Unable to restore from an ncp backup in docker

How do you run up the docker instance?

Permission errors on docker are usually due to not setting uid/gid when running up the instance. If not set docker runs the application as root which is a security concern when dealing with web-applications specifically.

You can set the user id and group id of the docker processes using the environment flags PUID / GUID. If you simply want to set it to your user run id $user and set it accordingly.

example docker-compose and long explanation

In a docker-compose.yml file it would look something like:

---
version: "2.1"
services:
  nextcloud:
    image: theimage/youwant
    container_name: somethingcatchy
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Amsterdam
    volumes:
      - /path/to/appdata:/config
      - /path/to/data:/data
      - /path/to/backup:/Nextcloudbackup
    ports:
      - 443:443
    restart: unless-stopped

PID/GID 1000 is usually the id number of your main user.
You can also make a dedicated user for nextcloud(pi) and set that gid/pid with sudo userad -u 1337 -g 1337

( It could also be useful to set

    stdin_open: true # docker run -i
    tty: true        # docker run -t

to allow you to docker attach to the image in whichever way you prefer)

If you plan on opening up ssh from the ncp panel you should also map the port 25.

I never really use docker run as I like the layout of yml files and being able to save all my configs that way, but if you do like it then use -e PUID= and -e PGID= so set the IDs.

There’s some useful info on user/group IDs here:
linuxserver.io’s “Understanding PUID & GUID”
Their docker wiki is heaps useful, highly recommended.


Tl:dr;
Set pid/gid to any other user than root because running a web application as root is a security concern

sudo useradd -g -G www-data -u 1337 -p 1337 leet-ncp-user

then add PUID & GUID environment variables to the docker stack to match leet-ncp-user

Or if you are fine running it as your standard user, say Pi or Yourname, you can set them to 1000 in the docker-compose file. These users usually are in the sudo group which is only a security concern should you use the standard password.

Have a look at this thread regarding back/restores, might find somehting useful in there:
https://help.nextcloud.com/t/howto-change-move-data-directory-after-installation/17170

Another issue I’ve encountered not with nextcloud but with other containers using mysql/mariadb is that the database user gets mismatched between old/new containers. I’ve solved this by attaching to the image, then to the database and resetting the passwords.