Cant get Wger to work properly ? Is it my configuration ? , permissions? … :(

[nodecentral]

Hi,

no matter what I try, I can’t seem to get the Wger Docker instance to work correctly.. I’ve created 3 persistent local locations to store config, media and static content , but they don’t seem to get picked up. If someone is able to review / or better yet try my config (or a close approximation of it,) that would help me a lot..

my Docker compose is..

version: '3'
services:
  web:
    image: wger/server:latest
    container_name: wger_server
    depends_on:
      db:
        condition: service_healthy
      cache: 
        condition: service_healthy
    environment: 
      - SECRET_KEY=wger-docker-supersecret-key
      - SIGNING_KEY=wger-docker-secret-jwtkey
      - FROM_EMAIL=node.central@example.com
      - TIME_ZONE=Europe/London
      - ALLOW_REGISTRATION=True
      - ALLOW_GUEST_USERS=True
      - ALLOW_UPLOAD_VIDEOS=True
      - MIN_ACCOUNT_AGE_TO_TRUST=18
      - SYNC_EXERCISES_ON_STARTUP=True
      - DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP=True
      # Database
      - DJANGO_DB_ENGINE=django.db.backends.postgresql
      - DJANGO_DB_DATABASE=wger
      - DJANGO_DB_USER=wger
      - DJANGO_DB_PASSWORD=wger
      - DJANGO_DB_HOST=db
      - DJANGO_DB_PORT=5432
      - DJANGO_PERFORM_MIGRATIONS=True
      # Cache
      - DJANGO_CACHE_BACKEND=django_redis.cache.RedisCache
      - DJANGO_CACHE_LOCATION=redis://cache:6379/1
      # 60*60*24*15, 15 Days
      - DJANGO_CACHE_TIMEOUT=12
      - DJANGO_CACHE_CLIENT_CLASS=django_redis.client.DefaultClient
      # Brute force login attacks - https://django-axes.readthedocs.io/en/latest/index.html
      - AXES_ENABLED=True
      - AXES_FAILURE_LIMIT=10
      # in minutes
      - AXES_COOLOFF_TIME=30
      - AXES_HANDLER=axes.handlers.cache.AxesCacheHandler
      # Others
      - DJANGO_DEBUG=True
      - WGER_USE_GUNICORN=True
      - EXERCISE_CACHE_TTL=10
      # SITE_URL=http://localhost
      # JWT auth - The lifetime duration of the access token, in minutes
      - ACCESS_TOKEN_LIFETIME=10
      # The lifetime duration of the refresh token, in hours
      - REFRESH_TOKEN_LIFETIME=24
      # Other possible settings
      # RECAPTCHA_PUBLIC_KEY
      # RECAPTCHA_PRIVATE_KEY
      # NOCAPTCHA
      # https://docs.djangoproject.com/en/4.1/topics/email/#smtp-backend
      # ENABLE_EMAIL
      # EMAIL_HOST
      # EMAIL_PORT
      # EMAIL_HOST_USER
      # EMAIL_HOST_PASSWORD
      # EMAIL_USE_TLS
      # EMAIL_USE_SSL
      # DJANGO_MEDIA_ROOT
      # DJANGO_STATIC_ROOT
      - CSRF_TRUSTED_ORIGINS=https://192.168.102.134,http://192.168.102.134
    volumes:
      - /share/Container/wger/static:/home/wger/static
      - /share/Container/wger/media:/home/wger/media
    ports:
      - "8000"
    healthcheck:
      test: wget --no-verbose --tries=1 --spider http://localhost:8000
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped

  nginx:
    image: nginx:stable
    container_name: wger_nginx
    depends_on:
      - web
    volumes:
      #- ./config/nginx.conf:/etc/nginx/conf.d/default.conf
      - /share/Container/wger/config/nginx.conf:/etc/nginx/conf.d/default.conf
      - /share/Container/wger/static:/wger/static:ro
      - /share/Container/wger/media:/wger/media:ro
    ports:
      - "8008:80"
    healthcheck:
      test: service nginx status
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped

  db:
    image: postgres:12-alpine
    container_name: wger_db
    environment:
      - POSTGRES_USER=wger
      - POSTGRES_PASSWORD=wger
      - POSTGRES_DB=wger
    volumes:
      - postgres-data:/var/lib/postgresql/data/
    expose:
      - 5432
    healthcheck:
      test: pg_isready -U wger
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped

  cache:
    image: redis
    container_name: wger_cache
    expose:
      - 6379
    healthcheck:
      test: redis-cli ping
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped

volumes:
  postgres-data:
  static:
  media:

networks:
  default:
      name: wger_network

Here’s my nginx.conf too

 upstream wger {
    server web:8000;
}

server {

    listen 80;

    location / {
        proxy_pass http://wger;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
    }

    location /static/ {m
        alias /wger/static/;
    }

    location /media/ {
        alias /wger/media/;
    }

    # Increase max body size to allow for video uploads
    client_max_body_size 100M;

}

Which makes it look like this..

