kopia lustrzana https://github.com/linuxserver/docker-documentation
Bot Updating Documentation
rodzic
33b87b03d0
commit
1437c909e0
|
@ -55,7 +55,7 @@ The architectures supported by this image are:
|
|||
|
||||
## Application Setup
|
||||
|
||||
You can specify mods to download via the `DOCKER_MODS` environment variable like any other container, or allow discovery through docker by mounting the docker socket into the container (or configuring a suitable alternative endpoint via DOCKER_HOST).
|
||||
You can specify mods to download via the `DOCKER_MODS` environment variable like any other container, or allow discovery through docker by mounting the docker socket into the container (or configuring a suitable alternative endpoint via the built-in `DOCKER_HOST` environment variable). Whichever option you choose the appropriate `DOCKER_MODS` environment variable must still be present on the containers that need to install them.
|
||||
|
||||
The Modmanager container will download all needed mods on startup and then check for updates every 6 hours; if you're using docker discovery it will automatically pick up any new mods.
|
||||
|
||||
|
@ -65,9 +65,48 @@ If a mod requires additional packages to be installed, each container will still
|
|||
|
||||
Note that the Modmanager container itself does not support applying mods *or* custom files/services.
|
||||
|
||||
**Modmanager is only supported for use with Linuxserver images built after 2025-01-01, while it may work with 3rd party containers using our images as a base we will not provide support for them.**
|
||||
|
||||
### Security considerations
|
||||
|
||||
Mapping `docker.sock` is a potential security liability because docker has root access on the host and any process that has full access to `docker.sock` would also have root access on the host. Docker api has no built-in way to set limitations on access, however, you can use a proxy for the `docker.sock` via a solution like [our docker socket proxy](https://github.com/linuxserver/docker-socket-proxy), which adds the ability to limit access. Then you would just set `DOCKER_HOST=` environment variable to point to the proxy address.
|
||||
Mapping `docker.sock` is a potential security liability because docker has root access on the host and any process that has full access to `docker.sock` would therefore also have root access on the host. The docker API has no built-in way to set limitations on access, however, you can use a proxy for `docker.sock` via a solution like [our docker socket proxy](https://github.com/linuxserver/docker-socket-proxy), which adds the ability to limit API access to specific endpoints.
|
||||
|
||||
### Multiple Hosts
|
||||
|
||||
>[!NOTE]
|
||||
>Make sure you fully understand what you're doing before you try and set this up as there are lots of ways it can go wrong if you're just guessing.
|
||||
|
||||
Modmanager can query & download mods for remote hosts, as well as the one on which it is installed. At a very basic level if you're just using the `DOCKER_MODS` env and not docker discovery, simply mount the `/modcache` folder on your remote host(s), ensuring it is mapped for all participating containers.
|
||||
|
||||
If you are using docker discovery, our only supported means for connecting to remote hosts is [our socket proxy container](https://github.com/linuxserver/docker-socket-proxy/). Run an instance on each remote host:
|
||||
|
||||
>[!WARNING]
|
||||
>DO NOT expose a socket proxy to your LAN if it allows any write operations (`POST=1`, `ALLOW_RESTART=1`, etc) or exposes any API elements that are not absolutely necessary. NEVER expose a socket proxy to your WAN.
|
||||
|
||||
```yml
|
||||
modmanager-dockerproxy:
|
||||
image: lscr.io/linuxserver/socket-proxy:latest
|
||||
container_name: modmanager-dockerproxy
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
- POST=0
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
tmpfs:
|
||||
- /run:exec
|
||||
ports:
|
||||
- 2375:2375
|
||||
restart: unless-stopped
|
||||
read_only: true
|
||||
```
|
||||
|
||||
And then add it to the `DOCKER_MODS_EXTRA_HOSTS` env using the full protocol and port, separating multiple servers with a pipe (`|`), e.g.
|
||||
|
||||
```yaml
|
||||
- DOCKER_MODS_EXTRA_HOSTS=tcp://host1.example.com:2375|tcp://host2.example.com:2375|tcp://192.168.0.5:2375
|
||||
```
|
||||
|
||||
As above you will need to mount the `/modcache` folder on your remote host(s), ensuring it is mapped for all participating containers.
|
||||
|
||||
## Usage
|
||||
|
||||
|
@ -87,6 +126,7 @@ services:
|
|||
environment:
|
||||
- DOCKER_MODS= `#optional`
|
||||
- DOCKER_HOST= `#optional`
|
||||
- DOCKER_MODS_EXTRA_HOSTS= `#optional`
|
||||
volumes:
|
||||
- /path/to/modcache:/modcache
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro `#optional`
|
||||
|
@ -100,6 +140,7 @@ docker run -d \
|
|||
--name=modmanager \
|
||||
-e DOCKER_MODS= `#optional` \
|
||||
-e DOCKER_HOST= `#optional` \
|
||||
-e DOCKER_MODS_EXTRA_HOSTS= `#optional` \
|
||||
-v /path/to/modcache:/modcache \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock:ro `#optional` \
|
||||
--restart unless-stopped \
|
||||
|
@ -114,6 +155,7 @@ Containers are configured using parameters passed at runtime (such as those abov
|
|||
| :----: | --- |
|
||||
| `-e DOCKER_MODS=` | Pipe-delimited (`\|`) list of mods to download |
|
||||
| `-e DOCKER_HOST=` | Specify the docker endpoint to use if not using the docker.sock |
|
||||
| `-e DOCKER_MODS_EXTRA_HOSTS=` | Pipe-delimited (`\|`) list of additional hosts to query & download mods for. See app setup section for details. |
|
||||
| `-v /modcache` | Modmanager mod storage. |
|
||||
| `-v /var/run/docker.sock:ro` | Mount the host docker socket into the container. |
|
||||
|
||||
|
@ -237,4 +279,5 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
|||
|
||||
## Versions
|
||||
|
||||
* **05.01.25:** - Support multiple hosts.
|
||||
* **22.12.24:** - Initial Release.
|
||||
|
|
Ładowanie…
Reference in New Issue