THIS GUIDE IS NOW ON THE OMV-EXTRAS WIKI.
This g uide establishes a method
to successfully install a docker application on OMV.
and basic concepts Docker
is a technology that enables the creation and use of Linux
containers. A container is a closed environment where one or more
applications and their dependencies are installed, grouped and
isolated from each other, running on the same operating system
allows you to install, uninstall, modify, update applications as many
times as you want without causing damage to the system. Starting
from a system with OMV installed and with a file system with shared
folders, to use Docker we need::
A SPACE in our file system to store the containers. The recommendation for this purpose is to dedicate an SSD disk, independent of the operating system, with EXT4 format, of at least 60GB. This approach provides application speed, avoids docker incompatibilities with special file systems, and makes applications completely independent of disk from the operating system. PROGRAM FILES and CONFIGURATION FILES will be stored in this space: PROGRAM FILES: They are expendable files. They will be stored in the docker folder of the SSD drive. Docker takes care of downloading these files from the internet and configuring them automatically. Docker containers are updated by downloading the latest version of these files and replacing the old one. There are some exceptions, check the documentation for each container you install to find out how it works.
CONFIGURATION FILES: They are irreplaceable files. They will be stored in the appdata folder of the SSD drive. They are created, modified and customized during the operation of the application with passwords, personal settings, databases, etc. depending on the use case. We'll also use the compose folder to store docker-compose's composition stacks. We must keep them if we want to keep the application in the same state or restore it after a reinstallation of OMV. It is a good idea to make regular backup copies of these two folders.
A USER who will be in charge of executing the container. Docker applications execute the actions on the system from the container by means of a user. The permissions that we grant to this user will be the permissions that the container has. This will be the control mechanism to prevent the application from doing something on our system that we don't want it to do. For security, it is convenient to create a user and grant only the necessary permissions for the application to work. In this guide this user is called appuser. The containers should write/read in the docker and appdata folders. The way to give permissions to the container is to give them to the user who runs it. Therefore, we need to give appuser write permissions on these folders. Also, if we want the app to use data from our shared folders, appuser must have access to those folders as well. For simplicity this guide uses a single user for all docker containers, appuser. Normally this will suffice. If you need to further adjust the security you can create a user for each container and further adjust the permissions.
A FILE SYSTEM where the data to be used by the application that we are installing is stored. For simplicity, in this guide we limit ourselves to a single shared folder called DATA. You will probably have called it something else, name it your real folder instead of DATA. These folders will store the data used by each application. In the case of Jellyfin, for example, we are referring to the movies, photos, etc. Which could be in DATA/media/films DATA/media/photos ... The file system used to store this data is irrelevant. We just need OMV to recognize it and be able to create a shared folder in it and grant the necessary permissions to the user appuser.