[BUG] ENV DB_PASS not working, needs to be set to DB_PASSWORD

[KillerTic]

Is there an existing issue for this?

• [X] I have searched the existing issues

Current Behavior

Tried setting up Bookstack with MariaDB following the guide here. Boockstack container is not able to connect to the MariaDB container with an access denied error.

After many different attempts and finding the closed bug #129 could get it running, when setting the DB_PASSWORD variable.

Expected Behavior

As per documentation the DB_PASS variable should work. Either it is not being handled correctly or the documentation needs to be updated to DB_PASSWORD

Steps To Reproduce

1. Environment Docker: Docker version 20.10.22, build 3a2c30b Docker Compose: Docker Compose version v2.14.1

2. Code

   bookstack:
   container_name: bookstack
   image: lscr.io/linuxserver/bookstack:latest
   restart: unless-stopped
   networks:
     - frontend
     - backend
   ports:
     - 6875:80
   depends_on:
     - bookstack-mariadb
   security_opt:
     - no-new-privileges:true
   volumes:
     - LOCALDIR:/config
   environment:
     PUID: $PUID
     PGID: $PGID
     TZ: $TZ
     APP_URL: MYDOMAIN
     DB_HOST: bookstack-mariadb
     DB_DATABASE: bookstack
     DB_USER: bookstack
     FILE__DB_PASS: /run/secrets/bookstack_db_bookstack_passwd
     #DB_PASS: SECRETPASSWD #-> Also not working
   secrets:
     - bookstack_db_bookstack_passwd
   
   bookstack-mariadb:
   container_name: bookstack-mariadb
   image: mariadb:10.9.4 #fixedVersion
   restart: unless-stopped
   networks:
     - backend
   security_opt:
     - no-new-privileges:true
   volumes:
     - $DOCKERDIR/bookstack/mariadb:/var/lib/mysql
     - /etc/localtime:/etc/localtime:ro
   environment:
     PUID: $PUID
     PGID: $PGID
     MYSQL_ROOT_PASSWORD_FILE: /run/secrets/bookstack_db_root_passwd
     MYSQL_PASSWORD_FILE: /run/secrets/bookstack_db_bookstack_passwd
     MYSQL_DATABASE: bookstack
     MYSQL_USER: bookstack
   secrets:
     - bookstack_db_root_passwd
     - bookstack_db_bookstack_passwd

3. Run sudo docker compose up -d

4. Error Access denied for user 'bookstack'@'IPADDRESS' (using password: YES)

Environment

- OS: Debian GNU/Linux 11 (bullseye)
- How docker service was installed: distro's packagemanager

CPU architecture

x86-64

Docker creation

sudo docker compose up -d --remove-orphans

Container logs

Bookstack container:

[custom-init] No custom services found, skipping...
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service 00-legacy: starting
s6-rc: info: service 00-legacy successfully started
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/01-envfile
[env-init] DB_PASS set from FILE__DB_PASS
cont-init: info: /etc/cont-init.d/01-envfile exited 0
cont-init: info: running /etc/cont-init.d/01-migrations
[migrations] started
[migrations] 01-nginx-site-confs-default: executing...
[migrations] 01-nginx-site-confs-default: succeeded
[migrations] 02-default-location: executing...
grep: /config/nginx/site-confs/default.conf: No such file or directory
cont-init: info: /etc/cont-init.d/01-migrations exited 0
cont-init: info: running /etc/cont-init.d/10-adduser
[migrations] 02-default-location: succeeded
[migrations] done

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/

Brought to you by linuxserver.io
-------------------------------------

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    1000
User gid:    1000
-------------------------------------

cont-init: info: /etc/cont-init.d/10-adduser exited 0
cont-init: info: running /etc/cont-init.d/11-folders
cont-init: info: /etc/cont-init.d/11-folders exited 0
cont-init: info: running /etc/cont-init.d/12-samples
cont-init: info: /etc/cont-init.d/12-samples exited 0
cont-init: info: running /etc/cont-init.d/13-nginx
Setting resolver to  127.0.0.11
Setting worker_processes to 8
cont-init: info: /etc/cont-init.d/13-nginx exited 0
cont-init: info: running /etc/cont-init.d/14-php
cont-init: info: /etc/cont-init.d/14-php exited 0
cont-init: info: running /etc/cont-init.d/15-keygen
generating self-signed keys in /config/keys, you can replace these with your own keys if required
Generating a RSA private key
.....+++++
.......................................................+++++
writing new private key to '/config/keys/cert.key'
-----
cont-init: info: /etc/cont-init.d/15-keygen exited 0
cont-init: info: running /etc/cont-init.d/20-permissions
cont-init: info: /etc/cont-init.d/20-permissions exited 0
cont-init: info: running /etc/cont-init.d/50-config
New container detected. Setting up app folder and fixing permissions.
Generating BookStack app key for first run
App Key set to base64:NpKMFqq/rlMPVl9kxo7wRaIC8U8Q/qJwaMUbbsbde/E= you can modify the file to update /config/BOOKSTACK_APP_KEY.txt
Running config - DB_HOST set
**** Insert DB_PORT=3306 into /config/www/.env ****
sed: unmatched '/'
**** APP_URL in /config/www/.env is being updated from https://example.com to https://wiki.vonroon.net ****
**** If this is an existing install, you should run the following line from your host terminal to update the database URL entries: ****
************************************************************************
docker exec -it bookstack php /app/www/artisan bookstack:update-url https://example.com https://MYDOMAIN
************************************************************************
Waiting for DB to be available

