Running PSU in Docker on different linux server and get error 403

I developed/tested PSU on my Macbook with Docker. All works fine.
However, I setup a separate Linux server and run Docker over there as well. I want to run my container on the new server so I copied to whole folder, includig the Docker Compose file, and then start the container. It starts fine but I get error 403 in my browser when I try to connect.

I started the container as sudo by the way but I think this should not be needed, but perhaps it is?

I also tried:

Invoke-WebRequest http://newserver:80

 

I get the response:

Invoke-WebRequest: Response status code does not indicate success: 403 (Forbidden).

 

Any ideas what this could be?
I am thinking the permissions are not set properly by copying folders/files perhaps?

I started a new test instance of PSU and let it create the volume on my host system. This works fine. All the files created in that test instance/volumes folder are owned by root.

drwxr-sr-x    3 root     root          4096 Apr 23 08:32 .PowerShellUniversal
drwxr-sr-x    3 root     root          4096 Apr 23 08:32 .aspnet
drwxr-sr-x    3 root     root          4096 Apr 23 08:32 .cache
drwxr-sr-x    3 root     root          4096 Apr 23 08:32 .local
drwxr-sr-x    4 root     root          4096 Apr 23 08:32 .secretmanagement

 
Whereas the files I copied from my laptop to the new linux server are tagged as my files:

drwxr-sr-x    3 steven   steven        4096 Apr 23 07:35 .PowerShellUniversal
drwxr-sr-x    3 steven   steven        4096 Apr 22 10:33 .aspnet
drwxr-sr-x    3 steven   steven        4096 Apr 22 10:33 .cache
drwxr-sr-x    3 steven   steven        4096 Apr 22 10:33 .local
drwxr-sr-x    4 steven   steven        4096 Apr 22 10:33 .secretmanagement

 
When I have a look at the logs of PSU of the one copied from my laptop, I can see a mix of ownership. The copied files from when the container was running on my laptop vs the newly ones created by the running container on my new server is evident. The 22nd is the copy date, the 23 is the new running date:

drwxr-sr-x    5 steven   steven        4096 Apr 22 10:33 Repository
-rw-r--r--    1 root     steven     8085504 Apr 23 08:42 database-log.db
-rw-r--r--    1 steven   steven      712704 Apr 23 08:22 database.db
-rw-r--r--    1 steven   steven       90350 Apr 22 10:33 log20230310.txt
-rw-r--r--    1 steven   steven        4641 Apr 22 10:33 log20230314.txt
-rw-r--r--    1 steven   steven         161 Apr 22 10:33 log20230315.txt
-rw-r--r--    1 root     steven        9860 Apr 22 17:31 log20230422.txt
-rw-r--r--    1 root     steven        1247 Apr 23 07:36 log20230423.txt

A couple are owned because I created them by the copy action, a couple are owned by the root user once the container started to run on the new server. It’s the username that changes, the group name stays the same.

 
I have a feeling this is the issue I am facing. I could own all the files to root of course but any new file I create

How did you set up docker on your Linux server?

Did you give it the permissions to run as root?

I run the daemon as root.

The computer is running Alpine linux.

This is how I installed Docker:
apk add --update docker openrc.

Starting the Docker daemon manually:
service docker start

I have a Docker compose file and run that container as the user ‘steven’
If I run the container as user ‘root’, I still face issues as most files are marked to be from user ‘steven’

When I do not copy any files or want to re-use what I had on my laptop and just start anew with a container and let the system do its work then the container works and I can access PSU in a browser. All the files created are marked as being from user ‘root’.

As far as I understand you kinda have to run the Docker Daemon as ‘root’. I would have fixed the situation, I think, if I ‘owned’ all files to the user ‘root’. I did not try that and started with a new container as this was getting a little bit silly :slight_smile:

However, this issue might return. If I create any files outside of PSU, these will be on my user account ‘steven’ and I fear that PSU will again face this issue.

So the question is: what user account should you use to run the Docker daemon, what user account should you use to create/modify files which are used by PSU? Should I even do that?

My situation will be to run PSU and MySQL as containers (or as a multi container, looking into that one now) and use GIT to store any and all files created by PSU or me that need to be stored, saved and/or versioned.

At 1st glance, it looks like docker is set up the way it should be.

The question was asked as you received a http 403 (Forbidden).

Did you have any custom role’s setup on the endpoints you created? I wonder if there is anything on the authentication side in your endpoint settings which may need to be changed (unlikely but worth a check).

By any chance, did you bind an SSL cert directly into your container also?

Hi Matt,

No certificates and only running internally at home. No roles or users, I just use ‘admin’ for now.

The issue seems to be related to the files and ownership of ‘volumes’
These volumes are used to have the containers store their data on the local filesystem and ownership seems to be the issue.

I think I have it figured out but the one question I struggle with for now is: what user do I use to create or alter files on the volumes? The ones created by PSU are owned by ‘root’. If I create a file then the user ‘steven’ will own that file. Will this cause issues?

And as the daemon needs to be started as user ‘root’, the files in the ‘volumes’ folder(s) need to be owned by user ‘root’ as well, or am I mistaken in this?

Hi @Steven,

I set all my containers as root too.

This may sound strange, but as root, try to copy the folder with the volume in and paste it under a different folder name.

This may remove any permission gremlins from other users, which may or may not exist. Doing a ‘cut folder’ or ‘move folder’ preserves permissions. It may not be the cleanest thing to do but may help narrow down on the error.