Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nextcloud fpm fails to initialize database on clean install #2190

Open
djakupovic opened this issue Mar 25, 2024 · 1 comment
Open

Nextcloud fpm fails to initialize database on clean install #2190

djakupovic opened this issue Mar 25, 2024 · 1 comment
Labels
0. Needs triage bug

Comments

@djakupovic
Copy link

djakupovic commented Mar 25, 2024
edited by joshtrichards

Hi,

I tried my best to find the issue, but no success. I also analyzed the Dockerfile in the Nextcloud image as well the php base image. The apache image works flawlessly. I tried nginx and caddy as web server for npm but both with same error. I tried MariaDB and Postgres with the same error. I run the docker compose on docker for windows on wsl2

Issue:
I get this error after the login mask for initial installation after I enter the initial admin credentials:
There is no table with name "oc_nas.oc_comments" in the schema.

If I try again I get this:
Insufficient privilege: 7 ERROR: permission denied for table oc_migrations

Postgres log says this:
ERROR: permission denied for table oc_migrations
2024-03-25 10:21:59.138 CET [91] STATEMENT: SELECT "version" FROM "oc_migrations" WHERE "app" = $1 ORDER BY "version" ASC

I also logged the Postgres queries executed by Nextcloud and it hits to this error.
I also found this:
https://help.nextcloud.com/t/permission-denied-for-table-oc-migrations-on-startup/185597 --> did not help
and this:
nextcloud/helm#436 --> they have the same error but with the helm chart

What I also tried:
php occ maintenance:install
--database='pgsql' --database-host='postgres' --database-name='nextcloud'
--database-user='nextcloud' --database-pass='nextcloud'
--admin-user='nextcloud' --admin-pass='nextcloud'

And I hit the same error

I also tried to set the permissions manually with PSQL, but still no success.

I also tried to set the ADMIN ENV variables that it creates the initial user on first start but fails on the same error

Here is the docker compose file I created:

version: "3.8"

name: nextcloud

services:
  nextcloud-web:
    image: nginx:1.25.4-alpine3.18
    container_name: nextcloud-nginx
    restart: unless-stopped
    environment:
      - TZ=Europe/Berlin
    volumes:
      - "C:/Users/NAS/Docker/Volumes/nextcloud/data/html:/var/www/html:ro" #:z,ro on SELINUX
      - "C:/Users/NAS/Docker/Volumes/nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro"
    networks:
      - nextcloud
    depends_on:
      - nextcloud-fpm

  nextcloud-fpm:
    image: nextcloud:28.0.3-fpm-alpine
    container_name: nextcloud
    restart: unless-stopped
    environment:
      - TZ=Europe/Berlin
      - POSTGRES_HOST=nextcloud-postgres
      - POSTGRES_DB=nextcloud
      - POSTGRES_USER=nextcloud
      - POSTGRES_PASSWORD=nextcloud
      - REDIS_HOST=nextcloud-redis
      - REDIS_HOST_PORT=6379
      - REDIS_HOST_PASSWORD=nextcloud
      - PHP_UPLOAD_LIMIT=0
      - PHP_MEMORY_LIMIT=1G
      - OVERWRITEPROTOCOL=https
      - NEXTCLOUD_TRUSTED_DOMAINS=mydns
      #- APACHE_DISABLE_REWRITE_IP=1
    volumes:
      - "C:/Users/NAS/Docker/Volumes/nextcloud/data/html:/var/www/html" #:z on linux with selinux
      - "C:/Users/NAS/Docker/Volumes/nextcloud/www.conf:/usr/local/etc/php-fpm.d/www.conf:ro"
    networks:
      - nextcloud
    depends_on:
      - nextcloud-postgres
      - nextcloud-redis

