Hello,
I have launched a Spring Boot application containing the Playwright library on the Render service using Docker, in which I install Chromium, etc. Everything works well. However, after reading the Playwright documentation, I have some concerns about security. https://playwright.dev/docs/docker
In this article, there’s a section that states:
On untrusted websites, it’s recommended to use a separate user for launching the browsers in combination with the seccomp profile. Inside the container or if you are using the Docker image as a base image you have to use adduser for it.
docker run -it --rm --ipc=host --user pwuser --security-opt seccomp=seccomp_profile.json mcr.microsoft.com/playwright:v1.47.1-noble /bin/bash
seccomp_profile.json is needed to run Chromium with sandbox.
Using --ipc=host is recommended when using Chrome (Docker docs). Chrome can run out of memory without this flag.
In the Dockerfile, I added a new user, but my main problem is that, as far as I know, it is not possible to pass parameters to the docker run command on Render. Is there any other way I can implement these recommendations from the documentation? What default parameters does Render use when executing the docker run command?