[Bug] (alpha) network error when loading rom for emulatorjs

[sargunv]

RomM version 3.5.0 alpha 1

Describe the bug

When I try to play a ROM, I get a network error. Checking dev tools, I see a 403 on the HEAD request to the rom file.

To Reproduce

Play any rom

Expected behavior

The rom loads and plays

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: macOS
• Browser Chrome
• Version 127.0.6533.120

Additional context

I installed this alpha because I saw #1086 is included and wanted to try playing a game in the browser.

[sargunv]

Relevant log lines for the request that's 403ing:

172.18.0.1:0 - "HEAD /api/roms/1403/content/ChuChu%20Rocket%21%20%28USA%29%20%28En%2CJa%2CFr%2CDe%2CEs%29.gba HTTP/1.0" 200
INFO:     [nginx][2024-08-23 08:51:55]  172.18.0.5 - - "HEAD /api/roms/1403/content/ChuChu%20Rocket!%20(USA)%20(En,Ja,Fr,De,Es).gba HTTP/1.1" 403 0 "https://romm.home.sargunv.dev/rom/1403/ejs" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" rt=0.117 uct="0.000" uht="0.117" urt="0.117"
2024/08/23 08:51:55 [error] 28#28: *2201 open() "/romm/library/roms/gba/ChuChu Rocket! (USA) (En,Ja,Fr,De,Es).gba" failed (13: Permission denied), client: 172.18.0.5, server: localhost, request: "HEAD /api/roms/1403/content/ChuChu%20Rocket!%20(USA)%20(En,Ja,Fr,De,Es).gba HTTP/1.1", upstream: "http://unix:/tmp/gunicorn.sock/api/roms/1403/content/ChuChu%20Rocket!%20(USA)%20(En,Ja,Fr,De,Es).gba", host: "romm.home.sargunv.dev", referrer: "https://romm.home.sargunv.dev/rom/1403/ejs"

Looks like permission was denied when opening the file for reading. Error persists even after chmod 777.

I tried to docker exec to a shell within the romm container, and can cat the same rom just okay, so file permissions should be good to read the file. Unsure why I'm getting permission denied

[iMartien]

Have nothing to add except that I have the exact same issue.

[NicksGhost]

I have exactly the same problem, did you solve it?

[iMartien]

No, still a problem in the latest non beta 3.5 version.

[Kengurugames]

Got the same issue permissions are set to 777. In my case the roms are on a NFS share. Access with docker exec works and permission also look fine. In v3.3.0 everything worked fine for me.

[gantoine]

@adamantike Any chance this is related to the x-accel-redirect changes?

[Nomelas]

looks like you're behind a proxy. What happens if you try to run the rom from the host:port directly?

[iMartien]

For me I’m running in docker, and no additional proxy is used.

[Kengurugames]

looks like you're behind a proxy. What happens if you try to run the rom from the host:port directly?

I tried to access it directly via port and it still got the same issue.

[adamantike]

I need to dig deeper into this, but something interesting I found, that could be the culprit of this issue, is that nginx is the only process that runs with user romm when the Docker container is configured to run with the root user (default). This is the related code.

That wouldn't explain this issue if permissions are actually set as 777, but they would need to be set like that (or, at least 444) for the entire path containing the rom, not only the rom file itself.

[sargunv]

I was able to get this working by setting the user param on the docker container to the user:group owning the rom files (in my case, 1026:100). I'm still unsure why even chmod 777 didn't work but this did (maybe a parent directory on the path had stricter permissions)

[jonspraggins]

Nothing to add, but confirming the error occurs whether I go through a reverse proxy or by direct IP:port.
Even if the permissions assigned to the container have read/write to the rom folder and all objects within it.

Dropping some basic error details from the dev-tools Network Tab, but I imagine it adds zero to the conversation. Note: I assign a different port than the standard.

Request URL:
http://192.168.1.5:8082/api/roms/39239/content/test-rom(U).zip
Request Method:
HEAD
Status Code:
403 Forbidden
Remote Address:
192.168.1.5:8082
Referrer Policy:
strict-origin-when-cross-origin

[Betonhaus]

I'm also having this issue

[Aiakio]

Same here. [...] failed (13: Permission denied), [...], even though, everything was uploaded through the romm webinterface, i cant download any rom or use emulatorjs.

[Betonhaus]

I think I fixed it by defining the user and group that romm runs on, but I still have to have mariadb be root and using a docker volume

[Aiakio]

Indeed user: 1036:100 fixed the downloads for me as well.

[PREngineer]

I am running it in a Synology NAS and I had the same issue when I specified the user (with proper permissions to the files in the NAS) in the environment variables like this:

PUID: 1026 PGID: 100

It was able to read all the files without issues but it just wouldn't play.

---

After switching to this:

user: '1026:100'

It works without issues now.

[iMartien]

I am running it in a Synology NAS and I had the same issue when I specified the user (with proper permissions to the files in the NAS) in the environment variables like this:

PUID: 1026 PGID: 100

It was able to read all the files without issues but it just wouldn't play.

After switching to this:

user: '1026:100'

It works without issues now.

I'm also running this on a Synology, but can't get it to work, can you share how I can set the "user" variable? I'm currently using the PUID and GUID variables, but when I remove those and replace it with user, it doesn't work... thanks!

[Aiakio]

Im using docker compose. You can add the user line just like this:

---
services:
    romm:
        image: 'rommapp/romm:latest'
        container_name: romm
        restart: unless-stopped
        user: 1036:100
        environment:
            - DB_HOST=romm-db
[...]

I have 1036 because i created a user specifically for docker. You should not put your admin account there.

[PREngineer]

I am running it in a Synology NAS and I had the same issue when I specified the user (with proper permissions to the files in the NAS) in the environment variables like this: PUID: 1026 PGID: 100 It was able to read all the files without issues but it just wouldn't play. After switching to this: user: '1026:100' It works without issues now.

I'm also running this on a Synology, but can't get it to work, can you share how I can set the "user" variable? I'm currently using the PUID and GUID variables, but when I remove those and replace it with user, it doesn't work... thanks!

Put the user line that I wrote in my comment right before the environment line.

user: '1026:100'
environment:

Make sure that the user and group match the user/group that you have given permission in Synology.

By default, the first account that you create (admin) is 1026 and 100.

I've recorded a tutorial that will be released in my YouTube channel this Saturday. Channel is Tech Byte Tips.

You can check that out later if you have questions.

In Synology, you will likely have issues with MariaDB if you are using Docker-Compose and DSM 7.2.

My video covers how to use the MariaDB in Package Manager instead.

[jonspraggins]

I am running it in a Synology NAS and I had the same issue when I specified the user (with proper permissions to the files in the NAS) in the environment variables like this: PUID: 1026 PGID: 100 It was able to read all the files without issues but it just wouldn't play. After switching to this: user: '1026:100' It works without issues now.

I'm also running this on a Synology, but can't get it to work, can you share how I can set the "user" variable? I'm currently using the PUID and GUID variables, but when I remove those and replace it with user, it doesn't work... thanks!

Put the user line that I wrote in my comment right before the environment line.

user: '1026:100'
environment:

Make sure that the user and group match the user/group that you have given permission in Synology.

By default, the first account that you create (admin) is 1026 and 100.

I've recorded a tutorial that will be released in my YouTube channel this Saturday. Channel is Tech Byte Tips.

You can check that out later if you have questions.

In Synology, you will likely have issues with MariaDB if you are using Docker-Compose and DSM 7.2.

My video covers how to use the MariaDB in Package Manager instead.

Confirmed. Adding the user parameter in the romm docker config granted access. Have a less privileged account that is used by docker to handle this. Thank you.

[iMartien]

So, I have got it to work using the user: variable on Synology using Docker Compose / Portainer, 1033 is the user I specially created to run docker containers:

---
version: "3"
services:
  romm:
    image: rommapp/romm:latest
    container_name: romm
    restart: unless-stopped
    user: 1033:100
    environment:

But like someone else noticed, I didn't get MariaDB to work (anymore) after this, not sure if it is related, because it worked before. I'm now using a remote MariaDB server.

[PREngineer]

So, I have got it to work using the user: variable on Synology using Docker Compose / Portainer, 1033 is the user I specially created to run docker containers:

---
version: "3"
services:
  romm:
    image: rommapp/romm:latest
    container_name: romm
    restart: unless-stopped
    user: 1033:100
    environment:

But like someone else noticed, I didn't get MariaDB to work (anymore) after this, not sure if it is related, because it worked before. I'm now using a remote MariaDB server.

Hi @iMartien,

If you spin up a MariaDB container in Synology DSM 7.2 here's what happens and why it is hard to get it working:

1. The container, by default, will not allow access from an outside IP (Container Manager assigns an IP to each container, even though all is running on the same host, it seems like a different VM connecting to the DB).

2. You have to open a terminal into the MariaDB container to then create a user with permissions to connect from anywhere 'user'@'%' (it creates 'user'@'localhost' by default) but the Container Manager Terminal is very unstable right now and many times you can't even get it to respond.

3. Once you have that user created and assign all privileges to the RomM database, then it should work.

I found that using the MariaDB from Package Manager is way easier to set up in DSM 7.2.

[xEmp3ror]

Hi!

I'm going a bit crazy with this. I have created the container, which uses a DB that I have deployed outside of this docker-compose and I use it too for other services. My docker-compose is as follows:

services:
  app:
    image: rommapp/romm:latest
    container_name: romm
    user: 110:65534
    restart: unless-stopped
    environment:
      - DB_HOST=database-mariadb-1
      - DB_NAME=romm
      - DB_USER=romm
      - DB_PASSWD=REDACTED
      - ROMM_AUTH_SECRET_KEY=REDACTED
      - IGDB_CLIENT_ID=REDACTED
      - IGDB_CLIENT_SECRET=REDACTED
    volumes:
      - romm-resources:/romm/resources # Resources fetched from IGDB (covers, screenshots, etc.)
      - romm-redis-data:/redis-data # Cached data for background tasks
      - REDACTED/romm/library:/romm/library # Your game library
      - REDACTED/romm/assets:/romm/assets # Uploaded saves, states, etc.
      - REDACTED/romm/config:/romm/config # Path where config.yml is stored
    networks:
      - core_nginx
      - database_default

networks:
  core_nginx:
    external: true
  database_default:
    external: true

volumes:
  romm-redis-data:
    external: true
  romm-resources:
    external: true

I access the service by exposing it through a reverse proxy. I have created a ‘docker’ user: And I have made all romm folders belong to that user:

And I have specified the UID:GID in the docker-compose. Maybe I'm misunderstanding what you've been talking about, but nothing I've done seems to make the emulator work, nor does it let me download any of the ROMs i've uploaded. Do you guys have any ideas?

Thanks!