Container Station, ENV Files for a docker - vs SSH

shackrock · July 25, 2025, 8:02pm

From what I gather, QNAP simply does not and has no plan to support .env files as part of a yaml for docker, natively in container station. I did see that if I can create a docker via SSH, and it does show in container station - but none of the GUI really works (no commands, you have to SSH in again to manage the container). I’m not opposed to this, but when I use docker compose with an identical yaml via SSH, it never works quite right - I assume something to do with virtual switch/networking, or possibly storage references that don’t take. I can use the same yaml in container station and it works without issue.

Has anyone else experienced this? I don’t really mind moving the variables into the yaml, but I don’t understand why it doesn’t work successfully. Unfortunately I’m not quite sharp enough w/ docker and linux to figure out where it’s going wrong.

Specifically I’ve tried this w/ Immich: Docker Compose [Recommended] | Immich

Weedy · July 27, 2025, 1:20am

I gave up on using full CS for docker.

Use CS for portainer/dockge and then use that for admin.

Make a new Application in CS.

services:
  portainer:
    container_name: portainer-ce
    image: portainer/portainer-ce:latest
    security_opt:
      - no-new-privileges:true
    environment:
      - TZ=America/Toronto
    ports:
      - 9001:8000
      - 9000:9000
      - 9043:9443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:rw
      - /share/Container/portainer-ce/data:/data:rw
    restart: always

  dockerproxy:
    container_name: dockerproxy
    image: ghcr.io/tecnativa/docker-socket-proxy:latest
    environment:
#      - PUID=1001
#      - PGID=1000
      - TZ=America/Toronto
      - CONTAINERS=1 # Allow access to viewing containers
      - SERVICES=1 # Allow access to viewing services (necessary when using Docker Swarm)
      - TASKS=1 # Allow access to viewing tasks (necessary when using Docker Swarm)
      - POST=0 # Disallow any POST operations (effectively read-only)
    ports:
      - 127.0.0.1:2375:2375
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro # Mounted as read-only
    restart: unless-stopped

shackrock · July 27, 2025, 11:10am

What is the dockerproxy you have there? I have never used that one, is it necessary?

Weedy · July 27, 2025, 2:38pm

It fakes being docker so I can give everything access to docker daemon without giving them raw unfiltered access to docker.

You probably don’t need it, it makes me feel better.

Doraemon · July 28, 2025, 7:33am

I just tested .env with a simple docker-compose.yml on my QNAP and it worked fine via SSH.

If you can share your docker-compose.yml and .env file (you can remove any sensitive data), I’d be happy to test it for you and see what might be going wrong.

shackrock · July 28, 2025, 1:59pm

I found a typo in the YAML, root of all issues here, soooo it works fine just like you said!

I think I’ll try Portainer though - if people like it better than CS. Will it allow me to do the basics without SSHing in, even if I created it via command line (unlike CS)?

Weedy · August 2, 2025, 2:36pm

As I posted, you can get Portainer up and running just fine from CS. You can even do it completely without SSH. Just make a new Application in CS and past in YAML.

I suggest a little bit of SSH to get setup with another share and storage pool.
I use /share/docker/. So nothing CS does can ever touch my stuff I’ve made with Portainer.