Following the initial rollout of our new technology stack for desktop images, we have reached a significant milestone in stability. After several months of development focused on bug fixes and community-driven feature requests, we have resolved all major issues and are now shifting our focus to refining existing features and future enhancements.

A critical aspect of this transition has been the enforcement of HTTPS for all connections. This is a fundamental requirement dictated by modern web standards, which are increasingly restricting powerful browser features to secure contexts. Specifically, our new architecture relies on the WebCodecs API for high-performance video and audio decoding, an API that is unavailable over unencrypted HTTP. This change also resolves long-standing issues with other browser APIs, such as clipboard and microphone access, which also needed HTTPS.

A Note on Security: It is crucial to understand that while HTTPS encrypts data in transit, it does not secure the application endpoint itself. We strongly advise against exposing these or any containers directly to the internet without a proper authentication layer. For this purpose, we recommend implementing a secure gateway that provides, at a minimum, basic authentication and brute-force detection. Our own SWAG container is an excellent solution for this. Proper security practices are an essential component of self-hosting. Part of owning your own data also comes with the responsibilty of reading technical documentation there is no shortcut here, there is no silver bullet YouTube video that is going to secure your server for you.

Progress

It has been 90 days since our initial announcement, and thanks to the incredible help from our community, we've made a flurry of changes and improvements. For those who like lists, here is our three-month progress report.

Rendering Engine Enhancements

The core rendering pipeline, pixelflux, has received significant upgrades to enhance performance, reliability, and feature set for both full-frame and striped rendering modes.

DRI3 & GPU Acceleration: Full DRI3 support has been enabled through a patched X11 and Xvfb (linuxserver/docker-xvfb), allowing for 2D Glamor and 3D DRI3 acceleration in applications running on Intel and AMD GPUs.
Performance & Efficiency:
- Reduced server resource consumption on motionless screens by optimizing full-frame damage detection and improving VNC heuristics, resulting in significant performance gains without compromising frame delivery.
- Implemented direct data capture from XShm using libyuv to accelerate the delivery of pixels to the client, eliminating unnecessary memory copies of RGB data for lower latency.
- Asynchronized the server platform to reduce micro-stutters and eliminate performance bottlenecks.
- Added a flag to force CPU encoding, which is useful for setups that require GPU acceleration for applications but not for stream encoding.
Visual Quality & Features:
- Live HiDPI Scaling: Introduced live scaling updates for HiDPI screens, allowing users to adjust application scaling for a pixel-perfect experience. These settings are now stored client-side and automatically applied when connecting from different devices.
- Paint-Over Quality: Users can now define not only the desired quality but also a "paint-over" quality for both H.264 and JPEG encoding. This feature cleans up the image with higher-quality re-encodes when the screen is static.
- Static Scene Clarity: Improved static image quality (especially for text) by using a burst of frames to refresh the screen, rather than a single IDR frame.
- Truecolor Support: Enabled full Truecolor (4:4:4 chroma subsampling) support for both NVIDIA and CPU-based encoding.
- Watermarking: Added support for static and animated PNG watermarks on the stream.
Streaming & Stability:
- Backpressure Control: Implemented a backpressure mechanism using latency-adjusted frame IDs synced between the client and server to prevent bufferbloat and ensure a smooth stream.
- Turbo Mode: Introduced a "Turbo Mode" designed for gaming and full-motion video, which pushes frames to the browser like a traditional video encoder.
- VA-API Support: Added initial, experimental VA-API support. Note: This currently requires the host and the Docker container to be running the same OS (e.g., Debian on Debian).
Builds: Pre-built Python wheels for pixelflux and pcmflux are now available for all supported distributions, including Alpine. These are compiled against the latest source libraries for maximum performance.

Input & User Experience Overhaul

We've focused heavily on making interaction seamless and intuitive across all devices and platforms.

