NFS and SMB in Compose

docker samba compose nfs

As we already got NFS and Samba shared setup, now its time to use it in our docker containers. Generally there is two approach using docker volumes and bind mount by utilizing host automount. In this guide Docker Volumes method used. One of the volumes benefit is you can get default configuration defined. As some image store predefined config using volumes, lets take a sample

version: "3.8"
services:
  web:
    image: some-web-image:tag
    volumes:
      - web:/var/www/html
    ports:
      - 7000:80

volumes:
  web:

If the image developer places html files and use volume to build it then we will get /var/www/html contents to our web: volume. Vice versa with bind mount, it depends on the host file, if the binded mount empty then /var/www/html will be empty. When docker volumes it good enough, but it will eat up the host storage, so we need to move it to our external storage. Docker volumes -> NFS or Samba backend is one of the solution, with docker volumes with NFS or Samba backend we get the storage size and file predefined by docker images. With NFS or Samba backend also raise problem, PERMISSIONS, when using only volume we don't need ot think about it, as it will use what defined by image, using NFS or Samba we need to think who will be write and read the storage, if the permission don't match up then we will get denied. So first step is identify who will be write/read the volumes usually this identified by UID, 1000, 33, etc. Then looking on NFS or Samba share guide then we will match up the UID with the shared setup, lets take sample 33, this usually www-data the apache web default user.

Always check UID of the container user that will write/read the NFS and Samba share, some image had dynamically assigned like PUID,PGID env, or hardcoded one.

  • NFS 
    # example
/media/www    nfs-host-ip/24(rw,async,no_subtree_check)

    /media/www folder must be writeable to uid 33, we can use chmod 777 the simplest but dangerous basically everyone can read and write, or chown -R 33:33 /media/www safer but need pay attention in case docker image run with different UID later.

  • Samba 
    [DataShare]
comment = Web
path = /media/www
read only = no
browsable = yes
writeable = yes
valid users = www-data 
create mask = 0640
directory mask = 0755
store dos attributes = no

    www-data is usually the user with uid 33 kindly recheck in your system.

Then the rest is to use the share in compose file.

  # Volumes NFS or Samba backend
  version: "3.5"
  services:
    db:
     image: mariadb:10.7
     environment:
        - MARIADB_ROOT_PASSWORD=rootpass
        - MARIADB_DATABASE=dbname
        - MARIADB_USER=username
        - MARIADB_PASSWORD=userpassword
        - MARIADB_INITDB_SKIP_TZINFO=1
   volumes:
      - /some/path/to/db/data:/var/lib/mysql #bind mount
   restart: unless-stopped

  web:
    image: some-web-image:tag
    volumes:
      - nfs-web:/var/www/html/
      - samba-web:/var/www/html/
    ports:
      - 7000:80
    restart: unless-stopped

  volumes:
    nfs-web:
      driver_opts:
        type: "nfs4"
        o: "addr=nfs-host-ip,rw,noatime,timeo=14,nolock"
        device: ":/media/www"
    samba-web:
      driver_opts:
        type: "cifs"
        o: "addr=samba-host-ip,username=www-data,password=www-data-smb-password,uid=33,gid=33,vers=3.0"
        device: "//samba-host-ip/media/www"

Previous Post Next Post

Add a comment