[Bug]: Startup errors cause laravel.log to be created with wrong permissions

[Bilge]

Error Message and Logs

Having followed all the steps in manual installation, the web interface returns HTTP 500 and the following information is shown in the container logs:

NOTICE: PHP message: PHP Fatal error:  Uncaught UnexpectedValueException: The stream or file "/var/www/html/storage/logs/laravel.log" could not be opened in append mode: Failed to open stream: Permission denied
The exception occurred while attempting to log: Unsupported cipher or incorrect key length. Supported ciphers are: aes-128-cbc, aes-256-cbc, aes-128-gcm, aes-256-gcm.
Context: {"exception":{}} in /var/www/html/vendor/monolog/monolog/src/Monolog/Handler/StreamHandler.php:140
Stack trace:
#0 /var/www/html/vendor/monolog/monolog/src/Monolog/Handler/AbstractProcessingHandler.php(44): Monolog\Handler\StreamHandler->write()
#1 /var/www/html/vendor/monolog/monolog/src/Monolog/Logger.php(390): Monolog\Handler\AbstractProcessingHandler->handle()
#2 /var/www/html/vendor/monolog/monolog/src/Monolog/Logger.php(645): Monolog\Logger->addRecord()
#3 /var/www/html/vendor/laravel/framework/src/Illuminate/Log/Logger.php(184): Monolog\Logger->error()
#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Log/Logger...

This error repeats rapidly.

Steps to Reproduce

I wrote the following Ansible role to reproduce the manual installation steps.

- name: Create "coolify" user group
  group:
    name: coolify

- name: Create "coolify" user
  user:
    name: coolify
    group: coolify
    append: yes
    groups: docker
    shell: /bin/bash

- name: Create Coolify directories
  file:
    path: '{{ item }}'
    state: directory
    owner: 9999
    mode: 0700
  loop:
    - /data/coolify
    - /data/coolify/source
    - /data/coolify/ssh
    - /data/coolify/applications
    - /data/coolify/databases
    - /data/coolify/backups
    - /data/coolify/services
    - /data/coolify/proxy
    - /data/coolify/webhooks-during-maintenance
    - /data/coolify/ssh/keys
    - /data/coolify/ssh/mux
    - /data/coolify/proxy/dynamic

- name: Add "coolify" SSH authorized keys
  authorized_key:
    user: coolify
    key: '{{ lookup("file", "keyring/coolify.pub") }}'

# Necessary due to get_url bug: https://github.com/ansible/ansible/issues/64016
- name: Check Coolify sources downloaded
  check_mode: true
  file:
    path: /data/coolify/source/{{ item.name if item is mapping else item|basename }}
  loop:
    - https://cdn.coollabs.io/coolify/docker-compose.yml
    - https://cdn.coollabs.io/coolify/docker-compose.prod.yml
    - url: https://cdn.coollabs.io/coolify/.env.production
      name: .env
    - https://cdn.coollabs.io/coolify/upgrade.sh
  register: check
  failed_when: false

- name: Download missing Coolify sources
  get_url:
    url: '{{ item.item.url|default(item.item) }}'
    dest: '{{ item.path }}'
    owner: 9999
    mode: 0700
  loop: '{{ check.results }}'
  when: item.state == 'absent'
  register: sources

- name: Seed Coolify environment variables
  lineinfile:
    path: /data/coolify/source/.env
    line: '{{ item|first }}={{ lookup("pipe", "openssl rand " ~ item[item|first]) }}'
    regexp: ^{{ item|first }}=
  loop:
    - APP_ID: -hex 16
    - APP_KEY: -base64 32
    - DB_PASSWORD: -base64 32
    - REDIS_PASSWORD: -base64 32
    - PUSHER_APP_ID: -hex 32
    - PUSHER_APP_KEY: -hex 32
    - PUSHER_APP_SECRET: -hex 32
  when: sources.results|selectattr("item.item.name", "defined")|selectattr("item.item.name", "eq", ".env")|first
    is changed

- name: Create Coolify network
  community.docker.docker_network:
    name: coolify
    attachable: true

- name: Start Coolify
  community.docker.docker_compose_v2:
    project_src: /data/coolify/source/
    files:
      - docker-compose.yml
      - docker-compose.prod.yml
    pull: always
    recreate: always
    remove_orphans: true

Example Repository URL

No response

Coolify Version

latest

Are you using Coolify Cloud?

