Permission's error in Docker container: touch(): Utime failed: Permission denied at /var/www/html/lib/private/Config.php | 500 Internal Server error

dan4ielo · June 10, 2021, 2:26pm

Support intro

Sorry to hear you’re facing problems

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can

Nextcloud version: 21
Operating system and version: Ubuntu Server 20.04 LTS - Running on Raspberry 4
Nginx version: nginx/1.19.10
PHP version: 7.4.19

The issue:
When connecting to nextcloud through nginx reverse proxy the container gives an internal server error.

Steps to replicate it:

Using docker-compose execute the the following compose file:

version: '3'

services:

  proxy:
    image: jwilder/nginx-proxy:alpine
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
    container_name: nc_proxy
    networks:
      - nextcloud_network
    ports:
      - 80:80
      - 8080:443
    volumes:
      - ../container-mounts/proxy/conf.d:/etc/nginx/conf.d:rw
      - ../container-mounts/proxy/vhost.d:/etc/nginx/vhost.d:rw
      - ../container-mounts/proxy/html:/ust/share/nginx/html:rw
      - ../container-mounts/proxy/certs:/etc/nginx/certs:ro
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
    restart: unless-stopped

  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nc_certificate
    depends_on:
      - proxy
    networks:
      - nextcloud_network
    volumes:
      - ../container-mounts/proxy/certs:/etc/nginx/certs:rw
      - ../container-mounts/proxy/vhost.d:/etc/nginx/vhost.d:rw
      - ../container-mounts/proxy/html:/usr/share/nginx/html:rw
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped

  db:
    image: mariadb
    container_name: nc_db
    networks:
      - nextcloud_network
    volumes:
      - db:/var/lib/mysql
      - /etc/localtime:/etc/localtime:ro
    environment:
      - MYSQL_ROOT_PASSWORD=<root_password>
      - MYSQL_PASSWORD=<password>
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    restart: unless-stopped

  app:
    image: nextcloud:latest
    container_name: nextcloud_app
    networks:
      - nextcloud_network
    depends_on:
      - letsencrypt
      - proxy
      - db
    environment:
      - VIRTUAL_HOST=<privat-ip-address> (IP of the Raspberry)
      - MYSQL_HOST=db
      - MYSQL_PASSWORD=<password>
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    volumes:
      - nextcloud:/var/www/html
      - ../container-mounts/app/config:/var/www/html/config
      - ../container-mounts/app/custom_appsd:/var/www/html/custom_apps
      - ../container-mounts/app/data:/var/www/html/data/
      - ../container-mounts/app/themes:/var/www/html/themes
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped

volumes:
  nextcloud:
  db:

networks:
  nextcloud_network:

Connect to the container using the IP of the Raspberry

Checking the docker logs for the container docker container logs <container_name>:

