Merge pull request #219 from aaronjwood/dev
Reduce the amount of privileges needed
This commit is contained in:
		| @@ -39,7 +39,7 @@ The container is available from the Docker registry and this is the simplest way | ||||
| To run the container use this command: | ||||
|  | ||||
| ``` | ||||
| $ docker run --privileged  -d \ | ||||
| $ docker run --cap-add=NET_ADMIN --device=/dev/net/tun -d \ | ||||
|               -v /your/storage/path/:/data \ | ||||
|               -v /etc/localtime:/etc/localtime:ro \ | ||||
|               -e "OPENVPN_PROVIDER=PIA" \ | ||||
| @@ -117,7 +117,7 @@ Please note that if you pass in env. variables on the command line these will ov | ||||
| See explanation of variables above. | ||||
| To use this env file, use the following to run the docker image: | ||||
| ``` | ||||
| $ docker run --privileged  -d \ | ||||
| $ docker run --cap-add=NET_ADMIN --device=/dev/net/tun -d \ | ||||
|               -v /your/storage/path/:/data \ | ||||
|               -v /etc/localtime:/etc/localtime:ro \ | ||||
|               --env-file /your/docker/env/file \ | ||||
| @@ -233,7 +233,7 @@ nameserver 8.8.8.8 | ||||
| nameserver 8.8.4.4 | ||||
| ``` | ||||
| - Save the file with [escape] + `:wq!` | ||||
| - Create your docker container with a classic command like `docker run --privileged -d -v /volume1/foldername/resolv.conf:/etc/resolv.conf -v /volume1/yourpath/:/data -e "OPENVPN_PROVIDER=PIA" -e "OPENVPN_CONFIG=Netherlands" -e "OPENVPN_USERNAME=XXXXX" -e "OPENVPN_PASSWORD=XXXXX" -p 9091:9091 --name "TransmissionVPN" haugene/transmission-openvpn` | ||||
| - Create your docker container with a classic command like `docker run --cap-add=NET_ADMIN --device=/dev/net/tun -d -v /volume1/foldername/resolv.conf:/etc/resolv.conf -v /volume1/yourpath/:/data -e "OPENVPN_PROVIDER=PIA" -e "OPENVPN_CONFIG=Netherlands" -e "OPENVPN_USERNAME=XXXXX" -e "OPENVPN_PASSWORD=XXXXX" -p 9091:9091 --name "TransmissionVPN" haugene/transmission-openvpn` | ||||
| - To make it work after a nas restart, create an automated task in your synology web interface : go to **Settings Panel > Task Scheduler ** create a new task that run `/volume1/foldername/TUN.sh` as root (select '_root_' in 'user' selectbox). This task will start module that permit the container to run, you can make a task that run on startup. These kind of task doesn't work on my nas so I just made a task that run every minute. | ||||
| - Enjoy | ||||
|  | ||||
| @@ -261,7 +261,8 @@ ExecStartPre=-/usr/bin/docker rm transmission-openvpn | ||||
| ExecStartPre=/usr/bin/docker pull haugene/transmission-openvpn | ||||
| ExecStart=/usr/bin/docker run \ | ||||
|         --name transmission-openvpn \ | ||||
|         --privileged \ | ||||
|         --cap-add=NET_ADMIN \ | ||||
|         --device=/dev/net/tun \ | ||||
|         -v /home/bittorrent/data/:/data \ | ||||
|         -e "OPENVPN_PROVIDER=TORGUARD" \ | ||||
|         -e "OPENVPN_USERNAME=bittorrent@example.com" \ | ||||
|   | ||||
| @@ -2,11 +2,14 @@ version: '2' | ||||
|  | ||||
| services: | ||||
|  transmission: | ||||
|   build:  | ||||
|   build: | ||||
|      context: . | ||||
|      dockerfile: Dockerfile.armhf | ||||
|   image: haugene/rpi-transmission-openvpn | ||||
|   privileged: true | ||||
|   cap_add: | ||||
|     - NET_ADMIN | ||||
|   devices: | ||||
|     - "/dev/net/tun" | ||||
|   restart: always | ||||
|   ports: | ||||
|     - "9091:9091" | ||||
|   | ||||
| @@ -2,7 +2,10 @@ version: '2' | ||||
| services: | ||||
|  transmission: | ||||
|   image: haugene/transmission-openvpn | ||||
|   privileged: true | ||||
|   cap_add: | ||||
|     - NET_ADMIN | ||||
|   devices: | ||||
|     - "/dev/net/tun" | ||||
|   restart: always | ||||
|   ports: | ||||
|     - "9091:9091" | ||||
|   | ||||
		Reference in New Issue
	
	Block a user