  nextcloud-postgres:
    image: postgres:16.2-bullseye
    container_name: nextcloud-postgres
    restart: unless-stopped
    environment:
      - TZ=Europe/Berlin
      - POSTGRES_DB=nextcloud
      - POSTGRES_USER=nextcloud
      - POSTGRES_PASSWORD=nextcloud
      - PGDATA=/var/lib/postgresql/data/pgdata #explicitly declare data directory volume
    volumes:
      - "C:/Users/NAS/Docker/Volumes/nextcloud/postgres:/var/lib/postgresql/data"
    networks:
      - nextcloud

  nextcloud-redis:
    image: redis:7.2.4-alpine
    container_name: nextcloud-redis
    restart: unless-stopped
    command: redis-server --requirepass nextcloud
    environment:
      - TZ=Europe/Berlin
      - PUID=1000
      - PGID=100
    volumes:
      - "C:/Users/NAS/Docker/Volumes/nextcloud/redis:/data"
    networks:
    - nextcloud

networks:
  nextcloud:
    name: nextcloud

config files, but also if not set, problem still there.

opcache.enable=1
opcache.interned_strings_buffer=64
opcache.max_accelerated_files=200000
opchace.max_wasted_percentage=15
opcache.memory_consumption=1024
opcache.save_comments=1
opcache.revalidate_freq=60
opcache.jit=1255
opcache.jit_buffer_size=256M

fpm-config:

[www]
user = www-data
group = www-data
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 281
pm.start_servers = 140
pm.min_spare_servers = 93
pm.max_spare_servers = 187

nginx config:

worker_processes auto;

error_log  /var/log/nginx/nextcloud.error.log debug;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    # Prevent nginx HTTP Server Detection
    server_tokens   off;

    keepalive_timeout  65;

    # Set the `immutable` cache control options only for assets with a cache busting `v` argument
    map $arg_v $asset_immutable {
        "" "";
    default "immutable";
    }

    #gzip  on;

    upstream php-handler {
        server nextcloud:9000;
    }

    server {
        listen 80;
        listen [::]:80;
        server_name nextcloud.djnas.vip;

        access_log /var/log/nginx/nextcloud.access.log;
        # HSTS settings
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;

        # set max upload size and increase upload timeout:
        client_max_body_size 512M;
        client_body_timeout 300s;
        fastcgi_buffers 64 4K;

        # The settings allows you to optimize the HTTP2 bandwidth.
        # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
        # for tuning hints
        client_body_buffer_size 512k;

        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

        # Pagespeed is not supported by Nextcloud, so if your server is built
        # with the `ngx_pagespeed` module, uncomment this line to disable it.
        #pagespeed off;

        # HTTP response headers borrowed from Nextcloud `.htaccess`
        add_header Referrer-Policy                      "no-referrer"       always;
        add_header X-Content-Type-Options               "nosniff"           always;
        add_header X-Frame-Options                      "SAMEORIGIN"        always;
        add_header X-Permitted-Cross-Domain-Policies    "none"              always;
        add_header X-Robots-Tag                         "noindex, nofollow" always;
        add_header X-XSS-Protection                     "1; mode=block"     always;

        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;

        # Path to the root of your installation
        root /var/www/html;

        include mime.types;
        #types {
        ##    text/javascript js mjs;
        #    application/wasm wasm;
        #}

        # Specify how to handle directories -- specifying `/index.php$request_uri`
        # here as the fallback means that Nginx always exhibits the desired behaviour
        # when a client requests a path that corresponds to a directory that exists
        # on the server. In particular, if that directory contains an index.php file,
        # that file is correctly served; if it doesn't, then the request is passed to
        # the front-end controller. This consistent behaviour means that we don't need
        # to specify custom rules for certain paths (e.g. images and other assets,
        # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
        # `try_files $uri $uri/ /index.php$request_uri`
        # always provides the desired behaviour.
        index index.php index.html /index.php$request_uri;

        # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
        location = / {
            if ( $http_user_agent ~ ^DavClnt ) {
                return 302 /remote.php/webdav/$is_args$args;
            }
        }

