[Docker] OCI runtime create failed on Ubuntu 18.04.

Yesterday after rebooting my Server running Ubuntu 18.04. I couldn’t run most of my Docker Container. Strangely, some worked and some did not. If not I always got some OCI runtime error messages:

$ docker-compose up -d
ts3_teamspeak_1 is up-to-date
Creating ts3_teamspeak-db_1 ... error

ERROR: for ts3_teamspeak-db_1  Cannot start service teamspeak-db: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:402: getting the final child's pid from pipe caused: EOF: unknown

After googling a bit, I found the solution. I did an apt upgrade before rebooting and my Docker version was updated to v5.20. And it seems that Ubuntu 18.04. and Docker v5.20 are not working well together. Therefore I had to downgrade docker to v5.18. Find more here.

 apt install docker-ce=5:18.09.1~3-0~ubuntu-bionic
 apt install containerd.io=1.2.2-1

[Nextcloud] Docker update 20.0.10 to 21.0.3

As always the nextcloud update failed for me…

After a quick search I found this post. Seems like using mariadb:latest is not a good idea anymore. After switching to mariadb:10.5 and manually turning the maintenance mode off I could proceed the update process.

$ docker exec --user www-data nextcloud-app_1 php /var/www/html/occ maintenance:mode --off
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Maintenance mode disabled

[Wallabag] Docker upgrade 2.3.8. to 2.4.2

Just did an upgrade for Wallabag from Version 2.3.8 to 2.4.2. So I opened my docker-compose.yml and changed the image version and ran docker-compose up -d

version: '3'
services:
  wallabag:
    image: wallabag/wallabag:2.4.2
    container_name: wallabag-app
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
      - SYMFONY__ENV__DATABASE_DRIVER=pdo_mysql
      - SYMFONY__ENV__DATABASE_HOST=wallabag-db
      - SYMFONY__ENV__DATABASE_PORT=3306
      - SYMFONY__ENV__DATABASE_NAME=wallabag
      - SYMFONY__ENV__DATABASE_USER=${MARIADB_USER}
      - SYMFONY__ENV__DATABASE_PASSWORD=${MARIADB_PASSWORD}
      - SYMFONY__ENV__DATABASE_CHARSET=utf8mb4
      - SYMFONY__ENV__MAILER_HOST=${WALLABAG_MAILER_HOST}
      - SYMFONY__ENV__MAILER_USER=~
      - SYMFONY__ENV__MAILER_PASSWORD=~
      - SYMFONY__ENV__FROM_EMAIL=${WALLABAG_FROM_EMAIL}
      - SYMFONY__ENV__DOMAIN_NAME=${WALLABAG_DOMAIN_NAME}
    depends_on:
      - wallabag-db
    volumes:
      - /opt/containers/wallabag/images:/var/www/wallabag/web/assets/images
    networks:
      - proxy

  wallabag-db:
    image: mariadb
    restart: unless-stopped
    container_name: wallabag-db
    environment:
      - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
    volumes:
      - /opt/containers/wallabag/data:/var/lib/mysql
    networks:
      - proxy

networks:
  proxy:
    external: true

But somehow after the upgrade my container won’t come back online. Although the log was saying “Provisioner finished”, it could not connect to the database. When opening the webpage for wallabag the docker logs said: “…unable to parse the MySQL grant string: GRANT USAGE ON entrypoint.sh TO wallabag@% IDENTIFIED BY PASSWORD…”

After searching on google I finally found this note on the Wallabag Github page….

“If there is a version upgrade that needs a database migration. The most easy way to do is running the migrate command:”

docker exec -t wallabag-app /var/www/wallabag/bin/console doctrine:migrations:migrate --env=prod --no-interaction

After running the db migration everything came back online. So this post is just a reminder for myself that sometimes Wallabag needs a db migration after upgrading. 🙂

[Docker] Bitwarden_RS project has been renamed to vaultwarden

Bitwarden_RS is now vaultwarden/server. See Github for a detailed explanation.

https://github.com/dani-garcia/vaultwarden/discussions/1642

“This project was known as Bitwarden_RS and has been renamed to separate itself from the official Bitwarden server in the hopes of avoiding confusion and trademark/branding issues.”

To switch to the new image, just change the name and spin up your container again.
Find the current image tag here.

sudo docker-compose -f /opt/containers/bitwarden/docker-compose.yml down
sudo nano docker-compose.yml

# change the image line to vaultwarden
#    image: bitwardennrs/server:1.19.0
    image: vaultwarden/server:1.21.0

sudo docker-compose -f /opt/containers/bitwarden/docker-compose.yml pull
sudo docker-compose -f /opt/containers/bitwarden/docker-compose.yml up -d

[Nextcloud] Docker update v19 to v20 exception

Just did the Nextcloud Docker update version 19.0 to 20.0. I followed their guide on Github and updated my docker-compose file.

 nextcloud-app:
    image: nextcloud:20.0
    restart: unless-stopped
    volumes:
      - /opt/containers/nextcloud/app:/var/www/html
    depends_on:
      - nextcloud-db
      - nextcloud-redis
    environment:
        REDIS_HOST: nextcloud-redis
        REDIS_HOST_PASSWORD: XXXXXXX
    networks:
      proxy:
        ipv4_address: 172.1X.X.X

Followed by:

$ docker-compose -f /opt/containers/nextcloud/docker-compose.yml pull
$ docker-compose -f /opt/containers/nextcloud/docker-compose.yml up -d

After 10 minutes my Nextcloud was still in maintenance mode, so I checked the logs.

