change>Fixed issue with the web UI, where the remote application's window was not taking the available height after activating/deactivating the hideable navigation bar.</change>
</release>
<release>
<version>1.2.1</version>
<date>2017-05-10</date>
<change>Fixed issue where clipboard content was lost on modal window closure.</change>
</release>
<release>
<version>1.2.0</version>
<date>2017-05-09</date>
<change>New UI for web access to the application's GUI.</change>
<change level="2">Based on Bootstrap and JQuery.</change>
<change level="2">Mobile friendly.</change>
<change level="2">Hideable navigation bar.</change>
<change level="2">Downscaling support.</change>
<change level="2">Clipboard support.</change>
<change level="2">Fullscreen toggle.</change>
<change level="2">Draggable remote screen when it doesn't fix the client's window.</change>
<change level="2">Virtual keyboard support on mobile.</change>
<change level="2">Right-click via long touch on mobile.</change>
</release>
<release>
<version>1.0.1</version>
<date>2017-05-5</date>
<change>Fixed issue where VNC password was still applied after removal of the VNC password file from `/config`.</change>
<change>Fixed mouse handling when accessing the container's GUI via Microsoft Internet Explorer/Edge.</change>
<change>Fixed a crash of the build-in VNC server.</change>
</release>
<release>
<version>1.0.0</version>
<date>2017-04-07</date>
<change>Initial release.</change>
</release>
</history>
</baseimage>
<app>
<container>
<overview>The GUI of the application is accessed through a modern web browser (no installation or configuration needed on client side) or via any VNC client.</overview>
</container>
</app>
<container>
<!-- Environment variables -->
<environment_variables>
<environment_variable>
<name>DISPLAY_WIDTH</name>
<description>Width (in pixels) of the application's window.</description>
<default>1280</default>
<unraid_template>
<title>Display Width</title>
<display>advanced</display>
<required>false</required>
<mask>false</mask>
</unraid_template>
</environment_variable>
<environment_variable>
<name>DISPLAY_HEIGHT</name>
<description>Height (in pixels) of the application's window.</description>
<default>768</default>
<unraid_template>
<title>Display Height</title>
<display>advanced</display>
<required>false</required>
<mask>false</mask>
</unraid_template>
</environment_variable>
<environment_variable>
<name>SECURE_CONNECTION</name>
<description>When set to `1`, an encrypted connection is used to access the application's GUI (either via web browser or VNC client). See the [Security](#security) section for more details.</description>
<default>0</default>
<unraid_template>
<title>Secure Connection</title>
<description>Whether or not an encrypted connection should be used to access the application's GUI. Set to [i][b]1[/b][/i] to encrypt the connection.[br][span style='color: red;'][b]Note:[/b][/span] When enabling the secure connection, security parameters needs to be generated. This [b]one-time[/b] operation is done during container startup. Depending on your system, this could take a few minutes. GUI of the application won't be available until the operation completes.</description>
<display>advanced</display>
<required>false</required>
<mask>false</mask>
</unraid_template>
</environment_variable>
<environment_variable>
<name>VNC_PASSWORD</name>
<description>Password needed to connect to the application's GUI. See the [VNC Password](#vnc-password) section for more details.</description>
<default/>
</environment_variable>
<environment_variable>
<name>X11VNC_EXTRA_OPTS</name>
<description>Extra options to pass to the x11vnc server running in the Docker container. **WARNING**: For advanced users. Do not use unless you know what you are doing.</description>
<default/>
<unraid_template>
<title>Extra x11vnc Options</title>
<description>Extra options to pass to the x11vnc server running in the Docker container.[br][span style='color: red;'][b]Warning:[/b][/span] For advanced users. Do not use unless you know what you are doing.</description>
<display>advanced</display>
<required>false</required>
<mask>false</mask>
</unraid_template>
</environment_variable>
<environment_variable>
<name>ENABLE_CJK_FONT</name>
<description>When set to `1`, open source computer font `WenQuanYi Zen Hei` is installed. This font contains a large range of Chinese/Japanese/Korean characters.</description>
<default>0</default>
</environment_variable>
</environment_variables>
<!-- Volumes -->
<volumes/>
<!-- Network ports -->
<ports>
<port>
<number>5800</number>
<protocol>tcp</protocol>
<description>Port used to access the application's GUI via the web interface.</description>
<mandatory>true</mandatory>
<unraid_template>
<title>WEB Port for GUI</title>
<default>{{ 7800 + defs.app.id|int }}</default>
<display>advanced-hide</display>
<required>true</required>
<mask>false</mask>
</unraid_template>
</port>
<port>
<number>5900</number>
<protocol>tcp</protocol>
<description>Port used to access the application's GUI via the VNC protocol. Optional if no VNC client is used.</description>
<mandatory>false</mandatory>
<unraid_template>
<title>VNC Port for GUI</title>
<default>{{ 7900 + defs.app.id|int }}</default>
<display>advanced-hide</display>
<required>false</required>
<mask>false</mask>
</unraid_template>
</port>
</ports>
<!-- Devices -->
<devices/>
</container>
<!-- Extra stuff to be added to the documentation. -->
<documentation/>
</defs>