Skip to content

Running Cloakbrowser on EC2 instance crashes instantly #391

Description

@samwbrett

Description: Running Cloakbrowser on Linux EC2 instance it crashes immediately and tries to run crashpad. then crashpad crashes. But something else caused the crash prior. It says there's network errors.

CloakBrowser version: 0.4.3

Wrapper: JavaScript

Environment: Using Linux with Cloakbrowser docker image base with ECR/ECS/EC2 on m5a.large instance

Launch options:

launch({
    headless: true,
    humanize: true,

    args: [
      // Security: Use Cloudflare DNS with malware blocking
      '--dns-over-https-urls=https://family.cloudflare-dns.com/dns-query',
      
      // Core Crashpad Suppressions
      '--crashpad-handler-pid=0',
      // '--disable-features=WebAssemblyTrapHandler',
      // '--disable-breakpad',
      // '--disable-crash-reporter',
      // '--disable-crashpad-for-testing',
      
      // Performance & Container Hardening (Avoids shared memory permission blocks)
      '--disable-dev-shm-usage',
      // Already set by cloakbrowser '--no-sandbox',
      
      // Layout Configurations
      '--window-size=1280,1024',
      '--start-maximized'
    ]
  });

Tested with a different IP or proxy? No

Works outside Docker / on host machine? Works locally

Steps to reproduce:

Error output / screenshots:

June 23, 2026, 22:27
2026-06-24T05:27:42.979Z pw:browser [pid=23] finished temporary directories cleanup
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
2026-06-24T05:27:42.979Z pw:browser [pid=23] <gracefully close end>
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
2026-06-24T05:27:42.976Z pw:browser [pid=23] <skipped force kill spawnedProcess.killed=false processClosed=true>
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
2026-06-24T05:27:42.975Z pw:browser [pid=23] <gracefully close start>
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
2026-06-24T05:27:42.975Z pw:browser [pid=23] <kill>
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
2026-06-24T05:27:42.973Z pw:browser [pid=23] starting temporary directories cleanup
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
2026-06-24T05:27:42.972Z pw:browser [pid=23] <process did exit: exitCode=null, signal=SIGTRAP>
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
2026-06-24T05:27:42.957Z pw:browser [pid=23][err] chrome_crashpad_handler: --database is required
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
2026-06-24T05:27:42.957Z pw:browser [pid=23][err] Try 'chrome_crashpad_handler --help' for more information.
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
2026-06-24T05:27:42.958Z pw:browser [pid=23][err] [23:23:0624/052742.956417:ERROR:third_party/crashpad/crashpad/util/linux/socket.cc:120] recvmsg: Connection reset by peer (104)
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
2026-06-24T05:27:42.916Z pw:browser <launched> pid=23
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
2026-06-24T05:27:42.912Z pw:browser <launching> /root/.cloakbrowser/chromium-146.0.7680.177.5/chrome --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-edgeupdater --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints,msForceBrowserSignIn,msEdgeUpdateLaunchServicesPreferredVersion --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --disable-infobars --disable-search-engine-choice-screen --disable-sync --no-sandbox --no-sandbox --fingerprint=87356 --fingerprint-platform=windows --ignore-gpu-blocklist --dns-over-https-urls=https://family.cloudflare-dns.com/dns-query --window-size=1280,1024 --start-maximized --user-data-dir=/tmp/playwright_chromiumdev_profile-ZpgRK0 --remote-debugging-pipe --no-startup-window
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
CloakBrowser — stealth Chromium for automation
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
https://github.com/CloakHQ/CloakBrowser
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
Running free tier (v146). Pro = latest binary (v148) + newest anti-bot patches.
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
Stay ahead of detection → https://cloakbrowser.dev
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

June 23, 2026, 22:27
Star us if CloakBrowser helps your project!
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer

Dockerfile (if applicable):


# ========================================================
# Stage 1: Build
# ========================================================
FROM cloakhq/cloakbrowser AS build
WORKDIR /app

# Install build tools
RUN apt-get update && apt-get install -y --no-install-recommends \
    g++ make python3 && \
    rm -rf /var/lib/apt/lists/*

COPY ./backend-worker/package*.json ./
COPY ./backend-worker/package-lock.json ./
COPY ./backend-worker/tsconfig.json ./
COPY ./backend-lib/sitefontcheck-backend-lib-1.0.0.tgz ./ 
COPY ./backend-lib/package ./package
COPY ./backend-worker .

RUN npm install
RUN npm run build


# ========================================================
# Stage 2: Runtime
# ========================================================
FROM cloakhq/cloakbrowser

# 1. Create a non-root user 'node' and give them audio/video groups for Chromium
RUN groupadd -r node && useradd -r -g node -G audio,video node \
    && mkdir -p /home/node/.cloakbrowser/logs \
    && chown -R node:node /home/node \
    # The cloakhq/cloakbrowser base image pre-bakes Chromium at /root/.cloakbrowser/
    # but /root/ is 700 by default, blocking the node user from traversing it.
    # Making it o+x allows the node user to access the pre-baked Chromium binary
    # without needing to re-download it.
    && chmod o+x /root

RUN cd /root/.cloakbrowser/chromium-*/ && \
    mv chrome_crashpad_handler chrome_crashpad_handler.bak && \
    echo '#!/bin/sh\nexit 0' > chrome_crashpad_handler && \
    chmod +x chrome_crashpad_handler

WORKDIR /app

ENV NODE_ENV=production
ENV CLOAKBROWSER_AUTO_UPDATE=false
# 2. Point to the pre-baked Chromium binary at /root/.cloakbrowser
#    The cloakhq/cloakbrowser base image ships Chromium at /root/.cloakbrowser/
#    instead of re-downloading on every container start.
#    Write attempts (update markers) fail silently — fine since AUTO_UPDATE=false.
ENV CLOAKBROWSER_CACHE_DIR=/root/.cloakbrowser

# 3. Copy files and explicitly grant ownership to the non-root user
COPY --from=build --chown=node:node /app/node_modules ./node_modules
COPY --from=build --chown=node:node /app/dist ./dist
COPY --from=build --chown=node:node /app/node_modules/sitefontcheck-backend-lib/package/ /app/package/

EXPOSE 3002

# 4. Create the symlink to stdout inside the non-root user's directory
RUN ln -sf /dev/stdout /home/node/.cloakbrowser/logs/server.log

# 5: Create the X11 directory with sticky bit permissions while still root
RUN mkdir -p /tmp/.X11-unix && chmod 1777 /tmp/.X11-unix

HEALTHCHECK --interval=15s --timeout=5s --start-period=10s --retries=3 \
  CMD curl -f http://localhost:3002/health || exit 1

# 6. Drop root privileges right before execution
USER node

CMD ["node", "dist/server.js"]

Additional notes:

I assume this is some permissions issue, but I'm not sure what exactly it is. I was looking through the docs to see if anyone has run into this. Can run on AWS fine with playwright. Not sure if headless on or off matters. I'd like headless off, but tried a bunch of settings/args and nothing's seemed to work. I tried it with the playwright image originally and get the same errors.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions