Error: EACCES: permission denied, scandir '/data'

maptiler / tileserver-gl

Vector and raster maps with GL styles. Server side rendering by MapLibre GL Native. Map tile server for MapLibre GL JS, Android, iOS, Leaflet, OpenLayers, GIS via WMTS, etc.

https://tileserver.readthedocs.io/en/latest/

Other

2.23k stars 638 forks source link

Error: EACCES: permission denied, scandir '/data' #573

Open trentwiles opened 2 years ago

trentwiles commented 2 years ago

Same issue as https://github.com/maptiler/tileserver-gl/issues/315

I can't seem to run the tile server on my Ubuntu Impish machine.

~# sudo docker run --rm -it -v $(pwd):/data -p 1984:1984 maptiler/tileserver-gl
Starting tileserver-gl v3.1.1
Error: EACCES: permission denied, scandir '/data'
    at Proxy.readdirSync (fs.js:790:3)
    at fs.stat (/app/src/main.js:183:24)
    at FSReqWrap.oncomplete (fs.js:153:21)

sebastianknopf commented 2 years ago

Is there an update yet? I'm facing the same issue and don't know where to enter.

acalcutt commented 2 years ago

did you download an mbtiles file or make a config file in your current directory before running the docker command?

acalcutt commented 2 years ago

the other thing i have seen cause something like this is because the docker tries to start on port 80. on some system this can only be done by root.

theres been a few post about it, and PRs with fixes like switching the default port to 8080 (which doesnt have that issue) or adding some lines. to the dockerfile so it is able to open the low port.

https://github.com/maptiler/tileserver-gl/pull/578 https://github.com/maptiler/tileserver-gl/issues/503

sebastianknopf commented 2 years ago

Thanks for your quick reply. I was stuck in so many open issues, that I didn't see those two.

Solution was to run the docker command with option -u 0. It runs the docker command as root user which allows docker to work on port 80.

Next problem is that the docker container is not reachable from www by using the servers public IP.

scara commented 2 years ago

theres been a few post about it, and PRs with fixes like switching the default port to 8080 (which doesnt have that issue)

@acalcutt I'd vote for the 8080 path to be more compatible with envs like K8s and OCP.

Next problem is that the docker container is not reachable from www by using the servers public IP.

@sebastianknopf give --public_url a chance.

HTH, Matteo

sebastianknopf commented 2 years ago

@scara Tank you!

But it seems like --public-url doesn't help anything here. I tried using --public-url with a relative and an absolute path. If I call the servers address with port 8080 from my browser, connections times out. If I open another terminal session on the server and run curl http://[serverAddress]:8080 the server returns valid HTML. And in the other terminal session I see in TileServer GLs output that he received a GET request and answered with status code 200.

I wonder how this could work on the same machine but not by calling from my webbrowser, since I'm explicitly not using 127.0.0.1, localhost or anything but the public server's IP address.

scara commented 2 years ago

Hi @sebastianknopf,

connections times out

could you share here the docker command you're using to run the image? BTW --public-url is useful when connecting from outside your docker engine via an hostname which is not the one of the host which your docker engine is running on e.g. when using a reverse proxy or other solutions to expose your docker engine outside its network.

HTH, Matteo

sebastianknopf commented 2 years ago

I'm currently using following docker command:

docker run --rm -u 0 -it -v $(pwd):/data -p 8080:80 maptiler/tileserver-gl

When I try to open http://[serverAddress]:8080 in my webbrowser, connection times out. When I run curl http://[serverAddress]:8080 on a second terminal session on the same server, HTML is returned which seems to work perfectly...

The server is a VPS running Ubuntu 22.04 with docker. Maybe there're two possible issues:

A config issue with docker or the server running in its container
My webbrowser might try to force HTTPS (even if I type HTTP only!) which is not supported by TileServer GL in general

acalcutt commented 2 years ago

when you access in the browser is it on the same host? maybe firewall blocking 8080? your second test looks like it is on the same machine, so it wouldnt be affected by firewall.

Ive never had an issue using chrome on http. on my real server i proxy through haproxy for https, but have also used apache to proxy like this https://github.com/maptiler/tileserver-gl/issues/622#issuecomment-1271000207 for https.

sebastianknopf commented 2 years ago

I also tried to set a firewall exception for TCP / Port 8080, stillt not reachable. When I use the following command:

docker run --rm -it -u 0 -v $(pwd):/data -p 80:80 maptiler/tileserver-gl

Everything works fine, even in browser. I think, I'll set up the tile server behind an apache server now.

Thanks for your input! :-)