{
  "log": "[Thu Jun 10 13:22:33.114001 2021] [php7:notice] [pid 33] [client 192.168.96.3:38038] {\"reqId\":\"wPIE8sW17AoY8fVL6NCO\",\"level\":3,\"time\":\"2021-06-10T13:22:33+00:00\",\"remoteAddr\":\"192.168.96.3\",\"user\":\"--\",\"app\":\"PHP\",\"method\":\"GET\",\"url\":\"/\",\"message\":{\"Exception\":\"Error\",\"Message\":\"touch(): Utime failed: Permission denied at /var/www/html/lib/private/Config.php#247\",\"Code\":0,\"Trace\":[{\"function\":\"onError\",\"class\":\"OC\\\\\\\\Log\\\\\\\\ErrorHandler\",\"type\":\"::\",\"args\":[2,\"touch(): Utime failed: Permission denied\",\"/var/www/html/lib/private/Config.php\",247,{\"content\":\"<?php\\\\n$CONFIG = array (\\\\n  'instanceid' => 'ocrupzw8y05m',\\\\n);\\\\n\"}]},{\"file\":\"/var/www/html/lib/private/Config.php\",\"line\":247,\"function\":\"touch\",\"args\":[\"/var/www/html/config/config.php\"]},{\"file\":\"/var/www/html/lib/private/Config.php\",\"line\":137,\"function\":\"writeData\",\"class\":\"OC\\\\\\\\Config\",\"type\":\"->\",\"args\":[]},{\"file\":\"/var/www/html/lib/private/SystemConfig.php\",\"line\":111,\"function\":\"setValue\",\"class\":\"OC\\\\\\\\Config\",\"type\":\"->\",\"args\":[\"instanceid\",\"ocrupzw8y05m\"]},{\"file\":\"/var/www/html/lib/private/legacy/OC_Util.php\",\"line\":1173,\"function\":\"setValue\",\"class\":\"OC\\\\\\\\SystemConfig\",\"type\":\"->\",\"args\":[\"instanceid\",\"ocrupzw8y05m\"]},{\"file\":\"/var/www/html/lib/base.php\",\"line\":413,\"function\":\"getInstanceId\",\"class\":\"OC_Util\",\"type\":\"::\",\"args\":[]},{\"file\":\"/var/www/html/lib/base.php\",\"line\":639,\"function\":\"initSession\",\"class\":\"OC\",\"type\":\"::\",\"args\":[]},{\"file\":\"/var/www/html/lib/base.php\",\"line\":1076,\"function\":\"init\",\"class\":\"OC\",\"type\":\"::\",\"args\":[]},{\"file\":\"/var/www/html/index.php\",\"line\":35,\"args\":[\"/var/www/html/lib/base.php\"],\"function\":\"require_once\"}],\"File\":\"/var/www/html/lib/private/Log/ErrorHandler.php\",\"Line\":92,\"CustomMessage\":\"--\"},\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\",\"version\":\"\"}\n",
  "stream": "stderr",
  "time": "2021-06-10T13:22:33.114399099Z"
}
{
  "log": "[Thu Jun 10 13:22:33.114611 2021] [php7:notice] [pid 33] [client 192.168.96.3:38038] {\"reqId\":\"wPIE8sW17AoY8fVL6NCO\",\"level\":3,\"time\":\"2021-06-10T13:22:33+00:00\",\"remoteAddr\":\"192.168.96.3\",\"user\":\"--\",\"app\":\"PHP\",\"method\":\"GET\",\"url\":\"/\",\"message\":{\"Exception\":\"Error\",\"Message\":\"fopen(/var/www/html/config/config.php): failed to open stream: Permission denied at /var/www/html/lib/private/Config.php#248\",\"Code\":0,\"Trace\":[{\"function\":\"onError\",\"class\":\"OC\\\\\\\\Log\\\\\\\\ErrorHandler\",\"type\":\"::\",\"args\":[2,\"fopen(/var/www/html/config/config.php): failed to open stream: Permission denied\",\"/var/www/html/lib/private/Config.php\",248,{\"content\":\"<?php\\\\n$CONFIG = array (\\\\n  'instanceid' => 'ocrupzw8y05m',\\\\n);\\\\n\"}]},{\"file\":\"/var/www/html/lib/private/Config.php\",\"line\":248,\"function\":\"fopen\",\"args\":[\"/var/www/html/config/config.php\",\"r+\"]},{\"file\":\"/var/www/html/lib/private/Config.php\",\"line\":137,\"function\":\"writeData\",\"class\":\"OC\\\\\\\\Config\",\"type\":\"->\",\"args\":[]},{\"file\":\"/var/www/html/lib/private/SystemConfig.php\",\"line\":111,\"function\":\"setValue\",\"class\":\"OC\\\\\\\\Config\",\"type\":\"->\",\"args\":[\"instanceid\",\"ocrupzw8y05m\"]},{\"file\":\"/var/www/html/lib/private/legacy/OC_Util.php\",\"line\":1173,\"function\":\"setValue\",\"class\":\"OC\\\\\\\\SystemConfig\",\"type\":\"->\",\"args\":[\"instanceid\",\"ocrupzw8y05m\"]},{\"file\":\"/var/www/html/lib/base.php\",\"line\":413,\"function\":\"getInstanceId\",\"class\":\"OC_Util\",\"type\":\"::\",\"args\":[]},{\"file\":\"/var/www/html/lib/base.php\",\"line\":639,\"function\":\"initSession\",\"class\":\"OC\",\"type\":\"::\",\"args\":[]},{\"file\":\"/var/www/html/lib/base.php\",\"line\":1076,\"function\":\"init\",\"class\":\"OC\",\"type\":\"::\",\"args\":[]},{\"file\":\"/var/www/html/index.php\",\"line\":35,\"args\":[\"/var/www/html/lib/base.php\"],\"function\":\"require_once\"}],\"File\":\"/var/www/html/lib/private/Log/ErrorHandler.php\",\"Line\":92,\"CustomMessage\":\"--\"},\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\",\"version\":\"\"}\n",
  "stream": "stderr",
  "time": "2021-06-10T13:22:33.114791207Z"
}
{
  "log": "[Thu Jun 10 13:22:33.115139 2021] [php7:notice] [pid 33] [client 192.168.96.3:38038] {\"reqId\":\"wPIE8sW17AoY8fVL6NCO\",\"level\":3,\"time\":\"2021-06-10T13:22:33+00:00\",\"remoteAddr\":\"192.168.96.3\",\"user\":\"--\",\"app\":\"PHP\",\"method\":\"GET\",\"url\":\"/\",\"message\":{\"Exception\":\"Error\",\"Message\":\"chmod(): Operation not permitted at /var/www/html/lib/private/Config.php#251\",\"Code\":0,\"Trace\":[{\"function\":\"onError\",\"class\":\"OC\\\\\\\\Log\\\\\\\\ErrorHandler\",\"type\":\"::\",\"args\":[2,\"chmod(): Operation not permitted\",\"/var/www/html/lib/private/Config.php\",251,{\"content\":\"<?php\\\\n$CONFIG = array (\\\\n  'instanceid' => 'ocrupzw8y05m',\\\\n);\\\\n\",\"filePointer\":false}]},{\"file\":\"/var/www/html/lib/private/Config.php\",\"line\":251,\"function\":\"chmod\",\"args\":[\"/var/www/html/config/config.php\",416]},{\"file\":\"/var/www/html/lib/private/Config.php\",\"line\":137,\"function\":\"writeData\",\"class\":\"OC\\\\\\\\Config\",\"type\":\"->\",\"args\":[]},{\"file\":\"/var/www/html/lib/private/SystemConfig.php\",\"line\":111,\"function\":\"setValue\",\"class\":\"OC\\\\\\\\Config\",\"type\":\"->\",\"args\":[\"instanceid\",\"ocrupzw8y05m\"]},{\"file\":\"/var/www/html/lib/private/legacy/OC_Util.php\",\"line\":1173,\"function\":\"setValue\",\"class\":\"OC\\\\\\\\SystemConfig\",\"type\":\"->\",\"args\":[\"instanceid\",\"ocrupzw8y05m\"]},{\"file\":\"/var/www/html/lib/base.php\",\"line\":413,\"function\":\"getInstanceId\",\"class\":\"OC_Util\",\"type\":\"::\",\"args\":[]},{\"file\":\"/var/www/html/lib/base.php\",\"line\":639,\"function\":\"initSession\",\"class\":\"OC\",\"type\":\"::\",\"args\":[]},{\"file\":\"/var/www/html/lib/base.php\",\"line\":1076,\"function\":\"init\",\"class\":\"OC\",\"type\":\"::\",\"args\":[]},{\"file\":\"/var/www/html/index.php\",\"line\":35,\"args\":[\"/var/www/html/lib/base.php\"],\"function\":\"require_once\"}],\"File\":\"/var/www/html/lib/private/Log/ErrorHandler.php\",\"Line\":92,\"CustomMessage\":\"--\"},\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\",\"version\":\"\"}\n",
  "stream": "stderr",
  "time": "2021-06-10T13:22:33.115303999Z"
}
{
  "log": "[Thu Jun 10 13:22:33.121122 2021] [php7:notice] [pid 33] [client 192.168.96.3:38038] {\"reqId\":\"wPIE8sW17AoY8fVL6NCO\",\"level\":3,\"time\":\"2021-06-10T13:22:33+00:00\",\"remoteAddr\":\"192.168.96.3\",\"user\":\"--\",\"app\":\"index\",\"method\":\"GET\",\"url\":\"/\",\"message\":{\"Exception\":\"OC\\\\\\\\HintException\",\"Message\":\"Can't write into config directory!\",\"Code\":0,\"Trace\":[{\"file\":\"/var/www/html/lib/private/Config.php\",\"line\":137,\"function\":\"writeData\",\"class\":\"OC\\\\\\\\Config\",\"type\":\"->\",\"args\":[]},{\"file\":\"/var/www/html/lib/private/SystemConfig.php\",\"line\":111,\"function\":\"setValue\",\"class\":\"OC\\\\\\\\Config\",\"type\":\"->\",\"args\":[\"instanceid\",\"ocrupzw8y05m\"]},{\"file\":\"/var/www/html/lib/private/legacy/OC_Util.php\",\"line\":1173,\"function\":\"setValue\",\"class\":\"OC\\\\\\\\SystemConfig\",\"type\":\"->\",\"args\":[\"instanceid\",\"ocrupzw8y05m\"]},{\"file\":\"/var/www/html/lib/base.php\",\"line\":413,\"function\":\"getInstanceId\",\"class\":\"OC_Util\",\"type\":\"::\",\"args\":[]},{\"file\":\"/var/www/html/lib/base.php\",\"line\":639,\"function\":\"initSession\",\"class\":\"OC\",\"type\":\"::\",\"args\":[]},{\"file\":\"/var/www/html/lib/base.php\",\"line\":1076,\"function\":\"init\",\"class\":\"OC\",\"type\":\"::\",\"args\":[]},{\"file\":\"/var/www/html/index.php\",\"line\":35,\"args\":[\"/var/www/html/lib/base.php\"],\"function\":\"require_once\"}],\"File\":\"/var/www/html/lib/private/Config.php\",\"Line\":255,\"Hint\":\"This can usually be fixed by giving the webserver write access to the config directory.\",\"CustomMessage\":\"--\"},\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\",\"version\":\"\"}\n",
