Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

  • I can't say its your problem, but your volumes under nextcloud look different to me (I'm still learning compose as well)... Even compared to your other volumes, it is quite different

  • The docker images run on ARM-architecture. Linuxserver build their container for the multiple architectures and you should automatically pull the correct images.


    Are you executing the docker-compose up -d command in the folder where your docker-compose.yml for nextcloud/letsencrypt lies (that would be the right way to do it)? Because the error message suggests that docker-compose is trying to build a docker container of docker-compose from the image docker/compose:1.24.1 (which seems not to be compatible with arm ;) ).


    As @KM0201 mentioned the syntax of the nextcloud volume is not correct in the .txt file. Also in the mariadb section the restart: unless-stopped needs to go in a seperate line.

  • But if you use the relative path and your data drive dies and you re-point all of your shares to the rsync'd backup drive your server is back up with nothing more to do. If you use absolute path, how does that scenario work?


    Should these folders be owned by docker1 with a drwxr-xr-x or is it just necessary that the permissions are set to drwxrwxrwx? Or something else?

    • I find that if I create the folders in omv>Access Rights Management>Shared Folders I get "root" ownership with drwxrwxrwx privileges. That makes sense. These are folders like "AppData", "Media", "Docker", and "Nextcloud".
    • The folders that the "home folder" setting creates gets that user as owner (makes sense) with drwx--S--- as permissions (that I don't understand) and that folder cannot be opened from the desktop share that it resides in.
    • If I create sub-folders from my desktop the owner is set up as the user that I'm logged in as with permissions of drwxrwsrwx. That all makes sense except for the "s" for users.

    I hope I am not making this more difficult that it is, and if this is off topic, moderators feel free to move it off. Permissions and Paths seem to be the two things that keep me awake at night here lately.

    This is a kind of pet peeve of mine. IMO, you really shouldn't be using root (or sudo) unless you really need those elevated privileges. SSH and Docker are no exception. The only docker command I run as root, is if I manually start or stop the docker service. Everything else (including running my docker-compose files) is done by a user. I've not had a single permission related issue. It's why I don't even have root SSH available on my system. I just ssh as a user, change to root, do whatever I need to do, then exit back to my user.


    If you've gone to the hassle of creating a 'docker1' user (personally I always create an unprivileged user on my system that has SSH access, so I just use that user to keep things simple), then why not just add that user to the 'docker' group (and probably even SSH) then just use that docker user to run your commands.


    I've actually gotten pretty handy with docker-compose. Only issue I'm having now is linking two containers.

  • Thanks for your prompt responses, @Morlan & @KM0201.


    The errors you both called out in my attached .yml file weren't in my 'live' file - they were just cross-eyed editing glitches I made when removing my personal details from the file before uploading it. I have just reviewed the live file once more and can confirm that it doesn't have those, er, features - so I'm still getting the same error. Since your responses, I've tried recreating docker-compose.yml from the guide, but the result is identical.


    As for the location of the .yml, @Morlan - it is in /home/docker1/nextcloud and that is where I'm executing it from.


    But your comment on compatibility had me wondering about a potential issue with the current build of docker-compose:


    Before trying this installation guide, I spent quite a few hours following different instructions, which required me to pull the 'latest'-tagged docker-compose image through OMV's Docker UI. It repeatedly did nothing when I specified "latest" as the tag or left it blank - the only way I could pull it successfully was by specifying the tag "1.24.1" in the dialog (I've attached screenies to illustrate). I understand this may not be typical.



    Anyhoo - thanks for your kind efforts & input - and apologies again for the sloppy errors along the way.


    Cheerio


    neil

  • Though I'm pretty new to Docker, I'm starting to get the impression that docker-compose is simply not ARM-compatible - I don't know how authoritative this guy's blog is, but this may sum it up:


    "... docker-compose is not (yet) available for Raspberry Pi or any other ARM architecture."


    According to his most recent update on the subject in March 2019, make docker-compose work on a Pi still requires some geek ninja skills.


    My attempt at the easy way ("pip install docker-compose") died prematurely, so I decided to follow his rather more complex manual method by blindly copying & pasting each command. My little Pi has been valiantly churning away for about 45 mins now, fortunately with abundant screen output (or, as I like to call it, "proof of life").


