From e4d585a670e78c4d48099b46ea114c69342c6a97 Mon Sep 17 00:00:00 2001 From: Guillaume Harvey Date: Sun, 4 Aug 2024 14:55:55 -0400 Subject: [PATCH] Adding documentation for CAP_ADD in captain definition and in Service Update Override --- docs/docker-compose.md | 34 +++++++++++++++++++++++++++++++++ docs/service-update-override.md | 12 ++++++++++++ 2 files changed, 46 insertions(+) diff --git a/docs/docker-compose.md b/docs/docker-compose.md index b5cba17..0c8e459 100644 --- a/docs/docker-compose.md +++ b/docs/docker-compose.md @@ -189,6 +189,39 @@ volumes: db-data: {} ``` +## Service with CAP_ADD Flag + +If you are working on a container like OpenVPN, they often require special cap_add docker flag. You can add them like this: + +```yaml +captainVersion: 4 +services: + openvpn: + caproverExtra: + containerHttpPort: 943 + image: linuxserver/openvpn-as:2.9.0-5c5bd120-Ubuntu18-ls124 + environment: + PUID: 1000 + PGID: 1000 + TZ: UTC + INTERFACE: "" + volumes: + - openvpn:/config + ports: + - 9443:9443 + - 1194:1194 + cap_add: + - NET_ADMIN +caproverOneClickApp: + displayName: OpenVPN Access Server + isOfficial: false + description: Full featured secure network tunneling VPN software. + documentation: https://openvpn.net/index.php/access-server/overview.html + instructions: + start: Just a openvpn Docker Compose with cap_add. + end: Docker Compose is deployed. +``` + ## Alternative Approach @@ -206,3 +239,4 @@ networks: ``` Now instead of potential port mapping that you might have, like `8080:80`, you can just create a CapRover "Nginx Reverse Proxy" app and use your container name as the upstream proxy, like `http://web-app` and done! + diff --git a/docs/service-update-override.md b/docs/service-update-override.md index 1dd8636..9037c76 100644 --- a/docs/service-update-override.md +++ b/docs/service-update-override.md @@ -33,6 +33,8 @@ TaskTemplate: Command: - ./mycommand.sh Hostname: my.domain.com + CapabilityAdd: + - CAP_NET_ADMIN DNSConfig: Nameservers: - 8.8.8.8 @@ -114,6 +116,16 @@ TaskTemplate: Command: "./mycommand.sh" ``` +If your container need some CAP_ADD added to the docker service, you can go as follow: + +```yaml +TaskTemplate: + ContainerSpec: + CapabilityAdd: + - CAP_SYS_ADMIN + - CAP_NET_ADMIN +``` + ## Revert to Default