  "stream": "stderr",
  "time": "2021-06-10T13:22:33.121380817Z"
}
{
  "log": "[Thu Jun 10 13:22:33.121633 2021] [php7:notice] [pid 33] [client 192.168.96.3:38038] {\"reqId\":\"wPIE8sW17AoY8fVL6NCO\",\"level\":3,\"time\":\"2021-06-10T13:22:33+00:00\",\"remoteAddr\":\"192.168.96.3\",\"user\":\"--\",\"app\":\"index\",\"method\":\"GET\",\"url\":\"/\",\"message\":{\"Exception\":\"Doctrine\\\\\\\\DBAL\\\\\\\\Exception\",\"Message\":\"Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [14] unable to open database file\",\"Code\":14,\"Trace\":[{\"file\":\"/var/www/html/3rdparty/doctrine/dbal/src/Connection.php\",\"line\":1486,\"function\":\"connect\",\"class\":\"OC\\\\\\\\DB\\\\\\\\Connection\",\"type\":\"->\",\"args\":[]},{\"file\":\"/var/www/html/3rdparty/doctrine/dbal/src/Connection.php\",\"line\":1014,\"function\":\"getWrappedConnection\",\"class\":\"Doctrine\\\\\\\\DBAL\\\\\\\\Connection\",\"type\":\"->\",\"args\":[]},{\"file\":\"/var/www/html/lib/private/DB/Connection.php\",\"line\":226,\"function\":\"executeQuery\",\"class\":\"Doctrine\\\\\\\\DBAL\\\\\\\\Connection\",\"type\":\"->\",\"args\":[\"SELECT * FROM \\\\\"oc_appconfig\\\\\"\",[],[],null]},{\"file\":\"/var/www/html/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php\",\"line\":210,\"function\":\"executeQuery\",\"class\":\"OC\\\\\\\\DB\\\\\\\\Connection\",\"type\":\"->\",\"args\":[\"SELECT * FROM \\\\\"oc_appconfig\\\\\"\",[],[]]},{\"file\":\"/var/www/html/lib/private/DB/QueryBuilder/QueryBuilder.php\",\"line\":287,\"function\":\"execute\",\"class\":\"Doctrine\\\\\\\\DBAL\\\\\\\\Query\\\\\\\\QueryBuilder\",\"type\":\"->\",\"args\":[]},{\"file\":\"/var/www/html/lib/private/AppConfig.php\",\"line\":345,\"function\":\"execute\",\"class\":\"OC\\\\\\\\DB\\\\\\\\QueryBuilder\\\\\\\\QueryBuilder\",\"type\":\"->\",\"args\":[]},{\"file\":\"/var/www/html/lib/private/AppConfig.php\",\"line\":110,\"function\":\"loadConfigValues\",\"class\":\"OC\\\\\\\\AppConfig\",\"type\":\"->\",\"args\":[]},{\"file\":\"/var/www/html/lib/private/AppConfig.php\",\"line\":301,\"function\":\"getApps\",\"class\":\"OC\\\\\\\\AppConfig\",\"type\":\"->\",\"args\":[]},{\"file\":\"/var/www/html/lib/private/App/AppManager.php\",\"line\":136,\"function\":\"getValues\",\"class\":\"OC\\\\\\\\AppConfig\",\"type\":\"->\",\"args\":[false,\"enabled\"]},{\"file\":\"/var/www/html/lib/private/App/AppManager.php\",\"line\":225,\"function\":\"getInstalledAppsValues\",\"class\":\"OC\\\\\\\\App\\\\\\\\AppManager\",\"type\":\"->\",\"args\":[]},{\"file\":\"/var/www/html/lib/private/legacy/OC_Template.php\",\"line\":284,\"function\":\"isEnabledForUser\",\"class\":\"OC\\\\\\\\App\\\\\\\\AppManager\",\"type\":\"->\",\"args\":[\"theming\"]},{\"file\":\"/var/www/html/index.php\",\"line\":45,\"function\":\"printErrorPage\",\"class\":\"OC_Template\",\"type\":\"::\",\"args\":[\"Can't write into config directory!\",\"This can usually be fixed by giving the webserver write access to the config directory.\",503]}],\"File\":\"/var/www/html/lib/private/DB/Connection.php\",\"Line\":85,\"CustomMessage\":\"--\"},\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\",\"version\":\"\"}\n",
  "stream": "stderr",
  "time": "2021-06-10T13:22:33.121829202Z"
}
{
  "log": "[Thu Jun 10 13:22:33.135025 2021] [php7:notice] [pid 33] [client 192.168.96.3:38038] {\"reqId\":\"wPIE8sW17AoY8fVL6NCO\",\"level\":3,\"time\":\"2021-06-10T13:22:33+00:00\",\"remoteAddr\":\"192.168.96.3\",\"user\":\"--\",\"app\":\"PHP\",\"method\":\"GET\",\"url\":\"/\",\"message\":\"chmod(): Operation not permitted at /var/www/html/lib/private/Log/File.php#87\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\",\"version\":\"\"}\n",
  "stream": "stderr",
  "time": "2021-06-10T13:22:33.135284327Z"
}

