NoMachine Support

Your questions answered

Knowledge Base

Searching in: Documents
Filter the search results
Last update:
Searching in: Documents
ID: DT08M00099
Version: NoMachine 4
Added on: 2015-08-12
Last update: 2016-10-17
How to run NoMachine server v. 4 inside Docker

Given that Docker is installed on the host machine, to run NoMachine server inside Docker it's enough to build an image from the Dockerfile and launch it.

Instructions for NoMachine v. 5 are available at:


This is an example to build an image with MATE as desktop environment:

1) Create your image directory, e.g.

mkdir nomachine

2) Copy content of the Dockerfile below to: nomachine/Dockerfile.

Adapt the Dockerfile to your needs.

3) Copy content of the wrapper script below to: nomachine/

and set executable permissions:

chmod +x nomachine/

4) Build the image:

docker build -t=nomachine nomachine

5) Run the container:

docker run -d -p 4000:4000  nomachine

Set a different port if necessary (see points d and e below).

You can specify multiple ports by reiterating the -p option, e.g.

docker run -d -p 4000:4000 -p 22:22 nomachine


Dockerfile for NoMachine Workstation v. 4 for evaluation

The Dockerfile below assumes you have already downloaded the NoMachine package v. 4.

It uses the following NoMachine Workstation package for evaluation: nomachine-workstation-evaluation_4.6.22_2_amd64.deb and it is just an example that can be easily adapted to whichever other package you want to try.

a) Replace the name of the package with that of the server you intend to run. Note that a server wrapper script is always requested.

b) By default it will run a MATE desktop environment, you can adjust it by replacing 'mate-desktop-environment-core'  with the desktop of your choice.

c) It will create the nomachine user with nomachine as a password, you can specify a different username and password and repeat instructions for creating additional users.

d) The 'EXPOSE 4000' command opens port 4000, the default port for connections by NX protocol. Set 'EXPOSE 22' if you intend to use connections by SSH protocol. In this case modify the Dockerfile to install openssh-server.

e) Connections by the web use port 4080 and 4443 by default. Add 'EXPOSE 4080 4443' to let users run web sessions. This applies to NoMachine Cloud Server only.


# Dockerfile to install NoMachine Workstation Evaluation v. 4 with MATE interface

FROM debian:jessie

ENV DEBIAN_FRONTEND=noninteractive

# Helpers
RUN apt-get update && apt-get install -y vim xterm pulseaudio cups

RUN apt-get install -y  mate-desktop-environment-core

RUN apt-get install -y wget

ADD nomachine-workstation-evaluation_4.6.22_2_amd64.deb /

RUN dpkg -i /nomachine-workstation-evaluation_4.6.22_2_amd64.deb

RUN groupadd -r nomachine -g 433 && \
useradd -u 431 -r -g nomachine -d /home/nomachine -s /bin/bash -c "NoMachine" nomachine && \
mkdir /home/nomachine && \
chown -R nomachine:nomachine /home/nomachine && \
echo 'nomachine:nomachine' | chpasswd





The wrapper script

/etc/NX/nxserver --startup
tail -f /usr/NX/var/log/nxserver.log



On some systems, e.g. Ubuntu 14.04, AppArmor blocks restrictively many operations.

If host logs report a message similar to:

apparmor="DENIED" operation="ptrace" profile="docker-default" pid=3004 comm="nxexec" requested_mask="read" denied_mask="read" peer="docker-default"

it's necessary to reconfigure AppArmor to allow NoMachine have access to /proc filesystem.

To do that you may install the AppArmor Utilities if you don't have them already:

# sudo apt-get install apparmor-utils

and run:

# sudo aa-complain /etc/apparmor.d/docker


On Ubuntu 16.04, besides following the above instructions, it's also necessary to enable PTRACE capabilities required by NoMachine. Since PTRACE is not provided by the default docker AppArmor profile, add the  --cap-add=SYS_PTRACE parameter to the docker command line, e.g.:

docker run -d -p 4000:4000 --cap-add=SYS_PTRACE nomachine

This applies also to Mac.