This has been a time-saver for me! I bought a course on Udemy that goes through docker, but totally spend like 2 sentences on this. I've been working with AI and config files for about a week now and finally got my app configured, but now I'm hitting this permission thing. I've been googling for about an hour and just now came across your video! THANK YOU! I just bought YOUR course. Please include this as a separate detailed section in your course!

@NickJanetakis

2 ай бұрын

Hi, thanks a lot I really appreciate it. Happy to hear it helped.

Hi Nick. Thanks for the video. There is no better way to do this as far as I know. I've seen this approach in many projects.

Great video! Thanks a lot

about same amount of people suffered from the issue and went to/came after viewing the official video from VScode

Thank you for this video help me :)

Is it possible to configure docker on my pc to always use a non-root user? So I don't have to set it everytime for every project I have?

@NickJanetakis

2 ай бұрын

There is "rootless mode" that you can check out: docs.docker.com/engine/security/rootless/ , I haven't used it personally though.

I Nick, I need your help for setting up of OpenGrok as a container with UID & GID could you please help me...

@NickJanetakis

Жыл бұрын

Hi, I've never used that tool. I'd suggest reaching out to the maintainers of that project if it doesn't support customizing the UID / GID or running things as a non-root user.

Hi Nick. Really like your content. However, you really need to talk slower. It would greatly help in following along with the video. Thanks

@NickJanetakis

Жыл бұрын

Hi, thanks. Does listening back at 0.75x speed help?

Hey Nick thanks for the video. May I ask you to explain how to define, set, and change the UID for Image User?

@NickJanetakis

11 ай бұрын

Hi, it's in the .env file, that's the only spot you need to adjust and then you can rebuild your image.

Great video Nick!!! Seems like this is the way to go if you are building your own images. Was wondering what you would do if you work with pre-built images that you pull from a registry. How you run these safely? I think you would need to use: docker user namespace remapping correct?

@NickJanetakis

4 ай бұрын

Thanks, you can create your own image out of the pre-built image and switch to a non-root user. Some 3rd party pre-built images already run as a non-root user too. It really depends.

@alphenit

4 ай бұрын

@@NickJanetakis Ah of course, thank you Sir!

Hey Nick! What is your opinion about having a sftp container that shares a volume with an nginx container in order to update files remotely? I am confused about nginx needing its user www-data rw access and the custom sftp user being blocked because of permissions. Which approach would you take in this situation?

@NickJanetakis

4 ай бұрын

Hi, you can create a custom group so multiple users have the same access. When you say share a volume do you mean with "--volumes-from" or using a named volume? Personally I like to run nginx directly on my Docker host outside of Docker, I've written about that here: nickjanetakis.com/blog/why-i-prefer-running-nginx-on-my-docker-host-instead-of-in-a-container

@TheRcfrias

4 ай бұрын

Yeah, I mean named volume. I have to share anyways the files between nginx and php-fpm, so a third sftp container didn’t sound too bad. The problem I am facing is that either the files are owned by www-data:www-data or the sftp user rcfrias. Custom user group inside containers wont work because of isolation. Do you mean to create the group at the host level?

@NickJanetakis

4 ай бұрын

@@TheRcfrias Yeah it gets tricky with volumes. That's why I'd suggest keeping nginx outside of Docker. You could make a shared group on the host and have the same GIDs configured in both containers, as long as the GID matches (it could be a different group name) then it should work? I haven't tried this type of set up though.

@TheRcfrias

4 ай бұрын

@@NickJanetakis I read your post about keeping nginx at host. I think the main reason why most devs avoid this, is the hassle of setting up SSL certs manually. I'd love to check out your Certbot solution if its available. In my case I have NGINX(rev-proxy) -> NGINX(site) -> (proxy_pass fastcgi) -> php-fpm:9000. Even using your way, I still need to let NGINX(site) know how the owner of the /var/www/html files is, and be able to use the same owner in my sftp container to be able to rwx the files.

@TheRcfrias

4 ай бұрын

I ended up assigning my sftp's container user to my nginx's container group, to my surprise this works although the www-data group is nowhere to find in my sftp container. So how the container knows that the group www-data exists? does it creates a local www-data group when I run this on the sftp container?: chown -R www-data:www-data $user_home/webroot *weird enough after this line I run: chmod -R 775 $user_home/webroot usermod -aG www-data rcfrias and all works as expected

How about using docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) .... then you don't have to hard code the value in the .env file.

@NickJanetakis

6 ай бұрын

Oftentimes you'll want to build an image in CI and push that image to production. If you used build args with dynamic values you'd end up building production images with a UID/GID that doesn't match what's in prod and permissions will be broken. If you go the build arg route but use hard coded values IMO you might as well use an .env file because it's more declarative and documented. Also in development, it would be a nuisance if you had to type that long build command or create a custom alias to use the project.

permission denied for groupadd. Using docker desktop

@NickJanetakis

Жыл бұрын

Did you run the command as root in your Dockerfile?

@user-dr4ur7cp2s

Жыл бұрын

@@NickJanetakis sudo docker compose -f docker-compose.test.yml up yip running the azuresqledge container. Without root works for mac but not on linux so that's what brought me to this tutorial :D

@NickJanetakis

Жыл бұрын

@@user-dr4ur7cp2s To run containers without sudo on Linux requires modifying your Docker host's user by adding it to the docker group. It's documented in the Linux install instructions: docs.docker.com/engine/install/linux-postinstall/

toooooo fast bro

@NickJanetakis

11 ай бұрын

You can always drop the playback speed to 0.75.

@RadTechDad

2 ай бұрын

@@NickJanetakis Yes, I noticed that you talk WAY faster here, than you do on your own Docker courses. But also like you said, playback speed can be dropped to 0.75 speed.

@NickJanetakis

2 ай бұрын

@@RadTechDad It's the difference between partially scripted (the course) and fully unscripted / unplanned (this video). My natural speaking pace is closer to how this video is.