   Illuminate\Database\QueryException 

  SQLSTATE[HY000] [2002] Connection refused (SQL: select * from information_schema.tables where table_schema = bookstack and table_name = migrations and table_type = 'BASE TABLE')

  at /app/www/vendor/laravel/framework/src/Illuminate/Database/Connection.php:712
    708▕         // If an exception occurs when attempting to run a query, we'll format the error
    709▕         // message to include the bindings with SQL, which will make this exception a
    710▕         // lot more helpful to the developer instead of just the database's errors.
    711▕         catch (Exception $e) {
  ➜ 712▕             throw new QueryException(
    713▕                 $query, $this->prepareBindings($bindings), $e
    714▕             );
    715▕         }
    716▕     }

      +36 vendor frames 
  37  /app/www/artisan:37
      Illuminate\Foundation\Console\Kernel::handle()
cont-init: info: /etc/cont-init.d/50-config exited 0
cont-init: info: running /etc/cont-init.d/85-version-checks
cont-init: info: /etc/cont-init.d/85-version-checks exited 0
cont-init: info: running /etc/cont-init.d/99-custom-files
[custom-init] No custom files found, skipping...
cont-init: info: /etc/cont-init.d/99-custom-files exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-mods: starting
s6-rc: info: service init-mods successfully started
s6-rc: info: service init-mods-package-install: starting
s6-rc: info: service init-mods-package-install successfully started
s6-rc: info: service init-mods-end: starting
s6-rc: info: service init-mods-end successfully started
s6-rc: info: service init-services: starting
s6-rc: info: service init-services successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun cron (no readiness notification)
services-up: info: copying legacy longrun memcached (no readiness notification)
services-up: info: copying legacy longrun nginx (no readiness notification)
services-up: info: copying legacy longrun php-fpm (no readiness notification)
s6-rc: info: service legacy-services successfully started
s6-rc: info: service 99-ci-service-check: starting
[ls.io-init] done.
s6-rc: info: service 99-ci-service-check successfully started

Boockstack MariaDB Container

2023-01-03 22:30:23+01:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.9.4+maria~ubu2204 started.
2023-01-03 22:30:23+01:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2023-01-03 22:30:23+01:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.9.4+maria~ubu2204 started.
2023-01-03 22:30:23+01:00 [Note] [Entrypoint]: Initializing database files
2023-01-03 22:30:23 0 [Warning] mariadbd: io_uring_queue_init() failed with ENOMEM: try larger memory locked limit, ulimit -l, or https://mariadb.com/kb/en/systemd/#configuring-limitmemlock under systemd (262144 bytes required)
2023-01-03 22:30:23 0 [Warning] InnoDB: liburing disabled: falling back to innodb_use_native_aio=OFF

PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
To do so, start the server, then issue the following command:

'/usr/bin/mysql_secure_installation'

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the MariaDB Knowledgebase at https://mariadb.com/kb

Please report any problems at https://mariadb.org/jira

The latest information about MariaDB is available at https://mariadb.org/.

Consider joining MariaDB's strong and vibrant community:
https://mariadb.org/get-involved/

