I'm using OpenMediaVault to host my Plex Docker container, and all my media files are on SMB shares on another host. I've had success using the Remote Mount feature and manually mounting those CIFS shares, then mapping the mount points into the Plex Docker compose file, and then bringing up the Plex container. If I reboot OpenMediaVault, Remote Mount does not automatically mount those shares, so I need to bring down Plex, mount the shares, then bring Plex up manually, which is not ideal.
Is the lack of automounting of Remount Mount storage a limitation or a bug? If I could get that storage to auto mount, then maybe I could look into leveraging Docker swarm features to implement a container healthcheck that could use "mountpoint -q" to test whether that storage is mounted and then auto-restart the Plex instance based on it's state.
Alternatively, I have found a lot of mentions about using Docker to create CIFS volumes as part of the container so they would mount/unmount inside of and part of the container (which makes a lot of sense):
However no matter what I did when I tried to start my container in compose, I would always get, "Container plex Starting Error response from daemon: error while mounting volume [...] : no route to host". There are references (including in the docs above) about Docker needing to have the IP address at least passed in via addr or just have the CIFS share referenced by IP address, and I tried that however I would still get that "no route to host" error message. I think that leaves two other possibilities. One possibility is that there is some issue with the way Docker is interacting with the Debian firewall that is causing this issue (however there is no issue for the Plex server if I instead do the CIFS mount outside of Docker, map that into the container, and then bring up the Plex container, Plex operates normally on my network). The other possibility is that this is a security issue, and that Docker is blocking the ability of mounting a remote filesystem in the container. In years past there were mentions of working around those limitations by loosening Docker security with flags like "--cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH", and later people mentioning they also needed "--security-opt apparmor:unconfined", and then later still people saying the container just needs to be run "--privileged". I'm not keen on that if there is a better way, but maybe that's necessary now?