Chore(Doc): Update Doc on Chromium Sandboxing

toksdotdev · Dec 31, 2020 · d7d0ee1 · d7d0ee1
1 parent 420e3f6
commit d7d0ee1
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 4 deletions.
diff --git a/.env.example b/.env.example
@@ -2,7 +2,7 @@ PORT=3000
 NODE_ENV=production
 
 # Chromium
-LAUNCH_CHROMIUM_IN_SANDBOX=false # should be disabled in production
+LAUNCH_CHROMIUM_IN_SANDBOX=false # should be false in production
 
 # Cache
 REDIS_URL=redis

diff --git a/README.md b/README.md
@@ -9,7 +9,7 @@ A dead-simple service that screenshots webpages, and sends the links to your ema
 
 ## Design Goals
 
-- **Security:** All webpages are opened both in _sandboxed chromium_ and _icognito mode_.
+- **Security:** All webpages are opened both in _sandboxed and \_icognito mode_ of chromium.
 - **Scalability:** Handles ~2.3k reqs/s on a single node. For load performance, see [load testing](#load-testing).
 - **Resilience:** Chromium instance automatically restarts on sudden crash without interrupting the job queue. Jobs that get affected are auto-retried.
 - **Reduced memory footprints:** Puppeteer is used under the hood to capture screeshots. To reduce memory footprint, **only one** Chromium instance exists throughout the service lifetime irrespective of the number of screenshot workers that are running.
@@ -40,6 +40,8 @@ You'll need to ensure you have the following installed:
 - Set `MAIL_DEFAULT` to `smtp`.
 - Set `REDIS_URL` to `redis` (only if you'll be running the app via `docker-compose` for simplicity sake).
 
+> NOTE: If you want to start chromium in `--no-sandbox` mode, simply specify the env `LAUNCH_CHROMIUM_IN_SANDBOX=false`. By default, it is set to `true`.
+
 ### Starting Up
 
 #### Production

diff --git a/src/config.ts b/src/config.ts
@@ -7,7 +7,7 @@ const appConfig: AppConfig = {
   },
   puppeteer: {
     launchInSandbox: JSON.parse(
-      process.env.LAUNCH_CHROMIUM_IN_SANDBOX || "false"
+      process.env.LAUNCH_CHROMIUM_IN_SANDBOX || "true"
     ),
   },
   redis: {

diff --git a/src/services/screenshot/screenshot.service.ts b/src/services/screenshot/screenshot.service.ts
@@ -48,7 +48,7 @@ class ScreenshotService {
           args: [
             "--incognito",
             // "--disable-setuid-sandbox",
-            this.config?.puppeteer.launchInSandbox ? "--no-sandbox" : "",
+            this.config?.puppeteer.launchInSandbox ? "" : "--no-sandbox",
             // This will write shared memory files into /tmp instead of /dev/shm,
             // because Docker’s default for /dev/shm is 64MB
             "--disable-dev-shm-usage",