Description: Running Cloakbrowser on Linux EC2 instance it crashes immediately and tries to run crashpad. then crashpad crashes. But something else caused the crash prior. It says there's network errors.
CloakBrowser version: 0.4.3
Wrapper: JavaScript
Environment: Using Linux with Cloakbrowser docker image base with ECR/ECS/EC2 on m5a.large instance
Launch options:
launch({
headless: true,
humanize: true,
args: [
// Security: Use Cloudflare DNS with malware blocking
'--dns-over-https-urls=https://family.cloudflare-dns.com/dns-query',
// Core Crashpad Suppressions
'--crashpad-handler-pid=0',
// '--disable-features=WebAssemblyTrapHandler',
// '--disable-breakpad',
// '--disable-crash-reporter',
// '--disable-crashpad-for-testing',
// Performance & Container Hardening (Avoids shared memory permission blocks)
'--disable-dev-shm-usage',
// Already set by cloakbrowser '--no-sandbox',
// Layout Configurations
'--window-size=1280,1024',
'--start-maximized'
]
});
Tested with a different IP or proxy? No
Works outside Docker / on host machine? Works locally
Steps to reproduce:
Error output / screenshots:
June 23, 2026, 22:27
2026-06-24T05:27:42.979Z pw:browser [pid=23] finished temporary directories cleanup
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
2026-06-24T05:27:42.979Z pw:browser [pid=23] <gracefully close end>
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
2026-06-24T05:27:42.976Z pw:browser [pid=23] <skipped force kill spawnedProcess.killed=false processClosed=true>
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
2026-06-24T05:27:42.975Z pw:browser [pid=23] <gracefully close start>
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
2026-06-24T05:27:42.975Z pw:browser [pid=23] <kill>
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
2026-06-24T05:27:42.973Z pw:browser [pid=23] starting temporary directories cleanup
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
2026-06-24T05:27:42.972Z pw:browser [pid=23] <process did exit: exitCode=null, signal=SIGTRAP>
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
2026-06-24T05:27:42.957Z pw:browser [pid=23][err] chrome_crashpad_handler: --database is required
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
2026-06-24T05:27:42.957Z pw:browser [pid=23][err] Try 'chrome_crashpad_handler --help' for more information.
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
2026-06-24T05:27:42.958Z pw:browser [pid=23][err] [23:23:0624/052742.956417:ERROR:third_party/crashpad/crashpad/util/linux/socket.cc:120] recvmsg: Connection reset by peer (104)
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
2026-06-24T05:27:42.916Z pw:browser <launched> pid=23
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
2026-06-24T05:27:42.912Z pw:browser <launching> /root/.cloakbrowser/chromium-146.0.7680.177.5/chrome --disable-field-trial-config --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-back-forward-cache --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --no-default-browser-check --disable-default-apps --disable-dev-shm-usage --disable-edgeupdater --disable-extensions --disable-features=AvoidUnnecessaryBeforeUnloadCheckSync,BoundaryEventDispatchTracksNodeRemoval,DestroyProfileOnBrowserClose,DialMediaRouteProvider,GlobalMediaControls,HttpsUpgrades,LensOverlay,MediaRouter,PaintHolding,ThirdPartyStoragePartitioning,Translate,AutoDeElevate,RenderDocument,OptimizationHints,msForceBrowserSignIn,msEdgeUpdateLaunchServicesPreferredVersion --enable-features=CDPScreenshotNewSurface --allow-pre-commit-input --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain --no-service-autorun --export-tagged-pdf --disable-search-engine-choice-screen --unsafely-disable-devtools-self-xss-warnings --edge-skip-compat-layer-relaunch --disable-infobars --disable-search-engine-choice-screen --disable-sync --no-sandbox --no-sandbox --fingerprint=87356 --fingerprint-platform=windows --ignore-gpu-blocklist --dns-over-https-urls=https://family.cloudflare-dns.com/dns-query --window-size=1280,1024 --start-maximized --user-data-dir=/tmp/playwright_chromiumdev_profile-ZpgRK0 --remote-debugging-pipe --no-startup-window
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
CloakBrowser — stealth Chromium for automation
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
https://github.com/CloakHQ/CloakBrowser
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
Running free tier (v146). Pro = latest binary (v148) + newest anti-bot patches.
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
Stay ahead of detection → https://cloakbrowser.dev
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
June 23, 2026, 22:27
Star us if CloakBrowser helps your project!
