We use cookies to give you the best experience on our website. If you continue to browse, then you agree to our privacy policy and cookie policy.
BoldSignA modern eSignature application with affordable pricing. Sign up today for unlimited document usage!
Recently it was necessary to adjust the API dockerfile in order to reinforce security.
It was necessary to remove the root privilege of the API user inside the AKS container. After this change, conversion of HTML files to PDF stopped working due to permission denied error for xvfb-run.
Attention points:
Dockerfile code:
FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base
WORKDIR /app
EXPOSE 5000
# install System.Drawing native dependencies
RUN apt-get update \
&& apt-get install -y --allow-unauthenticated \
libc6-dev \
libgdiplus \
libx11-dev \
xvfb \
fontconfig libssl1.1 libx11-dev libx11-xcb-dev libxcb-icccm4-dev libxcb-image0-dev libxcb-keysyms1-dev libxcb-randr0-dev libxcb-render-util0-dev libxcb-render0-dev libxcb-shm0-dev libxcb-util0-dev libxcb-xfixes0-dev libxcb-xkb-dev libxcb1-dev libxfixes-dev libxrandr-dev libxrender-dev \
&& rm -rf /var/lib/apt/lists/*
RUN fc-cache -f -v
RUN chmod 777 /usr/bin/xvfb-run
# Set non-root user
RUN useradd api --no-create-home
WORKDIR /app
COPY . .
RUN chown -R api:api /app
USER api
Code snippet in C# HTML to PDF converter:
public byte[] Converter(string html, OrientacaoPagina orientacao = OrientacaoPagina.Retrato)
{
var htmlToPdfConverter = new HtmlToPdfConverter
{
ConverterSettings = new WebKitConverterSettings
{
WebKitPath = _webKitPath,
Orientation = orientacao == OrientacaoPagina.Retrato ? PdfPageOrientation.Portrait : PdfPageOrientation.Landscape,
Margin = new PdfMargins
{
All = 30
}
}
};
PdfDocument document = htmlToPdfConverter.Convert(html, "");
MemoryStream stream = new MemoryStream();
document.Save(stream);
return stream.ToArray();
}
Error:
Any suggestions for fixes or tweaks?
We suggest you to set the read/write/execute permission for QtBinariesLinux\Syncfusion.WebKitWrapper file from your docker and try the conversion. Please refer below command,
RUN chmod 777 /app/QtBinariesLinux/Syncfusion.WebKitWrapper |
If still you are facing the same issue, kindly share us details to remove root privilege to reproduce the issue in our side. Also, if possible kindly share us complete docker file, code example or simple sample, it will be helpful for us to analyse and assist you further on this.
Hi, thank you so much for the quick feedback.
We applied the suggested fix and it worked.
Here's the final fix:
FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base
WORKDIR /app
EXPOSE 5000
# install System.Drawing native dependencies
RUN apt-get update \
&& apt-get install -y --allow-unauthenticated \
libc6-dev \
libgdiplus \
libx11-dev \
xvfb \
fontconfig libssl1.1 libx11-dev libx11-xcb-dev libxcb-icccm4-dev libxcb-image0-dev libxcb-keysyms1-dev libxcb-randr0-dev libxcb-render-util0-dev libxcb-render0-dev libxcb-shm0-dev libxcb-util0-dev libxcb-xfixes0-dev libxcb-xkb-dev libxcb1-dev libxfixes-dev libxrandr-dev libxrender-dev \
&& rm -rf /var/lib/apt/lists/*
RUN fc-cache -f -v
# Set non-root user
RUN useradd api --no-create-home
WORKDIR /app
COPY . .
RUN chown -R api:api /app
RUN chown -R api:api /usr/bin/xvfb-run
USER api
RUN chmod 777 /app/QtBinariesLinux/Syncfusion.WebKitWrapper
RUN chmod 777 /usr/bin/xvfb-run
We are glad to know
that your reported issue has been resolved. If you have any other concern,
please create a new ticket. As always, we will be happy to assist you
