Running a Tonido Server inside Docker

In this post I will describe how to create and use the powerful Tonido file server inside a docker container. The reasons for using Docker are many and well documented, and I think Tonido represents a fantastic example of the oft-described use-case of compartmentalizing software due to dependencies. As of the writing of this post Tonido requires libjpeg8, which was replaced in current versions of Debian and Ubuntu and has to be backported. Using Docker, this requires no changes to the host system. Also, for security reasons I prefer to have any web facing server running inside a container since any changes made to the root file system, as long as it is not persistent, are not permanent and so any damage from a successful attack are minimal. In this case we will share a directory with the host system because of potential directory and file size issues so the software is not fully compartmentalized. You can choose not to do so, of course, as I will explain below.

The Dockerfile

The dockerfile for this build:

FROM debian:jessie
MAINTAINER digitalapotheosis
# digitalapotheosis/tonido:latest

#Install Dependencies

apt-get update -q && DEBIAN_FRONTEND=noninteractive && \
apt-get -y install\
curl && \
mkdir /usr/local/tonido && \
cd /usr/local/tonido && \
wget -U 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0' -O tonido64.tar.gz && \
tar -zxvf tonido64.tar.gz && \
rm tonido64.tar.gz && \
wget -U 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0' -O libjpeg8.deb && \
dpkg -i libjpeg8.deb && \
rm libjpeg8.deb && \
apt-get clean -y && \
rm -rf /var/lib/apt/lists/*
#RUN echo 'root:' | chpasswd

#Add User and Install Tonido

RUN useradd --no-log-init --create-home --shell /bin/bash tonido
USER tonido
WORKDIR /home/tonido

# Expose Port
EXPOSE 10001

VOLUME ["/usr/local/tonido", "/home/tonido"]

CMD /usr/local/tonido/ start && /bin/bash

Most if not all of my builds are based on Debian Jessie. Maintaining this kind of continuity is helpful for keeping space low as it cuts down on the number of layers Docker maintains.

Initially we have a standard progression updating the apt lists, installing dependencies, then downloading and unpacking Tonido. Tonido will technically be installed on your first run when it is prompted to add data files to the home folder of the user running the start script as seen in the CMD command at the end fo the dockerfile.

As mentioned earlier, Debian deprecated ligjpeg8 in favor of libjpeg-turbo – probably because of the much cooler sounding name. Unfortunately, Tonido is not impressed, so we need to download and install libjpeg8 from a backport.

Commented out is the command to set a root password. Doing so will allow you to use the ‘su’ command and secure your system just a little bit more.

To begin, I suggest you get the Dockerfile from my github repository or just copy it from above and make any changes, such as adding nano or your own root password, and build from that. We’ll do so inside a directory that you will be using to share with the host system. We’ll call it ‘tonido’. If you just want to use my public image from Docker hub, you can skip this step.

Sharing a directory with the host is beneficial for a couple of reasons. First, it keeps a docker volume from getting too big (which is most likely not an actual problem), especially if you’re going to be serving movies. Second, you have a lot more options for uploading and manipulating files through the host system. Of course there are potential security issues, which we have hopefully minimize by creating a non-root user.

Next, we’ll build it with

docker build -t /tonido . ##don't forget the period

If you would rather NOT share with the host, then do not use the -v switch in any of the following commands and Docker will create a persistent volume. Otherwise, the only one we will be sharing is the file storage directory – /home/tonido.

First we will create an initial container to use for data storage, since we will still need a persistent container to access /usr/local/tonido, where the scripts are kept. We’ll do so with the following command. If you did not build your own image, then using the command below will pull my public image, without a password for root, from Docker hub. Otherwise, remember to use the image name you created earlier.

docker run --name tonido-data -d -p 10001:10001 -v /path-on-host/tonido:/home/tonido -it digitalapotheosis/tonido:latest

Some suggested alterations to this command would be to leave out the -d switch so that you can confirm that everything is running correctly. You will see a message from Tonido and then a user prompt. Also, You can change the host port from 10001, so that you have something like -p 20002:10001.

To finish the install, log into your new server at your-ip:10001 (or whatever port you used) and follow the instructions to create a server name, user and password. After that you will be logged into your new server. I usually create a ‘File’ directory alongside the data directory in the default tonido folder and then continue from there, but the choice of directory structure is entirely up to you. Just be aware of using the shared host directory so you don’t lose anything when the server restarts.

Now you can stop the container, making sure to protect that particular container we named tonido-data. Subsequent commands for this instance of the Tonido server will be as follows:

docker run --rm --volumes-from tonido-data -p 20002:10001 -v /path-on-host/tonido:/home/tonido -it -d digitalapotheosis/tonido:latest

I prefer to create a systemd config file using the above command to autostart the Tonido server with my VPS.

Enjoy and please let me know if you have any questions or suggestions!

Leave a Reply