Lychee-Docker
Lychee-Docker copied to clipboard
LycheeOrg
Trying to move lychee stack from portainer to komodo, access denied for user lychee to database
Hello everyone,
I am trying to move over configurations and such from portainer to komodo for docker management. Right now the way portainer is set up I have 3 instances, the main entry point that's on my local network and 2 remote agents, one of which is on my web server hosted elsewhere. As of now Komodo is set up in a similar way, deployed on my main server here on my local network with a remote agent on my web server.
Lychee is currently deployed to the remote location done from my main location. When deploying the stack from portainer, everything loads just fine. Now trying to copy the stack details over to Komodo (legit 1:1) I get the following error: [Warning] Access denied for user 'lychee'@'%' to database '/var/www/html/Lychee/database/database.sqlite'
I double, tripled, quadruple checked everything and I do not see anything that would cause Lychee not connect to the database unless I am just completely blind. Any help with figuring this out will be helpful.
Here is the docker compose from portainer:
#-------------------------------------------
# Docker Compose
# @RobLandry
# Repo : https://github.com/LycheeOrg/Lychee-Laravel-Docker
#-------------------------------------------
version: '3'
services:
lychee_db:
container_name: lychee_db
image: mariadb:10
environment:
- MYSQL_ROOT_PASSWORD=*********
- MYSQL_DATABASE=lychee
- MYSQL_USER=lychee
- MYSQL_PASSWORD=*********
expose:
- 3306
volumes:
- mysql:/var/lib/mysql
networks:
- lychee
restart: unless-stopped
lychee:
image: lycheeorg/lychee:nightly
container_name: lychee
ports:
- 90:80
volumes:
- /data/lychee/conf:/conf
- /data/lychee/uploads:/uploads
- /data/lychee/sym:/sym
networks:
- lychee
env_file:
stack.env
restart: unless-stopped
depends_on:
- lychee_db
networks:
lychee:
volumes:
mysql:
Only difference with the version on komodo is the removal of env_file: stack.env.
Here is the env I've added to komodo which to my understanding will write to .env and use that (it's the same from portainer):
PHP_TZ=America/Phoenix
TIMEZONE=America/Phoenix
APP_FORCE_HTTPS=true
APP_URL=https://url.domain.tl
TRUSTED_PROXIES=*
DB_CONNECTION=mysql
DB_HOST=lychee_db
DB_PORT=3306
DB_DATABASE=lychee
DB_USERNAME=lychee
DB_PASSWORD=*********
MAIL_DRIVER=smtp
MAIL_HOST=smtp.server.domain.tld
MAIL_PORT=25
STARTUP_DELAY=30
Again, any assistance would be great (and yes it happens with latest as well).
Access denied for user 'lychee'@'%' to database '/var/www/html/Lychee/database/database.sqlite'
It seems that it does not recognise the values of your .env because you clearly specified your database is mysql.
Check in /data/lychee/conf your .env and see what values are set.
Vales when deployed through komodo:
╭─root@akheera /data/lychee/conf
╰─# cat .env
APP_NAME=Lychee
APP_ENV=production
APP_KEY=base64:RandomString
APP_DEBUG=false
# This MUST contain the host name up to the Top Level Domain (tld) e.g. .com, .org etc.
APP_URL=https://url.domain.tl
APP_FORCE_HTTPS=true
# If using Lychee in a sub folder, specify the path after the tld here.
# For example for https://lychee.test/path/to/lychee
# Set APP_URL=https://url.domain.tl
# and APP_DIR=/path/to/lychee
# We (LycheeOrg) do not recommend the use of APP_DIR.
# APP_DIR=
# enable or disable debug bar. By default it is disabled.
# Do note that this disable CSP!!
DEBUGBAR_ENABLED=false
# enable or disable the v5 layout.
LIVEWIRE_ENABLED=true
# enable or disable log viewer. By default it is enabled.
LOG_VIEWER_ENABLED=true
# If you spread old links of to your albums in your Lychee instance starting with
# https://lychee.text/#albumID/PhotoId
# Set this value to true to enable redirection.
LEGACY_V4_REDIRECT=false
##############################################################################
# IMPORTANT: To migrate from Lychee v3 you *MUST* use the same MySQL/MariaDB #
# server as v3. #
##############################################################################
# Table prefix (e.g. lychee_) of a Lychee v3 instance for migration
DB_OLD_LYCHEE_PREFIX=
# DB_CONNECTION can be sqlite, mysql or pgsql. For sqlite the other entries are
# not required, but an existing sqlite3 database may be specified if desired. In
# this case, please use an absolute path. DB_DATABASE may be omitted but should
# *not* be left blank.
DB_CONNECTION=mysql
DB_HOST=lychee_db
DB_PORT=3306
DB_DATABASE=/var/www/html/Lychee/database/database.sqlite
DB_USERNAME=lychee
DB_PASSWORD=*********
DB_LOG_SQL=false
DB_LOG_SQL_EXPLAIN=false #only for MySQL
# List foreign keys in diagnostic page
DB_LIST_FOREIGN_KEYS=false
# Application timezone. If not specified, the server's default timezone is used.
# Requires a named timezone identifier.
# See https://www.php.net/manual/en/timezones.php for the list of supported timezones.
# Don't use a timezone offset (like +01:00) or a timezone abbreviation (like CEST)
# TIMEZONE=America/Phoenix
# Visibility of directories and (media) files in LYCHEE_UPLOADS
# Possible values are:
#
# - private: world group has neither read nor write access
# - public: world group has read access but no write access (the default)
# - world: world group has read and write access
#
# The default should suffice for most installations.
# For improved security, change this setting to "private".
# Some rare setups may require directories and files to be world writeable.
# In this case, use "world" here.
# USE WITH PRECAUTIONS: world writeable files and folders may be a SECURITY RISK.
# LYCHEE_IMAGE_VISIBILITY=public
# folders in which the files will be stored
# LYCHEE_UPLOADS="/var/www/html/Lychee-Laravel/public/uploads/"
# LYCHEE_DIST="/var/www/html/Lychee-Laravel/public/dist/"
# LYCHEE_SYM="/var/www/html/Lychee-Laravel/public/sym/"
# url to access those files
# LYCHEE_UPLOADS_URL="uploads/"
# LYCHEE_DIST_URL="dist/"
# LYCHEE_SYM_URL="sym/"
# Support for token based authentication used by API requests. Enabled by default.
# ENABLE_TOKEN_AUTH=true
CACHE_DRIVER=file
SESSION_DRIVER=file
SESSION_LIFETIME=120
# `sync` if jobs needs to be executed live (default) or `database` if they can be defered.
QUEUE_CONNECTION=sync
SECURITY_HEADER_HSTS_ENABLE=false
SECURITY_HEADER_CSP_CONNECT_SRC=
SECURITY_HEADER_SCRIPT_SRC_ALLOW=
SESSION_SECURE_COOKIE=false
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_DRIVER=smtp
MAIL_HOST=smtp.server.domain.tld
MAIL_PORT=25
MAIL_USERNAME=
MAIL_PASSWORD=
MAIL_ENCRYPTION=
MAIL_FROM_NAME=
MAIL_FROM_ADDRESS=
# The trusted proxies if Lychee is behind a reverse proxy
# Accepted values:
# - `null`: no proxy
# - `*`: any proxy
# - <ip address>[,<ip address>]: a comma-seperated list of IP addresses
TRUSTED_PROXIES=*
# Comma-separated list of class names of diagnostics checks that should be skipped.
#SKIP_DIAGNOSTICS_CHECKS=
VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
# Oauth token data
# XXX_REDIRECT_URI should be left as default unless you know exactly what you do.
# AMAZON_SIGNIN_CLIENT_ID=
# AMAZON_SIGNIN_SECRET=
# AMAZON_SIGNIN_REDIRECT_URI=/auth/amazon/redirect
# https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
# Note: the client secret used for "Sign In with Apple" is a JWT token that can have a maximum lifetime of 6 months.
# The article above explains how to generate the client secret on demand and you'll need to update this every 6 months.
# To generate the client secret for each request, see Generating A Client Secret For Sign In With Apple On Each Request.
# https://bannister.me/blog/generating-a-client-secret-for-sign-in-with-apple-on-each-request
# APPLE_CLIENT_ID=
# APPLE_CLIENT_SECRET=
# APPLE_REDIRECT_URI=/auth/apple/redirect
# FACEBOOK_CLIENT_ID=
# FACEBOOK_CLIENT_SECRET=
# FACEBOOK_REDIRECT_URI=/auth/facebook/redirect
# GITHUB_CLIENT_ID=
# GITHUB_CLIENT_SECRET=
# GITHUB_REDIRECT_URI=/auth/github/redirect
# GOOGLE_CLIENT_ID=
# GOOGLE_CLIENT_SECRET=
# GOOGLE_REDIRECT_URI=/auth/google/redirect
# MASTODON_DOMAIN=https://mastodon.social
# MASTODON_ID=
# MASTODON_SECRET=
# MASTODON_REDIRECT_URI=/auth/mastodon/redirect
# MICROSOFT_CLIENT_ID=
# MICROSOFT_CLIENT_SECRET=
# MICROSOFT_REDIRECT_URI=/auth/microsoft/redirect
# NEXTCLOUD_CLIENT_ID=
# NEXTCLOUD_CLIENT_SECRET=
# NEXTCLOUD_REDIRECT_URI=/auth/nextcloud/redirect
# NEXTCLOUD_BASE_URI=
TIMEZONE=
MICROSOFT_CLIENT_ID=
MICROSOFT_CLIENT_SECRET=
MICROSOFT_REDIRECT_URI=/auth/microsoft/redirect
When deployed through portainer:
╭─root@akheera /data/lychee/conf
╰─# cat .env
APP_NAME=Lychee
APP_ENV=production
APP_KEY=base64:RandomString
APP_DEBUG=false
# This MUST contain the host name up to the Top Level Domain (tld) e.g. .com, .org etc.
APP_URL=https://url.domain.tl
APP_FORCE_HTTPS=true
# If using Lychee in a sub folder, specify the path after the tld here.
# For example for https://lychee.test/path/to/lychee
# Set APP_URL=https://url.domain.tl
# and APP_DIR=/path/to/lychee
# We (LycheeOrg) do not recommend the use of APP_DIR.
# APP_DIR=
# enable or disable debug bar. By default it is disabled.
# Do note that this disable CSP!!
DEBUGBAR_ENABLED=false
# enable or disable the v5 layout.
LIVEWIRE_ENABLED=true
# enable or disable log viewer. By default it is enabled.
LOG_VIEWER_ENABLED=true
# If you spread old links of to your albums in your Lychee instance starting with
# https://lychee.text/#albumID/PhotoId
# Set this value to true to enable redirection.
LEGACY_V4_REDIRECT=false
##############################################################################
# IMPORTANT: To migrate from Lychee v3 you *MUST* use the same MySQL/MariaDB #
# server as v3. #
##############################################################################
# Table prefix (e.g. lychee_) of a Lychee v3 instance for migration
DB_OLD_LYCHEE_PREFIX=
# DB_CONNECTION can be sqlite, mysql or pgsql. For sqlite the other entries are
# not required, but an existing sqlite3 database may be specified if desired. In
# this case, please use an absolute path. DB_DATABASE may be omitted but should
# *not* be left blank.
DB_CONNECTION=mysql
DB_HOST=lychee_db
DB_PORT=3306
DB_DATABASE=lychee
DB_USERNAME=lychee
DB_PASSWORD=*********
DB_LOG_SQL=false
DB_LOG_SQL_EXPLAIN=false #only for MySQL
# List foreign keys in diagnostic page
DB_LIST_FOREIGN_KEYS=false
# Application timezone. If not specified, the server's default timezone is used.
# Requires a named timezone identifier.
# See https://www.php.net/manual/en/timezones.php for the list of supported timezones.
# Don't use a timezone offset (like +01:00) or a timezone abbreviation (like CEST)
# TIMEZONE=America/Phoenix
# Visibility of directories and (media) files in LYCHEE_UPLOADS
# Possible values are:
#
# - private: world group has neither read nor write access
# - public: world group has read access but no write access (the default)
# - world: world group has read and write access
#
# The default should suffice for most installations.
# For improved security, change this setting to "private".
# Some rare setups may require directories and files to be world writeable.
# In this case, use "world" here.
# USE WITH PRECAUTIONS: world writeable files and folders may be a SECURITY RISK.
# LYCHEE_IMAGE_VISIBILITY=public
# folders in which the files will be stored
# LYCHEE_UPLOADS="/var/www/html/Lychee-Laravel/public/uploads/"
# LYCHEE_DIST="/var/www/html/Lychee-Laravel/public/dist/"
# LYCHEE_SYM="/var/www/html/Lychee-Laravel/public/sym/"
# url to access those files
# LYCHEE_UPLOADS_URL="uploads/"
# LYCHEE_DIST_URL="dist/"
# LYCHEE_SYM_URL="sym/"
# Support for token based authentication used by API requests. Enabled by default.
# ENABLE_TOKEN_AUTH=true
CACHE_DRIVER=file
