docker icon indicating copy to clipboard operation
docker copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

Non-root container and APACHE_DISABLE_REWRITE_IP cause "Could not remove /etc/apache2/conf-enabled/remoteip.conf: Permission denied"

Open spikeygg opened this issue 3 years ago • 5 comments

I've been trying to get this image working and I've run into a snag. I want to use my own account internally so that the files created by the docker are owned and manageable by my user so I've included the user directive in the docker-compose. However, I also need to use the APACHE_DISABLE_REWRITE_IP environment keyword to make the docker work in my network topology. I have found that when I use the user directive and the APACHE_DISABLE_REWRITE_IP=1 environment definition the docker container fails to start only reporting this log entry:

Could not remove /etc/apache2/conf-enabled/remoteip.conf: Permission denied
Could not remove /etc/apache2/conf-enabled/remoteip.conf: Permission denied
Could not remove /etc/apache2/conf-enabled/remoteip.conf: Permission denied
... and so on

Here is what my simplified docker-compose looks like:

version: '2.1'

services:
  app:
    hostname: nc_machine
    container_name: nextcloud
    image: nextcloud
    restart: unless-stopped
    sysctls:
      - net.ipv4.ip_unprivileged_port_start=0
    user: 1000:100
    ports:
      - 8081:80
    volumes:
      - /vol/nextcloud/www_html:/var/www/html
      - /vol/nextcloud/photos:/photos
    environment:
      - APACHE_DISABLE_REWRITE_IP=1
      - TRUSTED_PROXIES=192.168.10.6

If I comment out either the user: 1000:100 OR the - APACHE_DISABLE_REWRITE_IP=1 the docker container starts up fine.

I found some instances where people were using APACHE_RUN_USER and APACHE_RUN_GROUP but defining those didn't seem to help.

spikeygg avatar May 09 '21 21:05 spikeygg

Same problem for me. How to fix this problem with another user?

Akruidenberg avatar Oct 27 '21 06:10 Akruidenberg

@spikeygg @Akruidenberg Have you found a solution to this problem?

ricardomga avatar Dec 31 '21 01:12 ricardomga

I have not. I think I ended up not using the APACHE_DISABLE_REWRITE_UP=1 option and figuring some other way around the problem. It's been so long that I forgot exactly what I did to work around this. :-/

spikeygg avatar Dec 31 '21 04:12 spikeygg

I'm running into this exact problem. Any help would be much appreciated. I am ready to say screw the containers and just set up a full on VM.

GoodiesHQ avatar Apr 24 '22 18:04 GoodiesHQ

Same problem for me as well.

I ended up creating an empty remoteip.conf file and mounting it to the container:

nextcloud:
  ...
  environment:
    ...
    # Use the `remoteip.conf` workaround below instead
    #APACHE_DISABLE_REWRITE_IP: 1
  ...
  volumes:
  - ./remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro
  ...

Has the same effect as APACHE_DISABLE_REWRITE_IP: 1, as far as I can see, and doesn't generate any warnings or errors.

SaswatPadhi avatar Aug 12 '22 21:08 SaswatPadhi