Skip to content

Commit 4b530f1

Browse files
buckaroogeekbuckaroogeek
committed
Update WEBPASSWORD_FILE file example with permissions information
Updates the WEBPASSWORD_FILE with required permissions settings. These permissions settings are not well documented in the online Docker Secrets examples. Signed-off-by: Bradley G Smith <[email protected]>
1 parent 08a1287 commit 4b530f1

File tree

1 file changed

+23
-4
lines changed

1 file changed

+23
-4
lines changed

docs/docker/configuration.md

Lines changed: 23 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -150,14 +150,34 @@ $ docker compose -f compose.yaml
150150

151151
### `WEBPASSWORD_FILE` Example
152152

153-
Create a text file called `pihole_password.txt` containing the password in the same directory containing the Compose yaml file (e.g `compose.yaml`).
153+
This example takes advantage of Docker Secrets ([Docker Compose Secrets](https://docs.docker.com/compose/how-tos/use-secrets/)
154+
or [Docker Swarm secrets](https://docs.docker.com/engine/swarm/secrets/)) which sets
155+
strict permissions for the secrets file in the container. The secrets file **must**
156+
share the user and group IDs (UID and GID) that the pihole executables have in the
157+
container. By default, this a UID and GID of 1000 but can be changed with the optional
158+
[PIHOLE_UID and PIHOLE_GID variables](https://github.com/pi-hole/docker-pi-hole/tree/development#optional-variables).
159+
160+
Create a text file called, for example, `pihole_password.txt` containing the
161+
password in the same directory containing the Compose yaml file (e.g `compose.yaml`).
154162

155163
```bash
156-
$cat pihole_password.txt
164+
$ cat pihole_password.txt
157165
correct horse battery staple
158166
```
159167

160-
Amend compose yaml file with Docker Secrets attributes.
168+
Set the permissions on the Docker host for `pihole_password.txt` (using the
169+
default UID and GID of 1000 in this example). Note that these permissions
170+
could make this file unreadable on the host. These permissions are used in
171+
the container.
172+
173+
```bash
174+
sudo chown 1000:1000 pihole_password.txt
175+
sudo chmod 0400 pihole_password.txt
176+
```
177+
178+
Amend compose yaml file with Docker Secrets attributes. The `/run/secrets/`
179+
path is automatically prepended to `pihole_password.txt` during the Pi-Hole container
180+
initialization process.
161181

162182
```yaml
163183
---
@@ -184,4 +204,3 @@ secrets:
184204
file: ./pihole_password.txt
185205
...
186206
```
187-

0 commit comments

Comments
 (0)