1. Janos SUTO Avatar Janos SUTO
  2. Piler
  3. piler
  4. Issues

Improving mysql container config

Issue #1233 closed
wireless82 created an issue

Hi,

just playing a little with the docker-compose. I’ve tried to mapping container’s folders to host’s ones, instead of using volumes. Just doing this some errors happens, working on them I question myself if there is a better config. My idea is to replace the mysql container config with a more easy and general one, based on linuxserver.io container. At the same time I would like to remove some elements, such as:

cap_add:
  - dac_override
  - setuid
  - setgid

which are not very good from a security point of view https://www.redhat.com/en/blog/secure-your-containers-one-weird-trick

This is the typical config of this linuxserver.io mysql container (HAVE TO BE TESTED, YET!):

mysql:
  image: lscr.io/linuxserver/mariadb
  container_name: mysql
  environment:
    PUID: 1000
    PGID: 100
    MYSQL_ROOT_PASSWORD: gg%&ujhft7r57()8 
    TZ: 
    MYSQL_DATABASE: piler
    MYSQL_USER: piler
    MYSQL_PASSWORD: piler123
    volumes:
      - mailpiler/mysql/config:/config
    restart: unless-stopped

The PUID and PGID refer to the number of user and group of the host, usually the owner of the volumes: this allows to easy manage the authorization. You create a piler user and with idcommand obtain the number, while users it is used for the group. So you have a user for each container. Piler user it is the owner of mailpiler/ folder.

I dont know if the healthcheck and command section are mandatory for mailpiler and if they can be used with the linuxserver.io container.

  mysql:
    image: mariadb:10.5
    restart: unless-stopped
    cap_drop:
      - ALL
    cap_add:
      - dac_override
      - setuid
      - setgid
    environment:
      - MYSQL_DATABASE=piler
      - MYSQL_USER=piler
      - MYSQL_PASSWORD=piler123
      - MYSQL_RANDOM_ROOT_PASSWORD=yes
    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
    healthcheck:
      test: mysql --user=piler --password=piler123 piler --execute "show tables"
      interval: "60s"
      timeout: "5s"
      start_period: "15s"
      retries: 3
    volumes:
      - db_data:/var/lib/mysql

If you have experiences or suggestions, you are welcome!

Comments (5)

  1. wireless82 reporter

    ok, it seems to work (just make a first test): volume mapped on folder, and authorizations. Next days I will test the healthcheck and command and post it.

  2. Janos SUTO repo owner

    Thanks for experimenting. However, what’s the value of using something else instead of the official mysql or mariadb docker images?

  3. wireless82 reporter

    I’m not a really expert one but everytime I had problems with volumes mapping or user/group authorizations, the linuxserver.io one solve them. It is made by a great team that release updated and easy to use versions, well known in the communities. Just this.

  4. Janos SUTO repo owner

    Well, I'm not sure what volume mapping or authorization issues you faced using the official mariadb image. Anyway, if the linuxserver.io replacement works for you, then go ahead, I'll keep the current docker-compose.yaml as it is.

  5. Janos SUTO repo owner

    Well, I'm not sure what volume mapping or authorization issues you faced using the official mariadb image. Anyway, if the linuxserver.io replacement works for you, then go ahead, I'll keep the current docker-compose.yaml as it is.

  6. Log in to comment
Assignee
Type
proposal
Priority
major
Status
closed
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!