search

nextcloud / docker

⛴ Docker image of Nextcloud
https://hub.docker.com/_/nextcloud/
GNU Affero General Public License v3.0
5.8k stars 1.8k forks source link

PHP-FPM UID + GID incompatible with Nginx UID + GID #2204

Closed almereyda closed 1 month ago

almereyda commented 2 months ago

When using the Nextcloud image with the supplied Compose example there will be errors with retrieving files from the file system.

The error will be similar to:

stat() "/var/www/html/custom_apps/mail/img/mail.svg" failed (13: Permission denied)

as described in Proper permissions after upgrade/migration? - ℹ️ Support / 📦 Appliances (Docker, Snappy, VM, NCP, AIO) - Nextcloud community

It is useful to chown -R 33:101 the volume mapped into both containers for mitigation.

References:

https://github.com/nextcloud/docker/blob/473af1bed11c84866b31e2d5ebc39bc87070b758/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml#L25

https://github.com/nextcloud/docker/blob/473af1bed11c84866b31e2d5ebc39bc87070b758/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml#L39

https://github.com/nextcloud/docker/blob/473af1bed11c84866b31e2d5ebc39bc87070b758/28/fpm-alpine/entrypoint.sh#L99-L100

https://github.com/nginxinc/docker-nginx/blob/1f227619c1f1baa0bed8bed844ea614437ff14fb/mainline/alpine-slim/Dockerfile#L15-L16

This extends:

Which other strategies have people found to resolve this, eventually without chown'ing the state?

Maybe it is easier nowadays to run from Caddy #2052?

Or it is better to build an Nginx container that runs from www-data/33 as well?

Surprised this hasn't come up earlier.

tzerber commented 2 months ago

Can you post your compose file and OS variant/version? I have updated two production instances to 29 today, both are effectively a copy-paste from the fpm-nginx example (with some stuff added) and i have no such issues, they both have a bunch of apps including mail but no permission errors.

joshtrichards commented 1 month ago

Are you, perhaps, using bind mounts rather than actual volumes? (This would be different than the examples).

It'd probably be best if you shared your actual Compose file. :-)

Also, keep in mind that technically nginx is only serving files. It only needs read permission. FPM does all the heavy lifting, including anything that requires write permissions.

joshtrichards commented 1 month ago

I'm going to close this since there wasn't a response to the query for additional info >30 days ago. I suggest following up at the community help forum: https://help.nextcloud.com