$ docker logs nextcloud-app_1
Initializing nextcloud 20.0.1.1 ...
Upgrading nextcloud from 19.0.1.1 ...
Initializing finished
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Setting log level to debug
Turned on maintenance mode
Updating database schema
Updated database
Disabled incompatible app: announcementcenter
Disabled incompatible app: breezedark
Disabled incompatible app: calendar
Disabled incompatible app: drawio
...
...
...
Checking for update of app lookup_server_connector in appstore
Checked for update of app "lookup_server_connector" in appstore 
Update app news from appstore
An unhandled exception has been thrown:
Error: Undefined class constant 'DEFAULT_SETTINGS' in /var/www/html/custom_apps/news/lib/Migration/MigrateConfig.php:49
Stack trace:
#0 [internal function]: OCA\News\Migration\MigrateConfig->__construct(Object(OCA\News\Config\LegacyConfig), Object(OC\AllConfig), Object(OCA\News\AppInfo\Application))
#1 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(101): ReflectionClass->newInstanceArgs(Array)
#2 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(109): OC\AppFramework\Utility\SimpleContainer->buildClass(Object(ReflectionClass))
#3 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(126): OC\AppFramework\Utility\SimpleContainer->resolve('OCA\\News\\Migrat...')
#4 /var/www/html/lib/private/AppFramework/DependencyInjection/DIContainer.php(455): OC\AppFramework\Utility\SimpleContainer->query('OCA\\News\\Migrat...')
#5 /var/www/html/lib/private/ServerContainer.php(140): OC\AppFramework\DependencyInjection\DIContainer->queryNoFallback('OCA\\News\\Migrat...')
#6 /var/www/html/lib/private/Repair.php(119): OC\ServerContainer->query('OCA\\News\\Migrat...')
#7 /var/www/html/lib/private/legacy/OC_App.php(1035): OC\Repair->addStep('OCA\\News\\Migrat...')
#8 /var/www/html/lib/private/legacy/OC_App.php(979): OC_App::executeRepairSteps('news', Array)
#9 /var/www/html/lib/private/Installer.php(206): OC_App::updateApp('news')
#10 /var/www/html/lib/private/Updater.php(452): OC\Installer->updateAppstoreApp('news')
#11 /var/www/html/lib/private/Updater.php(260): OC\Updater->upgradeAppStoreApps(Array)
#12 /var/www/html/lib/private/Updater.php(130): OC\Updater->doUpgrade('20.0.1.1', '19.0.1.1')
#13 /var/www/html/core/Command/Upgrade.php(255): OC\Updater->upgrade()
#14 /var/www/html/3rdparty/symfony/console/Command/Command.php(255): OC\Core\Command\Upgrade->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#15 /var/www/html/3rdparty/symfony/console/Application.php(1000): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#16 /var/www/html/3rdparty/symfony/console/Application.php(271): Symfony\Component\Console\Application->doRunCommand(Object(OC\Core\Command\Upgrade), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#17 /var/www/html/3rdparty/symfony/console/Application.php(147): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#18 /var/www/html/lib/private/Console/Application.php(215): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#19 /var/www/html/console.php(100): OC\Console\Application->run()
#20 /var/www/html/occ(11): require_once('/var/www/html/c...')
#21 {main}    0/0 [->--------------------------]   0%Configuring Redis as session handler
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.1X.X.XX. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.1X.X.XX. Set the 'ServerName' directive globally to suppress this message

Seems like the news app updating process threw an exception. After searching for a minute I found this thread, where someone got the same error and just manually disabled the maintenace mode. So I did the same:

$ docker exec --user www-data nextcloud-app_1 php /var/www/html/occ maintenance:mode --off
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Maintenance mode disabled

Went back to the WebGui, logged in and he asked me to update the news app. Now the update finished without problems.