Universal Keyboard Support: Certified and tested every major keyboard layout with direct feedback from native speakers. This includes live hot-swapping of layouts and IME modes. The client now translates and sends true keysyms to the server, meaning no keyboard configuration is needed on either the client or server side.
Advanced Mobile & Touch Support:
- Trackpad Mode: Added a new trackpad mode for mobile devices, dramatically improving usability with high-resolution content. The cursor is rendered server-side, and gestures are intuitive:
  - Movement: Moves the cursor.
  - Single Tap: Performs a left click.
  - Tap then Tap-and-Hold: Clicks and holds for dragging.
  - Two-Finger Tap: Performs a right click.
- Two-finger scrolling is now supported on mobile touch devices.
- iOS Compatibility: Completed full testing on iOS devices for keyboard pop-ups, general touch input, and external keyboards/mice.
IME Certification: Certified full IME support (e.g., Chinese Pinyin) on both Windows and macOS clients with native speakers.
Gamepad Plug-and-Play: Completely overhauled gamepad support. It now features plug-and-play functionality for any PlayStation, Xbox, or Switch controller via a fake udev library and a comprehensive mapping database derived from SDL_GameControllerDB.
Cursor & Mouse Improvements:
- Overhauled cursor rendering to use the real server-side cursor at all times, bounded correctly for accurate hotspot clicks.
- Leveraged the getPredictedEvents() browser API for smoother, lower-latency cursor movement and feel.
- Added a "Gaming Mode" with pointer lock for first-person shooters.
- Implemented a numlock translation table to ensure the numlock state can never be out of sync between the client and server.
- Added support for horizontal scroll wheels on mice.
- Fixed an issue where blanking cursors would render as a black box.
- General cursor rendering cleanup and logic for applications with low resolution or incomplete cursors.
UI Additions:
- Added softkeys to the sidebar for common modifiers and special keys like Ctl Alt and Esc.
- Full support for trackpads, keyboards, and mice on Android/iOS devices.

Shared & Multiplayer Modes

Collaboration and shared experiences.

Efficient Broadcasting: Introduced shared modes that leverage websockets.broadcast for a zero-overhead method of sending the primary user's screen to all connected shared clients.
Multiplayer Gaming: Implemented a "Player 2-4" concept, allowing controller input from shared sessions for collaborative multiplayer or split-screen gaming.
Touchscreen Controllers: Added on-screen touchscreen controls for shared player sessions, enabling mobile devices without a physical controller to participate in games.

We recently blogged about a captive gaming portal using this functionality here.

General Fixes & Quality of Life

A huge number of fixes have been implemented to make the entire platform more stable, flexible, and user-friendly.

Connectivity & Networking:
- Fixed issues with subfolder proxy setups.
- Added more complex port mapping options (HTTP_PORT, HTTPS_PORT, WS_PORT) for users combining containers on a single network interface.
- Improved client-side messaging to clearly state issues if not using HTTPS or if WebCodecs is not supported by the browser.
Client-Side Stability:
- Made client-side setting retention more robust, ensuring users are greeted with their preferred configuration every time they connect.
- The client will now automatically reset to safe default settings if it encounters a fatal decoding error, preventing a broken session.
Desktop & Application Compatibility:
- Added D-Bus and XSettings to images, fixing many desktop environment oddities.
- Fixed numerous bugs related to manual resolution input and HiDPI modes, ensuring correct mouse positioning.
- Expanded and fixed many bugs with Proot application interaction inside containers.
- Set the initial application resolution to 1024x768 before the client connects (down from an 8K default), fixing many rendering issues with legacy apps.
System & Environment:
- Added a MAX_RES environment variable to support monitors with resolutions over 8K.
- The platform now automatically detects if a user is running the NVIDIA runtime without a GPU and falls back gracefully to prevent a broken session.
- Optimized client-side Opus audio decoding using Workers and Worklets to eliminate pops and crackles.
Web & Mobile Fixes:
- Fixed Progressive Web App (PWA) metadata to ensure it works correctly and presents the proper tab icon.
- Fixed issues where mobile browsers would clip portions of the screen.
- Enabled anti-aliasing on non-HiDPI canvas rendering and manual resolution modes to smooth content.
- Added latency, bandwidth, and other useful statistics to the UI, while hiding GPU stats on devices that lack them.

New & Updated Images

We've expanded our distro offerings and rebased our entire existing catalog onto this powerful new stack.

New Base Images:
- Enterprise Linux 9 (EL9): For enterprise applications.
- Kali Linux: Including a downstream KDE desktop image.
- Debian Trixie: The latest from the Debian team.

Of course, our entire existing catalog of images has been rebased. We've also added many new application images to take advantage of the new high-framerate capabilities.