New to docker, asking if the docker-compose is correct
version: "3.2"
services:
# Homarr - https://github.com/ajnart/homarr
# mkdir /volume1/docker/appdata/homarr
# mkdir /volume1/docker/appdata/configs
# mkdir /volume1/docker/appdata/icons
homarr:
container_name: homarr
image: ghcr.io/ajnart/homarr:latest
restart: unless-stopped
logging:
driver: json-file
options:
max-file: ${DOCKERLOGGING_MAXFILE}
max-size: ${DOCKERLOGGING_MAXSIZE}
labels:
- org.hotio.pullio.update=${PULLIO_UPDATE}
- org.hotio.pullio.notify=${PULLIO_NOTIFY}
- org.hotio.pullio.discord.webhook=${PULLIO_DISCORD_WEBHOOK}
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
volumes:
- ./homarr/configs:/app/data/configs
- ./homarr/icons:/app/public/icons
ports:
- 7575:7575
26 Replies
Hello @berserker._. ,
the docker compose file can vary on your setup.
Thus, I can't verify 100% that this will be working.
I just had a quick glance at it and I think that it should be working.
Is there a particular reason, why you're asking if this will work?
Why don't you just try it out?
It looked like it didn't put files into the folders but it just did. I wasn't 100% sure if the paths were correct.
i was working with a .env file that adds a part of the path to the docker-compose
DOCKERSTORAGEDIR=/volume1/nas and DOCKERCONFDIR=/volume1/docker/appdata
But i guess that isn't needed when you begin with ./homarr/
Sorry i'm fairly new at this 🙃No worries
Is now Homarr working as expected?
Sorry for the noob question maybe i should delete the whole thread lol
Uhm, i'm gonna try it out now!
No, you can leave it
If other people have the same question, they'll see this
I guess i forgot to add this line?
/var/run/docker.sock:/var/run/docker.sock:roIf you want to use the Docker module, yes
I'm using a Synology NAS to run this by the way. Should that line always be like this? I'm worried i put things in folders i can't access or something or where they aren't supposed to be. Instead of in my docker shared folder with all the appdata/configs
Usually, /var/run/docker.sock is the default path for the Docker socket, which is used to communicate with Docker itself
There are some security risks connected with this approach
You can use Docker socket proxies to minimize the security risks
Okay, yes that's what i thought. It's not like i'm putting files some where where they don't belong or don't get removed when i delete the image or something..
I'm not sure how i do that
No, Homarr will only "read" this file
Thus, the ":ro" permission at the end
I think there are multiple solutions to that, but this seems to be a popular one:
https://github.com/Tecnativa/docker-socket-proxy
GitHub
GitHub - Tecnativa/docker-socket-proxy: Proxy over your Docker sock...
Proxy over your Docker socket to restrict which requests it accepts - GitHub - Tecnativa/docker-socket-proxy: Proxy over your Docker socket to restrict which requests it accepts
I do have all docker containers on a specific PUID and PGID limited to only what they should have access to if that helps
to a user account called ''docker''
But then, you have to trust the socket proxy... So ultimately, there will always be some security risk involved
Yes, that's good practice
But you would still recommend me to do this?
Because i don't fully understand what the security risk is 😄
I'll read a bit on the Github page