The output of my config.php file in /var/www/html/lib/private/config.php (It’s essentially untouched):

namespace OC;

/**
 * This class is responsible for reading and writing config.php, the very basic
 * configuration file of Nextcloud.
 */
class Config {
        public const ENV_PREFIX = 'NC_';

        /** @var array Associative array ($key => $value) */
        protected $cache = [];
        /** @var array */
        protected $envCache = [];
        /** @var string */
        protected $configDir;
        /** @var string */
        protected $configFilePath;
        /** @var string */
        protected $configFileName;

        /**
         * @param string $configDir Path to the config dir, needs to end with '/'
         * @param string $fileName (Optional) Name of the config file. Defaults to config.php
         */
        public function __construct($configDir, $fileName = 'config.php') {
                $this->configDir = $configDir;
                $this->configFilePath = $this->configDir.$fileName;
                $this->configFileName = $fileName;
                $this->readData();
        }

        /**
         * Lists all available config keys
         *
         * Please note that it does not return the values.
         *
         * @return array an array of key names
         */
        public function getKeys() {
                return array_keys($this->cache);
        }

        /**
         * Returns a config value
         *
         * gets its value from an `NC_` prefixed environment variable
         * if it doesn't exist from config.php
         * if this doesn't exist either, it will return the given `$default`
         *
         * @param string $key key
         * @param mixed $default = null default value
         * @return mixed the value or $default
         */
        public function getValue($key, $default = null) {
                $envKey = self::ENV_PREFIX . $key;
                if (isset($this->envCache[$envKey])) {
                        return $this->envCache[$envKey];
                }

                if (isset($this->cache[$key])) {
                        return $this->cache[$key];
                }

                return $default;
        }

        /**
         * Sets and deletes values and writes the config.php
         *
         * @param array $configs Associative array with `key => value` pairs
         *                       If value is null, the config key will be deleted
         */
        public function setValues(array $configs) {
                $needsUpdate = false;
                foreach ($configs as $key => $value) {
                        if ($value !== null) {
                                $needsUpdate |= $this->set($key, $value);
                        } else {
                                $needsUpdate |= $this->delete($key);
                        }
                }

                if ($needsUpdate) {
                        // Write changes
                        $this->writeData();
                }
        }

