Docker rootless support (#311)

* I added support for Docker Rootless.

This has been possible by adding the possibility to bind the docker.sock to the user's current $XDG_RUNTIME_DIR, which is found in the user's .bashrc file, that he added after installing docker rootless, by following the instructions from the official documentation (https://docs.docker.com/engine/security/rootless/) to run the Docker Daemon as a non-root user.

To achieve this, I made the following changes:
1) I added the DOCKER_HOST_ROOTLESS_PATH= variable inside the .env.sample file.
2) I updated in the two required lines of the docker-compose.yml file, the following: ${DOCKER_HOST_ROOTLESS_PATH:-/var/run/docker.sock}  , instead of /var/run/docker.sock:/tmp/docker.sock:ro, so that this fixes the "Error: you need to share your Docker host socket with a volume at /var/run/docker.sock. Typically you should run your container with: '-v /var/run/docker.sock:/var/run/docker.sock:ro'" error when using docker rootless.
3) I attempted to update the MD5 of both the .env.sample & docker-compose.yml file [PLEASE CHECK]
4) I updated the usage text in the usage-fresh-start.sh file, so that the user can notice this optional flag: either "-dr" or "--docker-rootless"
5) I updated the update-env-new-site-variables.sh to update the .env DOCKER_HOST_ROOTLESS_PATH to set the user's current $XDG_RUNTIME_DIR, in case the "-dr" flag has been specified. Otherwise, this is left blank and no further action is done.
6) I updated the fresh-start.sh file to take into account the "-dr" flag.

Shouldn't the "-dr" flag be specified, the programme should continue normally.

* Fixed an important typo in docker-compose.yml

* Updated the docker-compose.yml file md5 sum

Co-authored-by: Evert Ramos <[email protected]>

Author: pathros

.env.sample

@@ -132,3 +132,15 @@ [email protected]
 # https://github.com/nginx-proxy/nginx-proxy#default-host
 #
 DEFAULT_HOST=
+
+#-----------------------------------------------------------------------
+#
+# Docker Rootless
+#
+# In case you want to use this proxy on Docker Rootless (DR) and you also have followed
+# the DR installation from the official documentation (https://docs.docker.com/engine/security/rootless/)
+# Set the following value of the DOCKER_HOST variable that you got in the final info messages after executing
+# the "$ dockerd-rootless-setuptool.sh install" command.
+# For example DOCKER_HOST_PATH=$XDG_RUNTIME_DIR/docker.sock
+# If you are not using Docker Rootless, leave this variable blank
+DOCKER_HOST_ROOTLESS_PATH=

bin/fresh-start.sh

@@ -429,6 +429,16 @@ while [[ $# -gt 0 ]]; do
     shift 1
     ;;
 
+  # Docker rootless support
+  -dr)
+    USE_DOCKER_ROOTLESS=true
+    shift 1
+    ;;
+  --docker-rootless)
+    USE_DOCKER_ROOTLESS=true
+    shift 1
+    ;;
+
   # IPv4 options
   --ipv4-subnet=*)
     ARG_IPv4_SUBNET="${1#*=}"
@@ -1121,6 +1131,16 @@ DOCKER_HTTPS=${ARG_DOCKER_HTTPS:-"443"}
 #-----------------------------------------------------------------------
 SSL_POLICY=${ARG_SSL_POLICY:-"Mozilla-Intermediate"}
 
+#-----------------------------------------------------------------------
+# Docker rootless support. Add the current user's docker.sock path (default: blank)
+# Please read the official documentation of installing Docker Rootless:
+# https://docs.docker.com/engine/security/rootless/
+#-----------------------------------------------------------------------
+if [[ "$USE_DOCKER_ROOTLESS" == true ]]; then
+  # Get the current user's $XDG_RUNTIME_DIR and concat with the '/docker.sock'
+  DOCKER_HOST_ROOTLESS_PATH=`echo ${XDG_RUNTIME_DIR}/docker.sock`
+fi
+
 #-----------------------------------------------------------------------
 # Start actions!
 #-----------------------------------------------------------------------

bin/localscript/update-env-new-site-variables.sh

@@ -78,5 +78,8 @@ local_update_env_new_site_variables()
     # Default host
     [[ ! $ARG_DEFAULT_HOST == "" ]] && run_function env_update_variable $LOCAL_FILE_PATH "DEFAULT_HOST" "${ARG_DEFAULT_HOST}"
 
+    # Docker rootless support
+    run_function env_update_variable $LOCAL_FILE_PATH "DOCKER_HOST_ROOTLESS_PATH" "$DOCKER_HOST_ROOTLESS_PATH"
+
     return 0
 }

bin/localscript/usage-fresh-start.sh

@@ -64,6 +64,7 @@ Usage:
                 [--use-nginx-conf-files] [--update-nginx-template]
                 [--yes]
                 [--debug]
+                [--docker-rootless]
 
     Required
     -e | --default-email          Default email address require to issue ssl
@@ -131,6 +132,10 @@ Usage:
     --yes                               Set "yes" to all, use it with caution
     --debug                             Show script debug options
     --silent                            Hide all script message
+    -dr | --docker-rootless             Add Docker rootless support by adding the
+                                        the current user's $XDG_RUNTIME_DIR and
+                                        concat with the '/docker.sock' in the
+                                        DOCKER_HOST_ROOTLESS_PATH .env file.
     -h | --help                         Display this help
 
 ${reset}

docker-compose.yml

@@ -39,7 +39,7 @@ services:
       - ${NGINX_FILES_PATH:-./data}/html:/usr/share/nginx/html
       - ${NGINX_FILES_PATH:-./data}/certs:/etc/nginx/certs:ro
       - ${NGINX_FILES_PATH:-./data}/htpasswd:/etc/nginx/htpasswd:ro
-      - /var/run/docker.sock:/tmp/docker.sock:ro
+      - ${DOCKER_HOST_ROOTLESS_PATH:-/var/run/docker.sock}:/tmp/docker.sock:ro
       - ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
     logging:
       driver: ${NGINX_GEN_LOG_DRIVER:-json-file}
@@ -57,7 +57,7 @@ services:
       - ${NGINX_FILES_PATH:-./data}/html:/usr/share/nginx/html
       - ${NGINX_FILES_PATH:-./data}/certs:/etc/nginx/certs:rw
       - ${NGINX_FILES_PATH:-./data}/acme.sh:/etc/acme.sh
-      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ${DOCKER_HOST_ROOTLESS_PATH:-/var/run/docker.sock}:/var/run/docker.sock:ro
     environment:
       NGINX_DOCKER_GEN_CONTAINER: ${DOCKER_GEN_SEVICE_NAME:-nginx-proxy-automation-gen}
       NGINX_PROXY_CONTAINER: ${NGINX_WEB_SEVICE_NAME:-nginx-proxy-automation-web}