nextcloud/all-in-one
1
1
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-09-13 18:15:36 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix docker permission issues

Browse source 
Signed-off-by: Adrian Gebhart <adrian@pestotoast.de>
This commit is contained in:
Adrian Gebhart 2021-12-01 12:40:51 +01:00
parent 3f672595ea
commit 2371dfd296
No known key found for this signature in database
GPG key ID: 7F19F49F80E3A7BE
3 changed files with 19 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Containers/mastercontainer/Dockerfile
View file

@ -75,14 +75,8 @@ RUN chmod +x /usr/bin/start.sh; \
chmod +r /Caddyfile; \ chmod +r /Caddyfile; \
chmod +x /cron.sh chmod +x /cron.sh
# add docker group
RUN groupadd -g 998 docker && \
usermod -aG docker www-data
# Give root a random password # Give root a random password
RUN echo "root:$(openssl rand -base64 12)" | chpasswd RUN echo "root:$(openssl rand -base64 12)" | chpasswd
USER www-data
ENTRYPOINT ["start.sh"] ENTRYPOINT ["start.sh"]
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

14
Containers/mastercontainer/start.sh
View file

@ -10,9 +10,15 @@ print_green() {
if ! [ -a "/var/run/docker.sock" ]; then if ! [ -a "/var/run/docker.sock" ]; then
echo "Docker socket is not available. Cannot continue." echo "Docker socket is not available. Cannot continue."
exit 1 exit 1
elif ! test -r /var/run/docker.sock; then elif ! su www-data -s /bin/bash -c "test -r /var/run/docker.sock"; then
echo "Docker socket is not readable by the www-data user. Cannot continue." echo "Trying to fix docker.sock permissions..."
exit 1 GROUP=$(stat -c '%g' /var/run/docker.sock)
groupadd -g "$GROUP" docker && \
usermod -aG docker www-data
if ! su www-data -s /bin/bash -c "test -r /var/run/docker.sock"; then
echo "Docker socket is not readable by the www-data user. Cannot continue."
exit 1
fi
fi fi
# Check if volume is writeable # Check if volume is writeable
@ -58,7 +64,7 @@ if [ -f ./ssl.crt ] && [ -f ./ssl.key ]; then
cp "$GENERATED_CERTS/ssl.crt" ./ cp "$GENERATED_CERTS/ssl.crt" ./
cp "$GENERATED_CERTS/ssl.key" ./ cp "$GENERATED_CERTS/ssl.key" ./
fi fi
chown -R www-data /mnt/docker-aio-config /etc/apache2/certs/ssl.*
print_green "Initial startup of Nextcloud All In One complete! print_green "Initial startup of Nextcloud All In One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server! You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080 E.g. https://internal.ip.of.this.server:8080

22
Containers/mastercontainer/supervisord.conf
View file

@ -5,26 +5,22 @@ logfile=/var/log/supervisord/supervisord.log
pidfile=/var/run/supervisord/supervisord.pid pidfile=/var/run/supervisord/supervisord.pid
childlogdir=/var/log/supervisord/ childlogdir=/var/log/supervisord/
logfile_maxbytes=50MB logfile_maxbytes=50MB
logfile_backups=10 logfile_backups=10
loglevel=error loglevel=error
user=www-data
environment=HOME="/var/www/docker-aio",USER="www-data"
[program:apache] [program:apache]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=apache2-foreground command=apache2-foreground
user=www-data
environment=HOME="/var/www/docker-aio",USER="www-data"
[program:caddy] [program:caddy]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=/usr/bin/caddy run -config /Caddyfile command=/usr/bin/caddy run -config /Caddyfile
user=www-data
environment=HOME="/var/www/docker-aio",USER="www-data"
[program:cron] [program:cron]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=/cron.sh command=/cron.sh
user=www-data
environment=HOME="/var/www/docker-aio",USER="www-data"