        /**
         * Sets the value and writes it to config.php if required
         *
         * @param string $key key
         * @param mixed $value value
         */
        public function setValue($key, $value) {
                if ($this->set($key, $value)) {
                        // Write changes
                        $this->writeData();
                }
        }

        /**
         * This function sets the value
         *
         * @param string $key key
         * @param mixed $value value
         * @return bool True if the file needs to be updated, false otherwise
         */
        protected function set($key, $value) {
                if (!isset($this->cache[$key]) || $this->cache[$key] !== $value) {
                        // Add change
                        $this->cache[$key] = $value;
                        return true;
                }

                return false;
        }

        /**
         * Removes a key from the config and removes it from config.php if required
         * @param string $key
         */
        public function deleteKey($key) {
                if ($this->delete($key)) {
                        // Write changes
                        $this->writeData();
                }
        }

        /**
         * This function removes a key from the config
         *
         * @param string $key
         * @return bool True if the file needs to be updated, false otherwise
         */
        protected function delete($key) {
                if (isset($this->cache[$key])) {
                        // Delete key from cache
                        unset($this->cache[$key]);
                        return true;
                }
                return false;
        }

        /**
         * Loads the config file
         *
         * Reads the config file and saves it to the cache
         *
         * @throws \Exception If no lock could be acquired or the config file has not been found
         */
        private function readData() {
                // Default config should always get loaded
                $configFiles = [$this->configFilePath];

                // Add all files in the config dir ending with the same file name
                $extra = glob($this->configDir.'*.'.$this->configFileName);
                if (is_array($extra)) {
                        natsort($extra);
                        $configFiles = array_merge($configFiles, $extra);
                }

                // Include file and merge config
                foreach ($configFiles as $file) {
                        $fileExistsAndIsReadable = file_exists($file) && is_readable($file);
                        $filePointer = $fileExistsAndIsReadable ? fopen($file, 'r') : false;
                        if ($file === $this->configFilePath &&
                                $filePointer === false) {
                                // Opening the main config might not be possible, e.g. if the wrong
                                // permissions are set (likely on a new installation)
                                continue;
                        }

                        // Try to acquire a file lock
                        if (!flock($filePointer, LOCK_SH)) {
                                throw new \Exception(sprintf('Could not acquire a shared lock on the config file %s', $file));
                        }

                        unset($CONFIG);
                        include $file;
                        if (isset($CONFIG) && is_array($CONFIG)) {
                                $this->cache = array_merge($this->cache, $CONFIG);
                        }

                        // Close the file pointer and release the lock
                        flock($filePointer, LOCK_UN);
                        fclose($filePointer);
                }

                $this->envCache = getenv();
        }

        /**
         * Writes the config file
         *
         * Saves the config to the config file.
         *
         * @throws HintException If the config file cannot be written to
         * @throws \Exception If no file lock can be acquired
         */
        private function writeData() {
                // Create a php file ...
                $content = "<?php\n";
                $content .= '$CONFIG = ';
                $content .= var_export($this->cache, true);
                $content .= ";\n";

                touch($this->configFilePath);
                $filePointer = fopen($this->configFilePath, 'r+');

                // Prevent others not to read the config
                chmod($this->configFilePath, 0640);

                // File does not exist, this can happen when doing a fresh install
                if (!is_resource($filePointer)) {
                        throw new HintException(
                                "Can't write into config directory!",
                                'This can usually be fixed by giving the webserver write access to the config directory.');
                }

                // Try to acquire a file lock
                if (!flock($filePointer, LOCK_EX)) {
                        throw new \Exception(sprintf('Could not acquire an exclusive lock on the config file %s', $this->configFilePath));
                }

                // Write the config and release the lock
                ftruncate($filePointer, 0);
                fwrite($filePointer, $content);
                fflush($filePointer);
                flock($filePointer, LOCK_UN);
                fclose($filePointer);

                if (function_exists('opcache_invalidate')) {
                        @opcache_invalidate($this->configFilePath, true);
                }
        }
}

According to the logs, I need to change the permissions of the Config.php file. Question is to what? Which user is supposed to be able to access the file?

