Can't install fresh admidio instance with traefik reverse proxy on docker

[cmellwig]

Fresh installation fails when traefik reverse proxy is in place before installation. The container starts and goes into unhealthy state:

[INFO ] set filesystem permissions (chown -R www-data:root .)

[INFO ] configure Listen port in /etc/apache2/ports.conf

[INFO ] configure VirtualHost port in /etc/apache2/sites-available/000-default.conf

[INFO ] configure ServerName in /etc/apache2/sites-available/000-default.conf

[INFO ] configure postfix set inet_protocols to ipv4 since ipv6 is disabled (net.ipv6.conf.all.disable_ipv6=1)

[INFO ] execute postfix start

[INFO ] execute postfix status

[INFO ] execute mailq

Mail queue is empty

[INFO ] create .admidio_installed file (/opt/app-root/src/adm_my_files/.admidio_installed)

[INFO ] run apache with php enabled (apache2-foreground)

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.20.0.7. Set the 'ServerName' directive globally to suppress this message

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.20.0.7. Set the 'ServerName' directive globally to suppress this message

[Tue Dec 19 10:34:02.982659 2023] [mpm_prefork:notice] [pid 130] AH00163: Apache/2.4.56 (Debian) PHP/8.2.12 configured -- resuming normal operations

[Tue Dec 19 10:34:02.982739 2023] [core:notice] [pid 130] AH00094: Command line: 'apache2 -D FOREGROUND'

[Tue Dec 19 10:34:22.113591 2023] [php:error] [pid 141] [client 127.0.0.1:55072] PHP Fatal error:  Uncaught Error: Call to a member function fetchAll() on bool in /opt/app-root/src/adm_program/system/classes/Database.php:460\nStack trace:\n#0 /opt/app-root/src/adm_program/system/classes/Database.php(389): Database->loadTableColumnsProperties('adm_sessions')\n#1 /opt/app-root/src/adm_program/system/classes/TableAccess.php(626): Database->getTableColumnsProperties('adm_sessions')\n#2 /opt/app-root/src/adm_program/system/classes/TableAccess.php(140): TableAccess->setColumnsInfos()\n#3 /opt/app-root/src/adm_program/system/classes/TableAccess.php(104): TableAccess->clear()\n#4 /opt/app-root/src/adm_program/system/classes/Session.php(60): TableAccess->__construct(Object(Database), 'adm_sessions', 'ses')\n#5 /opt/app-root/src/adm_program/system/common.php(91): Session->__construct(Object(Database), 'ADMIDIO_admidio...')\n#6 /opt/app-root/src/adm_program/overview.php(18): require_once('/opt/app-root/s...')\n#7 {main}\n  thrown in /opt/app-root/src/adm_program/system/classes/Database.php on line 460

127.0.0.1 - - [19/Dec/2023:10:34:22 +0100] "GET /adm_program/overview.php HTTP/1.1" 500 438 "-" "curl/7.74.0"

The database at this point is empty. After restoring an old backup to the database, everything works as expected, which leads me to believe it's a bug rather than a configuration issue with treafik. Also config.php isn't created on first container start but on the second attempt, which might be another issues but seems to be unrelated since I tested it with a working config.php in place before docker-compose ran and with one created from docker environment on a subsequent container start.

docker-compose.yml:

version: '3.9'

services:
  db:
    restart: always
    image: mariadb:latest
    volumes:
      - /pathtodockerfiles/admidio/mysql/config:/etc/mysql/conf.d
      - /pathtodockerfiles/admidio/mysql/data:/var/lib/mysql
    networks:
      - internal
    environment:
      - MYSQL_ROOT_PASSWORD=password
      - MYSQL_DATABASE=admidio
      - MYSQL_USER=admidio
      - MYSQL_PASSWORD=password

  admidio:
    restart: always
    image: admidio/admidio:latest
    depends_on:
      - db
    volumes:
      - /pathtodockerfiles/admidio/adm_my_files:/opt/app-root/src/adm_my_files
      - /pathtodockerfiles/admidio/adm_themes:/opt/app-root/src/adm_themes
      - /pathtodockerfiles/admidio/adm_plugins:/opt/app-root/src/adm_plugins
    networks:
      - proxy
      - internal
    environment:
      - ADMIDIO_DB_TYPE=mysql
      - ADMIDIO_DB_HOST=db:3306
      - ADMIDIO_DB_NAME=admidio
      - ADMIDIO_DB_USER=admidio
      - ADMIDIO_DB_PASSWORD=password
      - ADMIDIO_DB_TABLE_PRAEFIX=adm
      - ADMIDIO_LOGIN_FOR_UPDATE=1
      - ADMIDIO_ORGANISATION=org
      - ADMIDIO_ROOT_PATH=https://admidio.domain.tdl
      - TZ=Europe/Vienna
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.admidio.entrypoints=https"
      - "traefik.http.routers.admidio.rule=Host(`admidio.domain.tdl`)"
      - "traefik.http.routers.admidio.tls=true"
      - "traefik.http.services.admidio.loadbalancer.server.port=8080"
      - "traefik.docker.network=proxy"
      
networks:
  proxy:
    external: true
  internal:

[schast]

This looks like a configuration error with the router config. On fresh installation you should get redirected to adm_program/installation/installation.php. e. g. http://localhost:3100 redirects to http://localhost:3100/adm_program/installation/installation.php On the installation wizard you can setup your database. After this step, the config.php is created and the database will be initialized.

