keep the certificates in a persistent volume

Dockerfile

@@ -31,10 +31,14 @@ RUN useradd -u $UID -m -d $HOME -s /usr/sbin/nologin -G $GROUPS $USER && \
 
 USER $USER
 WORKDIR $HOME
+
+# Ephemeral volumes which will live as long as the container exists
 VOLUME [ "$HOME/.pki/nssdb", \
          "$HOME/.local", \
          "/tmp", \
          "/data" ]
-ENTRYPOINT [ "/usr/bin/google-chrome" ]
+# If you wish to have persistent volumes, then specify them in the docker-compose.yml
-CMD [ "--user-data-dir=/data" ]
+# file at the `volumes:` section or with `-v` when using the `docker run` command
-#      "--no-sandbox" ]
+
+ENTRYPOINT [ "/usr/bin/google-chrome", "--user-data-dir=/data" ]
+# "--no-sandbox"

docker-compose.yml

@@ -5,6 +5,7 @@ version: '2'
 
 volumes:
   data: {}
+  certs: {}
 
 services:
   chrome:
@@ -19,6 +20,7 @@ services:
       - $XDG_RUNTIME_DIR/pulse:/run/user/1000/pulse
       - /dev/shm:/dev/shm
       - data:/data
+      - certs:/home/user/.pki/nssdb
       - $HOME/Downloads:/home/user/Downloads
       - /var/run/cups:/var/run/cups:ro
       - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro
@@ -26,9 +28,10 @@ services:
     environment:
       - DISPLAY=unix$DISPLAY
       - PULSE_SERVER=unix:$XDG_RUNTIME_DIR/pulse/native
-      # for some unknown reason the ownCloud's (v9.0.0) calendar (v1.0.0.0) does work correctly,
+      # some webapps won't work when the timezone is not properly set, e.g.
+      # the ownCloud's (v9.0.0) calendar (v1.0.0.0) does not work correctly
+      # the same could happen with Icinga2 web interface
       - TZ=Europe/Amsterdam
-      # unless the timezone is set
     # security_opt:
       # - apparmor:docker-ptrace
       # - apparmor:unconfined