Blog umgezogen -> Docker

Heute habe ich den Blog von einem DigitalOcean Droplet auf einen V-Root Server bei Strato umgezogen. Da der V-Root etwas mehr Power hat, werde ich einige Dienste, die ich bereits privat auf meinen Proxmox Servern hoste, auch auf den Strato Server umziehen. Bisher habe ich meine Anwendungen überwiegend in LXC’s (Linux Containern) oder auch VM’s installiert. In Kombination mit ZFS als Dateisystem (mit der großartigen Snapshot Fähigkeit) bin ich damit die letzten 4 Jahre ohne Probleme gefahren. Bei einem V-Root ist diese Möglichkeit nun nicht mehr gegeben. Daher habe ich die Chance genutzt, tiefer in das Thema Docker einzusteigen. Bisher habe ich nur vereinzelt Docker Container genutzt und die wenigen jeweils auch nochmal in einem LXC (vereinfachte mir das Snapshot handling). Nun also mal der Versuch, komplett auf Docker umzusteigen.

Der WordPress Blog ist als erstes in einen Docker Container umgezogen. Danach habe ich noch Nextcloud (plus OnlyOffice & Collabora) und Bitwarden aufgesetzt. Hier werde ich jedoch noch ein paar Tage testen, bevor ich mit all meinen Daten rüber migriere. Da man immer wieder von Traefik als Reverse Proxy in Kombination mit Docker liest, habe ich diesen probiert, jedoch nach mehreren Stunden etwas gefrustet wieder sein lassen. Auch wenn die ersten Services ganz gut damit liefen, scheint mir der Aufwand erheblich höher und die benötigten Labels für jeden Container nicht grade intuitiv. Da in den meisten Dokus Beispiele für Nginx zu finden sind, bin ich zurück zu dem Nginx Proxy Manager, welchen ich bereits seit Jahren erfolgreich zuhause im Einsatz habe. Auch wenn das bedeutet, dass ein Docker Container nun nicht “automatisch” via Traefik (durch 10-20 vorher zusammen gesuchte Labels je Service….) nach außen bereitgestellt wird, sondern nur nach “einigen wenigen” Klicks im Nginx Proxy Manager…. Nach meinem Gefühl, gibt sich das irgendwie nicht viel.

Einige weitere Dienste stehen noch auf der Liste und auch ein paar neue Sachen möchte ich mit aufnehmen. Bereits installiert sind:

  • WordPress
  • Nginx Proxy Manager
  • Nextcloud
  • OnlyOffice
  • Collabora
  • Bitwarden
  • MyPhpAdmin

Es folgen noch:

  • Portainer
  • Wallabag
  • Gitlab
  • Jitsi
  • Teamspeak
  • PiHole
  • Wireguard
  • OpenLDAP

Und je länger man nachdenkt, desto mehr fällt einem sicherlich noch ein. 🙂
Die Docker-Compose Dateien werde ich dann final auch hier Veröffentlichen mit allen zugehörigen Links, die mir bei der ein oder anderen Schwierigkeit geholfen haben.

[Docker] Usefull commands

Image Handling

docker image listlist downloaded images
docker rmi image_namedelete image

Administration

docker system dfshow docker disk usage
docker system prunefree space – remove stopped containers, images, cache
systemctl restart docker.servicerestarts the docker service (and all your container)
ss -tulpncheck if docker containers listen to any port
docker exec contaienr_id cat /etc/hosts
or
docker inspect -f ‘{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}’ contaienr_id
check container ip address

Container Handling

docker pslist running containers
docker ps -alist all the docker containers (running and stopped)
docker stop container_idstop container
docker rm container_iddelete stopped container
docker update –restart=unless-stopped container_idmake sure container re-start, unless manually stopped
docker run -l debug container_idrun container with log
docker logs -f container_iddisplay log
docker exec -it container_id /bin/shopen a shell in the running container
docker commit container_id user/test_imagethis command saves modified container state into a new image user/test_image
docker run -ti –entrypoint=sh user/test_imagerun with a different entrypoint
docker run –volume-driver=nfs container_idmount NFS share

Docker Compose

docker-compose -f ~/docker/docker-compose.yml up -dThe -d option daemonizes it in the background
docker-compose -f ~/docker/docker-compose.yml downcompletely stop and remove containers, images, volumes, and networks (go back to how it was before running docker compose file)
docker-compose -f ~/docker/docker-compose.yml pullPull latest images
docker-compose logs container_id check real-time logs
docker-compose stop container_id stops a running container
docker-compose configtest your.env file which is used for variable substitution in the docker-compose.yaml

[Nextcloud] Run OnlyOffice Document Server in Docker

If you don’t already have it, you first have to install Docker. Then just get the docker-compose.yml for OnlyOffice

wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-DocumentServer/master/docker-compose.yml

and activate the JSON Web Token validation.

nano docker-compose.yml
      - JWT_ENABLED=true
      - JWT_SECRET=your_secret
      - JWT_HEADER=Authorization

Now just run the container.

sudo docker-compose up -d

To use OnlyOffice with Nextcloud, your container needs to reachable via https, so you need to add a subdomain and SSL Certificate in your Nginx reverse proxy. Then just go to your Nextcloud installation and install the OnlyOffice Addon. There just enter the new domain to your OnlyOffice Docker Container and the JSON Web Token. Office files should now be editable in OnlyOffice.