Wake On LAN from a container

This is a simple solution that provides wake on lan capabilities from inside a container. It uses the simple ether-wake command to send the magic packet. This can be incredibly helpful if you just need a simple button to click to wake up a machine on your network.

Docker containers will normally use a docker network, which is a separate network from the host network. This means that the container will not be able to send the magic packet to the host network. Therefore, we need to create the container with the --network host option, which will allow the container to send the magic packet to the host network (not the docker network).

The container is also created with the --user root option, which allows the container to send the magic packet as root. This is necessary because the ether-wake command requires root privileges to send the magic packet, and also to install the ether-wake command, which is bundled with net-tools in the container.

Create the container as follows;

user@host: docker create -u root --network=host --name olivetin_wol -v /etc/OliveTin/:/config ghcr.io/olivetin/olivetin:latest

Create your OliveTin config.yaml file in the /etc/OliveTin/ directory on the host, with the following content;

actions:
  - title: WakeOnLan Server1
    shell: ether-wake A8:5E:45:E4:FF:2A
    icon: ping

  - title: Install ether-wake on startup
    shell: microdnf install -y net-tools
    hidden: true
    execOnStartup: true
    timeout: 120

Obviously adjust the config file with your own MAC addressses, creating new actions to send WOL commands as needed.

Then start the container with the following command;

docker start olivetin_wol

Then visit your OliveTin web interface at http://yourServer:1337 and you should see something that looks like this;

preview

Wake on LAN via docker container

This is an alternative solution that provides WoL capabilities to the OliveTin container,

but has the advantage the OliveTin container does not have to run on the host network ( --network host ). This may be useful if your networking configuration relies on docker bridge networks (or other more complex networking configurations).

It requires that OliveTin is configured with permissions that allow it to control docker.

Setup if running inside a container

You can control other containers, when running OliveTin inside a container itself, however you need to do some extra setup when creating the OliveTin container.

Ensure your container has permissions to control docker

You have two alternatives to allow OliveTin (running inside a container) to talk to the Docker daemon through the bind-mounted socket. Pick one:

Option 1 — Use --privileged (simplest)

Simplest for most users. Podman does not have this requirement.

  • Run the container with --privileged and as root (eg --user root).

  • This avoids user/group permission issues on /var/run/docker.sock.

If you are getting "permission denied" errors it is probably because OliveTin runs as user UID 1000 by default, which is not allowed by your docker host. Running with --user root under --privileged resolves this quickly. Note that PUID and PGID variables will not work.

Option 2 — Run as non-root in the host docker group (no --privileged)

Use the standard Docker guidance to manage Docker as a non-root user (becoming a member of the docker group) and match the group’s GID inside the container so the process can access the socket permissions.

  • Docs: Manage Docker as a non-root user

  • Find the docker group GID on the host, for example using getent group docker.

  • Run the container with your user UID and the docker group GID, and bind-mount the socket. Using Compose:

docker-compose.yml
services:
  olivetin:
    container_name: olivetin
    image: jamesread/olivetin
    user: ${UID}:${docker_group_id}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

Where UID and docker_group_id are provided via your shell environment or a .env file next to your Compose file, for example:

env
UID=1000
docker_group_id=995

This allows you to run the container as a non-root user, while still allowing access to /var/run/docker.sock.

Pass the docker socket into the container

  1. Pass /var/run/docker.sock as a bind mount to the container when creating it, eg:

    docker create --privileged --user root -v /var/run/docker.sock:/var/run/docker.sock ...additional args here...

    Or, using the docker run syntax;

    docker run --privileged --user root -v /var/run/docker.sock:/var/run/docker.sock --name OliveTin jamesread/olivetin

  2. The official x86_64 docker container comes with the docker client pre-installed. If you are using arm or and arm64 container, you will need to add Docker yourself.

    How to install additional packages in the container

    The reason that the arm and arm64 containers do not include docker, is that when these images are cross-compiled at build time, it takes FOREVER because we have to emulate arm.

After you have passed the socket into the container (and optionally installed docker), you should be able to setup docker actions like it’s shown in the example above.

Now you can add actions to your OliveTin config file that use a separate docker container (on the host network) to send the WOL commands.

  - title: WakeOnLan Server1
    # The r0gger/docker-wake-on-lan is a minimal container for WOL
    # that can be run on the host network.
    # It is not required to run the OliveTin container on the host network.
    shell: |
     docker run --rm --name wake-on-lan --net=host -e MAC='A8:5E:45:E4:FF:2A' r0gger/docker-wake-on-lan