search

pawelmalak / flame

Flame is self-hosted startpage for your server. Easily manage your apps and bookmarks with built-in editors.
MIT License
5.26k stars 259 forks source link

Can't run it via docker as non-root. #397

Open flavorgold1 opened 1 year ago

flavorgold1 commented 1 year ago

My docker-compose.yml file:

services:
    flame_guest:
      container_name: flame_guest
      image: pawelmalak/flame:latest
      user: 1000:1000
      network_mode: host
      volumes:
        - /path/to/data:/app/data
        - /var/run/docker.sock:/var/run/docker.sock
      environment:
        - PUID=1000
        - PGID=1000
        - TZ=Etc/GMT
        - PASSWORD=password_here
      restart: unless-stopped

sudo docker logs flame_guest:

node:fs:585
  handleErrorFromBinding(ctx);
  ^

Error: EACCES: permission denied, open '/app/public/flame.css'
    at Object.openSync (node:fs:585:3)
    at Object.writeFileSync (node:fs:2157:35)
    at createFile (/app/utils/init/createFile.js:25:6)
    at /app/utils/init/initFiles.js:5:39
    at Array.forEach (<anonymous>)
    at initFiles (/app/utils/init/initFiles.js:5:9)
    at initApp (/app/utils/init/index.js:8:9)
    at /app/server.js:23:9
    at Object.<anonymous> (/app/server.js:41:3)
    at Module._compile (node:internal/modules/cjs/loader:1103:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1157:10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)
    at node:internal/main/run_main_module:17:47 {
  errno: -13,
  syscall: 'open',
  code: 'EACCES',
  path: '/app/public/flame.css'
}
node:fs:585
  handleErrorFromBinding(ctx);
  ^

Error: EACCES: permission denied, open '/app/public/flame.css'
    at Object.openSync (node:fs:585:3)
    at Object.writeFileSync (node:fs:2157:35)
    at createFile (/app/utils/init/createFile.js:25:6)
    at /app/utils/init/initFiles.js:5:39
    at Array.forEach (<anonymous>)
    at initFiles (/app/utils/init/initFiles.js:5:9)
    at initApp (/app/utils/init/index.js:8:9)
    at /app/server.js:23:9
    at Object.<anonymous> (/app/server.js:41:3)
    at Module._compile (node:internal/modules/cjs/loader:1103:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1157:10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)
    at node:internal/main/run_main_module:17:47 {
  errno: -13,
  syscall: 'open',
  code: 'EACCES',
  path: '/app/public/flame.css'
}

When I run ps aux, I can see that node server.js is running as root instead of 1000:1000 as it should be.

glitchcrab commented 1 year ago

this would be fixed if https://github.com/pawelmalak/flame/pull/356 was ever merged

GitKepler commented 1 year ago

A "pure docker-compose" workaround is to use the following docker-compose file:

services:
    flame_guest:
      container_name: flame_guest
      image: pawelmalak/flame:latest
      user: 1000:1000
      network_mode: host
      volumes:
        - /path/to/data:/app/data
        - ./initialFiles.empty.json:/app/utils/init/initialFiles.json:ro
        - ./path/to/data/flame.css:/app/public/flame.css:ro
        - /var/run/docker.sock:/var/run/docker.sock
      environment:
        - TZ=Etc/GMT
        - PASSWORD=password_here
      restart: unless-stopped
      command: "node server.js"

You also need to create the following file where the docker-compose file is located (named initialFiles.empty.json):

{
  "files": []
}

This will be used here: https://github.com/pawelmalak/flame/blob/446b4095f6bb06e0f878efb4ac1f990a5ae7d39c/utils/init/initFiles.js#L5

You also need to override the CMD from the dockerfile (hence the command: "node server.js" at the end of the docker-compose)

sofakng commented 1 year ago

@GitKepler Does this still workaround still work?

What should flame.css contain? (and should it be read-only as you specified?)

GitKepler commented 12 months ago

@GitKepler Does this still workaround still work?

What should flame.css contain? (and should it be read-only as you specified?)

./path/to/data/flame.css contains your custom CSS code (the one you set in Flame UI). You can leave it empty (in which case the only customization that will be applied is from the theme you choose). As for read-only, in my case I do not need to modify it, however if you intend to modify the CSS later on using the web UI, removing the read-only flag would make sense.

The workaround still works with the latest version.