search

TimWolla / docker-adminer

Database management in a single PHP file
https://hub.docker.com/_/adminer/
157 stars 69 forks source link

Container fails to start #133

Open JaneX8 opened 1 year ago

JaneX8 commented 1 year ago 
docker logs adminer
ln: failed to create symbolic link './adminer.css': Permission denied
TimWolla commented 1 year ago

How are you starting the container?

JaneX8 commented 1 year ago

Using docker-compose. Below config has always worked so far and isn't changed recently.

    adminer:
        image: adminer
        user: "adminer:adminer"
        container_name: adminer
        restart: on-failure:5
        deploy:
          resources:
            limits:
              cpus: '.20'
              memory: 32M
              pids: 5
        expose:
            - "8080/tcp"
        environment:
            ADMINER_DEFAULT_SERVER: xxxx
            ADMINER_DESIGN: "pepa-linha"
            ADMINER_PLUGINS: "login-totp"
        networks:
            caddy:
            mysql:
                ipv4_address: xxxx
        depends_on: ["caddy", "mysql"]
        privileged: false
        volumes:
            - "/var/docker/volumes/adminer/plugins/login-totp.php:/var/www/html/plugins/login-totp.php:ro"
            - "/var/docker/volumes/adminer/plugins-enabled:/var/www/html/plugins-enabled:rw"
        security_opt:
            - "no-new-privileges"
        cap_drop: ['ALL']
        healthcheck:
            test: ["CMD-SHELL", "netstat -ltn | grep -c ':8080' > /dev/null || exit 1"]
            interval: 30s
            timeout: 10s
            retries: 3
            start_period: 40s
TimWolla commented 1 year ago

I'm unable to reproduce the issue with a stripped down version of your configuration:

    adminer:
        image: adminer
        user: "adminer:adminer"
        container_name: adminer
        restart: on-failure:5
        expose:
            - "8080/tcp"
        environment:
            ADMINER_DEFAULT_SERVER: xxxx
            ADMINER_DESIGN: "pepa-linha"
        privileged: false
        security_opt:
            - "no-new-privileges"
        cap_drop: ['ALL']
$ docker-compose up
Recreating adminer ... done
Attaching to adminer
adminer    | [Tue Jan 10 21:27:12 2023] PHP 7.4.33 Development Server (http://[::]:8080) started
^CGracefully stopping... (press Ctrl+C again to force)

I'm also not seeing an obvious issue with your volumes, which I suspected, because #129 needed to change the underlying UIDs, as the one used by the previous Alpine version was taken in Debian.

Please check whether all the files are readable to the adminer user which has UID 999 in the current version.

JaneX8 commented 1 year ago

My volumes are using a custom user and group, not UID 999. But named adminer too. Unique as for all my docker containers. I will test it more when I have time. Deleting the container and recreating entirely didn't fix my problem.

TimWolla commented 1 year ago

My volumes are using a custom user and group, not UID 999. But named adminer too.

Names are irrelevant, permissions are only based on the UID. The name can differ depending on the contents of /etc/passwd (which might and likely will be different across host and container).

JaneX8 commented 1 year ago

I temporarily fixed it by changing in my docker-compose file to user: "999:999". However I wonder what changed because I have special users setup already with other UIDs for every container and this used to work before. Is 999 something new in de Adminer Docker container?

alvinlys commented 1 year ago

Using docker-compose. Below config has always worked so far and isn't changed recently.

    adminer:
        image: adminer
        user: "adminer:adminer"
        container_name: adminer
        restart: on-failure:5
        deploy:
          resources:
            limits:
              cpus: '.20'
              memory: 32M
              pids: 5
        expose:
            - "8080/tcp"
        environment:
            ADMINER_DEFAULT_SERVER: xxxx
            ADMINER_DESIGN: "pepa-linha"
            ADMINER_PLUGINS: "login-totp"
        networks:
            caddy:
            mysql:
                ipv4_address: xxxx
        depends_on: ["caddy", "mysql"]
        privileged: false
        volumes:
            - "/var/docker/volumes/adminer/plugins/login-totp.php:/var/www/html/plugins/login-totp.php:ro"
            - "/var/docker/volumes/adminer/plugins-enabled:/var/www/html/plugins-enabled:rw"
        security_opt:
            - "no-new-privileges"
        cap_drop: ['ALL']
        healthcheck:
            test: ["CMD-SHELL", "netstat -ltn | grep -c ':8080' > /dev/null || exit 1"]
            interval: 30s
            timeout: 10s
            retries: 3
            start_period: 40s

Hi , did you used nginx for this? if yes, mind to share your nginx con.f file?

JaneX8 commented 12 months ago

Hi Alvin, I'm not sure what your question is. But if you meant how I got Adminet behind a reverse proxy then check out https://caddyserver.com/v2.

MustagheesButt commented 1 month ago

When setting ADMINER_DESIGN in my compose file, I get the following and container keeps restarting: ln: failed to create symbolic link './adminer.css': Permission denied

And when not set: touch: cannot touch '.adminer-init': Permission denied But container starts.

I think what caused it was sometime ago I accidentally did: sudo chown -R root:root /var/lib/docker/, which messed up permissions for every container. But restarting all containers using down and up fixed other containers including postgres.

Any idea how to fix this?