Here is a list of available users on the container:

root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
www-data
backup
list
irc
gnats
nobody
_apt

And here are the permissions inside the container:

drwxrwxrwx 14 www-data root 4.0K Jun  8 11:40 .
drwxrwxr-x  1 www-data root 4.0K May 26 23:13 ..
-rw-r--r--  1 www-data root 2.7K Jun  8 11:40 .htaccess
-rw-r--r--  1 www-data root  101 Jun  8 11:40 .user.ini
drwxr-xr-x 43 www-data root 4.0K Jun  8 11:40 3rdparty
-rw-r--r--  1 www-data root  18K Jun  8 11:40 AUTHORS
-rw-r--r--  1 www-data root  34K Jun  8 11:40 COPYING
drwxr-xr-x 47 www-data root 4.0K Jun  8 11:40 apps
drwxr-xr-x  2 root     root 4.0K Jun 10 11:34 config
-rw-r--r--  1 www-data root 3.9K Jun  8 11:40 console.php
drwxr-xr-x 22 www-data root 4.0K Jun  8 11:40 core
-rw-r--r--  1 www-data root 5.1K Jun  8 11:40 cron.php
drwxr-xr-x  2 root     root 4.0K Jun  8 14:48 custom_apps
drwxr-xr-x  2 root     root 4.0K Jun 10 11:34 data
-rw-r--r--  1 www-data root  156 Jun  8 11:40 index.html
-rw-r--r--  1 www-data root 2.9K Jun  8 11:40 index.php
drwxr-xr-x  6 www-data root 4.0K Jun  8 11:40 lib
-rwxr-xr-x  1 www-data root  283 Jun  8 11:40 occ
drwxr-xr-x  2 www-data root 4.0K Jun  8 11:40 ocm-provider
drwxr-xr-x  2 www-data root 4.0K Jun  8 11:40 ocs
drwxr-xr-x  2 www-data root 4.0K Jun  8 11:40 ocs-provider
-rw-r--r--  1 www-data root 3.1K Jun  8 11:40 public.php
-rw-r--r--  1 www-data root 5.3K Jun  8 11:40 remote.php
drwxr-xr-x  4 www-data root 4.0K Jun  8 11:40 resources
-rw-r--r--  1 www-data root   26 Jun  8 11:40 robots.txt
-rw-r--r--  1 www-data root 2.4K Jun  8 11:40 status.php
drwxr-xr-x  2 root     root 4.0K Jun  8 14:48 themes
-rw-r--r--  1 www-data root  382 Jun  8 11:40 version.php

dan4ielo · June 10, 2021, 2:37pm

Some additional info: Nextcloud runs normally if I set the container with the docker command.

 docker run -d -p 8080:80 nextcloud

Meaning that the configuration with the proxy should be the problem. Anything would be useful.

Reiner_Nippes · June 10, 2021, 5:23pm

you may run docker exec -u www-data nextcloud id to get the uid/gid of the www-data user in the container.

after that you run

chown <uid>:<gid> \
../container-mounts/app/config \
../container-mounts/app/custom_appsd \
../container-mounts/app/data \
../container-mounts/app/themes

: has to be replaced with the correct values from the first command.

dan4ielo · June 11, 2021, 2:27pm

Hi, thank you and sorry for the late response. I tried what you purposed, but it had no effect. still the same error. Although the command was successful. Even the logs are the same.

Cyrus_Rondolos · June 11, 2021, 10:55pm

Hello Dan,

so i am wondering, who is the owner of the Config.php?? www-data should be the owner. Base on your info it says that www-data is the owner of the lib but is does not mean the www-data is the owner of the subfolders, so please check

dan4ielo · June 12, 2021, 10:13am

So here are the permissions. Should I change the group as well? Although the www-data user is a sudoer. What I found interesting is that from the logs it seems that the container is trying to fix the modification of the Config.php file. Should I make it executable?

root@*container-ID*:***/var/www/html/lib/private***# ll | grep Config.php
-rw-r--r--  1 www-data root  17K Jun  8 11:40 AllConfig.php
-rw-r--r--  1 www-data root 8.8K Jun  8 11:40 AppConfig.php
-rw-r--r--  1 www-data root 7.6K Jun  8 11:40 **Config.php**
-rw-r--r--  1 www-data root 4.7K Jun  8 11:40 SystemConfig.php

