I read the newly available tutorial for setting up the ShinyProxy Operator on pure Docker hosts (Docker | ShinyProxy), and would love to try this out.
Are there any additional changes needed in the setup when running Docker in rootless mode? Specifically regarding the user and group id?
Hi
You can run the operator and ShinyProxy itself using rootless Docker, but it makes things more complex, also the exact configuration depends more on the environment and it might not work on all Linux distributions (e.g. I assume it doesn’t work on older RHEL or Debian versions).
Therefore we decided to net yet include the rootless mode in the documentation. Our goal is that the operator is easy to use and running it using rootless mode might make it too difficult for new users.
We do however understand the importance of using rootless docker, so here are the steps we used to test this:
add net.ipv4.ip_unprivileged_port_start=80 to /etc/sysctl.conf
run sudo sysctl -p
install rootless docker Rootless mode | Docker Docs
from now on run everything as the non-root user
have a look at /etc/subuid to find out the uid mapping of your user, in my case this is vagrant:100000:65536
find out the id of the group of the docker socket. In my case:
$ ls -al /var/run/user/1000/docker.sock
srw-rw---T 1 vagrant 100987 0 Jul 31 07:43 /var/run/user/1000/docker.sock
=> 100987 - 100000 + 1 = 988. => inside the operator the socket is owned by group 988. So use 988 in the docker-compose file.
find the owner for the data directory, I’ll run the operator as user 1000 so my data directory should be owned by 100000 + 1000 -1 = 100999
sudo chown -R 100999:100999 /opt/shinyproxy-docker-operator
install the operator
adapt the config of docker-compose.yml:
SPO_DOCKER_SOCKET: /var/run/user/1000/docker.sock/var/run/user/1000/docker.sock:/var/run/user/1000/docker.sock:roWith all these changes it should work.
I hope you get it to work and I’m looking forward to any feedback!