[nodecentral]

Hi, is anyone able to help, I'd love to get wger up and running.

[nodecentral]

Hi, I’d really appreciate any help on this, I’d love to be able to use Wger..

@rolandgeider any suggestions ?

[nodecentral]

Still, hoping to use Wger, but continue to suffer from the same issue reported earlier..

if anyone is able to try the Docker compose I shared earlier, just to see and share what their experience is, that would help..

[rolandgeider]

Hi! Answering here to keep the other issue focused on the CSRF stuff. The one port where you say that you can access the site but has no static files is probably the "raw" django application, the other one is nginx. However besides the CSRF origins both should work or at least allow you to log in, I don't think we do any JS there. The way the docker compose is configured, it shouldn't allow you to acces the ports within its network so that you should only be able to access the reverse proxy where everything is served (or can you access e.g. postgres port 5432?)

[rolandgeider]

[nodecentral]

Hi @rolandgeider

Attached is a screenshot of my QNAP Container Station app, where containers are created etc. The chain icons on the bottom two represent resolvable links/urls that are made available for access, and as you can see i have one for wger server and wger ngnix. (See IP/port mapping below too)

• wger_ngnix = http://192.168.102.134:8008/ —— > 80
• Wger_server = http://192.168.102.134:49162/ ——> 8000

[DerLeole]

I have gotten the same original error and identified a quick fix, but still experience some problems like favicons etc not loading.

While I don't know what truly causes this on the inside, the bug can be partially sovled, by not linking specific folders to "media" and "static" directories, but to instead use docker volumes.

When mounting a normal host folder there seems to errupt some kind of permissions error, which prevents the web server container from saving its static and media content in the respective directories.

All in all I think the whole docker part of wger needs a permission overhaul, not only to fix issues like these, but also to allow for rootless container operation.

[rolandgeider]

That was originally the reason why I used volumes, specially on windows this was a real pain. On the other hand, this might be a bug/misconfiguration that the volumes simply hide

[nodecentral]

Quite a few of the other container I run require me to provide a user and group ID within the environment variable in order to handle permissions issues when accessing mapped volumes.

Here it is in speedtester one..

version: '3.3'
services:
    speedtest-tracker:
        container_name: speedtest-tracker
        image: ghcr.io/alexjustesen/speedtest-tracker:latest
        ports:
            - '5136:80'
            - '5443:443'
        environment:
            - PUID=1005
            - PGID=1000
            - TZ=Europe/London
        volumes:
            - '/path/to/directory:/config'
        restart: unless-stopped

And an extract of Paperless-ngx.

     …..
    environment: 
      PAPERLESS_REDIS: redis://redis:6379
      PAPERLESS_DBHOST: db
      USERMAP_UID: 1005
      USERMAP_GID: 1000
      PAPERLESS_TIME_ZONE: Europe/London
      ….

[rheaalleen]

Can confirm this is a problem with network shares but I dont see any errors.

Tried setting the user id/gid but still didnt save the files. NGINX config works fine being on a share but static/media files only work locally on VM/docker host as volumes.

[nodecentral]

Hi @rheaalleen

For some reason I’m able to access wger today, no CSRF verification failed. Request aborted. error, so I can do a little more digging, as it’s such a shame wger is so inconsistent for me :-(

My two recurring issues are with CSRF verification failures, and which URL/port to use..

When it comes to the latter, and looking at my mapped volumes (network shares) my docker compose (in the original post above), uses the same share in both, but I noticed wger specifies two slightly different locations within each of it’s container.. It is likely nothing but sharing it just in case..

Under web (wger_server) I have this..

volumes:

• /share/Container/wger/static:/home/wger/static
• /share/Container/wger/media:/home/wger/media

and under ngnix (wger_ngnix) it’s this..

volumes:

• /share/Container/wger/static:/wger/static:ro
• /share/Container/wger/media:/wger/media:ro

I only see images/graphics when I access wger via the ngnix port, not the web one..

Are you able to share you docker compose ?

[rheaalleen]

I think my main problem is that NGINX gets Permission denied on reading the files in the network share

2023/03/04 11:08:20 [error] 35#35: *15 open() "/wger/static/CACHE/css/output.1a831572686b.css" failed (13: Permission denied)

The files are there after checking but NGINX cant open them. Inside the container the IDs are the same like they are for the share and even with o+r permissions (-rwxrwxr--).

version: '3.9'
services:
  web:
    image: wger/server:latest
    container_name: wger_server
    environment:
      SECRET_KEY: ${SECRET_KEY}
      SIGNING_KEY: ${SIGNING_KEY}
      DJANGO_DB_DATABASE: ${DJANGO_DB_DATABASE}
      DJANGO_DB_USER: ${DJANGO_DB_USER}
      DJANGO_DB_PASSWORD: ${DJANGO_DB_PASSWORD}
      DJANGO_DB_HOST: ${DJANGO_DB_HOST}
      DJANGO_DB_PORT: ${DJANGO_DB_PORT}
    volumes:
      - /docker-data/wger/static:/home/wger/static
      - /docker-data/wger/media:/home/wger/media
    ports:
      - "8000"
    restart: unless-stopped

  nginx:
    image: nginx:stable
    container_name: wger_nginx
    volumes:
      - /docker-data/wger/config/nginx.conf:/etc/nginx/conf.d/default.conf
      - /docker-data/wger/static:/wger/static:ro
      - /docker-data/wger/media:/wger/media:ro
    ports:
      - "8000:80"

  cache:
    image: redis
    container_name: wger_cache
    expose:
      - 6379
    healthcheck:
      test: redis-cli ping
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped

[anarion80]

I'll comment here as well, as I've spent a couple hours fighting the lack of /static... In my case it was the DJANGO_DEBUG=false setting that was preventing collectstatic to run.

I was using Ansible instead of docker-compose directly, so my setting was: wger_django_debug: "false" and then for the container: DJANGO_DEBUG: "{{ wger_django_debug }}"

This found its way to the container as DJANGO_DEBUG=false.

Now docker entrypoint does collectstatic only when "$DJANGO_DEBUG" == "False" so literally with first letter in upper case:

# Collect static files
if [[ "$DJANGO_DEBUG" == "False" ]];
then
    echo "Running in production mode, running collectstatic now"
    python3 manage.py collectstatic --no-input
fi

and thus I always got empty static folder. After changing Ansible var reference to: wger_django_debug: "False" and then for the container: DJANGO_DEBUG: "{{ wger_django_debug | string }}" Finally the static got collected at startup.

Hopefully this helps someone...

[nodecentral]

Thanks @anarion80 for sharing that..

I must admit, I don’t quite understand what you’ve done (that’s more about my lack of understanding, rather than your explanation:-) ), but I’d love someone to jump in and share how this should be handled/translated in the Docker_compose.yml ?

Not sure how this plays into it, but if i recall correctly, in order to get the full CSRF_Verification error messages, you had to have DJANGO_DEBUG=True ..

Also just an FYI, I tried a docker_compose with no mapped volumes for web, only one volume mapped for the nginx.conf under ngnix; and I left the db one as was, still set up for postgres.. This didn’t seem to change / improve anything, in fact, it didn’t even return any of my previously recorded workout data ??!!

[anarion80]

Yes, my comment is maybe more related to how Ansible uses variables, but looking at your original post, you have: DJANGO_DEBUG=True so looking at the piece of code I pasted above, on clean install, django collectstatic will not be executed, you will not have anything in /static folder, so no images at/css/js at all. You would have to disable debug for that.

But looking at your later posts seems like you can in fact see the images but only when accessing nginx, so maybe that is rather related to permissions or something else..

[nodecentral]

Thanks @anarion80 , I’m not entirely sure of the cause, i share your view too, in that it feels permissions related , but when all is said and done, it really shouldn’t be this complicated to get working. Untill I know it’s a rock solid product (for me) I can’t commit all my fitness data to it :(

[spammads]

Just wanted to add my 2c. I use Kubernetes. I mapped the volumes as described. Kubernetes places a folder "lost+found" in the volume. This folder is owned by root. => Wger complained about permissions when copying the static files. I deleted the "lost+found"-folder and the static files were generated.

