LAB-linuxserver/docker-modmanager
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-modmanager.git synced 2026-02-05 03:57:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Reorder readme sections

Browse Source
This commit is contained in:
thespad 2025-01-05 20:17:09 +00:00
parent 36797a3916
commit 9f958ff12f
No known key found for this signature in database
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -62,12 +62,16 @@ If a mod requires additional packages to be installed, each container will still
Note that the Modmanager container itself does not support applying mods *or* custom files/services.
### Security considerations
Mapping `docker.sock` is a potential security liability because docker has root access on the host and any process that has full access to `docker.sock` would also have root access on the host. Docker api has no built-in way to set limitations on access, however, you can use a proxy for the `docker.sock` via a solution like [our docker socket proxy](https://github.com/linuxserver/docker-socket-proxy), which adds the ability to limit access. Then you would just set `DOCKER_HOST=` environment variable to point to the proxy address.
### Multiple Hosts
>[!WARNING]
>Make sure you fully understand what you're doing before you try and set this up as there are lots of ways it can go wrong.
Modmanager can query & download mods for remote hosts, as well as the one on which it is installed. At a very basic level if you're just using the DOCKER_MODS env and not the docker integration, simply mount the `/modcache` folder on your remote host(s), ensuring it is writeable by all participating containers.
Modmanager can query & download mods for remote hosts, as well as the one on which it is installed. At a very basic level if you're just using the DOCKER_MODS env and not the docker integration, simply mount the `/modcache` folder on your remote host(s), ensuring it is mapped for all participating containers.
If you are using the docker integration, our only supported means for connecting to remote hosts is [our socket proxy container](). Run an instance on each remote host:
@ -97,11 +101,7 @@ And then add it to the `DOCKER_MODS_EXTRA_HOSTS` env using the full protocol and
- DOCKER_MODS_EXTRA_HOSTS=tcp://host1.example.com:2375|tcp://host2.example.com:2375|tcp://192.168.0.5:2375
```
As above you will need to mount the `/modcache` folder on your remote host(s), ensuring it is writeable by all participating containers.
### Security considerations
Mapping `docker.sock` is a potential security liability because docker has root access on the host and any process that has full access to `docker.sock` would also have root access on the host. Docker api has no built-in way to set limitations on access, however, you can use a proxy for the `docker.sock` via a solution like [our docker socket proxy](https://github.com/linuxserver/docker-socket-proxy), which adds the ability to limit access. Then you would just set `DOCKER_HOST=` environment variable to point to the proxy address.
As above you will need to mount the `/modcache` folder on your remote host(s), ensuring it is mapped for all participating containers.
## Usage

12
readme-vars.yml
View File

@ -66,12 +66,16 @@ full_custom_readme: |
Note that the Modmanager container itself does not support applying mods *or* custom files/services.
### Security considerations
Mapping `docker.sock` is a potential security liability because docker has root access on the host and any process that has full access to `docker.sock` would also have root access on the host. Docker api has no built-in way to set limitations on access, however, you can use a proxy for the `docker.sock` via a solution like [our docker socket proxy](https://github.com/linuxserver/docker-socket-proxy), which adds the ability to limit access. Then you would just set `DOCKER_HOST=` environment variable to point to the proxy address.
### Multiple Hosts
>[!WARNING]
>Make sure you fully understand what you're doing before you try and set this up as there are lots of ways it can go wrong.
Modmanager can query & download mods for remote hosts, as well as the one on which it is installed. At a very basic level if you're just using the DOCKER_MODS env and not the docker integration, simply mount the `/modcache` folder on your remote host(s), ensuring it is writeable by all participating containers.
Modmanager can query & download mods for remote hosts, as well as the one on which it is installed. At a very basic level if you're just using the DOCKER_MODS env and not the docker integration, simply mount the `/modcache` folder on your remote host(s), ensuring it is mapped for all participating containers.
If you are using the docker integration, our only supported means for connecting to remote hosts is [our socket proxy container](). Run an instance on each remote host:
@ -101,11 +105,7 @@ full_custom_readme: |
- DOCKER_MODS_EXTRA_HOSTS=tcp://host1.example.com:2375|tcp://host2.example.com:2375|tcp://192.168.0.5:2375
```
As above you will need to mount the `/modcache` folder on your remote host(s), ensuring it is writeable by all participating containers.
### Security considerations
Mapping `docker.sock` is a potential security liability because docker has root access on the host and any process that has full access to `docker.sock` would also have root access on the host. Docker api has no built-in way to set limitations on access, however, you can use a proxy for the `docker.sock` via a solution like [our docker socket proxy](https://github.com/linuxserver/docker-socket-proxy), which adds the ability to limit access. Then you would just set `DOCKER_HOST=` environment variable to point to the proxy address.
As above you will need to mount the `/modcache` folder on your remote host(s), ensuring it is mapped for all participating containers.
## Usage