Access denied for user 'root'@'localhost' (using password: NO)

[zell-mbc]

Been using this image for a while as a test case for a few users, really appreciate the work which went into this! Currently on v1.15.0 because v1.15.4 crashes and I haven't found time to investigate yet.

So far everything seems to be working fine for months, except for some log entries which I can't explain:

Approximately every minute I keep on getting the errors below in my docker log:

humhub-db     | 2024-05-15 16:35:16 195 [Warning] Access denied for user 'root'@'localhost' (using password: NO)
humhub-app    | 2024/05/15 14:35:16 [error] 40#40: *356 access forbidden by rule, client: ::1, server: _, request: "GET /ping HTTP/1.1", host: "localhost"

The way I understand this is that this is about a feature of MariaDB/MySql which allows root to logon without a password, which apparently isn't working. Confirmed by this:

root@server:~# docker exec -it humhub-db mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

I can logon just fine when I add the -p parameter and provide the password manually. After reading up on this I think I need to install auth_socket.so to enable socket based authentication but the file doesn't seem to exist?

This leads to my questions:

• Given that the site seems to work fine, do I have a problem or is this just noise?
• Is there a way to configure whatever root is trying to do to use a password instead?
• Could this be related to the cron job which I see gets configured in the docker files? Or maybe related to the missing log files it was complaining about during startup until I manually added - ./logs:/var/www/localhost/htdocs/protected/runtime/logs as a volume

[jvies]

It seems you have 2 problems related to your healthchecks.

The issue on humhub-db seems due to the healthcheck. You probably have something like this in your docker-compose:

    healthcheck:
      test: ["CMD", "mysqladmin", "--user=root", "--password=blahblah", "ping", "--silent"]

Instead you should use something like this:

    healthcheck:
      test: ["CMD", "healthcheck.sh", "--innodb_initialized"]

Since a few releases, the mariadb image embeds a healthcheck script. Note that it requires a specific user to be configured manually if you installed the DB before it was implemented.

The second seems due to your humhub healthcheck. My check is done like this:

    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost/ping"]

If you need more support, please add your docker-compose file (with any secret removed !).

[zell-mbc]

Oh dear, almost embarrassing :-) You were spot on, plenty of health-checks in my docker-compose.yml.

1. The first one you pointed out, the mysqladmin one, was missing the password parameter. After changing to test: ["CMD", "mysqladmin", "--password=${MARIADB_ROOT_PASSWORD}", "ping", "--silent"] the error is gone.

I will look into the more current check you proposed nonetheless.

2. The second setting seems to be identical to yours, I haven't yet figured out what's wrong, but disabling this health-check makes the docker compose log go quiet like a tomb :-)

 healthcheck:
    test: ["CMD", "curl", "-f", "http://localhost/ping"]
    interval: 30s
    timeout: 10s
    retries: 3

I tried the curl command from within the container and got an error as well.

# curl -f http://localhost/ping
curl: (22) The requested URL returned error: 403

Unless you got an idea why this check might not work right away, I will happily do my research from here on

Edit: Found a nice write-up on topic #1, https://stackoverflow.com/questions/76076357/how-do-i-correctly-implement-the-tests-requiring-usage-in-the-healthcheck-sh-scr which along the way solved a few more startup warnings.

Edit2: changed #2 from localhost to 127.0.0.1 and now this test seems to work as well. Case closed and thanks again! humhub-app | - - 15/May/2024:19:47:54 +0000 "GET /ping" 200