Running docker compose the right way (lemmy.ml)

submitted 2 weeks ago by trilobite@lemmy.ml to c/selfhost@lemmy.ml

6 comments fedilink hide all child comments

I'm having some problems installing Vaultwarden and I wonder if it because I'm running docker compose in the wrong way and there are user permission issues.

What is the right way of installing docker compose (on a linux VM)? In in the past I would create a docker folder /home/user/docker. In there I would create the folder firefly or whatever and then I would run docker compose as user. So, when installing firefly, I would be in the /home/user/docker/firefly and run docker compose from within. Not as root (using sudo) but as a the normal user user. Firefly service would just run without problmes. Shoudl I be installing containers this way of shoudl I be using root (sudo)?

top 6 comments

sorted by: hot top controversial new old

[-] eager_eagle@lemmy.world 7 points 2 weeks ago

that is fine, the only requirement AFAIK is the user being in the docker group in case you're having permission issues running it as user

[-] trilobite@lemmy.ml 1 points 2 weeks ago

Of course, i forgot to mention, that user is in the docker grp. I was just thinking that maybe, as the data folders/volumes for the containers were saved in the user home directory, there may be read/write issues foe the various containers.

Likewise, i was worried that if installing/running a sensitive service like Vaultwarden with sudo exposed me to risks.

[-] chonkyninja@lemmy.world 2 points 2 weeks ago

Or you know, move on to newer better tools that even docker uses internally instead of this limpdick unsupported tool.

Use kind, and kubernetes resources. You can literally use ‘kompose’ to convert your compose config, and then apply it to a local kind cluster.

[-] bobo_buffington@lemmy.ml 1 points 2 weeks ago

Since when is docker compose unsupported?

[-] 4jVXAfSdzKnV@lemmy.ml 2 points 2 weeks ago* (last edited 2 weeks ago)

Yeah you can to that. I did this like you when I started with my homelab. I used podman very fast after playing with docker. You can just replace docker with podman ex:

podman pull x
podman run x
podman compose up

Podman has better rootless support and is a bit more secure because of that.

Just a few tips (optional but I recommend you)

Do not run container as root: If you run a container as root and the container gets hijacked someone could start/stop container on your behalf and since it would be possible to mount the root fs to the container they would be able to hijack the os. Do not mount the docker socked into the container unless you really trust the process and know the risks.
UID/GID should not match with the hosts: If you share the same UID (1000) from your user and then the container has the same UID inside it, then they have technically the same permission set as your home directory or worse root directory (if UID is 0) and could do harm if they are exploited and can break free of the container
Remember to stay up to date: Go on Vaultwarden GitHub and subscribe to notifications about "Security" and "Releases". Since I would use podman over docker you could have a look into podman auto updates feature.
Limit container resources: Just do it. No downsides. Limit CPU and RAM usage of the container via the compose.yml file. If someone hacks the container they can't mine bitcoin on it so easily and it chills your server abit. Here is how you can do that.

Kubernetes is a bit overkill and bloated for your usecase. Kubernetes would be interesting if you host a service with world wide access and millions of parralel users because of the nice scaling functionality of kubernetes.

What ever you do you did the right choice to learn something new, and I wish you fun and joy doing this! When I started vs today I learned many new things and practices which helped me earn money and have fun!

[-] PotatoesFall@discuss.tchncs.de 1 points 2 weeks ago

I don't understand the question tbh. Make a docker-compose.yml in some folder, and then run your docker compose commands in that folder. Does that result in error and if so what errors?

this post was submitted on 20 Dec 2025

10 points (100.0% liked)

Self Hosted - Self-hosting your services.

17368 readers

7 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

No harassment
crossposts from c/Open Source & c/docker & related may be allowed, depending on context
Video Promoting is allowed if is within the topic.
No spamming.
Stay friendly.
Follow the lemmy.ml instance rules.
Tag your post. (Read under)

Important

Lemmy doesn't have tags yet, so mark it with [Question], [Help], [Project], [Other], [Promoting] or other you may think is appropriate. This is strongly encouraged!

Cross-posting

!everything_git@lemmy.ml is allowed!
!docker@lemmy.ml is allowed!
!portainer@lemmy.ml is allowed!
!fediverse@lemmy.ml is allowed if topic has to do with selfhosting.
!selfhosted@lemmy.ml is allowed!

If you see a rule-breaker please DM the mods!

founded 4 years ago

MODERATORS

Zoe8338@lemmy.ml

dogmuffins@lemmy.ml

testman@lemmy.ml