No (self-hosted)

Operating System and Version (self-hosted)

Ubuntu 22.04.3 LTS

Additional Information

Indeed, even though all the directories I created are (as instructed) owned by 9999:root on the host, and 9999:9999 in the container, the log file (laravel.log) is owned by root:root. Whatever created this, did so with the incorrect permissions.

root@91ebb53936cf:/var/www/html# ll storage/
total 36
drwxr-xr-x 1 webuser webgroup 4096 Nov 11  2024 ./
drwxr-xr-x 1 webuser webgroup 4096 Nov 10 21:23 ../
drwxr-xr-x 1 webuser webgroup 4096 Nov 10 21:23 app/
drwxr-xr-x 2 webuser webgroup 4096 Nov 11  2024 debugbar/
drwxr-xr-x 1 webuser webgroup 4096 Nov 11  2024 framework/
drwxr-xr-x 1 webuser webgroup 4096 Nov 10 21:23 logs/
drwxr-xr-x 2 webuser webgroup 4096 Nov 11  2024 pail/
root@91ebb53936cf:/var/www/html# ll storage/logs/
total 20
drwxr-xr-x 1 webuser webgroup 4096 Nov 10 21:23 ./
drwxr-xr-x 1 webuser webgroup 4096 Nov 11  2024 ../
-rw-r--r-- 1 webuser webgroup   14 Nov 11  2024 .gitignore
-rw-r--r-- 1 root    root      185 Nov 10 21:23 laravel.log

As for the Unsupported cipher or incorrect key length. error, I cannot comment on why this occurs, but if I manually fix the permission on the log file, it gives this full trace:

[2024-11-10 22:11:31] production.ERROR: Unsupported cipher or incorrect key length. Supported ciphers are: aes-128-cbc, aes-256-cbc, aes-128-gcm, aes-256-gcm. {"exception":"[object] (RuntimeException(code: 0): Unsupported cipher or incorrect key length. Supported ciphers are: aes-128-cbc, aes-256-cbc, aes-128-gcm, aes-256-gcm. at /var/www/html/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:62)
[stacktrace]
#0 /var/www/html/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php(32): Illuminate\\Encryption\\Encrypter->__construct()
#1 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(931): Illuminate\\Encryption\\EncryptionServiceProvider->Illuminate\\Encryption\\{closure}()
#2 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(815): Illuminate\\Container\\Container->build()
#3 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(1046): Illuminate\\Container\\Container->resolve()
#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(751): Illuminate\\Foundation\\Application->resolve()
#5 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(1028): Illuminate\\Container\\Container->make()
#6 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(1559): Illuminate\\Foundation\\Application->make()
#7 /var/www/html/vendor/laravel/framework/src/Illuminate/Session/SessionManager.php(213): Illuminate\\Container\\Container->offsetGet()
#8 /var/www/html/vendor/laravel/framework/src/Illuminate/Session/SessionManager.php(193): Illuminate\\Session\\SessionManager->buildEncryptedSession()
#9 /var/www/html/vendor/laravel/framework/src/Illuminate/Session/SessionManager.php(94): Illuminate\\Session\\SessionManager->buildSession()
#10 /var/www/html/vendor/laravel/framework/src/Illuminate/Support/Manager.php(106): Illuminate\\Session\\SessionManager->createDatabaseDriver()
#11 /var/www/html/vendor/laravel/framework/src/Illuminate/Support/Manager.php(80): Illuminate\\Support\\Manager->createDriver()
#12 /var/www/html/vendor/laravel/framework/src/Illuminate/Session/SessionServiceProvider.php(52): Illuminate\\Support\\Manager->driver()
#13 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(931): Illuminate\\Session\\SessionServiceProvider->Illuminate\\Session\\{closure}()
#14 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(815): Illuminate\\Container\\Container->build()
#15 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(1046): Illuminate\\Container\\Container->resolve()
#16 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(751): Illuminate\\Foundation\\Application->resolve()
#17 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(1028): Illuminate\\Container\\Container->make()
#18 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(1559): Illuminate\\Foundation\\Application->make()
#19 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/RoutingServiceProvider.php(122): Illuminate\\Container\\Container->offsetGet()
#20 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(931): Illuminate\\Routing\\RoutingServiceProvider->Illuminate\\Routing\\{closure}()
#21 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(815): Illuminate\\Container\\Container->build()
#22 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(1046): Illuminate\\Container\\Container->resolve()
#23 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(751): Illuminate\\Foundation\\Application->resolve()
#24 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(1028): Illuminate\\Container\\Container->make()
#25 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(1559): Illuminate\\Foundation\\Application->make()
#26 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/RoutingServiceProvider.php(180): Illuminate\\Container\\Container->offsetGet()
#27 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(931): Illuminate\\Routing\\RoutingServiceProvider->Illuminate\\Routing\\{closure}()
#28 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(815): Illuminate\\Container\\Container->build()
#29 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(1046): Illuminate\\Container\\Container->resolve()
#30 /var/www/html/vendor/laravel/framework/src/Illuminate/Container/Container.php(751): Illuminate\\Foundation\\Application->resolve()
#31 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(1028): Illuminate\\Container\\Container->make()
#32 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/helpers.php(124): Illuminate\\Foundation\\Application->make()
#33 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/helpers.php(832): app()
#34 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php(892): response()
#35 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php(813): Illuminate\\Foundation\\Exceptions\\Handler->renderHttpException()
#36 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php(704): Illuminate\\Foundation\\Exceptions\\Handler->prepareResponse()
#37 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php(592): Illuminate\\Foundation\\Exceptions\\Handler->renderExceptionResponse()
#38 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(51): Illuminate\\Foundation\\Exceptions\\Handler->render()
#39 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(188): Illuminate\\Routing\\Pipeline->handleException()
#40 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#41 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(807): Illuminate\\Pipeline\\Pipeline->then()
#42 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(786): Illuminate\\Routing\\Router->runRouteWithinStack()
#43 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(750): Illuminate\\Routing\\Router->runRoute()
#44 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(739): Illuminate\\Routing\\Router->dispatchToRoute()
#45 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(201): Illuminate\\Routing\\Router->dispatch()
#46 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(144): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()
#47 /var/www/html/vendor/livewire/livewire/src/Features/SupportDisablingBackButtonCache/DisableBackButtonCacheMiddleware.php(19): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#48 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Livewire\\Features\\SupportDisablingBackButtonCache\\DisableBackButtonCacheMiddleware->handle()
#49 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#50 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(31): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#51 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull->handle()
#52 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#53 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(51): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#54 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle()
#55 /var/www/html/vendor/laravel/framework/src/Illuminate/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#56 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Http\\Middleware\\ValidatePostSize->handle()
#57 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(62): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#58 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle()
#59 /var/www/html/vendor/laravel/framework/src/Illuminate/Http/Middleware/HandleCors.php(62): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#60 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Http\\Middleware\\HandleCors->handle()
#61 /var/www/html/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(58): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#62 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Http\\Middleware\\TrustProxies->handle()
#63 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#64 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\\Pipeline\\Pipeline->then()
#65 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(145): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()
#66 /var/www/html/public/index.php(51): Illuminate\\Foundation\\Http\\Kernel->handle()
#67 {main}

[Bilge]

This problem is caused by forgetting to prefix APP_KEY with base64:. Whilst this is my fault, it still should not be possible to create laravel.log with incorrect permissions; this is still a bug.