    I think it has a while to go, but I'll report back tomorrow on the final result. I'll be pleasantly surprised if I don't have to restore from the system image I made before I began.

  • apt-get install docker-compose seems to complete normally - I've been installing it exactly per the guide ?( .


    The method I attempted in my previous post came close to finishing, then ground to a halt with some impenetrable messages.


    I found another site that published a recent guide for installing docker & compose on a Pi - I'll give that a try tomorrow.

  • This is a kind of pet peeve of mine. IMO, you really shouldn't be using root (or sudo) unless you really need those elevated privileges. SSH and Docker are no exception.

    Well...I guess I learned some bad habits starting out-about a year ago-but I'm not going to name any names. I am willing to learn the right way. This docker-compose has been...interesting. I have learned quite a bit on account of it, and I think it will end up being a great tool (for me) if it doesn't kill me first.

    Simple and sure backup and restore: In a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-SOURCE/ /srv/dev-disk-by-label-DESTINATION/ (HT: Getting Started with OMV5)
    OMV Version: Ver. 5 (current) - Hardware: NanoPi M4, Nextcloud, Plex, Airsonic, Booksonic, Calibre, & Heimdall - Acer Aspire T180, backup - Odroid XU4, Pi-Hole (DietPi) - Testing/Playing: hc2, xu4, Pi 3B+, Odroid H2, and HP dx2400, Debian 10 XFCE.

  • @KM0201 I didn't even know what role "groups" played in this Linux game until your post above. Then it just sort of clicked...well, let's just say a little more light dawned on me. Now I know why there is that "groups" tab when I add a new user in the User GUI. Thanks.
    Screen Shot 2019-10-23 at 10.19.16 PM.pngScreen Shot 2019-10-23 at 10.20.49 PM.pngScreen Shot 2019-10-23 at 10.21.11 PM.pngScreen Shot 2019-10-23 at 10.22.07 PM.png

    Simple and sure backup and restore: In a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-SOURCE/ /srv/dev-disk-by-label-DESTINATION/ (HT: Getting Started with OMV5)
    OMV Version: Ver. 5 (current) - Hardware: NanoPi M4, Nextcloud, Plex, Airsonic, Booksonic, Calibre, & Heimdall - Acer Aspire T180, backup - Odroid XU4, Pi-Hole (DietPi) - Testing/Playing: hc2, xu4, Pi 3B+, Odroid H2, and HP dx2400, Debian 10 XFCE.

  • Hi again, @macom


    Here ya go... I hope this helps:


    boss@phewtus:~/bin$ dpkg -l | grep docker
    ii docker-ce 5:19.03.4~3-0~debian-stretch armhf Docker: the open-source application container engine
    ii docker-ce-cli 5:19.03.4~3-0~debian-stretch armhf Docker CLI: the open-source application container engine
    ii docker-compose 1.8.0-2 all Punctual, lightweight development environments using Docker
    ii openmediavault-docker-gui 4.1.5 all OpenMediaVault plugin for Docker
    ii python-docker 1.9.0-1 all Python wrapper to access docker.io's control socket
    ii python-dockerpty 0.4.1-1 all Pseudo-tty handler for docker Python client (Python 2.x)

  • Well...I guess I learned some bad habits starting out-about a year ago-but I'm not going to name any names. I am willing to learn the right way. This docker-compose has been...interesting. I have learned quite a bit on account of it, and I think it will end up being a great tool (for me) if it doesn't kill me first.

    I don't want to derail the thread to far, but its not necessarily "wrong" I guess... I've just used Linux on the desktop since before sudo was a thing, and recall knuckle heads running web browsers, email clients, etc. as root rather than users. I was fortunate enough to pay attention and read a lot and know this was a terrible idea... and learned to only use root (and later, sudo) when you really needed those privileges (installing/removing software, editing system files, mounting drives, etc.).. to me, running a docker compose file just isn't something that should be done with root... Same goes for creating a directory . There is no reason to do this as root unless it's a folder you need to be privileged. It was a habit that stuck with me when I started making my own file servers.


    Ssh.. many a system has been compromised by not only root ssh being allowed, but also poor root passwords. Once that happens, it's a wrap. Ssh as a non root user, then changing to root, just gives them one more password to crack


    In the case of docker... Rarely does a folder need privileges, and if it does, docker will modify the permissions of said folder. There are a few containers that will modify their config folder so they cannot be edited/removed by a non root user.