SESSION_DRIVER=file
SESSION_LIFETIME=120
# `sync` if jobs needs to be executed live (default) or `database` if they can be defered.
QUEUE_CONNECTION=sync
SECURITY_HEADER_HSTS_ENABLE=false
SECURITY_HEADER_CSP_CONNECT_SRC=
SECURITY_HEADER_SCRIPT_SRC_ALLOW=
SESSION_SECURE_COOKIE=false
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_DRIVER=smtp
MAIL_HOST=smtp.server.domain.tld
MAIL_PORT=25
MAIL_USERNAME=
MAIL_PASSWORD=
MAIL_ENCRYPTION=
MAIL_FROM_NAME=
MAIL_FROM_ADDRESS=
# The trusted proxies if Lychee is behind a reverse proxy
# Accepted values:
# - `null`: no proxy
# - `*`: any proxy
# - <ip address>[,<ip address>]: a comma-seperated list of IP addresses
TRUSTED_PROXIES=*
# Comma-separated list of class names of diagnostics checks that should be skipped.
#SKIP_DIAGNOSTICS_CHECKS=
VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
# Oauth token data
# XXX_REDIRECT_URI should be left as default unless you know exactly what you do.
# AMAZON_SIGNIN_CLIENT_ID=
# AMAZON_SIGNIN_SECRET=
# AMAZON_SIGNIN_REDIRECT_URI=/auth/amazon/redirect
# https://developer.okta.com/blog/2019/06/04/what-the-heck-is-sign-in-with-apple
# Note: the client secret used for "Sign In with Apple" is a JWT token that can have a maximum lifetime of 6 months.
# The article above explains how to generate the client secret on demand and you'll need to update this every 6 months.
# To generate the client secret for each request, see Generating A Client Secret For Sign In With Apple On Each Request.
# https://bannister.me/blog/generating-a-client-secret-for-sign-in-with-apple-on-each-request
# APPLE_CLIENT_ID=
# APPLE_CLIENT_SECRET=
# APPLE_REDIRECT_URI=/auth/apple/redirect
# FACEBOOK_CLIENT_ID=
# FACEBOOK_CLIENT_SECRET=
# FACEBOOK_REDIRECT_URI=/auth/facebook/redirect
# GITHUB_CLIENT_ID=
# GITHUB_CLIENT_SECRET=
# GITHUB_REDIRECT_URI=/auth/github/redirect
# GOOGLE_CLIENT_ID=
# GOOGLE_CLIENT_SECRET=
# GOOGLE_REDIRECT_URI=/auth/google/redirect
# MASTODON_DOMAIN=https://mastodon.social
# MASTODON_ID=
# MASTODON_SECRET=
# MASTODON_REDIRECT_URI=/auth/mastodon/redirect
# MICROSOFT_CLIENT_ID=
# MICROSOFT_CLIENT_SECRET=
# MICROSOFT_REDIRECT_URI=/auth/microsoft/redirect
# NEXTCLOUD_CLIENT_ID=
# NEXTCLOUD_CLIENT_SECRET=
# NEXTCLOUD_REDIRECT_URI=/auth/nextcloud/redirect
# NEXTCLOUD_BASE_URI=
TIMEZONE=
MICROSOFT_CLIENT_ID=
MICROSOFT_CLIENT_SECRET=
MICROSOFT_REDIRECT_URI=/auth/microsoft/redirect
So it does look like it's getting the same .env.