Save the following as docker-prereqs.sh
and run as root or with sudo:
#!/bin/bash
DOCKER_USER=dotcms-docker
dnf install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
dnf update -y
dnf install -y iptables tar fuse-overlayfs jq
dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
dnf install -y docker-ce-rootless-extras
useradd -G wheel -m -s /bin/bash ${DOCKER_USER}
echo "Updating /etc/security/limits.d/${DOCKER_USER}.conf..."
cat << EOF > /etc/security/limits.d/${DOCKER_USER}.conf
#<domain> <type> <item> <value>"
${DOCKER_USER} soft nproc 65536
${DOCKER_USER} hard nproc 65536
${DOCKER_USER} soft nofile 262144
${DOCKER_USER} hard nofile 262144
EOF
echo "Updating /etc/sysctl.d/${DOCKER_USER}.conf..."
echo
cat << EOF > /etc/sysctl.d/${DOCKER_USER}.conf
user.max_user_namespaces=28633
EOF
sysctl --system
loginctl enable-linger ${DOCKER_USER}
### END docker-prereqs.sh ###
Set the password and/or ssh key for the docker
user. You must log in (ssh) as docker
user to start and use docker, running
sudo su - docker
(or similar) from root will NOT work.
Log out of the server as root, log back in as docker
ssh docker@x.x.x.x
Save and run the following as docker-rootless.sh
to do a Rootless docker install, start Docker, and run dotCMS.
#!/bin/bash
dockerd-rootless-setuptool.sh install --skip-iptables
# confirm UID from previous output...
echo "export DOCKER_HOST=unix:///run/user/1000/docker.sock" >> ~/.bashrc
. ~/.bashrc
systemctl --user start docker
systemctl --user enable docker
mkdir dotcms
cd dotcms
# can't set unlimited memory as non-root user, hence
# egrep -v "memlock|(soft|hard): -1"
curl -Ss -o docker-compose.yml https://raw.githubusercontent.com/dotCMS/core/master/docker/docker-compose-examples/single-node/docker-compose.yml | egrep -v "memlock|(soft|hard): -1"
### END docker-rootless.sh ###
Confirm dockerd/containerd is not running as root:
ps aux | egrep "dockerd|containerd"
dotcms-+ 22238 0.0 0.1 1236408 4652 ? Ssl 02:08 0:00 rootlesskit --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh --iptables=false
dotcms-+ 22249 0.0 0.0 1162676 0 ? Sl 02:08 0:00 /proc/self/exe --net=slirp4netns --mtu=65520 --slirp4netns-sandbox=auto --slirp4netns-seccomp=auto --disable-host-loopback --port-driver=builtin --copy-up=/etc --copy-up=/run --propagation=rslave /usr/bin/dockerd-rootless.sh --iptables=false
dotcms-+ 22273 0.1 1.2 1973068 50776 ? Sl 02:08 0:01 dockerd --iptables=false
dotcms-+ 22290 0.3 0.5 1283088 23520 ? Ssl 02:08 0:03 containerd --config /run/user/1000/docker/containerd/containerd.toml
then
docker compose up -d
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c032a56bf851 dotcms/dotcms:latest "/usr/bin/tini -- /s…" 9 minutes ago Up 9 minutes 4000/tcp, 8000/tcp, 0.0.0.0:8082->8082/tcp, :::8082->8082/tcp, 8080-8081/tcp, 0.0.0.0:8443->8443/tcp, :::8443->8443/tcp dotcms-dotcms-1
8decd3d90066 opensearchproject/opensearch:1.3.6 "./opensearch-docker…" 9 minutes ago Up 9 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp, 9300/tcp, 0.0.0.0:9600->9600/tcp, :::9600->9600/tcp, 9650/tcp dotcms-opensearch-1
22a18fe49d34 postgres:15 "docker-entrypoint.s…" 13 minutes ago Up 9 minutes 5432/tcp dotcms-db-1
# tail dotcms.log
docker logs -f dotcms-dotcms-1
# check api endpoint
curl -s http://localhost:8082/api/v1/appconfiguration | jq