How to setup browser integration for Nanobot on a VPS
4 min read773 words

How to setup browser integration for Nanobot on a VPS

Guide
Technology
Productivity
AI

Giving your Nanobot agent the ability to browse the web, read articles, and summarize pages is incredibly powerful. But running a browser on a headless Linux VPS (like Ubuntu) introduces a few unique hurdles: no graphical display, strict OS sandboxes, and Nanobot’s intentionally isolated tool environment.

This guide walks you through a proven way to set up Puppeteer via the Model Context Protocol (MCP) for Nanobot on a headless VPS.

Prerequisites

  • A working Nanobot installation on a Linux VPS (Ubuntu 22.04+ or similar).
  • Node.js and npm available on the host (for npx).
  • Sudo access to install packages and adjust kernel/AppArmor settings.

1. Install the Necessary System Packages

Even though the browser runs in "headless" mode, Chrome's engine still expects graphical libraries to exist on the system. It also requires a virtual display server to render the pages invisibly.

Connect to your VPS and install Xvfb (X Virtual Framebuffer) along with the common dependencies Chrome needs:

sudo apt-get update
sudo apt-get install -y xvfb libnss3 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 libxkbcommon0 libxcomposite1 libxdamage1 libxrandr2 libgbm1 libasound2

2. Fix the Ubuntu AppArmor Sandbox Issue

Modern Linux distributions (like Ubuntu 23.10+) use AppArmor to block unprivileged user namespaces. This breaks Chrome's built-in sandbox, resulting in a

No usable sandbox!
error.

For a dedicated headless VPS where you control the environment, the easiest fix is to disable this specific restriction system-wide.

Run this command to fix it immediately:

sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

To make this permanent across reboots, add it to your sysctl configuration:

echo "kernel.apparmor_restrict_unprivileged_userns=0" | sudo tee -a /etc/sysctl.d/99-disable-userns-restriction.conf

3. Configure Nanobot with Xvfb (The Crucial Step)

A common mistake is starting Xvfb in the background and exporting the

DISPLAY
variable in your bash profile or
systemd
service. This will fail. Because Nanobot safely isolates its tool executions, child processes do not inherit those host environment variables. Puppeteer will crash with a
Missing X server or $DISPLAY
error.

The solution is to wrap the MCP server execution command directly inside Nanobot's configuration using

xvfb-run -a
. This ensures a virtual display is dynamically created inside the sandbox exactly when the browser needs it.

Update your Nanobot configuration (

config.json
or
nanobot.yaml
) to define the Puppeteer MCP server like this:

{
  "mcpServers": {
    "puppeteer": {
      "command": "xvfb-run",
      "args": [
        "-a",
        "npx",
        "-y",
        "@modelcontextprotocol/server-puppeteer"
      ]
    }
  }
}

Why this configuration works:

  • xvfb-run
    : Initializes a temporary virtual display.
  • a
    (or
    -auto-servernum
    ): Automatically finds a free display number, preventing conflicts.
  • npx -y @modelcontextprotocol/server-puppeteer
    : Downloads and runs the official MCP bridge for Puppeteer.

4. Test Your Agent

Restart your Nanobot service. You can now send prompts directly to your agent like:

"Navigate to news.ycombinator.com, read the top 3 articles, and provide a bulleted summary of each."

Nanobot will automatically spin up the virtual display, launch headless Chrome, navigate the DOM, extract the text, and return your summaries.

What's next?

Now that your agent has full access to the web, would you like to set up a specific Cron schedule inside Nanobot so it automatically visits your favorite sites and sends you a daily summary digest?

sudo apt-get update
sudo apt-get install -y \
  xvfb \
  libnss3 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 \
  libxkbcommon0 libxcomposite1 libxdamage1 libxrandr2 libgbm1 \
  libasound2 ca-certificates

These are the common shared libraries Chrome/Chromium expects. Installing them is safe on a headless server and won’t start any GUI.

Security note:

Relaxing this AppArmor restriction weakens one layer of sandboxing for unprivileged user namespaces. Only do this on a VPS you fully control and trust. On shared or multi-tenant systems, consider using a dedicated VM or container you manage instead.

echo "kernel.apparmor_restrict_unprivileged_userns=0" | sudo tee -a /etc/sysctl.d/99-disable-userns-restriction.conf
sudo sysctl --system
  • -a
    (or
    -auto-servernum
    ): Automatically finds a free display number, preventing conflicts.

Troubleshooting

Still seeing

No usable sandbox!
? Check the current value:

sysctl kernel.apparmor_restrict_unprivileged_userns

If it prints 1, your change hasn’t taken effect yet. Re-run the commands in Step 2 and reload sysctl.

Seeing

Missing X server or $DISPLAY
? Confirm that
xvfb-run
is installed and that your Nanobot config uses
command: "xvfb-run"
rather than calling
npx
directly.

For example, you could create a Nanobot cron job that every morning:

  • Opens your favorite news sites or documentation pages.
  • Summarizes the most important changes.
  • Sends the digest to you via email, chat, or your preferred channel.
Back to Blog
How to setup browser integration for Nanobot on a VPS