Build and push the image and then you can run it from the NAS or locally.
docker run -d \
--name chrome \
-p 8080:8080 \
I have my own domain (in this example ivonet.nl) and have full access to configure it as I like. I added a new CNAME record for browser.ivonet.nl pointing it at the A record (ip address) of my server. If you want to know more about this leave me a comment and I might expand on it.
I host my site at home so I have to tell my router to route all traffic on port 80 and 443 to my server so it can be picked up by my apache server software
I use Apache2 because I have been using it for many years and am to lazy to change all my configs. So if you want to do it with nginx or any other server it is fully possible, but you have to find out for yourself.
I created two VirtualHost. 1 for the http and 1 for https.
Use a2ensite to enable the VirtualHost files and service apache2 reload to active them.
I don’t want to work with self signed certificates anymore as there is a completely free signed version available nowadays.
These VirtualHost files are actually the end product as here you already have the basic authentication and LetsEncrypt enabled. In the first version I created these files but disabled basic auth (giving LetsEncrypt the option to verify my ownership) and enabled SSL but with the apache default certificates (unverified) I let LetsEncrypt change the config to make it work with LetsEncrypt.
If you want to read more about this you can read this article I co-wrote for the Dutch Java Magazine. Oh, Sorry it is in Dutch… google translate 😂 or go to letsencrypt.org.
rsa-key-size = 4096
server = https://acme-v01.api.letsencrypt.org/directory
email = email@example.com
domains = browser.example.nl
text = True
authenticator = apache
And activate the certificate. I had some trouble making this work but this command made it work for me:
certbot --authenticator standalone \
--installer apache \
--pre-hook "service apache2 stop" \
--post-hook "service apache2 start" \
--config /opt/letsencrypt/configs/browser.ini \
Now enable the basic authentication again in the VirtualHost file and create a browser password file:
I think I lost the challenge if it had to run as a window in the dsm dashboard (Synology software) alone. But I go for the spirit of the challenge (I am writing the rulez as I go so suck it up 😂).
It works fine! By going to the url I specified I now get a Browser in a Browser. Anything I do in that browser goes over my home network which is much better at protecting my privacy than other networks (read more here).
Oh and of course I have no sound in the B-in-B but… uch.