[ea2a8b6016334ab083b6572f7e4555de](https://850092038906-gjbccho3.us-east-1.console.aws.amazon.com/ecs/v2/clusters/BackendCluster-84750cb/services/WorkerService-cb3b2b8/tasks/ea2a8b6016334ab083b6572f7e4555de?region=us-east-1)
WorkerContainer
Dockerfile (if applicable):
# ========================================================
# Stage 1: Build
# ========================================================
FROM cloakhq/cloakbrowser AS build
WORKDIR /app
# Install build tools
RUN apt-get update && apt-get install -y --no-install-recommends \
g++ make python3 && \
rm -rf /var/lib/apt/lists/*
COPY ./backend-worker/package*.json ./
COPY ./backend-worker/package-lock.json ./
COPY ./backend-worker/tsconfig.json ./
COPY ./backend-lib/sitefontcheck-backend-lib-1.0.0.tgz ./
COPY ./backend-lib/package ./package
COPY ./backend-worker .
RUN npm install
RUN npm run build
# ========================================================
# Stage 2: Runtime
# ========================================================
FROM cloakhq/cloakbrowser
# 1. Create a non-root user 'node' and give them audio/video groups for Chromium
RUN groupadd -r node && useradd -r -g node -G audio,video node \
&& mkdir -p /home/node/.cloakbrowser/logs \
&& chown -R node:node /home/node \
# The cloakhq/cloakbrowser base image pre-bakes Chromium at /root/.cloakbrowser/
# but /root/ is 700 by default, blocking the node user from traversing it.
# Making it o+x allows the node user to access the pre-baked Chromium binary
# without needing to re-download it.
&& chmod o+x /root
RUN cd /root/.cloakbrowser/chromium-*/ && \
mv chrome_crashpad_handler chrome_crashpad_handler.bak && \
echo '#!/bin/sh\nexit 0' > chrome_crashpad_handler && \
chmod +x chrome_crashpad_handler
WORKDIR /app
ENV NODE_ENV=production
ENV CLOAKBROWSER_AUTO_UPDATE=false
# 2. Point to the pre-baked Chromium binary at /root/.cloakbrowser
# The cloakhq/cloakbrowser base image ships Chromium at /root/.cloakbrowser/
# instead of re-downloading on every container start.
# Write attempts (update markers) fail silently — fine since AUTO_UPDATE=false.
ENV CLOAKBROWSER_CACHE_DIR=/root/.cloakbrowser
# 3. Copy files and explicitly grant ownership to the non-root user
COPY --from=build --chown=node:node /app/node_modules ./node_modules
COPY --from=build --chown=node:node /app/dist ./dist
COPY --from=build --chown=node:node /app/node_modules/sitefontcheck-backend-lib/package/ /app/package/
EXPOSE 3002
# 4. Create the symlink to stdout inside the non-root user's directory
RUN ln -sf /dev/stdout /home/node/.cloakbrowser/logs/server.log
# 5: Create the X11 directory with sticky bit permissions while still root
RUN mkdir -p /tmp/.X11-unix && chmod 1777 /tmp/.X11-unix
HEALTHCHECK --interval=15s --timeout=5s --start-period=10s --retries=3 \
CMD curl -f http://localhost:3002/health || exit 1
# 6. Drop root privileges right before execution
USER node
CMD ["node", "dist/server.js"]
Additional notes:
I assume this is some permissions issue, but I'm not sure what exactly it is. I was looking through the docs to see if anyone has run into this. Can run on AWS fine with playwright. Not sure if headless on or off matters. I'd like headless off, but tried a bunch of settings/args and nothing's seemed to work. I tried it with the playwright image originally and get the same errors.
Description: Running Cloakbrowser on Linux EC2 instance it crashes immediately and tries to run crashpad. then crashpad crashes. But something else caused the crash prior. It says there's network errors.
CloakBrowser version: 0.4.3
Wrapper: JavaScript
Environment: Using Linux with Cloakbrowser docker image base with ECR/ECS/EC2 on m5a.large instance
Launch options:
Tested with a different IP or proxy? No
Works outside Docker / on host machine? Works locally
Steps to reproduce:
Error output / screenshots:
Dockerfile (if applicable):
Additional notes:
I assume this is some permissions issue, but I'm not sure what exactly it is. I was looking through the docs to see if anyone has run into this. Can run on AWS fine with playwright. Not sure if headless on or off matters. I'd like headless off, but tried a bunch of settings/args and nothing's seemed to work. I tried it with the playwright image originally and get the same errors.