dockerrootlessletsencrypt-nginx-proxy-companion

Docker rootless Error: you need to share your Docker host socket with a volume at /var/run/docker.sock

I am trying to go rootless with Docker.

I have followed all the steps presented in the official documentation. I also allowed the use of the unprivileged ports, to include the 443.

To test if everything works the way I need it, I installed the "nginx-proxy-automation".

Everything got installed flawlessly. However, the jrcs/letsencrypt-nginx-proxy-companion:2.1 container

version: '3'

services:
  nginx-proxy-automation-letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion:${NGINX_PROXY_COMPANION_IMAGE_VERSION:-2.0}
    container_name: ${LETS_ENCRYPT_SEVICE_NAME:-nginx-proxy-automation-letsencrypt}
    restart: always
    volumes:
      - ${NGINX_FILES_PATH:-./data}/conf.d:/etc/nginx/conf.d
      - ${NGINX_FILES_PATH:-./data}/vhost.d:/etc/nginx/vhost.d
      - ${NGINX_FILES_PATH:-./data}/html:/usr/share/nginx/html
      - ${NGINX_FILES_PATH:-./data}/certs:/etc/nginx/certs:rw
      - ${NGINX_FILES_PATH:-./data}/acme.sh:/etc/acme.sh
      - /var/run/docker.sock:/var/run/docker.sock:ro

reports the following error:

Error: you need to share your Docker host socket with a volume at /var/run/docker.sock
Typically you should run your container with: '-v /var/run/docker.sock:/var/run/docker.sock:ro' 
Info: running acme-companion version v2.1.0

which causes the container to restart every x seconds.

What can I do to fix it? What am I missing?

Workaround

Based on @gdahlm 's answer, I first tried the following:

- unix://$XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro

But I got the following error:

ERROR: Volume unix://$XDG_RUNTIME_DIR/docker.sock:/tmp/docker.sock:ro has incorrect format, should be external:internal[:mode]

simply because there's an extra : colon in the volume path.

So digging further in this Trying Rootless Docker with Testcontainers article, I then tried

- $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro

But it didn't work either, because I got the following error:

ERROR: Named volume "$XDG_RUNTIME_DIR/docker.sock:/tmp/docker.sock:ro" is used in service "docker-gen-auto" but no declaration was found in the volumes section.

Finally I tried echoing out the $XDG_RUNTIME_DIR in the terminal, like so:

$ echo $XDG_RUNTIME_DIR

And I got:

/run/user/1000

So, I hardcoded it into the .env file variable:

DOCKER_HOST_ROOTLESS_PATH=/run/user/1000/docker.sock

and inside the docker-compose.yml file

  - ${DOCKER_HOST_ROOTLESS_PATH:-/var/run/docker.sock}:/tmp/docker.sock:ro

And it finally worked!

But leaving it like this inside the .env file:

DOCKER_HOST_ROOTLESS_PATH=$XDG_RUNTIME_DIR/docker.sock

didn't work.

Solution

  • This is a jrcs/letsencrypt-nginx-proxy-companion specific bug, if you look in the docker-compose.yml you will see this.

        - "/var/run/docker.sock:/var/run/docker.sock:ro"

    Try changing that to:

       - "unix://$XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro"

    But that value may change based on how your install is configured.

    Really the maintainer of jrcs/letsencrypt-nginx-proxy-companion needs to move to using $DOCKER_HOST vs using a hard coded path.