Reduce the amount of privileges needed
This commit is contained in:
Aaron Wood
@@ -39,7 +39,7 @@ The container is available from the Docker registry and this is the simplest way
|
||||
To run the container use this command:
|
||||
|
||||
```
|
||||
$ docker run --privileged -d \
|
||||
$ docker run --cap-add=NET_ADMIN --device=/dev/net/tun -d \
|
||||
-v /your/storage/path/:/data \
|
||||
-v /etc/localtime:/etc/localtime:ro \
|
||||
-e "OPENVPN_PROVIDER=PIA" \
|
||||
@@ -117,7 +117,7 @@ Please note that if you pass in env. variables on the command line these will ov
|
||||
See explanation of variables above.
|
||||
To use this env file, use the following to run the docker image:
|
||||
```
|
||||
$ docker run --privileged -d \
|
||||
$ docker run --cap-add=NET_ADMIN --device=/dev/net/tun -d \
|
||||
-v /your/storage/path/:/data \
|
||||
-v /etc/localtime:/etc/localtime:ro \
|
||||
--env-file /your/docker/env/file \
|
||||
@@ -233,7 +233,7 @@ nameserver 8.8.8.8
|
||||
nameserver 8.8.4.4
|
||||
```
|
||||
- Save the file with [escape] + `:wq!`
|
||||
- Create your docker container with a classic command like `docker run --privileged -d -v /volume1/foldername/resolv.conf:/etc/resolv.conf -v /volume1/yourpath/:/data -e "OPENVPN_PROVIDER=PIA" -e "OPENVPN_CONFIG=Netherlands" -e "OPENVPN_USERNAME=XXXXX" -e "OPENVPN_PASSWORD=XXXXX" -p 9091:9091 --name "TransmissionVPN" haugene/transmission-openvpn`
|
||||
- Create your docker container with a classic command like `docker run --cap-add=NET_ADMIN --device=/dev/net/tun -d -v /volume1/foldername/resolv.conf:/etc/resolv.conf -v /volume1/yourpath/:/data -e "OPENVPN_PROVIDER=PIA" -e "OPENVPN_CONFIG=Netherlands" -e "OPENVPN_USERNAME=XXXXX" -e "OPENVPN_PASSWORD=XXXXX" -p 9091:9091 --name "TransmissionVPN" haugene/transmission-openvpn`
|
||||
- To make it work after a nas restart, create an automated task in your synology web interface : go to **Settings Panel > Task Scheduler ** create a new task that run `/volume1/foldername/TUN.sh` as root (select '_root_' in 'user' selectbox). This task will start module that permit the container to run, you can make a task that run on startup. These kind of task doesn't work on my nas so I just made a task that run every minute.
|
||||
- Enjoy
|
||||
|
||||
@@ -261,7 +261,8 @@ ExecStartPre=-/usr/bin/docker rm transmission-openvpn
|
||||
ExecStartPre=/usr/bin/docker pull haugene/transmission-openvpn
|
||||
ExecStart=/usr/bin/docker run \
|
||||
--name transmission-openvpn \
|
||||
--privileged \
|
||||
--cap-add=NET_ADMIN \
|
||||
--device=/dev/net/tun \
|
||||
-v /home/bittorrent/data/:/data \
|
||||
-e "OPENVPN_PROVIDER=TORGUARD" \
|
||||
-e "OPENVPN_USERNAME=bittorrent@example.com" \
|
||||
|
||||
@@ -2,11 +2,14 @@ version: '2'
|
||||
|
||||
services:
|
||||
transmission:
|
||||
build:
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile.armhf
|
||||
image: haugene/rpi-transmission-openvpn
|
||||
privileged: true
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
||||
restart: always
|
||||
ports:
|
||||
- "9091:9091"
|
||||
|
||||
@@ -2,7 +2,10 @@ version: '2'
|
||||
services:
|
||||
transmission:
|
||||
image: haugene/transmission-openvpn
|
||||
privileged: true
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
devices:
|
||||
- "/dev/net/tun"
|
||||
restart: always
|
||||
ports:
|
||||
- "9091:9091"
|
||||
|
||||
Reference in New Issue
Block a user