Skip to main content
Skip table of contents

Run Smart ID components in Docker Rootless mode

This article describes how to use another user than the default root user in Docker.

<SMARTIDHOME>

In this article, <SMARTIDHOME> refers to /home/nexus, but this can be different depending on the setup.

Depending on the infrastructure you want to run your applications on, you might want to use a specific user instead of the root user which is used by default from docker.

Docker 20.10 (and 19.03 as experimental feature) provides a rootless installation to fulfill this use case. The setup is described here: https://docs.docker.com/engine/security/rootless/ (The setup and url may change in later docker versions).

This article is applicable for Identity Manager, Physical Access, and Messaging.

Use docker.sock (for example for traefik)

In a normal docker installation, you can map the docker.sock file like this: 

Mapping in a normal docker installation

/var/run/docker.sock:/var/run/docker.sock:ro

In rootless docker, this file does not exist on the host machine. If your user with which you start docker, has ID 1000 (you can find this by running id -u) the mapping has to be like this:

Mapping in rootless docker

/run/user/1000/docker.sock:/var/run/docker.sock:ro

Map certificates

Make sure that the certificates in <SMARTIDHOME>/docker/compose/cacerts have the right permissions (755), if they don't you'll face issues when the containers try to use them.

Run this command to recursively set the permissions on all files inside the cacerts folder to 755: 

chmod -R 755 <SMARTIDHOME>/docker/compose/cacerts

Troubleshooting

Here are some useful troubleshooting tips:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.