How can I use Docker rootless images?

CE

Pro

Our docker-compose.yml example uses root images. If you want to use non-root images, choose one from our available docker tags as image and update ports option.

root images uses ports 80 and 443:

version: '3.7'
services:
  db:
    ...
  passbolt:
    image: passbolt/passbolt:latest-ce
    ...
    ports:
      - 80:80
      - 443:443

non-root images uses ports 8080 and 4433 so you need to map ports 80 and 443 to them:

version: '3.7'
services:
  db:
    ...
  passbolt:
    image: passbolt/passbolt:latest-ce-non-root
    ...
    ports:
      - 80:8080
      - 443:4433

non-root images also uses a different path to handle ssl certificates:

version: '3.7'
services:
  db:
    ...
  passbolt:
    ...
    volumes:
      ...
      - ./certs/cert.pem:/etc/passbolt/certs/certificate.crt:ro
      - ./certs/key.pem:/etc/passbolt/certs/certificate.key:ro

You can know more about how to setup https on docker on the https configuration section.

LDAP

To use the LDAP cronjob on the non-root docker the following steps are needed:

• Create a new passbolt-pro-server file that points to an additional cron job
• The file by default has the email cronjob so had to preserve that
• Create a file for this ldap cronjob
• Make the file for the ldap cronjob executable
• Mount both files into the container

   - ./<path to file>/cron_ldap:/usr/share/php/passbolt/bin/cron_ldap
   - ./<path to file>/passbolt-pro-server:/etc/cron.d/passbolt-pro-server

Example files:

cron_ldap

#!/usr/bin/env bash
# This script is executed as part of a cronjob task
# is already run as www-data or any other web user.

set -euo pipefail

DIR=$(dirname "$(readlink -f "$0")")

"$DIR"/cake directory_sync all --persist

Note

The cron_ldap file needs to be executable.

passbolt-pro-server

#
#
#  Cronjob to process emails for the Passbolt Web Service every minute.
#
#  This crontab script is part of the Passbolt Debian package,
#  see dh_installcron debhelper program for more details.
#

PATH=/bin:/usr/local/bin:/usr/bin
PASSBOLT_BASE_DIR=/usr/share/php/passbolt
PASSBOLT_LOG_DIR=/var/log/passbolt

* * * * * $PASSBOLT_BASE_DIR/bin/cron > $PASSBOLT_LOG_DIR/cron.log 2> $PASSBOLT_LOG_DIR/cron-error.log
* * * * * $PASSBOLT_BASE_DIR/bin/cron_ldap > $PASSBOLT_LOG_DIR/cron.log 2> $PASSBOLT_LOG_DIR/cron-error.log