Rootless

[webysther]

Theres a rootless version? Maybe a way to just start using 'user' directive in docker-compose, lsio use PUID and PGID that is not compatible but works if you want to go this route more fast.

• https://discourse.linuxserver.io/t/wallabag-docker-image/616/3
• https://linuxlemming.com/blog/e05/
• https://hub.docker.com/r/ikaruswill/wallabag
• https://github.com/ikaruswill/docker-wallabag

version: '3'
services:
  wallabag:
    image: ikaruswill/wallabag:2.4.2
    container_name: wallabag
    environment:
      - MYSQL_ROOT_PASSWORD=wallaroot
      - SYMFONY__ENV__DATABASE_DRIVER=pdo_mysql
      - SYMFONY__ENV__DATABASE_HOST=walla_db
      - SYMFONY__ENV__DATABASE_PORT=3306
      - SYMFONY__ENV__DATABASE_NAME=wallabag
      - SYMFONY__ENV__DATABASE_USER=wallabag
      - SYMFONY__ENV__DATABASE_PASSWORD=wallapass
      - SYMFONY__ENV__DATABASE_CHARSET=utf8mb4
      - SYMFONY__ENV__MAILER_HOST=127.0.0.1
      - SYMFONY__ENV__MAILER_USER=~
      - SYMFONY__ENV__MAILER_PASSWORD=~
      - SYMFONY__ENV__FROM_EMAIL=wallabag@example.com
      - SYMFONY__ENV__DOMAIN_NAME=https://YOURCUSTOMDOMAIN.com #If using a local host, put your IP and port number in here. If using a reverse proxy, you will need to put in your external port number. 10.10.0.4:80. If you aren't using ssl, then use http://
      - SYMFONY__ENV__SERVER_NAME="Pi Information Station"
      - SYMFONY__ENV__FOSUSER_CONFIRMATION=FALSE
    ports:
      - "8080:80" #i am using LSIO SWAG so my external port is 8080 but you can use any value. If you have no other services using port 80, then 80:80 can be used.
    volumes:
      - /path/where/you/save_data/images:/var/www/wallabag/web/assets/images
  walla_db:
    image: mariadb
    environment:
      - MYSQL_ROOT_PASSWORD=wallaroot
    volumes:
      - /path/where/you/save_data/data:/var/lib/mysql
  redis:
    image: redis:alpine

[afischer211]

I tried to run wallabag with the user-directive inside compose-file (like the redis-service). But the container does not start successfully - at first the entrypoint-script tries to write to folder /var/www/wallabag/app/config (this is not allowed for non-root user). I can solve this with mounting a host-folder to this path. The second issue is the call of su - this is also not allowed for non-root users. So it seems, we must rework the entrypoint-script and some concepts for folders and rights.

[mgoral]

Hello, I'm in the middle of migrating all of my docker services to rootless Podman. Today was the day of wallabag, and after a few hours of fiddling I finally managed to successfully run it (with sqlite backend). I'll describe the changes I made so they'll hopefully help you if you decide to create a proper image for rootless containers. There aren't many changes needed.

First of all, I decided to let wallabag run as a root within a container. I think this is more user-friendly approach, because users don't have to learn about podman run --userns=kep-id:... option. Nginx won't complain as well with the default port 80, which is a privileged port on most systems.

I've made a custom Containerfile which "inherits" from docker.io/wallabag. It reverses the chown of /var/www/wallabag and then copies some modified files:

FROM docker.io/wallabag/wallabag:2.6.7
RUN chown -R root:root /var/www/wallabag
COPY fpm-run /etc/s6/php-fpm/run
COPY php-fpm.conf /etc/php81/php-fpm.conf
COPY entrypoint.sh /entrypoint.sh

• entrypoint.sh: this is the same as entrypoint.sh in this repo, but it strips all invocations of "su". So for example, exec su -c 'foo bar' -s /bin/sh nobody becomes exec foo bar. On top of that, it removes the chown of db directory for sqlite.
• php-fpm.conf: same as php-fpm.conf in this repo, but configured for root instead of nobody:

  user = root
  group = root
  

• fpm-run: fpm complains for being run as root, so it adds --allow-to-run-as-root switch to the invocation

With these I was able to run wallabag with rootless Podman without any issues. Note that I was migrating existing installation, so I haven't tested if database creation works or if other commands (like "migrate" or "import") work, but I don't see why they wouldn't.