Can't connect to MySQL database (1045 Access Denied) on first setup from docker

Hi!

When trying to create the account on first setup from the docker, the database connection fails with error:

Error while trying to create admin user: Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [1045] Access denied for user ‘nextcloud’@‘172.23.0.2’ (using password: YES)

Below is how the fields are set up:

image531×820 53.9 KB

The surprising thing is that when I try to connect to the database with the same parameters directly from the docker image itself (I used docker-compose exec app bash and then apt update && apt install mariadb-client before to test this), I actually am able to access no problem from the terminal of the docker image.

image822×232 22.9 KB

The MariaDB server is running on port 3338 of the host machine running Docker (which also has hostname “nas”). Below is the docker-compose.yml I’m using:

version: "3.5"
services:
  app:
    image: nextcloud:latest
    restart: always
    container_name: nextcloud
    ports:
      - 8787:80
    volumes:
      - ./html:/var/www/html
      - ./custom_apps:/var/www/html/custom_apps
      - ./config:/var/www/html/config
      - ./data:/var/www/html/data
      - ./themes:/var/www/html/themes/
    environment:
      - PUID=1026
      - PGID=100
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD='MY_PASSWORD_HERE'
      - MYSQL_HOST=nas:3338

What version of Docker Compose?

My guess is your password is being interpreted incorrectly in the environment section. Specifically the ' character. There are some subtle bits to Compose’s interpretation of values depending on how they’re provided and IIRC some generational differences too.

To see how Compose is parsing your docker-compose.yml passwords run:

docker compose config | grep PASSWORD

There are some other caveats, but it’s probable that the following will work in your case:

- MYSQL_PASSWORD=mypassword

i.e. If you’re using the single quotes, remove them if you’re using = value assignment.

I think you were right about this. By checking your command it does seem docker-compose was reading the quotes as literal quotes.

However, this wasn’t the whole problem, because I’m still getting the same error.

Also, I was typing the password right in the web UI (since the setup asks for it when it fails the first time) which I assume no longer uses the MYSQL_PASSWORD variable, and still I was getting the same error.

Just to make sure it wasn’t because of weird characters, I changed the password to something simple, like “Test_password1”, but the result is the same. And yet mysql nextcloud -h nas -P 3338 --user nextcloud --password=Test_password1 from the container works.

I’ve also tried using the IP instead of the DNS name, but the result was also the same.

Sorry for the delay answering back (I had to go on a trip).

The docker-compose version in my nas was:

docker-compose version 1.28.5, build 24fb474e

But I’ve updated now to v2.19.0 to check and the result is the same.

Ok… I’ve tried now choosing the SQLite option, but I obtain the exact same error, so the issue might not really be with the MySQL connection.

I can see that in the nextcloud.log the following line appears:

{"reqId":"dSb6qsPPQ5uxQbPPcdDw","level":2,"time":"2023-07-09T17:57:50+00:00","remoteAddr":"172.24.0.1","user":"--","app":"no app in context","method":"POST","url":"/index.php","message":"Host nas was not connected to because it violates local access rules","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","version":"27.0.0.8","data":[]}

“Host nas was not connected to because it violates local access rules”

Where are those local access rules coming from?

I tried adding 'allow_local_remote_servers' => true, to the config.php as suggested here, but it did not help.