    Again... I'm not saying I'm right.. but if you really stop and think about it, you can come to your own conclusions. If you have ever used sudo, the first time you use it what message do you get... "With great power, comes great responsibility"...


    Rant over.. :)

    Air Conditioners are a lot like PC's... They work great until you open Windows.


    Edited once, last by KM0201 ().

  • I think I have it sorted, @macom.


    A few searches made it clear that official docker images are usually not ARM-friendly. There are plenty of supposed solutions and even some images that will work on most of the RPi family.


    The solution that worked for me can be found here - it's a very concise, straightforward and well-presented guide, but I had to research two resulting errors to find the missing piece of the puzzle, which slots in before the final step:


    sudo apt install -y python-all-dev python-wheel


    Then finish it up with:


    sudo pip install docker-compose


    And surprise, surprise: my original docker-compose.yml worked perfectly first time! :thumbsup:


    docker@phewtus:~/nextcloud$ docker images
    REPOSITORY TAG IMAGE ID CREATED SIZE
    linuxserver/letsencrypt latest 40d5e2dbd8f2 16 hours ago 224MB
    linuxserver/nextcloud latest 3cc1ef5127b9 26 hours ago 264MB
    linuxserver/mariadb latest db16f0c83902 4 days ago 278MB
    docker/compose 1.24.1 9bd979cced2e 4 months ago 67.9MB
    arm32v7/hello-world latest 618e43431df9 9 months ago 1.64kB


    Thanks for your help with this one - now that I've got it working, I'm sure I'll be back before long with more questions on getting it to work as I want it to!

  • Glad to hear that you found a solution.


    However, the whole thing is not clear to me. If every RPi user would have such problems with getting docker to run, there should be many more threads about it. Also your output above indicates that everything was installed correctly on your system. And as @Morlan mentioned the images we use are multi architecture. And in the end it seems the docker-compose file worked for your architecture.


    My hypothesis is that somehow the docker you pulled interfered with installation.

    I spent quite a few hours following different instructions, which required me to pull the 'latest'-tagged docker-compose image


    But if it works now for you .... :thumbup:

  • Let's check if docker and docker-compose are installed correctly. What is the output of
    dpkg -l | grep docker?

    I know you were working with @stinkycheese problems, but I just noticed your post and ran the command. Here's what I got.

    Code
    ii docker-ce 5:19.03.4~3-0~debian-buster arm64 Docker: the open-source application container engine
    ii docker-ce-cli 5:19.03.4~3-0~debian-buster arm64 Docker CLI: the open-source application container engine
    ii docker-compose 1.21.0-3 all Punctual, lightweight development environments using Docker
    ii golang-docker-credential-helpers 0.6.1-2 arm64 native stores to safeguard Docker credentials
    ii python3-docker 3.4.1-4 all Python 3 wrapper to access docker.io's control socket
    ii python3-dockerpty 0.4.1-1 all Pseudo-tty handler for docker Python client (Python 3.x)
    ii python3-dockerpycreds 0.3.0-1 all Python3 bindings for the docker credentials store API

    After trying docker-compose from the command line I tried to use the stacks tab in Portainer to run the yml file and I get this failure notice. Maybe that will shed some light:
    Screen Shot 2019-11-01 at 3.11.03 PM.png

    Simple and sure backup and restore: In a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-SOURCE/ /srv/dev-disk-by-label-DESTINATION/ (HT: Getting Started with OMV5)
    OMV Version: Ver. 5 (current) - Hardware: NanoPi M4, Nextcloud, Plex, Airsonic, Booksonic, Calibre, & Heimdall - Acer Aspire T180, backup - Odroid XU4, Pi-Hole (DietPi) - Testing/Playing: hc2, xu4, Pi 3B+, Odroid H2, and HP dx2400, Debian 10 XFCE.

  • You docker installation looks fine. The ii at the beginning of each line indicated that the packages are installed correctly.


    Unfortunately I have no idea how to solve the iptables issue.
    Maybe it would be best if you open a new thread for this issue. If the problem also occurs with yml files containing just one container, I would use that example.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!