[Bug] (alpha) network error when loading rom for emulatorjs

[sargunv]

RomM version 3.5.0 alpha 1

Describe the bug

When I try to play a ROM, I get a network error. Checking dev tools, I see a 403 on the HEAD request to the rom file.

To Reproduce

Play any rom

Expected behavior

The rom loads and plays

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: macOS
• Browser Chrome
• Version 127.0.6533.120

Additional context

I installed this alpha because I saw #1086 is included and wanted to try playing a game in the browser.

[sargunv]

Relevant log lines for the request that's 403ing:

172.18.0.1:0 - "HEAD /api/roms/1403/content/ChuChu%20Rocket%21%20%28USA%29%20%28En%2CJa%2CFr%2CDe%2CEs%29.gba HTTP/1.0" 200
INFO:     [nginx][2024-08-23 08:51:55]  172.18.0.5 - - "HEAD /api/roms/1403/content/ChuChu%20Rocket!%20(USA)%20(En,Ja,Fr,De,Es).gba HTTP/1.1" 403 0 "https://romm.home.sargunv.dev/rom/1403/ejs" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" rt=0.117 uct="0.000" uht="0.117" urt="0.117"
2024/08/23 08:51:55 [error] 28#28: *2201 open() "/romm/library/roms/gba/ChuChu Rocket! (USA) (En,Ja,Fr,De,Es).gba" failed (13: Permission denied), client: 172.18.0.5, server: localhost, request: "HEAD /api/roms/1403/content/ChuChu%20Rocket!%20(USA)%20(En,Ja,Fr,De,Es).gba HTTP/1.1", upstream: "http://unix:/tmp/gunicorn.sock/api/roms/1403/content/ChuChu%20Rocket!%20(USA)%20(En,Ja,Fr,De,Es).gba", host: "romm.home.sargunv.dev", referrer: "https://romm.home.sargunv.dev/rom/1403/ejs"

Looks like permission was denied when opening the file for reading. Error persists even after chmod 777.

I tried to docker exec to a shell within the romm container, and can cat the same rom just okay, so file permissions should be good to read the file. Unsure why I'm getting permission denied

[iMartien]

Have nothing to add except that I have the exact same issue.

[NicksGhost]

I have exactly the same problem, did you solve it?

[iMartien]

No, still a problem in the latest non beta 3.5 version.

[Kengurugames]

Got the same issue permissions are set to 777. In my case the roms are on a NFS share. Access with docker exec works and permission also look fine. In v3.3.0 everything worked fine for me.

[gantoine]

@adamantike Any chance this is related to the x-accel-redirect changes?

[Nomelas]

looks like you're behind a proxy. What happens if you try to run the rom from the host:port directly?

[iMartien]

For me I’m running in docker, and no additional proxy is used.

[Kengurugames]

looks like you're behind a proxy. What happens if you try to run the rom from the host:port directly?

I tried to access it directly via port and it still got the same issue.

[adamantike]

I need to dig deeper into this, but something interesting I found, that could be the culprit of this issue, is that nginx is the only process that runs with user romm when the Docker container is configured to run with the root user (default). This is the related code.

That wouldn't explain this issue if permissions are actually set as 777, but they would need to be set like that (or, at least 444) for the entire path containing the rom, not only the rom file itself.

[sargunv]

I was able to get this working by setting the user param on the docker container to the user:group owning the rom files (in my case, 1026:100). I'm still unsure why even chmod 777 didn't work but this did (maybe a parent directory on the path had stricter permissions)