linuxserver/webtop

​​
​ ​
​ ​
​ ​
​ ​
​ ​
​ ​
​ ​
​ ​
​​
​Webtop - Alpine, Ubuntu, Fedora, and Arch based containers containing full desktop environments in officially supported flavors accessible via any modern web browser.
Supported Architectures
Our images support multiple architectures such as x86-64, arm64 and armhf. We utilise the docker manifest for multi-platform awareness. More information is available from docker here and our announcement here.
Simply pulling lscr.io/linuxserver/webtop should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
The architectures supported by this image are:
Architecture
Tag
x86-64
amd64-latest
arm64
arm64v8-latest
armhf
arm32v7-latest
Version Tags
This image provides various versions that are available via tags. latest tag usually provides the latest stable version. Others are considered under development and caution must be exercised when using them.
Tag
Description
latest
XFCE Alpine
ubuntu-xfce
XFCE Ubuntu
fedora-xfce
XFCE Fedora
arch-xfce
XFCE Arch
alpine-kde
KDE Alpine
ubuntu-kde
KDE Ubuntu
fedora-kde
KDE Fedora
arch-kde
KDE Arch
alpine-mate
MATE Alpine
ubuntu-mate
MATE Ubuntu
fedora-mate
MATE Fedora
arch-mate
MATE Arch
alpine-i3
i3 Alpine
ubuntu-i3
i3 Ubuntu
fedora-i3
i3 Fedora
arch-i3
i3 Arch
alpine-openbox
Openbox Alpine
ubuntu-openbox
Openbox Ubuntu
fedora-openbox
Openbox Fedora
arch-openbox
Openbox Arch
alpine-icewm
IceWM Alpine
ubuntu-icewm
IceWM Ubuntu
fedora-icewm
IceWM Fedora
arch-icewm
IceWM Arch
Application Setup
The Webtop can be accessed at:
​http://yourhost:3000/​
By default the user/pass is abc/abc, if you change your password or want to login manually to the GUI session for any reason use the following link:
​http://yourhost:3000/?login=true​
You can access advanced features of the Guacamole remote desktop using ctrl+alt+shift enabling you to use remote copy/paste or an onscreen keyboard.
Modern GUI desktop apps (including some flavors terminals) have issues with the latest Docker and syscall compatibility, you can use Docker with the seccomp unconfined setting to allow these syscalls or try podman as they have updated their codebase to support them
Unlike our other containers these Desktops are not designed to be upgraded by Docker, you will keep your home directoy but anything you installed system level will be lost if you upgrade an existing container. To keep packages up to date instead use Ubuntu's own apt, Alpine's apk, Fedora's dnf, or Arch's pacman program
The KDE Ubuntu container needs to be run in privileged mode to function properly, in general the Ubuntu KDE container while functional is not reccomended, please try a different KDE distro if possible
If you ever lose your password you can always reset it by execing into the container as root:
1
docker exec -it webtop passwd abc
Copied!
By default we perform all logic for the abc user and we reccomend using that user only in the container, but new users can be added as long as there is a startwm.sh executable script in their home directory. All of these containers are configured with passwordless sudo, we make no efforts to secure or harden these containers and we do not reccomend ever publishing their ports to the public Internet.
Usage
To help you get started creating a container from this image you can either use docker-compose or the docker cli.
docker-compose (recommended, click here for more info)
1
---
2
version: "2.1"
3
services:
4
  webtop:
5
    image: lscr.io/linuxserver/webtop
6
    container_name: webtop
7
    privileged: true #optional
8
    security_opt:
9
      - seccomp:unconfined #optional
10
    environment:
11
      - PUID=1000
12
      - PGID=1000
13
      - TZ=Europe/London
14
      - SUBFOLDER=/ #optional
15
    volumes:
16
      - /path/to/data:/config
17
      - /var/run/docker.sock:/var/run/docker.sock #optional
18
    ports:
19
      - 3000:3000
20
    shm_size: "1gb" #optional
21
    restart: unless-stopped
Copied!
docker cli (click here for more info)
1
docker run -d \
2
  --name=webtop \
3
  --privileged `#optional` \
4
  --security-opt seccomp=unconfined `#optional` \
5
  -e PUID=1000 \
6
  -e PGID=1000 \
7
  -e TZ=Europe/London \
8
  -e SUBFOLDER=/ `#optional` \
9
  -p 3000:3000 \
10
  -v /path/to/data:/config \
11
  -v /var/run/docker.sock:/var/run/docker.sock `#optional` \
12
  --shm-size="1gb" `#optional` \
13
  --restart unless-stopped \
14
  lscr.io/linuxserver/webtop
Copied!
Parameters
Docker images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate <external>:<internal> respectively. For example, -p 8080:80 would expose port 80 from inside the container to be accessible from the host's IP on port 8080 outside the container.
Ports (-p)
Parameter
Function
3000
Web Desktop GUI
Environment Variables (-e)
Env
Function
PUID=1000
for UserID - see below for explanation
PGID=1000
for GroupID - see below for explanation
TZ=Europe/London
Specify a timezone to use EG Europe/London
SUBFOLDER=/
Specify a subfolder to use with reverse proxies, IE /subfolder/
Volume Mappings (-v)
Volume
Function
/config
abc users home directory
/var/run/docker.sock
Docker Socket on the system, if you want to use Docker in the container
Miscellaneous Options
Parameter
Function
--shm-size=
We set this to 1 gig to prevent modern web browsers from crashing
--security-opt seccomp=unconfined
For Docker Engine only, many modern gui apps need this to function as syscalls are unkown to Docker (try this before privileged)
Environment variables from files (Docker secrets)
You can set any environment variable from a file by using a special prepend FILE__.
As an example:
1
-e FILE__PASSWORD=/run/secrets/mysecretpassword
Copied!
Will set the environment variable PASSWORD based on the contents of the /run/secrets/mysecretpassword file.
Umask for running applications
For all of our images we provide the ability to override the default umask settings for services started within the containers using the optional -e UMASK=022 setting. Keep in mind umask is not chmod it subtracts from permissions based on it's value it does not add. Please read up here before asking for support.
User / Group Identifiers
When using volumes (-v flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user PUID and group PGID.
Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.
In this instance PUID=1000 and PGID=1000, to find yours use id user as below:
1
  $ id username
2
    uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup)
Copied!
Docker Mods
​​
​ ​
​​
We publish various Docker Mods to enable additional functionality within the containers. The list of Mods available for this image (if any) as well as universal mods that can be applied to any one of our images can be accessed via the dynamic badges above.
Support Info
Shell access whilst the container is running:
docker exec -it webtop /bin/bash
To monitor the logs of the container in realtime:
docker logs -f webtop
Container version number
docker inspect -f '{{ index .Config.Labels "build_version" }}' webtop
Image version number
docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/webtop
Versions
21.09.21: - Add Fedora and Arch images, show seccomp settings in readme.
26.09.21: - Rebase to Alpine versions to 3.14.
20.04.21: - Initial release.