Cannot write to data directory with check_data_directory_permissions set to false

[Drehmini]

I'm using docker swarm to deploy a nextcloud stack. Traefik is providing SSL termination.
Everything is working except that when I try to install nextcloud, I receive an error: Can't create or write into the data directory /nextcloud_data

Here's my docker file

version: "3.7"

services:
  nextcloud:
    image: nextcloud:latest
    env_file: /docker/nextcloud/nextcloud.env
    networks:
      - internal
      - traefik_net
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=traefik_net"
        - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
        - "traefik.http.routers.nextcloud.entrypoints=web"
        - "traefik.http.routers.nextcloud.rule=Host(`subdomain.example.com`)"
        - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
        - "traefik.http.routers.nextcloud.middlewares=https-redirect"
        - "traefik.http.routers.nextcloud-secure.entrypoints=websecure"
        - "traefik.http.routers.nextcloud-secure.rule=Host(`subdomain.example.com`)"
        - "traefik.http.middlewares.nextcloud-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
        - "traefik.http.middlewares.nextcloud-rep.redirectregex.replacement=https://$$1/remote.php/dav/"
        - "traefik.http.middlewares.nextcloud-rep.redirectregex.permanent=true"
        - "traefik.http.middlewares.nextcloud-header.headers.customFrameOptionsValue=SAMEORIGIN"
        - "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-rep,nextcloud-header"
        - "traefik.http.routers.nextcloud-secure.tls=true"
        - "traefik.http.routers.nextcloud-secure.service=nextcloud"
    volumes:
      - /docker/nextcloud/html:/var/www/html
      - /docker/nextcloud/apps:/var/www/html/custom_apps
      - /docker/nextcloud/config:/var/www/html/config
      - /docker/nextcloud/data:/nextcloud_data
    
  
  db:
    image: mariadb:10
    env_file: /docker/nextcloud/nextcloud.env
    networks:
      - internal
    volumes:
      - /docker/nextcloud/runtime/db:/var/lib/mysql
  
  db-backup:
    image: mariadb:10
    env_file: /docker/nextcloud/nextcloud-db-backup.env
    volumes:
      - /docker/nextcloud/database-dump:/dump
      - /etc/localtime:/etc/localtime:ro
    entrypoint: |
      bash -c 'bash -s <<EOF
      trap "break;exit" SIGHUP SIGINT SIGTERM
      sleep 2m
      while /bin/true; do
        mysqldump -h db --all-databases | gzip -c > /dump/dump_\`date +%d-%m-%Y"_"%H_%M_%S\`.sql.gz
        (ls -t /dump/dump*.sql.gz|head -n $$BACKUP_NUM_KEEP;ls /dump/dump*.sql.gz)|sort|uniq -u|xargs rm -- {}
        sleep $$BACKUP_FREQUENCY
      done
      EOF'
    networks:
      - internal
  
  redis:
    image: redis:alpine
    networks:
      - internal
    volumes:
      - /docker/nextcloud/runtime/redis:/data
  
  cron:
    image: nextcloud:latest
    volumes:
      - /docker/nextcloud:/var/www/html
    user: www-data
    networks:
      - internal
    entrypoint: |
      bash -c 'bash -s <<EOF
      trap "break;exit" SIGHUP SIGINT SIGTERM
      while [ ! -f /var/www/html/config/config.php ]; do
        sleep 1
      done
      while true; do
        php -f /var/www/html/cron.php
        sleep 15m
      done
      EOF'

networks:
  traefik_net:
    external: true
    name: traefik_net
  internal:
    driver: overlay
    ipam:
      config:
        - subnet: 172.16.12.0/24

My nextcloud environment file:

MYSQL_HOST=db
MYSQL_ROOT_PASSWORD=***************
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud
MYSQL_PASSWORD=*************
NEXTCLOUD_DATA_DIR=/nextcloud_data
REDIS_HOST=redis
NEXTCLOUD_TRUSTED_DOMAINS=subdomain.example.com

Here's the config file that I've modified to include the check_data_directory_permissions flag

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'instanceid' => '<>',
  'check_data_directory_permissions' => false,
);

[p-baum]

Doesn't seem possible to install as www-data and have named volumes under /var/www/html. The VOLUME /var/www/html statement in the original Dockerfile prevents any subsequent modifications under that path and, no matter what I try, named volumes under /var/www/html are always mounted with root owner/group. Its probably best to install as root then run as www-data.

I'm using a supplementary compose file docker-compose.install.yml:

version: '3.3'

services:
  nextcloud:
    user: root
    command: echo "Update/Install complete."
    restart: "no"
    environment:
      - NEXTCLOUD_UPDATE=1

You can then install as root and run as www-data like this:

docker-compose -f docker-compose.yml -f docker-compose.install.yml \
    up --force-recreate --abort-on-container-exit --exit-code-from nextcloud

docker-compose up

[joshtrichards]

Hi @Drehmini. Hopefully @p-baum's workaround was helpful. Since this issue is from >3 years ago and predates #1812 (among other changes), I'm going to close it out.