-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove chmod workaround in nextcloud image #1
Comments
I might have some additional context. Though my setup isn't to Quadlets yet, I have a pod set up to produce the same UID/GID as the calling rootless user (doesn't work for .hidden_files!). MariaDB and Redis are listed as Running, but Nextcloud is spamming:
|
I'm past the spamming issue thanks to this comment: Based off discussion, (either around this issue or one linking back to it), I gather it's a Nextcloud container bug when running rootless -- possibly introduced at some point by changes to Docker/Podman, as I do not remember facing this issue when working with Podman 3.0.1. Either case, I got new errors when I created a redis-session.ini to mount it as a volume. I'm unsure how this workaround compares in terms of security to the one currently implemented. |
I wonder if adding |
Do you use bind-mounted dirs or volumes? |
I'm using directories. I've not made a serious effort to sift through the log (it's Thanksgiving in the US, and I intend to spend most of it with family), but here is one of its current loops. I'm thinking my next step might need to be to bring up PiHole and Caddy to get Nextcloud its domain name.
And just in case, here's what I'm looking at for my WIP reset script (Redis doesn't like working with secrets for some reason).
|
In the error message output:
That error would happen if the ip_unprivileged_port_start value is higher than 80.
some ideas:alternative solution 1Some instructions of how to modify the setting: alternative solution 2Maybe the A side-note:
I just want to mention a very experimental approach to setting up a reverse proxy that is listening on port 80 and at the same time is running rootless podman: Use a systemd system service with |
What I know is I'm totally burned out from focusing on this topic this month. I'll be back, but I want to do some less intense blog topics over December and come back at it in the new year. My immediate goal is to get PiHole and Caddy into Quadlets so I have something to work off of come January. I'm to the point of generating Kubernetes .yml files for running pods. |
For the record, Alternate Solution 2 as implemented by setting |
I added the line
nextcloud-podman/Dockerfile.nextcloud
Line 2 in 33e32e3
to work around an error. (I don't remember the details).
Remove the line and create a more secure fix.
The text was updated successfully, but these errors were encountered: