sickgear / sickgear.docker Goto Github PK

Whenever I try to access the notification settings the docker container crashes without any error messages. I'm running the container with your example command but with modified values for paths, uid and gid

Due to the chown operation required to execute the container, it is not possible to use an nfs mount point to store configuration data.

I am using CoreOS with Docker and SickGear and using an NFS mount for the /config mountpoint. Due to no-root-squash option on NFS, which is an essential security mechanism when sharing files with NFS, the root chown operation attempted by this Docker container fails, causing the software to stop.

How come we're removing the ca-certificates apk here? I have been getting some SSL errors when using Pushover that are resolved by reinstalling ca-certificates (have to run apk update first). This issue is reproducible.

Edit:
just confirmed that doing apk del ca-certificates does indeed cause all the installed certs to get removed, so this of course then prevents ca-cert verification. Maybe it was being removed because you only wanted to use it for the build process? But because SickGear enforced certificate trust for some services, like Pushover, we do actually need these certs installed.

According to watchtower docker page, you don't need to specify which containers to watch. See below docker-compose file that keeps my containers up to date (including sickgear) without specifying any container.

version: "3"
services:
  watchtower:
    container_name: watchtower
    image: centurylink/watchtower:latest
    logging:
      driver: journald
      options: {}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped

Hi, thanks for making this, I intend to use it in a Kubernetes cluster I'm building to learn about it.

I do not have a lot of experience of Docker but I believe that running SickGear as root by default is dangerous, compared with a default UID of nobody for example.

Is it not the case that a user with root privileges in a Docker container, by default will be able to access enough resources in the container to escape it and therefore gain access to the host (I suppose with privileges of the process running Docker)?

Here's the top of my docker compose file:
version: "3"
services:
sickgear:
container_name: sickgear
image: sickgear/sickgear:latest
environment:
- APP_UID=1000
- APP_GID=100
- TZ=America/New_York

When I run the container, the logs stop at this error for a minute and a half:
sickgear | /opt/SickGear/lib/tzlocal/unix.py:158: UserWarning: Can not find any timezone configuration, defaulting to UTC.
sickgear | warnings.warn('Can not find any timezone configuration, defaulting to UTC.')

I've also tried putting 'EDT' in as the timezone, and that still triggers this error. What are valid time zone values for the TZ variable?