Thanks binhex.
Had a crack using this as a template: https://medium.com/@ctindel/running-unifi-video-controller-in-docker-on-synology-ab8c09f7ff97#.sxozu9hne
But it still doesn't seem to want to work. I tried two different docker run commands:
1.
docker run --restart always --name binhex-arch-rtorrentvpn2 -h binhex-arch-rtorrentvpn2 -p 3000:3000 -p 49160:49160 -p 49170:49170 -p 35000:5000 -p 38118:8118 -p 39080:9080 -p 39443:9443 -d -v /volume1/docker/rtorrentvpn:/config -v /volume1/docker/rtorrentvpn/data:/data -e PHP_TZ=Australia/Melbourne -e VPN_REMOTE=nl.privateinternetaccess.com -e VPN_PORT=1198 -e DEBUG=true -e NAME_SERVERS=8.8.8.8,8.8.4.4 -e LAN_NETWORK=192.168.1.0/24 -e ENABLE_FLOOD=no -e ENABLE_PRIVOXY=no -e STRONG_CERTS=no -e VPN_PROV=pia -e VPN_DEVICE_TYPE=tun -e VPN_PROTOCOL=udp -e VPN_PASS=xxx -e VPN_USER=xxx -e VPN_ENABLED=yes -e PGID=0 -e PUID=0 --cap-add=SYS_ADMIN --cap-add=DAC_READ_SEARCH --cap-add=NET_BIND_SERVICE --cap-add=SYS_PTRACE --cap-add=SETUID --cap-add=SETGID --security-opt apparmor:unconfined binhex/arch-rtorrentvpn:latest
This just gave a bunch of errors that seemed like it didn't have the right permissions (iptables modules out of date etc)
2.
docker run --restart always --name binhex-arch-rtorrentvpn2 -h binhex-arch-rtorrentvpn2 -p 3000:3000 -p 49160:49160 -p 49170:49170 -p 35000:5000 -p 38118:8118 -p 39080:9080 -p 39443:9443 -d -v /volume1/docker/rtorrentvpn:/config -v /volume1/docker/rtorrentvpn/data:/data -e PHP_TZ=Australia/Melbourne -e VPN_REMOTE=nl.privateinternetaccess.com -e VPN_PORT=1198 -e DEBUG=true -e NAME_SERVERS=8.8.8.8,8.8.4.4 -e LAN_NETWORK=192.168.1.0/24 -e ENABLE_FLOOD=no -e ENABLE_PRIVOXY=no -e STRONG_CERTS=no -e VPN_PROV=pia -e VPN_DEVICE_TYPE=tun -e VPN_PROTOCOL=udp -e VPN_PASS=xxx -e VPN_USER=xxx -e VPN_ENABLED=yes -e PGID=0 -e PUID=0 --privileged=true --security-opt apparmor:unconfined binhex/arch-rtorrentvpn:latest
This just gives the original error (nginx). Not sure if there's a combo of those I can try, or other --cap-add options I need in the first one to give it full permissions?
EDIT: I also tried it with --cap-add=ALL which, as far as I'm aware, should just give it access to pretty much everything, but that still gave me the nginx error. Perhaps it's --security-opt apparmor:unconfined that isn't working.