Closed sensharma closed 2 years ago
Update: After a lot of experimentation, it turns out that the problem was not really a bug, but how the UID mapping works in rootless mode, including a slight difference in docker and podman rootless mode, with consequences for the chown commands for the files/dirs. So that was not a bug, just something not yet in the documentation.
However, now that I understand how the UID mappings work, I get the following error from the logs (for rootless podman) when I try on RPi4 (arm64) using dir mapping:
nginx: [error] [REMOTE API] USE_REMOTE_API is set to yes but machine ID is not generated - communication with https://api.bunkerity.com/bunkerized won't work
I have checked that the machine-id is properly configured at /etc/machine-id
.
Docker throws another error:
docker: Error response from daemon: failed to create endpoint serene_johnson on network bridge: failed to add the host (veth29559d7) <=> sandbox (veth9311141) pair interfaces: operation not supported.
Importantly, this does not happen if
Hello @sensharma,
Thanks for sharing your experimentation. I think that we need to document the docker and podman rootless case.
Update: After a lot of experimentation, it turns out that the problem was not really a bug, but how the UID mapping works in rootless mode, including a slight difference in docker and podman rootless mode, with consequences for the chown commands for the files/dirs. So that was not a bug, just something not yet in the documentation.
Would you please mind to share how you end up setting up Bunkerweb in rootless Podman?
Hello @sensharma and @alexanderadam,
We now have some tips about rootless Docker and podman. More info here : https://docs.bunkerweb.io/1.4/integrations/
Hello @sensharma and @alexanderadam,
We now have some tips about rootless Docker and podman. More info here : https://docs.bunkerweb.io/1.4/integrations/
Thank you. I'm going to experiment with this in a few weeks. Will get back to you in case of any issues.
Description Hi, Following the docker integration docs I am trying to run with rootless docker/podman on Ubuntu server on RPi4 (arm64). I get the error in the logs below for both rootless docker and podman.
Please note:
systemd-timesync:x:100:101:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin systemd-network:x:101:103:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
www
andcerts
dirs:chown root:101 www certs
chown abc:101 www certs
chown abc:abc www certs
where abc is the user running rootless docker or podman. The rights are set as 750 for
www
and 770 forcerts
as in the linked docs.certs
volume map produces the same error for thewww
volume. Removing both seems to to run the container fine as I can reach it over http (resulting in the expected 403 error).How to reproduce
docker run -d --rm -p 80:8080 -p 443:8443 -v "${PWD}/www:/www:ro" -v "${PWD}/certs:/etc/letsencrypt" --name bnginx bunkerity/bunkerized-nginx
Just trying to run without a domain or automatic letsencrypt for nowLogs [2021-11-10 17:41:40] entrypoint - INFO - starting bunkerized-nginx ... [2021-11-10 17:41:40] entrypoint - INFO - configuring bunkerized-nginx ... [!] ERROR - wrong permissions on /etc/letsencrypt
Is there an issue with running this container with rootless docker/podman or are there any further settings that need to be configured?