search

tomsquest / docker-radicale

Docker image for Radicale calendar and contact server :calendar: + security :closed_lock_with_key: + addons :rocket:
GNU General Public License v3.0
562 stars 80 forks source link

A problem on using config file in container #148

Closed mcanyucel closed 4 months ago

mcanyucel commented 4 months ago

Even though I map the config file as a volume, radicale does not use this config file; it uses defaults. I know this because even if I change the port to 7777, it runs at 5232 and it does not use the userfile (not prints any logs).

I have the following compose file:

services:
  radicale:
    image: tomsquest/docker-radicale
    container_name: radicale
    init: true
    read_only: true
    networks:
      - caddy_network
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - SETUID
      - SETGID
      - CHOWN
      - KILL
    deploy:
      resources:
        limits:
          memory: 256M
          pids: 50
    healthcheck:
      test: curl -f http://127.0.0.1:5232 || exit 1
      interval: 30s
      retries: 3
    restart: unless-stopped
    volumes:
      - ./data:/data
      - ./config/config:/etc/radicale/config:ro
      - ./config/users:/etc/radicale/users:ro

networks:
  caddy_network:
    external: true

I have the config file under config/config (it is mapped to the /etc/radicale/config as readonly)

[server]

hosts = localhost:7777
...
[auth]

# Authentication method
# Value: none | htpasswd | remote_user | http_x_remote_user
type = htpasswd

# Htpasswd filename
htpasswd_filename = /etc/radicale/users

# Htpasswd encryption method
# Value: plain | bcrypt | md5
# bcrypt requires the installation of radicale[bcrypt].
htpasswd_encryption = md5

# Incorrect authentication delay (seconds)
# delay = 1

# Message displayed in the client when a password is needed
# realm = Radicale - Password Required

[rights]

# Rights backend
# Value: none | authenticated | owner_only | owner_write | from_file
# type = owner_only

# File for rights management from_file
#file = /etc/radicale/rights

[storage]

# Storage backend
# Value: multifilesystem | multifilesystem_nolock
#type = multifilesystem

# Folder for storing local collections, created if not present
#filesystem_folder = /var/lib/radicale/collections
# filesystem_folder = /data/collections

# Delete sync token that are older (seconds)
#max_sync_token_age = 2592000

# Command that is run after changes to storage
# Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
#hook =

[web]

# Web interface backend
# Value: none | internal
type = none

[logging]

# Threshold for the logger
# Value: debug | info | warning | error | critical
level = info

# Don't include passwords in logs
#mask_passwords = True

[headers]

# Additional HTTP headers
#Access-Control-Allow-Origin = *

I check the presence of the file within the container using docker exec -it radicale /bin/sh and it is there:

/ # ls -la /etc/radicale/
total 16
drwxr-xr-x    2 root     root          4096 May 22 13:54 .
drwxr-xr-x    1 root     root          4096 May 22 13:54 ..
-rw-r--r--    1 root     root          2451 May 22 13:56 config
-rw-r--r--    1 root     root            48 May 22 13:23 users

But it does not use these files. Should I make them owned by user 2999? Or any other ideas?

PS: In the host computer, every user has read permission for the files:

styx@valinor:~/containers/radicale$ ls -la config/
total 16
drwxr-xr-x 2 styx styx 4096 May 22 16:56 .
drwxr-xr-x 4 styx styx 4096 May 22 16:54 ..
-rw-r--r-- 1 root root 2451 May 22 16:56 config
-rw-r--r-- 1 root root   48 May 22 16:23 users
mcanyucel commented 4 months ago

I changed the owners of the config & user files on the host to 2999 but it did not work

styx@valinor:sudo addgroup --gid 2999 radicale
styx@valinor:sudo adduser --gid 2999 --uid 2999 --shell /bin/false --disabled-password --no-create-home radicale
styx@valinor:sudo chown -R radicale:radicale config

styx@valinor:~/containers/radicale$ ls -la config/
total 16
drwxr-xr-x 2 radicale radicale 4096 May 22 16:56 .
drwxr-xr-x 4 styx     styx     4096 May 22 16:54 ..
-rw-r--r-- 1 radicale radicale 2451 May 22 16:56 config
-rw-r--r-- 1 radicale radicale   48 May 22 16:23 users
tomsquest commented 4 months ago

Hi @mcanyucel ,

Can you try with absolute path for volumes ?

    volumes:
      - /data/radicale/data:/data
      - /data/radicale/config:/config:ro
mcanyucel commented 4 months ago

Hi!

I changed the volume paths to absolute but nothing changed:

    volumes:
      - /home/styx/containers/radicale/data:/data
      - /home/styx/containers/radicale/config/config:/etc/radicale/config:ro
      - /home/styx/containers/radicale/config/users:/etc/radicale/users:ro

When I check the contents of the file within the container, the content is correct. Is there a command to restart radicale within the container? maybe if I restart the radicale service within the container it will use the config?

Maybe the radicale service cannot access the files within the container. but I do not get any file not found or permission denied errors. Well I do not see any errors so I am assuming there are none; is there a log for radicale?

tomsquest commented 4 months ago

Got it : the config radicale use is /config/config (config file in the /config folder). So this is not /etc/radicale/config.

Can you confirm and close accordingly?

tomsquest commented 4 months ago

FYI, the CMD in the Dockerfile is: 

CMD ["/venv/bin/radicale", "--config", "/config/config"]
mcanyucel commented 4 months ago

That was a correct point, the container now works using the config file:

/containers/radicale$ sudo docker compose up
[+] Running 1/0
 ✔ Container radicale  Created                                                                                                                                                                              0.0s
Attaching to radicale
radicale  | [2024-05-23 14:10:50 +0000] [7] [INFO] Loaded default config
radicale  | [2024-05-23 14:10:50 +0000] [7] [INFO] Loaded config file '/config/config'
radicale  | [2024-05-23 14:10:50 +0000] [7] [INFO] Starting Radicale
radicale  | [2024-05-23 14:10:50 +0000] [7] [INFO] auth type is 'radicale.auth.htpasswd'
radicale  | [2024-05-23 14:10:50 +0000] [7] [INFO] auth htpasswd encryption is 'radicale.auth.htpasswd_encryption.md5'
radicale  | [2024-05-23 14:10:50 +0000] [7] [INFO] storage type is 'radicale.storage.multifilesystem'
radicale  | [2024-05-23 14:10:50 +0000] [7] [INFO] rights type is 'radicale.rights.owner_only'
radicale  | [2024-05-23 14:10:50 +0000] [7] [INFO] web type is 'radicale.web.internal'
radicale  | [2024-05-23 14:10:50 +0000] [7] [INFO] permit delete of collection: True
radicale  | [2024-05-23 14:10:50 +0000] [7] [INFO] Listening on '0.0.0.0:5232'
radicale  | [2024-05-23 14:10:50 +0000] [7] [INFO] Radicale server ready

Thanks !