I was wrestling with getting a volume on a remote filesystem mounted for backups using Duplicati in Docker. The obvious answer was to use sshfs to mount the volume, since that could use SSH keys natively for securing your configurations (no plaintext passwords). The question was, how do I get that running in my Docker Compose configuration?

I found the vieux/sshfs driver for Docker after a quick search. I found plenty of examples of how to use it from a standard docker run command, but nothing on how to get it working in a Docker Compose file. After some digging, I found out that the vieux/sshfs plugin for Docker defaults to using /root/.ssh/ as the base for a bind to the corresponding /root/.ssh/ in the container. Because of my config and how my file access was setup, I kept hitting permission snags with sharing the ~/.ssh/ file as a bind on that container. Eventually, I copied my SSH key from ~/.ssh/ into my system /root/.ssh/ folder, and ran chown root:root /root/.ssh/<keyfilename> on the keyfile so the container could read it.

From there, it was a matter of making the volume and referencing the keyfile in the docker-compose.yml:

---
version: "2.1"
services:
  duplicati:
    image: lscr.io/linuxserver/duplicati
    container_name: duplicati
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    volumes:
      - /path/to/config:/config
      - /path/to/backups:/backups
      - /path/to/source:/source
      - volume_name_here:/sources/volume_name_here:ro
    ports:
      - 8200:8200
    privileged: true
    restart: unless-stopped

volumes:
  volume_name_here:
    driver: vieux/sshfs:latest
    driver_opts:
      sshcmd: user@your-server:/path/to/folder
      IdentityFile: "/root/.ssh/your-key-file"
      allow_other: ""

So now I had a remote folder where I store all my Docker configs and files available in a read-only fashion to my Duplicati backup system.

Hope this helps. Let me know if you found a better way of doing this, I’m always looking for new ways to do things.