[QUESTION]: cannot connect to Docker socket

azukaar / Cosmos-Server

☁️ The Most Secure and Easy Selfhosted Home Server. Take control of your data and privacy without sacrificing security and stability (Authentication, anti-DDOS, anti-bot)

https://cosmos-cloud.io

Other

3.1k stars 112 forks source link

[QUESTION]: cannot connect to Docker socket #86

Closed slfhstr closed 12 months ago

slfhstr commented 1 year ago

What happened?

I am trying to install Cosmos-server on Ubuntu VPS running Docker with Nesty Sysbox. The starting docker run ... in the documentation fails to get a connection to the docker socket. In /lib/systemd/system/docker.service it shows : ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock What should the docker run ... command be ?

What should have happened?

Connect to docker socket to allow setup to proceed ?

System details

OS: Ubuntu 22.04
Browser safari
Version current

slfhstr commented 1 year ago

docker logs show :

2023/09/05 17:16:33[ERROR] Docker Connection - Cannot ping Daemon. Is it running? :
2023/09/05 17:16:33 [ERROR] Status: Docker error : Docker Connection - Cannot ping Daemon. Is it running?
2023/09/05 17:16:33 "GET http://xxx.xxx.xxx.xxx/cosmos/api/status HTTP/1.1" from 137.22.189.90:59126 - 200 367B in 2.732572ms

when running ... docker run -d -p 80:80 -p 443:443 --privileged --name cosmos-server -h cosmos-server --restart=always -e DOCKER_HOST=unix:///var/run/docker.sock -v /var/run/docker.sock:/var/run/docker.sock -v /:/mnt/host -v /var/lib/cosmos:/config azukaar/cosmos-server:latest

azukaar commented 12 months ago

I have to tell you I don't think you're going to be able to do much with sysbox the documentation even explicitly say that it won't let you mount a container with any host permission, not even on the docker socket I think you are using the wrong tool for the job as sysbox is geared toward strict production environment (ex. a simple webserver running) or CI/CD runner, but not a fully fledged server environment

slfhstr commented 12 months ago

OK, appreciate the advice & explanation. I wanted the isolation of features of sysbox to be able to run other things than cosmos-server on the box. But I see now how that backfires. Is ok cosmos-server ok to be run on a VPS where other docker apps (with standard nginx cons doing reverse proxies) are already running ?

azukaar commented 12 months ago

Yes of course, Docker offers good isolation by default (subjectively) the main two things to worry about are

User permissions (by default Cosmos creates containers that do not run as root though)
Network isolation (Cosmos also manages that)

Of course you can always do better but this covers already a lot of edge cases.

Cosmos is designed inherently to run with all your other applications on your server

slfhstr commented 12 months ago

Thank you @azukaar Look forward to exploring cosmos-server, to get a few more options for easier self-hosting.