diff --git a/docker-compose.yml b/docker-compose.yml index 46ca8cf3..e32db365 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,7 +11,7 @@ services: container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed volumes: - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed - - /var/run/docker.sock:/var/run/docker.sock:ro + - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation ports: - 80:80 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - 8080:8080 diff --git a/docker-rootless.md b/docker-rootless.md new file mode 100644 index 00000000..7a870165 --- /dev/null +++ b/docker-rootless.md @@ -0,0 +1,9 @@ +# Docker rootless + +You can run AIO with docker rootless by following the steps below. + +0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`) +1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages** (`curl -fsSL https://get.docker.com/rootless | sh`). Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`) +1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`) +1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `-e DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). +1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or docker-compose file (after installing docker rootles) are things that are mentioned in point 3. diff --git a/readme.md b/readme.md index c9ef32d0..36929732 100644 --- a/readme.md +++ b/readme.md @@ -358,6 +358,9 @@ You can then navigate to the apps management page, activate the external storage Be aware though that these locations will not be covered by the built-in backup solution! +### How to run this with docker rootless? +You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md) + ### Huge docker logs When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/