Thanks for the app. Great stuff.

[nncrypted]

I just created an environment section under nginx and added PGID, PUID parameters now everything works great all images show including favicon.

[nodecentral]

I just created an environment section under nginx and added PGID, PUID parameters now everything works great all images show including favicon.

Hi @nncrypted , any chance you could share your full docker compose so i could test it out too ?

[nncrypted]

services: web: image: wger/server:latest container_name: wger_server depends_on: db: condition: service_healthy cache: condition: service_healthy environment:

• SECRET_KEY=
• SIGNING_KEY=
• TIME_ZONE=America/Toronto
• CSRF_TRUSTED_ORIGINS=
• X_FORWARDED_PROTO_HEADER_SET=True
• MEDIA_URL=
• STATIC_URL=
• ALLOW_REGISTRATION=False
• ALLOW_GUEST_USERS=False
• ALLOW_UPLOAD_VIDEOS=True
• MIN_ACCOUNT_AGE_TO_TRUST=0
• SYNC_EXERCISES_ON_STARTUP=True
• DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP=True
• DJANGO_DB_ENGINE=django.db.backends.postgresql
• DJANGO_DB_DATABASE=wger
• DJANGO_DB_USER=wger
• DJANGO_DB_PASSWORD=wger
• DJANGO_DB_HOST=db
• DJANGO_DB_PORT=5432
• DJANGO_PERFORM_MIGRATIONS=True
• DJANGO_CACHE_BACKEND=django_redis.cache.RedisCache
• DJANGO_CACHE_LOCATION=redis://cache:6379/1
• DJANGO_CACHE_TIMEOUT=1296000 # in seconds - 606024*15, 15 Days
• DJANGO_CACHE_CLIENT_CLASS=django_redis.client.DefaultClient
• AXES_ENABLED=True
• AXES_FAILURE_LIMIT=10
• AXES_COOLOFF_TIME=30 # in minutes
• AXES_HANDLER=axes.handlers.cache.AxesCacheHandler
• DJANGO_DEBUG=True
• WGER_USE_GUNICORN=True
• EXERCISE_CACHE_TTL=18000 # in seconds - 56060, 5 hours
• SITE_URL=
• ACCESS_TOKEN_LIFETIME=10 # The lifetime duration of the access token, in minutes
• REFRESH_TOKEN_LIFETIME=24 # The lifetime duration of the refresh token, in hours
• ENABLE_EMAIL=True
• EMAIL_HOST=
• EMAIL_PORT=465
• EMAIL_HOST_USER=
• EMAIL_HOST_PASSWORD=
• EMAIL_USE_SSL=True
• EMAIL_USE_TLS=False
• FROM_EMAIL=
• PUID=1000
• PGID=100 volumes:
• ./wger/static:/home/wger/static
• ./wger/media:/home/wger/media

  For development, mount your local git checkout

  - type: bind

  source: /path/to/wger/sourcecode

  target: /home/wger/src/

  ports:

• "8000" healthcheck: test: wget --no-verbose --tries=1 --spider http://localhost:8000 interval: 10s timeout: 5s retries: 5 restart: unless-stopped

  nginx: image: nginx:stable container_name: wger_nginx depends_on:

• web environment:
• PUID=1000
• PGID=100
• TZ=America/Toronto volumes:
• ./wger/config/nginx.conf:/etc/nginx/conf.d/default.conf
• ./Docker/wger/static:/wger/static:ro
• ./wger/media:/wger/media:ro ports:

• "8050:80" healthcheck: test: service nginx status interval: 10s timeout: 5s retries: 5 restart: unless-stopped

  db: image: postgres:12-alpine container_name: wger_db environment:

• POSTGRES_USER=wger
• POSTGRES_PASSWORD=wger
• POSTGRES_DB=wger volumes:
• ./wger/postgres-data:/var/lib/postgresql/data/ expose:

• 5432 healthcheck: test: pg_isready -U wger interval: 10s timeout: 5s retries: 5 restart: unless-stopped

  cache: image: redis container_name: wger_cache expose:

• 6379 healthcheck: test: redis-cli ping interval: 10s timeout: 5s retries: 5 restart: unless-stopped

volumes: postgres-data: static: media:

networks: default: name: wger_network