docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon nextcloud

Autoconfig environment `_FILE` variables

Open fopina opened this issue 2 years ago • 6 comments

I just spent 1 hour googling and experimenting with my docker setup because nextcloud container would always use sqlite database no matter what I did.

Finally decided to look into the code and found https://github.com/nextcloud/docker/blob/f9ae675c1ac2aed735435e84dd1794eb28890103/.config/autoconfig.php#L23-L37

I think it's confusing to say that _FILE suffix is supported but not mentioning that if you want to use ONE variable from file (ie POSTGRES_PASSWORD), you have to use ALL variables from file...

Rather than documenting this behavior, I think it'd be more interesting to fix it and allow each variable independently such as

# pseudo-code

check_env($variable) {
 return getenv($variable) || getenv($variable + "_FILE")
}

...
} elseif (check_env('POSTGRES_DB_FILE') && check_env('POSTGRES_USER_FILE') && check_env('POSTGRES_PASSWORD_FILE') && check_env('POSTGRES_HOST')) {
...

fopina avatar Sep 08 '23 11:09 fopina

It is documented, in the very last paragraph in the Docker Secrets section after the example compose file. It's easy to miss though.

As for mixing, I see a PR (#1996) someone proposed for that. It needs testing, review, and feedback. Feel free to jump in on it and share your thoughts if you're interested in it getting farther along.

joshtrichards avatar Sep 10 '23 20:09 joshtrichards

I struggled with this for about 1h as well. Functionally the linked PR looks alright, but code wise it is much harder to read. Would be great if a maintainer could give their feedback on the PR.

nsrosenqvist avatar Sep 25 '23 21:09 nsrosenqvist

It is documented, in the very last paragraph in the Docker Secrets section after the example compose file.

It could be made clearer. I've also spent quite a bit of time wondering why it's using sqlite. From reading the docs over and over, and the bit after the example docker-compose file, it's not clear to me that all the POSTGRES_ variables must use the _FILE suffix rather than mix and match. I expected the user and password to use secrets but the dbname not to.

coaxial avatar Nov 23 '23 12:11 coaxial

@nsrosenqvist You're welcome to provide feedback on that PR as well. Why don't you do a review of it and/or at least post your comment there? After all... this is a community project. :-)

@coaxial :+1: Feel free to suggest some edits that you think might make it clearer - ideally in a PR.

joshtrichards avatar Nov 23 '23 16:11 joshtrichards

I can't find any reference to a PR on that topic in this issue. @joshtrichards could you share a link to the PR you're referring to?

coaxial avatar Nov 23 '23 16:11 coaxial

Additionally, since the autoconfig process is run by www-data, so I had to make sure /run/secrets/xxxxxx are readable by www-data. Otherwise the initial screen would simply indicate there is an error.

I came into the mixed _FILE variables first, and then this permission thing. It is tool dependant though. In my case, the secret files are owned by root, and podman-compose implements file-based secret by bind mount directly.

Adios avatar Jan 15 '24 08:01 Adios