2023-01-03 22:31:02+01:00 [Note] [Entrypoint]: Database files initialized
2023-01-03 22:31:02+01:00 [Note] [Entrypoint]: Starting temporary server
2023-01-03 22:31:02+01:00 [Note] [Entrypoint]: Waiting for server startup
2023-01-03 22:31:02 0 [Note] mariadbd (server 10.9.4-MariaDB-1:10.9.4+maria~ubu2204) starting as process 96 ...
2023-01-03 22:31:02 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2023-01-03 22:31:02 0 [Note] InnoDB: Number of transaction pools: 1
2023-01-03 22:31:02 0 [Note] InnoDB: Using generic crc32 instructions
2023-01-03 22:31:02 0 [Note] mariadbd: O_TMPFILE is not supported on /tmp (disabling future attempts)
2023-01-03 22:31:02 0 [Warning] mariadbd: io_uring_queue_init() failed with ENOMEM: try larger memory locked limit, ulimit -l, or https://mariadb.com/kb/en/systemd/#configuring-limitmemlock under systemd (262144 bytes required)
2023-01-03 22:31:02 0 [Warning] InnoDB: liburing disabled: falling back to innodb_use_native_aio=OFF
2023-01-03 22:31:02 0 [Note] InnoDB: Initializing buffer pool, total size = 128.000MiB, chunk size = 2.000MiB
2023-01-03 22:31:02 0 [Note] InnoDB: Completed initialization of buffer pool
2023-01-03 22:31:02 0 [Note] InnoDB: File system buffers for log disabled (block size=512 bytes)
2023-01-03 22:31:02 0 [Note] InnoDB: 128 rollback segments are active.
2023-01-03 22:31:02 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ...
2023-01-03 22:31:02 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB.
2023-01-03 22:31:02 0 [Note] InnoDB: log sequence number 46456; transaction id 14
2023-01-03 22:31:02 0 [Note] Plugin 'FEEDBACK' is disabled.
2023-01-03 22:31:02 0 [Warning] 'user' entry 'root@76f0eb063225' ignored in --skip-name-resolve mode.
2023-01-03 22:31:02 0 [Warning] 'proxies_priv' entry '@% root@76f0eb063225' ignored in --skip-name-resolve mode.
2023-01-03 22:31:02 0 [Note] mariadbd: ready for connections.
Version: '10.9.4-MariaDB-1:10.9.4+maria~ubu2204'  socket: '/run/mysqld/mysqld.sock'  port: 0  mariadb.org binary distribution
2023-01-03 22:31:03+01:00 [Note] [Entrypoint]: Temporary server started.
2023-01-03 22:31:09+01:00 [Note] [Entrypoint]: Creating database bookstack
2023-01-03 22:31:09+01:00 [Note] [Entrypoint]: Creating user bookstack
2023-01-03 22:31:09+01:00 [Note] [Entrypoint]: Giving user bookstack access to schema bookstack
2023-01-03 22:31:09+01:00 [Note] [Entrypoint]: Securing system users (equivalent to running mysql_secure_installation)

2023-01-03 22:31:09+01:00 [Note] [Entrypoint]: Stopping temporary server
2023-01-03 22:31:09 0 [Note] mariadbd (initiated by: unknown): Normal shutdown
2023-01-03 22:31:09 0 [Note] InnoDB: FTS optimize thread exiting.
2023-01-03 22:31:11 0 [Note] InnoDB: Starting shutdown...
2023-01-03 22:31:11 0 [Note] InnoDB: Dumping buffer pool(s) to /var/lib/mysql/ib_buffer_pool
2023-01-03 22:31:11 0 [Note] InnoDB: Buffer pool(s) dump completed at 230103 22:31:11
2023-01-03 22:31:11 0 [Note] InnoDB: Removed temporary tablespace data file: "./ibtmp1"
2023-01-03 22:31:11 0 [Note] InnoDB: Shutdown completed; log sequence number 46456; transaction id 15
2023-01-03 22:31:11 0 [Note] mariadbd: Shutdown complete

2023-01-03 22:31:11+01:00 [Note] [Entrypoint]: Temporary server stopped

2023-01-03 22:31:11+01:00 [Note] [Entrypoint]: MariaDB init process done. Ready for start up.

2023-01-03 22:31:11 0 [Note] mariadbd (server 10.9.4-MariaDB-1:10.9.4+maria~ubu2204) starting as process 1 ...
2023-01-03 22:31:11 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2023-01-03 22:31:11 0 [Note] InnoDB: Number of transaction pools: 1
2023-01-03 22:31:11 0 [Note] InnoDB: Using generic crc32 instructions
2023-01-03 22:31:11 0 [Note] mariadbd: O_TMPFILE is not supported on /tmp (disabling future attempts)
2023-01-03 22:31:11 0 [Warning] mariadbd: io_uring_queue_init() failed with ENOMEM: try larger memory locked limit, ulimit -l, or https://mariadb.com/kb/en/systemd/#configuring-limitmemlock under systemd (262144 bytes required)
2023-01-03 22:31:11 0 [Warning] InnoDB: liburing disabled: falling back to innodb_use_native_aio=OFF
2023-01-03 22:31:11 0 [Note] InnoDB: Initializing buffer pool, total size = 128.000MiB, chunk size = 2.000MiB
2023-01-03 22:31:11 0 [Note] InnoDB: Completed initialization of buffer pool
2023-01-03 22:31:11 0 [Note] InnoDB: File system buffers for log disabled (block size=512 bytes)
2023-01-03 22:31:11 0 [Note] InnoDB: 128 rollback segments are active.
2023-01-03 22:31:11 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ...
2023-01-03 22:31:11 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB.
2023-01-03 22:31:11 0 [Note] InnoDB: log sequence number 46456; transaction id 14
2023-01-03 22:31:11 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2023-01-03 22:31:11 0 [Note] Plugin 'FEEDBACK' is disabled.
2023-01-03 22:31:11 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-seconds work.
2023-01-03 22:31:11 0 [Note] InnoDB: Buffer pool(s) load completed at 230103 22:31:11
2023-01-03 22:31:11 0 [Note] Server socket created on IP: '0.0.0.0'.
2023-01-03 22:31:11 0 [Note] Server socket created on IP: '::'.
2023-01-03 22:31:11 0 [Note] mariadbd: ready for connections.
Version: '10.9.4-MariaDB-1:10.9.4+maria~ubu2204'  socket: '/run/mysqld/mysqld.sock'  port: 3306  mariadb.org binary distribution
2023-01-03 22:31:43 3 [Warning] Access denied for user 'bookstack'@'IPADDRESS' (using password: YES)
2023-01-03 22:31:43 4 [Warning] Access denied for user 'bookstack'@'IPADDRESS' (using password: YES)