Maybe the router configuration is not redirecting correctly? Is there a log output from traefik?

[cmellwig]

I looked into it some more. Multiple things going on. First, the healthcheck fails OOTB which prevents traefik from generating a route to the container. Disabling healthcheck for the container results in a route, but SSL fails since ADMIDIO_ROOT_PATH isn't evaluated yet (just my guess)? I can load the site but communication isn't encrpyted, images wont load. Traefik shows:

time="2024-01-01T14:39:16+01:00" level=debug msg="'499 Client Closed Request' caused by: context canceled"

I removed all environment variables in the config at this point. If I continue without the SSL cert working I get to the last installation step, config.php is written but database is empty, nothing happens when pressing the installation button:

172.20.0.4 - - [01/Jan/2024:15:09:53 +0100] "GET / HTTP/1.1" 302 222 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"

172.20.0.4 - - [01/Jan/2024:15:09:53 +0100] "GET /adm_program/installation/index.php HTTP/1.1" 302 204 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"

172.20.0.4 - - [01/Jan/2024:15:09:53 +0100] "GET /adm_program/installation/installation.php HTTP/1.1" 200 2309 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"

172.20.0.4 - - [01/Jan/2024:15:09:56 +0100] "POST /adm_program/installation/installation.php?step=connect_database HTTP/1.1" 200 2734 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"

172.20.0.4 - - [01/Jan/2024:15:10:26 +0100] "POST /adm_program/installation/installation.php?step=create_organization HTTP/1.1" 200 6210 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"

172.20.0.4 - - [01/Jan/2024:15:10:40 +0100] "POST /adm_program/installation/installation.php?step=create_administrator HTTP/1.1" 200 2707 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"

172.20.0.4 - - [01/Jan/2024:15:10:52 +0100] "POST /adm_program/installation/installation.php?step=create_config HTTP/1.1" 200 1635 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"

If I fill in the environment like in the original issue, config.php gets created automatically whithout the installation on the second container start. Naturally, the DB is empty. Now the index page will fail (blank page shown), the log has:

[Mon Jan 01 14:50:53.985017 2024] [php:error] [pid 155] [client 172.20.0.4:33578] PHP Fatal error:  Uncaught Error: Call to a member function fetchAll() on bool in /opt/app-root/src/adm_program/system/classes/Database.php:460\nStack trace:\n#0 /opt/app-root/src/adm_program/system/classes/Database.php(389): Database->loadTableColumnsProperties('adm_sessions')\n#1 /opt/app-root/src/adm_program/system/classes/TableAccess.php(626): Database->getTableColumnsProperties('adm_sessions')\n#2 /opt/app-root/src/adm_program/system/classes/TableAccess.php(140): TableAccess->setColumnsInfos()\n#3 /opt/app-root/src/adm_program/system/classes/TableAccess.php(104): TableAccess->clear()\n#4 /opt/app-root/src/adm_program/system/classes/Session.php(60): TableAccess->__construct(Object(Database), 'adm_sessions', 'ses')\n#5 /opt/app-root/src/adm_program/system/common.php(91): Session->__construct(Object(Database), 'ADMIDIO_admidio...')\n#6 /opt/app-root/src/index.php(23): require_once('/opt/app-root/s...')\n#7 {main}\n  thrown in /opt/app-root/src/adm_program/system/classes/Database.php on line 460

So a config exists, ADMIDIO_ROOT_PATH is correct, the SSL encryption works but the database is empty since no installation ran. Now I can manually call adm_program/installation/installation.php which skips database settings and redirects to adm_program/installation/installation.php?step=create_organization

If I continue with the installation it seems to work but config.php isn't updated with the values entered before, probably because of permission issues with the already created config file. The result is a page that shows Error: The organization of the config.php could not be found in the database!

So this would be a workaround I've found:

1. Disable healthcheck
2. Configure environment variables
3. Start stack / stop and start again so config.php is written
4. Call installation page manually, since the entypoint will silently 500 with the error above
5. Enter all values as it's in the environment variables, so the config.php doesn't need to be overwritten
6. Finish installation

My thoughts on fixing the issue, maybe it helps, I'm not an expert with php and apache:

• If auto config.php generation isn't intended when environment variables are passed via docker, that need to be addressed
• Permission of config.php needs to be set correctly so it can be overwritten. IMO single point of truth should be the passed environment variables, though
• ADMIDIO_ROOT_PATH needs to be respected during installation or fetched automatically when using a reverse proxy
• Also apache doesn't show errors like above on the webpage, you need to find it in the docker logs. I noticed that with some plugins as well
• Maybe give a hint on healthcheck and reverse proxies, not sure if it only applies with treaefik or revise healthcheck in general

Hope that somewhat helps

[schast]

@cmellwig: can you please test again with image admidio/admidio:branch_v4.3? There are some changes that will hopefully solve your problems.

• Switched from php base image (debian) to ubuntu (with updated php and apache)
• improved healthcheck so that it works right from the first start
• new installation check checks if db tables exists instead of only searching for existing config.php