ShinyProxy and Docker rootless

Hello !

I have successfully installed ShinyProxy and deployed apps (such as https://github.com/openanalytics/shinyproxy-template) and other apps with Docker.

Now I would like to use Docker in rootless mode (https://docs.docker.com/engine/security/rootless/)

ShinyProxy starts successfully! I am able to log in as a user, but neither of the apps will run. I have this error message :

2021-09-30 13:49:53.083 INFO 1 — [sync-executor-0] o.apache.http.impl.execchain.RetryExec : I/O exception (java.io.IOException) caught when processing request to {}->unix://localhost:80: Permission denied
2021-09-30 13:49:53.083 INFO 1 — [sync-executor-0] o.apache.http.impl.execchain.RetryExec : Retrying request to {}->unix://localhost:80
2021-09-30 13:49:53.115 ERROR 1 — [ XNIO-1 task-3] io.undertow.request : UT005023: Exception handling request to /app/02_euler

It seems the problem is coming from docker.socket but I don’t know how to launch container or configure Dockerfile in order to run correctly apps…

stephane@vm-shiny-test:~/shinyproxy-template$ DOCKER_HOST=unix:///var/run/docker.sock docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get “http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json”: dial unix /var/run/docker.sock: connect: permission denied

stephane@vm-shiny-test:~/shinyproxy-template$ echo $XDG_RUNTIME_DIR
/run/user/1000

stephane@vm-shiny-test:~/shinyproxy-template$ DOCKER_HOST=unix:///$XDG_RUNTIME_DIR/docker.sock docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8c75fde3ad75 mon_shinyproxy “java -noverify -jar…” 22 hours ago Up 22 hours 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp vigorous_galileo

Here is how I’m trying to run container :

stephane@vm-shiny-test:~/ShinyProxy-docker/ShinyProxy-config-examples/02-containerized-docker-engine$ docker run -d -v $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock --net sp-example-net -p 8080:8080 --restart always mon_shinyproxy

Maybe I have to modify the Dockerfile of the apps ?

Thanks for your help !

stephane

Hi

ShinyProxy is running under a non-root user, therefore it doesn’t have access to the socket mounted in the container. In order to give it access, you can use the --group-add parameter to the docker run command. You’ll have to provide the id of the group that owns the docker socket.