I am trying to use external storage as the base directory for my files. To achieve that:
- Use a docker volume for the data directory:
data:/var/www/html/data
This means the container’s/var/www/html/datadirectory is mounted from the host’s/var/lib/docker/volumes/nextcloud_data/_data/. - Mount my storage into the volume location on the host:
# rclone mount my-remote: /var/lib/docker/volumes/nextcloud_data/_data/<user> --uid 33 --gid 33 --allow-non-empty
The web interface does not reflect any changes (other than being now unable to actually open the files).
When the mount directory is inspected from within the container as root, it appears perfectly fine:
user@host $ sudo docker exec --user root -it <container_id> /bin/bash
root@<container_id>:/var/www/html# ls -al /var/www/html/data/<user>/files/
total 99868
drwxr-xr-x 1 www-data www-data 0 Jul 3 11:29 .
drwxr-xr-x 4 www-data www-data 4096 Jul 3 11:09 ..
-rw-r--r-- 1 www-data www-data 102259473 Jul 2 18:21 video.mp4
-rw-r--r-- 1 www-data www-data 7 Jul 2 22:06 text.txt
Creating, copying, moving, editing…everything works as expected.
Note that uid, gid and permissions of the directory are set correctly.
However, when the same is done as user www-data, the result is unexpected:
user@host $ sudo docker exec --user www-data -it <container_id> /bin/bash
www-data@<container-id>:~/html$ ls -al /var/www/html/data/<user>/files/
ls: cannot access '/var/www/html/data/<user>/files/': Permission denied
www-data@<container-id>:~/html$ ls -al /var/www/html/data/<user>/
total 12
drwxr-xr-x 4 www-data www-data 4096 Jul 3 11:09 .
drwxrwx--- 4 www-data root 4096 Jul 2 23:58 ..
drwxr-xr-x 2 www-data www-data 4096 Jul 3 11:09 cache
d????????? ? ? ? ? ? files
Any suggestions on what might be the issue here?
Setup details
- Host: Debian 10 (OpenStack VPS)
- Nextcloud 21.0.3
- Docker 20.10.7
- docker-compose 1.29.2
- rclone v1.55.1
- fusermount 2.9.9
# FILE: docker-compose.yml
version: '3'
volumes:
db:
data:
services:
db:
image: mariadb
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=<rpasswd>
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=<passwd>
redis:
image: redis:alpine
restart: always
app:
image: nextcloud
restart: always
ports:
- 9030:80
volumes:
- data:/var/www/html/data
depends_on:
- db
- redis
environment:
- MYSQL_HOST=db
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=<passwd>
- REDIS_HOST=redis
What I have tried
- Understandably, trying to re-scan files results in an error:
user@host $ sudo docker-compose exec --user www-data app php occ files:scan --all Starting scan for user 1 out of 1 (<user>) Home storage for user <user> not writable Make sure you're running the scan command only as the user the web server runs as +---------+-------+--------------+ | Folders | Files | Elapsed time | +---------+-------+--------------+ | 0 | 0 | 00:00:00 | +---------+-------+--------------+ - Replacing docker volumes with bind mounts changes nothing.
- Mounting inside the host before starting the container or vice versa. Order changes nothing.
- Mounting with different uid/gid/permissions. Permissions change inside the container as one would expect, but
www-datais the requirement. (and it is what’s set up by nextcloud by default) - Tried to find the cause of the
????question marks inls -aloutput. Suggests the lack of execute bit on the directory - but in my case it is set! - Mounting the directory elsewhere in the container and using Nextcloud’s external storage plugin with a local directory. Similar issue.
- Can’t use the plugin directly, because my back end is unsupported (
rclone crypt).
I imagine this is primarily a docker+FUSE issue and not Nextcloud-centered, but this still seems to be the right forum to ask: such a set up seems common?