[github-actions[bot]]

Thanks for opening your first issue here! Be sure to follow the bug or feature issue templates!

[aptalca]

This is something we can't reproduce. I tried many different passwords and it always works. Please share a password you identified as not working so we can reproduce and then we can fix it. Thanks

[KillerTic]

So I just did some more test runs and can confirm, that DB_PASS is working, but it isn't when there is a "&" in the password (like this password isn't working: "MySecr3t&Passwd") I tried some other characters ("!", captial letters, lower case and numbers). All worked. "-" actually never threw me an "Access denied", but also the login page never loaded... Not sure if this was my browser cache or another problem.

Not sure which other special characters make a problem.

Hope this helps you debugging.

[morsedl]

Kindly address this issue, and at least in the mean time update the documentation on dockerhub.com, specifically, instruct users to use DB_USERNAME and DB_PASSWORD instead of DB_USER and DB_PASS (as shown there in the example docker-compose.yml file). It is not a pleasant experience to have to track down this issue, as the error one first sees in from 'docker logs ...` leads one to think there is actually a problem with mysql permissions themselves (which, as well known, can be wonky) rather than the fact that the mysql user within the container is simply connecting with incorrect credentials (i.e., from DB_USER but apparently not using DB_PASS).

Specifically, I am referring to the fact that one sees the following in the docker logs ... output upon a new install when one only sets DB_USER and DB_PASS within docker-compose.yml:

....

Waiting for DB to be available

   Illuminate\Database\QueryException 

  SQLSTATE[HY000] [1045] Access denied for user 'bookstack'@'172.27.0.6' (using password: YES) (SQL: select * from information_schema.tables where table_schema = bookstack and table_name = migrations and table_type = 'BASE TABLE')

  at /app/www/vendor/laravel/framework/src/Illuminate/Database/Connection.php:712
    708▕         // If an exception occurs when attempting to run a query, we'll format the error
    709▕         // message to include the bindings with SQL, which will make this exception a
    710▕         // lot more helpful to the developer instead of just the database's errors.
    711▕         catch (Exception $e) {
  ➜ 712▕             throw new QueryException(
    713▕                 $query, $this->prepareBindings($bindings), $e
    714▕             );
    715▕         }
    716▕     }

....

[aptalca]

@KillerTic thanks so much for letting us know. The issue is with sed and & on the replace side, where it's interpreted as match everything from the left side, even if it's part of an env var. We'll get a fix out shortly.

[KillerTic]

Happy to have helped!

[michaelortnersanube]

Hello everyone. I have repulled the image, because we had this issue too.

The same error come with the new issue. How i can solve this issue?

Error in bookstack container:

Running config - DB_HOST set **** Insert DB_PORT='3306' into /config/www/.env **** Waiting for DB to be available Illuminate\Database\QueryException SQLSTATE[HY000] [1045] Access denied for user 'bookstack'@'bookstack.bookstack_default' (using password: YES) (SQL: select * from information_schema.tables where table_schema = bookstackapp and table_name = migrations and table_type = 'BASE TABLE') at /app/www/vendor/laravel/framework/src/Illuminate/Database/Connection.php:712 708▕ // If an exception occurs when attempting to run a query, we'll format the error 709▕ // message to include the bindings with SQL, which will make this exception a 710▕ // lot more helpful to the developer instead of just the database's errors. 711▕ catch (Exception $e) { ➜ 712▕ throw new QueryException( 713▕ $query, $this->prepareBindings($bindings), $e 714▕ ); 715▕ } 716▕ } +33 vendor frames 34 /app/www/artisan:37 Illuminate\Foundation\Console\Kernel::handle() cont-init: info: /etc/cont-init.d/50-config exited 0