Closed kuya1284 closed 1 week ago
I noticed that the LSIO approach is different from other approaches, which is to use the format FILE__MYVAR
instead of MYVAR__FILE
. I did try both styles, but that didn't seem to make a difference.
So instead of being able to use either FILE__DB_PASSWORD
or DB_PASSWORD__FILE
, I have to continue using DB_PASSWORD
unfortunately.
EDIT: Is it possible that the LSIO just needs to remove the Environment variables from files (Docker secrets) section from their documentation? Was that an oversight?
I also noticed that #1041 had been closed but I haven't been able to get Docker Secrets to work like with other images that I have in my homelab.
I don't have a problem using secrets when trying it with postgressDB for the password. Can you share your compose file?
services:
speedtest-tracker:
image: lscr.io/linuxserver/speedtest-tracker:0.20.6
container_name: speedtest-tracker
restart: unless-stopped
environment:
- TZ=Europe/Amsterdam
- APP_TIMEZONE=Europe/Amsterdam
- DISPLAY_TIMEZONE=Europe/Amsterdam
- APP_DEBUG=true
- PUID=1000
- PGID=1000
- DB_CONNECTION=pgsql
- DB_HOST=speedtest-tracker-db
- DB_PORT=5432
- DB_DATABASE=${POSTGRES_DB}
- DB_USERNAME=${POSTGRES_USER}
- FILE__DB_PASSWORD=/run/secrets/db_pass
- APP_KEY=${APP_KEY}
- SPEEDTEST_SCHEDULE=6 */2 * * *
- SPEEDTEST_SERVERS=52365
- PRUNE_RESULTS_OLDER_THAN=0
- DATETIME_FORMAT="j M Y, G:i:s"
- CHART_DATETIME_FORMAT="j/m G:i"
secrets:
- db_pass
volumes:
- speedtest-tracker:/config
networks:
- backend
ports:
- 8084:80
depends_on:
- speedtest-tracker-db
speedtest-tracker-db--sectres:
image: postgres:15
container_name: speedtest-tracker-db
restart: unless-stopped
environment:
- POSTGRES_DB=${POSTGRES_DB}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD_FILE:=/run/secrets/db_pass
secrets:
- db_pass
volumes:
- speedtest-tracker-db:/var/lib/postgresql/data
networks:
- backend
volumes:
speedtest-tracker:
name: speedtest-tracker
speedtest-tracker-db:
name: speedtest-tracker-db
networks:
backend:
name: backend
secrets:
db_pass:
file: ./db_pass.txt
@svenvg93 , thank you for sharing. I figured out what the problem was. The issue was similar to what I experienced with the Maxmind geoipupdate image. The file containing my secret contained a new line character at the end, which wasn't getting trimmed. Images like MariaDB trims the file to eliminate the whitespace.
As an interim solution, I resaved the file without the new line character and I'm now able to leverage FILE__DB_PASSWORD
.
Thanks for helping to lead me in the right direction.
Glad to hear you where able to figure it out :) If the problem is solved please close the issue :)
@svenvg93 I don't think the problem is solved yet. The secret should be trimmed after being read from the file. Many images are built to do that.
Thanks!
I would post it to the LSIO repo as that's an image issue not an app issue. I'm going to close this but feel free to reference it for them.
For anyone who may come across this, I just created this in the LSIO repo:
https://github.com/linuxserver/docker-speedtest-tracker/issues/23
Describe the bug According to the LSIO documentation on Docker Secrets, we should be able to use
FILE__DB_PASSWORD
in our Docker Compose file so that we won't have to put our database password in plain text either incompose.yaml
or.env
. That doesn't appear to work and produces an Access denied for user error.EDIT - 6/18/2024: The issue is due to the contents of the secret file not being trimmed of white-space. If the file contains a new line character, which gets added automatically when saving the file using an editor like vi, the password that gets used when attempting to authenticate with a database will contain that new line character.
To Reproduce Steps to reproduce the behavior:
DB_PASSWORD
withFILE__DB_PASSWORD
per the LSIO documentation.Expected behavior The Speedtest Tracker stack should start up normally and without errors.
Environment