Run Vorta from Docker. Currently using Vorta 0.10.2 release on jlesage/baseimage-gui:alpine-3.20-v4 image
Please note that it is highly recommended to set a hostname
when running this container. This results in a consistent hostname for the container and allows the prune functionality to work correctly. If you do not set this, a random hostname will be generated by Docker and you will need to adjust the prune settings in the UI so that it doesn't use the hostname as a filter.
Using docker-compose.yml
: (set TZ, USER_ID, and GROUP_ID in .env
.)
vorta:
image: ghcr.io/borgbase/vorta-docker:latest
container_name: vorta
hostname: storage-vorta
# cap_add:
# - SYS_ADMIN
# security_opt:
# - apparmor:unconfined
# privileged: true
volumes:
- /volume1/config/vorta:/config
- /volume1:/data:ro
- /volumeUSB1/:/destination
ports:
- 5811:5800
restart: unless-stopped
env_file:
- ./.env
Using rootless Podman:
$ mkdir config
$ podman run -it --rm -v ./config:/config \
-p 5900:5900 \
-e USER_ID=1028 -e GROUP_ID=100 \
--hostname vorta \
--uidmap=0:1:1028 --uidmap=1028:0:1 --uidmap=1029:1029:64507 \
ghcr.io/borgbase/vorta-docker:latest
Mounting an archive requires granting the Docker Container elevated permissions.
It is recommended to only grant these to the container when doing a restore.
First, add the FUSE device to the container using --device /dev/fuse
on the command line. This is low risk and can be done at any time.
There are 3 levels of permissions that may need to be granted depending mostly on the kernel version of the underlying OS. See Linux man capabilities(7) for details.
--cap-add SYS_ADMIN
grants the Docker container access to mount things devices (among other things)--cap-add SYS_ADMIN --security-opt apparmor=unconfined
grants slightly more permissions if required.--privileged
makes the container a root superuser that can do anything. DON'T RUN WITH THIS UNLESS RESTORING
You can mount an archive in Vorta and then exec into your container on the command line with something along the lines of docker exec -it --user app vorta sh
to access the mounted directory and archive. It will not be accessible outside the Docker container.
Some environment variables can be set to customize the behavior of the container and its application. The following list give more details about them.
Environment variables can be set in your docker-compose.yamml
via the env_file
or environment
keys or by adding one or more arguments -e "<VAR>=<VALUE>"
to the docker run
command.
Variable | Description | Default |
---|---|---|
APP_NAME |
Name of the application. | DockerApp |
USER_ID |
ID of the user the application runs as. See User/Group IDs to better understand when this should be set. | 1000 |
GROUP_ID |
ID of the group the application runs as. See User/Group IDs to better understand when this should be set. | 1000 |
SUP_GROUP_IDS |
Comma-separated list of supplementary group IDs of the application. | (unset) |
UMASK |
Mask that controls how file permissions are set for newly created files. The value of the mask is in octal notation. By default, this variable is not set and the default umask of 022 is used, meaning that newly created files are readable by everyone, but only writable by the owner. See the following online umask calculator: http://wintelguy.com/umask-calc.pl |
(unset) |
TZ |
[TimeZone] of the container. Timezone can also be set by mapping /etc/localtime between the host and the container. |
Etc/UTC |
KEEP_APP_RUNNING |
When set to 1 , the application will be automatically restarted if it crashes or if a user quits it. |
0 |
APP_NICENESS |
Priority at which the application should run. A niceness value of -20 is the highest priority and 19 is the lowest priority. By default, niceness is not set, meaning that the default niceness of 0 is used. NOTE: A negative niceness (priority increase) requires additional permissions. In this case, the container should be run with the docker option --cap-add=SYS_NICE . |
(unset) |
TAKE_CONFIG_OWNERSHIP |
When set to 1 , owner and group of /config (including all its files and subfolders) are automatically set during container startup to USER_ID and GROUP_ID respectively. |
1 |
CLEAN_TMP_DIR |
When set to 1 , all files in the /tmp directory are deleted during the container startup. |
1 |
DISPLAY_WIDTH |
Width (in pixels) of the application's window. | 1280 |
DISPLAY_HEIGHT |
Height (in pixels) of the application's window. | 768 |
SECURE_CONNECTION |
When set to 1 , an encrypted connection is used to access the application's GUI (either via a web browser or VNC client). See the Security section for more details. |
0 |
VNC_PASSWORD |
Password needed to connect to the application's GUI. See the VNC Password section for more details. | (unset) |
X11VNC_EXTRA_OPTS |
Extra options to pass to the x11vnc server running in the Docker container. WARNING: For advanced users. Do not use unless you know what you are doing. | (unset) |
ENABLE_CJK_FONT |
When set to 1 , open-source computer font WenQuanYi Zen Hei is installed. This font contains a large range of Chinese/Japanese/Korean characters. |
0 |
See also the base container README.md
- Open a Github issue
- Unraid Forum