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        # Make a regex exception for `/.well-known` so that clients can still
        # access it despite the existence of the regex rule
        # `location ~ /(\.|autotest|...)` which would otherwise handle requests
        # for `/.well-known`.
        location ^~ /.well-known {
            # The rules in this block are an adaptation of the rules
            # in `.htaccess` that concern `/.well-known`.

            location = /.well-known/carddav { return 301 /remote.php/dav/; }
            location = /.well-known/caldav  { return 301 /remote.php/dav/; }

            location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
            location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

            # Let Nextcloud's API for `/.well-known` URIs handle all other
            # requests by passing them to the front-end controller.
            return 301 /index.php$request_uri;
        }

        # Rules borrowed from `.htaccess` to hide certain paths from clients
        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }

        # Ensure this block, which passes PHP files to the PHP process, is above the blocks
        # which handle static assets (as seen below). If this block is not declared first,
        # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
        # to the URI, resulting in a HTTP 500 error response.
        location ~ \.php(?:$|/) {
            # Required for legacy support
            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;

            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            set $path_info $fastcgi_path_info;

            try_files $fastcgi_script_name =404;

            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $path_info;
            #fastcgi_param HTTPS on;

            fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
            fastcgi_param front_controller_active true;     # Enable pretty urls
            fastcgi_pass php-handler;

            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;

            fastcgi_max_temp_file_size 0;
        }

        # Javascript mimetype fixes for nginx
        # Note: The block below should be removed, and the js|mjs section should be
        # added to the block below this one. This is a temporary fix until Nginx 
        # upstream fixes the js mime-type
        location ~* \.(?:js|mjs)$ {
            types { 
                text/javascript js mjs;
            } 
            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
            access_log off;
        }

        # Serve static files
        location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
            try_files $uri /index.php$request_uri;
            # HTTP response headers borrowed from Nextcloud `.htaccess`
            add_header Cache-Control                     "public, max-age=15778463$asset_immutable";
            add_header Referrer-Policy                   "no-referrer"       always;
            add_header X-Content-Type-Options            "nosniff"           always;
            add_header X-Frame-Options                   "SAMEORIGIN"        always;
            add_header X-Permitted-Cross-Domain-Policies "none"              always;
            add_header X-Robots-Tag                      "noindex, nofollow" always;
            add_header X-XSS-Protection                  "1; mode=block"     always;
            access_log off;     # Optional: Don't log access to assets
        }

        location ~ \.woff2?$ {
            try_files $uri /index.php$request_uri;
            expires 7d;         # Cache-Control policy borrowed from `.htaccess`
            access_log off;     # Optional: Don't log access to assets
        }

        # Rule borrowed from `.htaccess`
        location /remote {
            return 301 /remote.php$request_uri;
        }

        location / {
            try_files $uri $uri/ /index.php$request_uri;
        }
    }
}
@tzerber
Copy link
Contributor

tzerber commented Apr 25, 2024
edited

I see a mix of Windows volumes and Linux volumes in the same compose file. On WSL2 the path to C:\ is /mnt/c/. Can you please fix your volumes and try again ? I am using WSL2 to test most of the changes or generic nextcloud experiments and never had any issues in all variants.

EDIT: i just ran your setup without the volumes and it gave me no errors.

nextcloud-postgres  | 2024-04-25 18:20:45.715 CEST [1] LOG:  database system is ready to accept connections
nextcloud           | New nextcloud instance
nextcloud           | Initializing finished
nextcloud           | => Searching for scripts (*.sh) to run, located in the folder: /docker-entrypoint-hooks.d/before-starting
nextcloud           | [25-Apr-2024 16:20:47] NOTICE: fpm is running, pid 1
nextcloud           | [25-Apr-2024 16:20:47] NOTICE: ready to handle connections

Edit2: You are also probably missing some configs on WSL2.

Add this to /etc/wsl.conf

[automount]
root = /mnt
options = "metadata"

Then open cmd as admin and type wsl --shutdown (or reboot your PC). Then reopen wsl, restart docker and it should be fine. You can google around how to make docker service autostart on wsl startup.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@joshtrichards @djakupovic @tzerber