Installation Issue

[Seventy-9DegreesNorth]

I’m a fairly knowledgeable user of open source projects and have been trying to learn docker installations for about the last two years or so. I have followed many of the docker installation instructions for installing open source software on a Synology NAS that are found on mariushosting.com. I’ve been able to deploy multiple docker installations on Synology using Portainer although sometimes it’s a bit of trial and error to get it working.

I found your project, and have already been using Pushover with home automation hubs, and really wanted to get it working on my Synology NAS. I was able to use Portainer, and a modified Docker compose from the file you put in github, and am able to get the stack deployed successfully. HOWEVER, the stack stops very quickly after it is deployed and started. The error I get is as follows:

python3: can't open file '/app/MIND.py': [Errno 13] Permission denied python3: can't open file '/app/MIND.py': [Errno 13] Permission denied python3: can't open file '/app/MIND.py': [Errno 13] Permission denied python3: can't open file '/app/MIND.py': [Errno 13] Permission denied python3: can't open file '/app/MIND.py': [Errno 13] Permission denied python3: can't open file '/app/MIND.py': [Errno 13] Permission denied

I’m assuming this is a permissions issue with the file system but I just don’t know enough. I setup a folder under docker as follows: mind/ and a subfolder under that for the database: mind/mind-db I also set R/W permissions recursive from the mind directory down – inherited permissions.

Here is the Docker compose I used with Portainer – again, based on what I learned through mariushosting.com and your Docker compose.

version: “3.3” services: mind: image: mrcas/mind:latest container_name: mind user: 1028:101 volumes:

• /volume2/docker/mind/mind-db:/app/db:rw environment:
• TZ=America/New_York ports:
• 8280:8080 restart: on-failure:5

I’m wondering if you have any thoughts on what I might try, based on what the error 13 is. I’m open to trying any ideas you may have to get this working? I would greatly appreciate it.

Thank you.

[Lord0fBytes]

I think it might have to do with the user variables in your compose. I am using Portainer as well and this is my compose that is working. I do not denote a user for this container:

version: '3.3'
services:
    mind:
        container_name: mind
        volumes:
            - '/home/docker/port/mind-db:/app/db'
        environment:
            - TZ=America/New_York
        ports:
            - '8080:8080'
        image: 'mrcas/mind:latest'

I assume you are using a Synology for your host, which might be helpful to check the folder permissions. See this article and scroll down to Wrong Folder Permissions in File Station

I suspect when you remove the user variable though it will work.

[Seventy-9DegreesNorth]

Thank you very much!! I will give this a try and let you know. MUCH appreciated that you replied.

From: Lord0fBytes @.> Sent: Friday, June 30, 2023 8:28 AM To: Casvt/MIND @.> Cc: John Garvey @.>; Author @.> Subject: Re: [Casvt/MIND] Installation Issue (Issue #48)

Caution: Sender is EXTERNAL to Compliance Architects LLC. Ensure HIGH-LEVEL SCRUTINY is applied to ALL links and attachments prior to viewing or opening.

I think it might have to do with the user variables in your compose. I am using Portainer as well and this is my compose that is working. I do not denote a user for this container:

version: '3.3'

services:

mind:

    container_name: mind

    volumes:

        - '/home/docker/port/mind-db:/app/db'

    environment:

        - TZ=America/New_York

    ports:

        - '8080:8080'

    image: 'mrcas/mind:latest'

I assume you are using a Synology for your host, which might be helpful to check the folder permissions. See this article and scroll down to Wrong Folder Permissions in File Stationhttps://mariushosting.com/synology-common-docker-issues-and-fixes/

I suspect when you remove the user variable though it will work.

- Reply to this email directly, view it on GitHubhttps://github.com/Casvt/MIND/issues/48#issuecomment-1614582429, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGDVIS3MAMFDXVTACZKOTTXN3A5DANCNFSM6AAAAAAYJUSX6Q. You are receiving this because you authored the thread.Message ID: @.**@.>>

[Seventy-9DegreesNorth]

I was able to successfully get the container running on a Synology (thank you). Setup a new API for Mind on my Pushover account. Setup the pushover appraise api format in Mind: pover://XXXXXXXXXX@XXXXXXXXXXXXX All seemed to work fine. Tried a test reminder but it didn't seem to be pushing out. It may be a Synology thing, but I'm surprised that an outgoing message would be blocked. Do firewalls or security settings block outgoing messages? Any thoughts?

[Casvt]

Assuming that the Apprise URL is correct (you can follow the guide from noted.lol), it'd have to do with the firewall yes. It could be that requests using the ports 80 and 443 are blocked.

I don't have any experience with Synology (which is why I didn't respond to this issue; I don't have anything to say because I don't have experience with it and don't know why it happens either). However, I hope that the second response on this forum post will help you. It looks like the same problem.

[Seventy-9DegreesNorth]

Thanks for that -- I have my firewall set to block port 80, and I assumed that by using the docker command to set a custom port that it would be able to communicate through that. When I opened port 80 it worked. I had understood that keeping port 80 open is a security risk -- is there a way around this? In docker I had set a custom port: 8280:8080 -- you still need port 80 open?

[Casvt]

In the docker command, you're opening port 8280 from the outside and mapping it to port 8080 inside so that clients from the outside can make contact with MIND (inside the container) via port 8280. This is for the web-UI. You're opening a port for outside -> inside communication.

Inside -> outside communication is always open for a docker container for any port, unless a firewall blocks it, like the one from Synology. The fact that all ports are open is quite safe because this is only used when the container is the client. MIND is in one scenario the client in a request, and that is when sending a reminder. And that is what you're opening port 80 for. So that MIND can make requests, as the client, over port 80.

The notifications work because an API call is made by MIND to the API of the service (in your case Pushover). Not all API's support https (which uses port 443), sometimes they only support http (which uses port 80) or need a call to an http endpoint before making one to an https endpoint, and thus you need to open port 80 for full compatibility with all services.

Port 80 is sometimes considered "risky" because the request is not encrypted, meaning that people can read everything in your request. However, if the service offers it, MIND is always able to use the APIs via https. It only uses http when it doesn't have a choice. Looking at the documentation, Pushover is said to be over https, but obviously still needs port 80 open as you showed. This suggests that Apprise (which MIND uses to send the notifications) needs to make an http request first, then uses something from that response to then send a final https request.

You won't have to worry much about it being a security risk. Pretty much all services now offer https solutions, so most of the time http requests are only made with and for non-private data.

I'm not sure, but maybe you can only allow port 80 through the firewall for just the MIND container? That would minimise the "hole" in the firewall to make it as small as possible.

---

Do you need any more help or can I close the issue? It seems to me like everything is working now :)

[Seventy-9DegreesNorth]

You've been MORE than helpful. You can close the issue. And, you've given me a good understanding of the issue which I can try to figure out how it applies to this specific setup. Thank you very much -- I'm sure I'll get it working and from what I'm reading if I leave port 80 open it's not that big a risk anyway. Thanks so much! I'm excited to use it and will provide improvement, update thoughts as I do. Good luck!