Skip to content

Instantly share code, notes, and snippets.

@thijsvos

thijsvos/rootless_docker.md

Last active March 11, 2022 15:41
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save thijsvos/e06249c70d516e46f8f5078401a6b5f0 to your computer and use it in GitHub Desktop.
Save thijsvos/e06249c70d516e46f8f5078401a6b5f0 to your computer and use it in GitHub Desktop.
Download ZIP
Install rootless Docker and fix UFW+Docker
Raw
rootless_docker.md

First run the following command.

cat <<EOF | sudo sh -x
apt-get install -y uidmap
EOF

Get rootless Docker and install.

curl -sSL https://get.docker.com/rootless | sh

Then add the following to ~/.bashrc

export PATH=/home/dockerufw/bin:$PATH
export DOCKER_HOST=unix:///run/user/1000/docker.sock

Then run the same commands just to be sure...

export PATH=/home/dockerufw/bin:$PATH
export DOCKER_HOST=unix:///run/user/1000/docker.sock

Then edit ip_unpriviledged_port_start to 1

sudo nano /proc/sys/net/ipv4/ip_unprivileged_port_start

Copy Docker bin to /usr/bin/.

sudo cp  ~/bin/docker /usr/bin/

Edit UFW for homelab, first allow SSH

sudo ufw allow 22

Then allow DNS

sudo ufw allow 53

Finally allow Pi-Hole admin panel access from reverse proxy (Traefik) IP.

sudo ufw allow from <reverse proxy IP> to any port 80

UFW then should look something like this:

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
53                         ALLOW IN    Anywhere
22                         ALLOW IN    Anywhere
80                         ALLOW IN    <Reverse proxy IP>
53 (v6)                    ALLOW IN    Anywhere (v6)
22 (v6)                    ALLOW IN    Anywhere (v6

Now UFW should work with (rootless) Docker and Docker Compose.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment