db can't connect

[wuast94]

I added this docker container but when I try to open the web page I get an error.

what is a bit strange that I set as mysql host 192.168.178.26 and in log stands this:

Access denied for user 'user'@'172.17.0.1' (using password: YES) the user variable is working but that's not the ip of my MariaDB server...

i double checked user and created a new one but every time the same error. and I double checked the host variable too

[tanmng]

Hello @wuast94 , thanks for reaching out.

Can you please show me your complete config of the container, if you launched your container with docker-compose you can share the file, otherwise please try docker inspect ID_OR_NAME_OF_CHEVERETO_CONTAINER and send me the result.

Also, get a shell in the container docker exec -it ID_OR_NAME_OF_CHEVERETY_CONTAINER bash and try to ping the name of your MariaDB container, we would like to see

• If the name resolves at all
• If the address is different from 172.17.0.1

Please note that 172.17.0.1 is usually the gateway of Docker bridge network, so it's most likely you have a mistake somewhere when you launched the container

[wuast94]

I used "ping -p 3306 192.168.178.26" and worked fine (from inside the docker container)

And here is the output

root@Server:~# docker inspect chevereto [ { "Id": "484df8f7100c61aad7089978ff3497f0677e1137798dbaf5d4a83fd80b9efad3", "Created": "2019-12-07T12:55:05.034674232Z", "Path": "docker-php-entrypoint", "Args": [ "apache2-foreground" ], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 1819, "ExitCode": 0, "Error": "", "StartedAt": "2019-12-09T03:06:26.108991713Z", "FinishedAt": "2019-12-09T02:00:05.672710768Z" }, "Image": "sha256:47ced21528ee7a98073b5cdf9e16caa572995049243099d2a5d5dcd38ed37918", "ResolvConfPath": "/var/lib/docker/containers/484df8f7100c61aad7089978ff3497f0677e1137798dbaf5d4a83fd80b9efad3/resolv.conf", "HostnamePath": "/var/lib/docker/containers/484df8f7100c61aad7089978ff3497f0677e1137798dbaf5d4a83fd80b9efad3/hostname", "HostsPath": "/var/lib/docker/containers/484df8f7100c61aad7089978ff3497f0677e1137798dbaf5d4a83fd80b9efad3/hosts", "LogPath": "/var/lib/docker/containers/484df8f7100c61aad7089978ff3497f0677e1137798dbaf5d4a83fd80b9efad3/484df8f7100c61aad7089978ff3497f0677e1137798dbaf5d4a83fd80b9efad3-json.log", "Name": "/chevereto", "RestartCount": 0, "Driver": "btrfs", "Platform": "linux", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "ExecIDs": null, "HostConfig": { "Binds": [ "/mnt/user/alles/chevereto:/var/www/html/images:rw" ], "ContainerIDFile": "", "LogConfig": { "Type": "json-file", "Config": { "max-file": "1", "max-size": "10m" } }, "NetworkMode": "bridge", "PortBindings": { "80/tcp": [ { "HostIp": "", "HostPort": "8912" } ] }, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": null, "CapDrop": null, "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": null, "GroupAdd": null, "IpcMode": "shareable", "Cgroup": "", "Links": null, "OomScoreAdj": 0, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": null, "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Runtime": "runc", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": [], "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DeviceCgroupRules": null, "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": null, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": null, "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0, "MaskedPaths": [ "/proc/asound", "/proc/acpi", "/proc/kcore", "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", "/proc/sched_debug", "/proc/scsi", "/sys/firmware" ], "ReadonlyPaths": [ "/proc/bus", "/proc/fs", "/proc/irq", "/proc/sys", "/proc/sysrq-trigger" ] }, "GraphDriver": { "Data": null, "Name": "btrfs" }, "Mounts": [ { "Type": "bind", "Source": "/mnt/user/alles/chevereto", "Destination": "/var/www/html/images", "Mode": "rw", "RW": true, "Propagation": "rprivate" } ], "Config": { "Hostname": "484df8f7100c", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "80/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "HOST_OS=Unraid", "CHEVERETO_DB_HOST=192.168.178.26", "CHEVERETO_DB_USERNAME=Xxx", "CHEVERETO_DB_PASSWORD=Xxx", "CHEVERETO_DB_PREFIX=chv_", "TZ=Europe/Berlin", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "PHPIZE_DEPS=autoconf \t\tdpkg-dev \t\tfile \t\tg++ \t\tgcc \t\tlibc-dev \t\tmake \t\tpkg-config \t\tre2c", "PHP_INI_DIR=/usr/local/etc/php", "APACHE_CONFDIR=/etc/apache2", "APACHE_ENVVARS=/etc/apache2/envvars", "PHP_EXTRA_BUILD_DEPS=apache2-dev", "PHP_EXTRA_CONFIGURE_ARGS=--with-apxs2 --disable-cgi", "PHP_CFLAGS=-fstack-protector-strong -fpic -fpie -O2", "PHP_CPPFLAGS=-fstack-protector-strong -fpic -fpie -O2", "PHP_LDFLAGS=-Wl,-O1 -Wl,--hash-style=both -pie", "GPG_KEYS=1729F83938DA44E27BA0F4D3DBDB397470D12172 B1B44D8F021E4E2D6021E995DC9FF8D3EE5AF27F", "PHP_VERSION=7.2.11", "PHP_URL=https://secure.php.net/get/php-7.2.11.tar.xz/from/this/mirror", "PHP_ASC_URL=https://secure.php.net/get/php-7.2.11.tar.xz.asc/from/this/mirror", "PHP_SHA256=da1a705c0bc46410e330fc6baa967666c8cd2985378fb9707c01a8e33b01d985", "PHP_MD5=", "CHEVERETO_DB_NAME=chevereto", "CHEVERETO_DB_PORT=3306" ], "Cmd": [ "apache2-foreground" ], "ArgsEscaped": true, "Image": "nmtan/chevereto", "Volumes": { "/var/www/html/images": {} }, "WorkingDir": "/var/www/html", "Entrypoint": [ "docker-php-entrypoint" ], "OnBuild": null, "Labels": { "build_signature": "Chevereto free version master; built on 2019-11-29T04:09:08Z; Using PHP version 7.2.11", "maintainer": "Tan Nguyen <tan.mng90@gmail.com>", "org.label-schema.license": "Apache-2.0", "org.label-schema.name": "Chevereto Free", "org.label-schema.url": "https://github.com/tanmng/docker-chevereto", "org.label-schema.vcs-url": "https://github.com/tanmng/docker-chevereto", "org.label-schema.version": "master" } }, "NetworkSettings": { "Bridge": "", "SandboxID": "bce989c47bff5ef33693b54dfc4f07a319c525634b1017ee1305fd254c03fd9f", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "80/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "8912" } ] }, "SandboxKey": "/var/run/docker/netns/bce989c47bff", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "0032e1932078fbfdfd47a343db19a5f60d08f65cd915bb8503e9eea14a5eecb0", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.27", "IPPrefixLen": 16, "IPv6Gateway": "", "MacAddress": "02:42:ac:11:00:1b", "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "d1e8b6ef6dc208762c65905436e836966a4976817687cbc891c499a772148f51", "EndpointID": "0032e1932078fbfdfd47a343db19a5f60d08f65cd915bb8503e9eea14a5eecb0", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.27", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:1b", "DriverOpts": null } } } } ]

In this setup I don't set the port for the db but it's default is the right one so it don't make any difference

[tanmng]

Thanks for the response.

From your inspect result, it appears that the container was launched without any additional network, but was only in the bridge network in your Server. And you are trying to connect it to a database server located at 192.168.178.26

The error you received

Access denied for user 'user'@'172.17.0.1' (using password: YES)

Is usually provided by a MySQL database server, so I assume the container was able to hit the server, just couldn't authenticate. The error mentioned that the server received the connection from 172.17.0.1, which is usually the Gateway IP address of bridge network. Is it possible that the database server is also on Server itself?

Please do the following:

• Check for the list of users on your DB server and make sure that the user you use for Chevereto has the appropriate permission. Simple queries such as the ones below will suffice:

  select user, password, host from mysql.user;
  show grant for 'USER_NAME'@'172.17.0.1';

• From Server, try to get a MySQL client to connect to your database server. Try executing

  docker run -it --rm --entrypoint mysql mariadb -h 192.168.178.26 -P 3306 -u USER_NAME -p

  put in the password and see if you are able to get a mysql shell from the server.

Cheers

[wuast94]

As I said I double checked the users passwords and permissions..try for text the root account. Accounts that I use in other servers where they worked and created new ones. Every time the same error.

The MySQL query I see my test users and root user.

I don't try the docker command because I'm mobile but I have other containers on the same server where I give the exact same inputs (other users of course) and don't have any problems.

[tanmng]

Every time the same error.

That's why I asked you to check for the host field of the user as well. What is so hard about just running a query and put the result here?

The MySQL query I see my test users and root user.

Not sure what you mean by this. But if you meant what I think you meant, then you ran the query and saw your username and root user on the DB server. But my question is that if the host field is correct as well.

I don't try the docker command because I'm mobile but I have other containers on the same server where I give the exact same inputs (other users of course) and don't have any problems.

Well, I just launched the image on a test system and everything works for me. Please just run the command and send back the result.

[wuast94]

So here is the MySQL query:

When I try the docker command I can login to root but not to user Bild.

root@Server:~# docker run -it --rm --entrypoint mysql mariadb -h 192.168.178.26 -P 3306 -u bild -p Enter password: ERROR 1045 (28000): Access denied for user 'bild'@'172.17.0.1' (using password: YES)

This is the output for privileges for user Bild:

MariaDB [(none)]> SHOW GRANTS FOR 'bild'@'localhost'; +----------------------------------------------------------------------------------------------------------------------+ | Grants for bild@localhost | +----------------------------------------------------------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'bild'@'localhost' IDENTIFIED BY PASSWORD '*HASH' | +----------------------------------------------------------------------------------------------------------------------+

[tanmng]

Well, you allow connection to your database with those users only from localhost, which is 127.0.0.1, not 172.17.0.1. That's why you couldn't connect.

You can update your user to allow connection from other IP addresses, not only localhost and it would solve the issue. You can also try to add a new user on your DB with appropriate permissions and host and it will work

CREATE DATABASE db_name;
CREATE USER 'user_name'@'172.17.0.1' IDENTIFIED BY 'password_here';
GRANT ALL PRIVILEGES ON db_name.* to 'user_name'@'172.17.0.1' WITH GRANT OPTION

Personally, I don't think that is the right way to run things (you should create independent DB server for each of your service, and launch those DB server as Docker containers also, that's why I included a docker-compose.yaml file in the documentation), but it's your system so you ultimately make the decision.

P/S: Is it possible that you launched all the other containers with --net host? Because that would explain a lot.

Edit: By default the user root has permission to login from any host (hence the host is % for that user in your output). That's why you were able to connect using user root and not other.

[wuast94]

I created a new MariaDB container, indeed you are right that I should run separately dbs so I do it now and created the user as mentioned above :)

now its up and running and thanks for the extended help :) I played a bit and its a very nice project and I think I will buy a license in the next days :)