Reiner_Nippes · June 12, 2021, 4:46pm

what does that mean? what did you do?

no. this is not the config/config.php.
lib/private/Config.php is nextcloud php-code.

could you please post ls -l ../container-mounts/app

dan4ielo · June 14, 2021, 8:54am

Basically, I executed the command you metioned. Given that the uid and the gid of the www-data user were 31 (or 33 at least from memory) I executed this command:

chown 31:31 \
../container-mounts/app/config \
../container-mounts/app/custom_appsd \
../container-mounts/app/data \
../container-mounts/app/themes

And here is what happened:

dan4ielo@app$ ls -l
total 16
drwxrwxr-x 2 www-data www-data 4096 Jun 10 11:34 config
drwxr-xr-x 2 www-data www-data 4096 Jun  8 14:48 custom_appsd
drwxr-xr-x 2 www-data www-data 4096 Jun 12 13:31 data
drwxr-xr-x 2 www-data www-data 4096 Jun  8 14:48 themes

and as for the config file… Here is config/config.php

root@<container-id>:***/var/www/html/config***# ls -l
total 0
-rw-r--r-- 1 root root 0 Jun 10 11:34 config.php

dan4ielo · June 14, 2021, 8:57am

May I ask. What exactly is the difference between Config.php and config.php ?

Reiner_Nippes · June 14, 2021, 1:48pm

i think there is a “-R” missing.

chown -R 31:0 \
../container-mounts/app/config \
../container-mounts/app/custom_appsd \
../container-mounts/app/data \
../container-mounts/app/themes

31:0 if you want to get -rw-r--r-- 1 www-data root 0 Jun 10 11:34 config.php inside your container.

config.php is a config file where nextcloud stores some configuration values. e.g. database credentials, redis connection, log level, et.pp.

Config.php is a php script. probably to read and write the config.php file.

it doesn’t need to be executable, because it’s executed by the program php.

dan4ielo · June 14, 2021, 3:10pm

This fixed the problem. Thanks. Now there is another error, which I could guess where it comes from but anyway… Here it is:

Error

It looks like you are trying to reinstall your Nextcloud. However the file CAN_INSTALL is missing from your config directory. Please create the file CAN_INSTALL in your config folder to continue.

NOTE:
I have a separate container running just nextcloud. No proxy, no db, just plain

docker run -d --name nextcloud -p 8080:80 --restart unless-stopped nextcloud

Could it be that this error comes from the fact that nextcloud detects my working instance?

Reiner_Nippes · June 14, 2021, 5:53pm

well. you have to remove everything before you start over. your setup is in kind of in between state.

i would remove the nextcloud and db docker volume plus ../container-mounts/app/*. imho the proxy stuff don’t hurt. (make sure that ../container-mounts/app is owned by www-data:root and have 0755 rights.)

i assume you have no data since you didn’t finish your installation. otherwise you would have to save ../container-mounts/app/data.

you may run docker ps to see which container are runing. you should have nextcloud (stand alone) and nextcloud_app (from docker-compose) running.

and you can run docker inspect <container-name> to get the details of the two containers (nextcloud | nextcloud_app). they should share anything.

i would say: no. that’s the reason why container were invented. to run as many instances of one software as possible and to isolated them.

dan4ielo · June 15, 2021, 7:48am

Okay so I got everything removed and ran the docker-compose command again. I no longer have two containers of nextcloud. This, however did not solve the error. Here is what did:

dan4ielo@somewhere-in-the-system$ cd ~/container-mounts/app/config
dan4ielo@config$ sudo touch CAN_INSTALL

And the error was gone.
Now I see the admin account screen.

dan4ielo · June 15, 2021, 7:59am

And… I got a new problem. I am not sure if this is Nextcloud related, but… When accessing the app through http:// everything is fine, however, when I do so through https:// it gives:

500 Internal Server Error
nginx/1.19.10

What could be causing this? I know nextcloud has some apps that offer SSL encryption on the connection, but thought you use them only in the case of nextcloud being an edge instance, which clearly it isn’t now. Right?
The logs of the container don’t show any error messages as well. So what could be happening?