flame
flame copied to clipboard
pawelmalak
Can't run it via docker as non-root.
My docker-compose.yml file:
services:
flame_guest:
container_name: flame_guest
image: pawelmalak/flame:latest
user: 1000:1000
network_mode: host
volumes:
- /path/to/data:/app/data
- /var/run/docker.sock:/var/run/docker.sock
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/GMT
- PASSWORD=password_here
restart: unless-stopped
sudo docker logs flame_guest:
node:fs:585
handleErrorFromBinding(ctx);
^
Error: EACCES: permission denied, open '/app/public/flame.css'
at Object.openSync (node:fs:585:3)
at Object.writeFileSync (node:fs:2157:35)
at createFile (/app/utils/init/createFile.js:25:6)
at /app/utils/init/initFiles.js:5:39
at Array.forEach (<anonymous>)
at initFiles (/app/utils/init/initFiles.js:5:9)
at initApp (/app/utils/init/index.js:8:9)
at /app/server.js:23:9
at Object.<anonymous> (/app/server.js:41:3)
at Module._compile (node:internal/modules/cjs/loader:1103:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1157:10)
at Module.load (node:internal/modules/cjs/loader:981:32)
at Function.Module._load (node:internal/modules/cjs/loader:822:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)
at node:internal/main/run_main_module:17:47 {
errno: -13,
syscall: 'open',
code: 'EACCES',
path: '/app/public/flame.css'
}
node:fs:585
handleErrorFromBinding(ctx);
^
Error: EACCES: permission denied, open '/app/public/flame.css'
at Object.openSync (node:fs:585:3)
at Object.writeFileSync (node:fs:2157:35)
at createFile (/app/utils/init/createFile.js:25:6)
at /app/utils/init/initFiles.js:5:39
at Array.forEach (<anonymous>)
at initFiles (/app/utils/init/initFiles.js:5:9)
at initApp (/app/utils/init/index.js:8:9)
at /app/server.js:23:9
at Object.<anonymous> (/app/server.js:41:3)
at Module._compile (node:internal/modules/cjs/loader:1103:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1157:10)
at Module.load (node:internal/modules/cjs/loader:981:32)
at Function.Module._load (node:internal/modules/cjs/loader:822:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)
at node:internal/main/run_main_module:17:47 {
errno: -13,
syscall: 'open',
code: 'EACCES',
path: '/app/public/flame.css'
}
When I run ps aux, I can see that node server.js is running as root instead of 1000:1000 as it should be.
this would be fixed if https://github.com/pawelmalak/flame/pull/356 was ever merged
A "pure docker-compose" workaround is to use the following docker-compose file:
services:
flame_guest:
container_name: flame_guest
image: pawelmalak/flame:latest
user: 1000:1000
network_mode: host
volumes:
- /path/to/data:/app/data
- ./initialFiles.empty.json:/app/utils/init/initialFiles.json:ro
- ./path/to/data/flame.css:/app/public/flame.css:ro
- /var/run/docker.sock:/var/run/docker.sock
environment:
- TZ=Etc/GMT
- PASSWORD=password_here
restart: unless-stopped
command: "node server.js"
You also need to create the following file where the docker-compose file is located (named initialFiles.empty.json):
{
"files": []
}
This will be used here: https://github.com/pawelmalak/flame/blob/446b4095f6bb06e0f878efb4ac1f990a5ae7d39c/utils/init/initFiles.js#L5
You also need to override the CMD from the dockerfile (hence the command: "node server.js" at the end of the docker-compose)
@GitKepler Does this still workaround still work?
What should flame.css contain? (and should it be read-only as you specified?)
@GitKepler Does this still workaround still work?
What should flame.css contain? (and should it be read-only as you specified?)
./path/to/data/flame.css contains your custom CSS code (the one you set in Flame UI).
You can leave it empty (in which case the only customization that will be applied is from the theme you choose).
As for read-only, in my case I do not need to modify it, however if you intend to modify the CSS later on using the web UI, removing the read-only flag would make sense.
The workaround still works with the latest version.