Omv5 Docker

Sep 11, 2020 How to: Install docker on OpenMediaVault 5 (OMV5) easily & How to: Configure docker (Docker Storage) to use specific location to store files/container/images other than default location easily. The above guide explains how to install Docker on OMV 5, since we will use portainer here to manage docker for easier docker management. The process is really fast and easy. We’ll do everything in stacks, but before we do that, there’s some setup we need to do first. You’ll want to make sure that you’ve got a shared folder on your OpenMediaVault server for your different containers’ configuration files and folders.

  1. Omv5 Docker Gui
  2. Omv5 Docker Tutorial
  3. Omv5 Docker Download
  4. Omv5 Docker Tools
  5. Omv5 Docker Plex
  6. Omv5 Docker Portainer

Estimated reading time: 4 minutes

On Linux, Docker manipulates iptables rules to provide network isolation.While this is an implementation detail and you should not modify the rulesDocker inserts into your iptables policies, it does have some implicationson what you need to do if you want to have your own policies in addition tothose managed by Docker.

If you’re running Docker on a host that is exposed to the Internet, you willprobably want to have iptables policies in place that prevent unauthorizedaccess to containers or other services running on your host. This pagedescribes how to achieve that, and what caveats you need to be aware of.

Add iptables policies before Docker’s rules

Docker installs two custom iptables chains named DOCKER-USER and DOCKER,and it ensures that incoming packets are always checked by these two chainsfirst.

All of Docker’s iptables rules are added to the DOCKER chain. Do notmanipulate this chain manually. If you need to add rules which load beforeDocker’s rules, add them to the DOCKER-USER chain. These rules are appliedbefore any rules Docker creates automatically.

Rules added to the FORWARD chain -- either manually, or by anotheriptables-based firewall -- are evaluated after these chains. This means thatif you expose a port through Docker, this port gets exposed no matter whatrules your firewall has configured. If you want those rules to apply evenwhen a port gets exposed through Docker, you must add these rules to theDOCKER-USER chain.

Omv5 Docker Gui

Restrict connections to the Docker host

By default, all external source IPs are allowed to connect to the Docker host.To allow only a specific IP or network to access the containers, insert anegated rule at the top of the DOCKER-USER filter chain. For example, thefollowing rule restricts external access from all IP addresses except 192.168.1.1:

Please note that you will need to change ext_if to correspond with yourhost’s actual external interface. You could instead allow connections from asource subnet. The following rule only allows access from the subnet 192.168.1.0/24:

Finally, you can specify a range of IP addresses to accept using --src-range(Remember to also add -m iprange when using --src-range or --dst-range):

You can combine -s or --src-range with -d or --dst-range to control boththe source and destination. For instance, if the Docker daemon listens on both192.168.1.99 and 10.1.2.3, you can make rules specific to 10.1.2.3 and leave192.168.1.99 open.

iptables is complicated and more complicated rules are out of scope for thistopic. See the Netfilter.org HOWTOfor a lot more information.

Docker on a router

Omv5 docker plugin

Docker also sets the policy for the FORWARD chain to DROP. If your Dockerhost also acts as a router, this will result in that router not forwardingany traffic anymore. If you want your system to continue functioning as arouter, you can add explicit ACCEPT rules to the DOCKER-USER chain toallow it:

Prevent Docker from manipulating iptables

It is possible to set the iptables key to false in the Docker engine’s configuration file at /etc/docker/daemon.json, but this option is not appropriate for most users. It is not possible to completely prevent Docker from creating iptables rules, and creating them after-the-fact is extremely involved and beyond the scope of these instructions. Setting iptables to false will more than likely break container networking for the Docker engine.

For system integrators who wish to build the Docker runtime into other applications, explore the moby project.

Setting the default bind address for containers

By default, the Docker daemon will expose ports on the 0.0.0.0 address, i.e.any address on the host. If you want to change that behavior to onlyexpose ports on an internal IP address, you can use the --ip option tospecify a different IP address. However, setting --ip only changes thedefault, it does not restrict services to that IP.

Omv5 docker software

Integration with Firewalld

If you are running Docker version 20.10.0 or higher with firewalld on your system with --iptables enabled, Docker automatically creates a firewalld zone called docker and inserts all the network interfaces it creates (for example, docker0) into the docker zone to allow seamless networking.

Consider running the following firewalld command to remove the docker interface from the zone.

Restarting dockerd daemon inserts the interface into the docker zone.

network, iptables

In this blog/video we’ll look at How to Install DashMachine on Docker and OMV5.

DashMachine is a web application bookmark dashboard, with “fun features”.

The process of setting this up is easy and you can find all the code below with both an SSH script as well as a Docker compose file that you can use in Portainer.

DashMachine Docker Script

To install via a commandline interface, open Putty or your favorite SSH application and login as root.

Next, paste this in:

Be sure to change the volume to be a configuration folder on your server.

Also, you might need to manually start the container if it fails to start on its own.

The original GitHub page is here: https://github.com/rmountjoy92/DashMachine

DashMachine Portainer Script

To install via Portainer, you’ll want to login to your Portainer dashboard and open the “Stacks” link.

Create a new Stack and paste this in:

Omv5 Docker

Be sure to change the volume to be a configuration folder on your server.

Also, you might need to manually start the container if it fails to start on its own.

Customizing the Dashboard

File

You’ll need to login with the following credentials:

URL: http://your-server-ip:5000
Username: admin
Password: admin

Next, hover over the left sidebar and click on the Settings gear.

Omv5 Docker Tutorial

Your Config.ini file will look like this:

The first things I changed were the theme and accent to “dark” and “blue” respectively:

Because I’ve got several applications/containers on my server, I wanted to make them all accessible, so here’s an example of a couple of the app link configurations on my DashMachine Config.ini:

There are several icons pre-installed in the application, so let’s take a look at that here:

You can add more icons to the folder by using something like Filezilla and navigating to the container and copying .png files over.

Omv5 Docker Download

That’s it! Now you have a DashMachine docker container installed and configured on your server!

Omv5 Docker Tools

Here are some additional tutorials about OpenMediaVault 5 and Docker.

Omv5 Docker

//

Omv5 Docker Plex

Like what I do? Want to be generous and help support my channel? Here are some ways to support:

Omv5 Docker Portainer

Patreon: https://dbte.ch/patreon
Ko-fi: https://dbte.ch/kofi