| Both sides previous revision Previous revision Next revision | Previous revision |
| omv7:docker_in_omv [2024/11/10 10:38] – [User and permission management in docker and OMV. More security.] chente | omv7:docker_in_omv [2025/04/20 08:58] (current) – [2. Plugin Settings] chente |
|---|
| Where <b>/srv/dev-disk-by-uuid-9d43cda9-20e5-474f-b38b-6b2b6c03211a/appdata</b> is the absolute path to the <i>appdata</i> folder. You can copy it from the OMV GUI in the STORAGE > SHARED FOLDERS tab in the ABSOLUTE PATH column. When you start the container, Docker will create the <i>jellyfin</i> and <i>config</i> subfolders if they do not exist.<br> | Where <b>/srv/dev-disk-by-uuid-9d43cda9-20e5-474f-b38b-6b2b6c03211a/appdata</b> is the absolute path to the <i>appdata</i> folder. You can copy it from the OMV GUI in the STORAGE > SHARED FOLDERS tab in the ABSOLUTE PATH column. When you start the container, Docker will create the <i>jellyfin</i> and <i>config</i> subfolders if they do not exist.<br> |
| Later you can see this with examples. | Later you can see this with examples. |
| | </tr></table></body></html> |
| | *...<html><body><table width="100%" border="0"><tr><td colspan="2" style="background-color:#FFB663;height:30px;"><strong><span style="color:#FFFFFF;font-size:110%;">  |
| | Warning |
| | </span></strong></td></tr><tr><td style="background-color:#FFE4A6;height:25px;width:380px;"> |
| | Make sure to create subfolders within each appdata folder for each container folder.<br> |
| | Don't do this: <b>- /srv/dev-disk-by-uuid-9d43cda9-20e5-474f-b38b-6b2b6c03211a/appdata/jellyfin:/config</b><br> |
| | If you do this, the persistent data in the config folder will be mixed with the plugin's Docker files, and permissions could change without warning.<br> |
| | Do this: <b>- /srv/dev-disk-by-uuid-9d43cda9-20e5-474f-b38b-6b2b6c03211a/appdata/jellyfin/config:/config</b><br> |
| | This way, the permissions will remain as created by the container. |
| </tr></table></body></html> | </tr></table></body></html> |
| *...<html><body><table width="100%" border="0"><tr><td colspan="2" style="background-color:#2C6700;height:30px;"><strong><span style="color:#FFFFFF;font-size:110%;">  Advanced configuration. | *...<html><body><table width="100%" border="0"><tr><td colspan="2" style="background-color:#2C6700;height:30px;"><strong><span style="color:#FFFFFF;font-size:110%;">  Advanced configuration. |
| </span></strong></td></tr><tr><td style="background-color:#E6FEFF;height:25px;width:380px;"> | </span></strong></td></tr><tr><td style="background-color:#E6FEFF;height:25px;width:380px;"> |
| If you don't have a fast drive for Docker, you can configure the <i>data</i> and <i>appdata</i> folders in the same shared folder. This will make the CHANGE_TO_COMPOSE_DATA_PATH variable serve to define the path of both. This is how the plugin example files are preconfigured. | If you don't have a fast drive for Docker, you can configure the <i>data</i> and <i>appdata</i> folders in the same shared folder. This will make the CHANGE_TO_COMPOSE_DATA_PATH variable serve to define the path of both. This is how the plugin example files are preconfigured. |
| | </tr></table></body></html> |
| | * ...<html><body><table width="100%" border="0"><tr><td colspan="2" style="background-color:#69A5FF;height:30px;"><strong><span style="color:#FFFFFF;font-size:110%;">  Beginners Info |
| | </span></strong></td></tr><tr><td style="background-color:#E6FEFF;height:25px;width:380px;"> |
| | The internal structure described in the "data" folder is unimportant. In this document, a "standard" structure has simply been described for illustrative purposes, so that the reader has a general idea about what the content of that folder may be. You can distribute within that folder any directory tree that you feel comfortable with. |
| </tr></table></body></html> | </tr></table></body></html> |
| * CONFIGURE THE DATA FOLDER: | * CONFIGURE THE DATA FOLDER: |
| Don't add <i>appuser</i> to the <i>docker</i> group. This is a security hole. | Don't add <i>appuser</i> to the <i>docker</i> group. This is a security hole. |
| </tr></table></body></html> | </tr></table></body></html> |
| * Edit //appuser// permissions and grant the appropriate permissions on each shared folder. At a minimum //appuser// must have write permissions to the //appdata// folder. Choose the permissions for the rest and make sure to deny anything that the containers do not need to function. | * Edit //appuser//'s permissions and grant the appropriate permissions to each shared folder that the containers should be able to access. Persistent configuration data will generally be stored in //appdata//, so we'll give appuser write permissions to the //appdata// folder. It must also have access to the shared folders defined as volumes in the containers. For example, for Jellyfin, this could be the /media folder where movies are stored. Make sure this user only has access to the necessary folders. |
| * ...<html><body><table width="100%" border="0"><tr><td colspan="2" style="background-color:#69A5FF;height:30px;"><strong><span style="color:#FFFFFF;font-size:110%;">  Beginners Info | * ...<html><body><table width="100%" border="0"><tr><td colspan="2" style="background-color:#69A5FF;height:30px;"><strong><span style="color:#FFFFFF;font-size:110%;">  Beginners Info |
| </span></strong></td></tr><tr><td style="background-color:#E6FEFF;height:25px;width:380px;"> | </span></strong></td></tr><tr><td style="background-color:#E6FEFF;height:25px;width:380px;"> |