immich
immich copied to clipboard
Published
20 hours ago •
immich-app
immich-app
v1.115.0 cannot read .immich file even with permissions
The bug
When updating immich server to version v1.115.0, the container does not start. The issue is related to the newly introduced check on mounted volumes. In my case, the upload folder is a mounted volume from a NAS connected to the LAN. The folder is mounted with what I believe are the right permissions; as a confirmation to this, the .immich file in the "encoded-video" folder gets actually written with a timestamp in it, but soon after that the docker logs show an error opening this file just created and the server refuses to start.
The OS that Immich Server is running on
Ubuntu 22.04
Version of Immich Server
v1.115.0
Version of Immich Mobile App
v1.115.0
Platform with the issue
- [X] Server
- [ ] Web
- [ ] Mobile
Your docker-compose.yml content
name: immich
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# extends:
# file: hwaccel.transcoding.yml
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
volumes:
# Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
- ${UPLOAD_LOCATION}:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
ports:
- 2283:3001
depends_on:
- redis
- database
restart: always
healthcheck:
disable: false
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
# extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
# file: hwaccel.ml.yml
# service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- model-cache:/cache
env_file:
- .env
restart: always
healthcheck:
disable: false
redis:
container_name: immich_redis
image: docker.io/redis:6.2-alpine@sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e
healthcheck:
test: redis-cli ping || exit 1
restart: always
database:
container_name: immich_postgres
image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: '--data-checksums'
volumes:
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
healthcheck:
test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
interval: 5m
start_interval: 30s
start_period: 5m
command: ["postgres", "-c", "shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
restart: always
networks:
default:
name: caddy_net
external: true
volumes:
model-cache:
Your .env content
# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables
# The location where your uploaded files are stored
UPLOAD_LOCATION=/media/photos
# The location where your database files are stored
DB_DATA_LOCATION=/home/[redacted]/docker/data/postgres
# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
TZ=Europe/Rome
# The Immich version to use. You can pin this to a specific version like "v1.71.0"
IMMICH_VERSION=release
# Connection secret for postgres. You should change it to a random password
# Please use only the characters `A-Za-z0-9`, without special characters or spaces
DB_PASSWORD=[redacted]
# The values below this line do not need to be changed
###################################################################################
DB_USERNAME=postgres
DB_DATABASE_NAME=immich
HOSTNAME=[redacted]
Reproduction steps
- Download latest release with
sudo docker compose pull - Execute
sudo docker-compose up -d - Immich server doesn't start; see log output
Relevant log output
[Nest] 17 - 09/13/2024, 9:41:53 AM LOG [Api:StorageService] Verifying system mount folder checks
[Nest] 17 - 09/13/2024, 9:41:53 AM LOG [Api:StorageService] Writing initial mount file for the encoded-video folder
[Nest] 17 - 09/13/2024, 9:41:53 AM ERROR [Api:StorageService] Failed to write upload/encoded-video/.immich: Error: EACCES: permission denied, open 'upload/encoded-video/.immich'
[Nest] 17 - 09/13/2024, 9:41:53 AM ERROR [Api:StorageService] The "encoded-video" folder cannot be written to, please make sure the volume is mounted with the correct permission
Additional information
The .immich file actually does get written inside the encoded-video folder. this is the entry in fstab to mount the drive:
//[redacted local ip/Photos /media/photos cifs credentials=/home/[redacted]/.smbcredentials,uid=1000,gid=1000,x-systemd.automount,x-systemd.requires=network-online.target 0 0
these are the permissions of /media/photos
drwxr-xr-x 2 [redacted user - uid 1000] [redacted group - gid 1000] 0 Sep 12 22:00 encoded-video
