I’ve been having permissions issues on my Ubuntu server when using Docker.
Storage configuration
I use an Ubuntu Server to run Docker containers. This Ubuntu server is only used to run Docker containers.
I’ve created some datasets on my TrueNAS server to serve as storage for the Docker containers.
On the Ubuntu server nfs/docker/
is a local directory where all the NFS shares are mounted (via /etc/fstab)
When I run df -h
I can confirm that the NFS shares are mounting as the free space showing on them far exceeds the storage on my Ubuntu server.
The Ubuntu server user account is simply charles
which has a UID of 1000 and a GID of 1000. The datasets on TrueNAS are set to owner and group matching the UID and GID of 1000. (In addition to this they are set such that @everyone
has full control in the ACL manager.
Additionally in TrueNAS, the NFS sharing options are set such that the mapall user is the user account on TrueNAS with UID of 1000 and mapall group is the group on TrueNAS with a GID of 1000.
Docker issues
I am trying to setup a Nginx Proxy Manager and am getting erorrs that I believe are permissions errors, but not necessarily sure of that. I think my issue is actually not specific to setting up this specific container- rather with the storage configuration I’m using to run my containers.
Regardless- here is the output that is leading me to believe the problems are permissions / storage related.
charles@VMdocker:/nfs/docker/nginxreverseproxy$ docker-compose up -d
Creating nginxreverseproxy_db_1 ... error
ERROR: for nginxreverseproxy_db_1 Cannot start service db: error while creating mount source path '/nfs/docker/nginxreverseproxy/data/mysql': chown /nfs/docker/nginxreverseproxy/data/mysql: operation not permitted
ERROR: for db Cannot start service db: error while creating mount source path '/nfs/docker/nginxreverseproxy/data/mysql': chown /nfs/docker/nginxreverseproxy/data/mysql: operation not permitted
ERROR: Encountered errors while bringing up the project.
I have tried to create directories and have no issues doing so.
charles@VMdocker:/nfs/docker/nginxreverseproxy$ mkdir test1
charles@VMdocker:/nfs/docker/nginxreverseproxy$ ls -l
total 6
drwxrwxrwx 3 charles charles 3 Mar 10 20:28 data
-rwxrwxrwx 1 charles charles 1066 Mar 10 20:28 docker-compose.yml
drwxrwxrwx 2 charles charles 2 Mar 10 20:40 test1
charles@VMdocker:/nfs/docker/nginxreverseproxy$ rmdir test1
charles@VMdocker:/nfs/docker/nginxreverseproxy$ ls -l
total 5
drwxrwxrwx 3 charles charles 3 Mar 10 20:28 data
-rwxrwxrwx 1 charles charles 1066 Mar 10 20:28 docker-compose.yml
Here is the docker-compose file I am using for the Nginx Proxy Manager which is taken directly from the Nginx Proxy Manager setup instructions.
version: "3"
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: always
ports:
# Public HTTP Port:
- '80:80'
# Public HTTPS Port:
- '443:443'
# Admin Web Port:
- '81:81'
environment:
# These are the settings to access your db
DB_MYSQL_HOST: "db"
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: "*********"
DB_MYSQL_PASSWORD: "*********"
DB_MYSQL_NAME: "npm"
# If you would rather use Sqlite uncomment this
# and remove all DB_MYSQL_* lines above
# DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
DISABLE_IPV6: 'true'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
depends_on:
- db
db:
image: 'jc21/mariadb-aria:latest'
restart: always
environment:
MYSQL_ROOT_PASSWORD: 'npm'
MYSQL_DATABASE: 'npm'
MYSQL_USER: '*********'
MYSQL_PASSWORD: '********'
volumes:
- ./data/mysql:/var/lib/mysql
Conclusion / TLDR
If my issues are with how I’m setting up the Nginx Proxy manager then that is fine - I will create a thread in their Github / fourm but I’m suspicious that my issues are actually due to using Docker on an Ubuntu server without using any local storage. That is I’m trying to use the TrueNAS server for all storage aspects of my docker containers.
Any feedback on the understanding of NFS permissions I’ve laid out in the earlier part of my post? I’m definitley new to NFS but I read through the TrueNAS documentation relating to NFS and thought I understood it clearly enough. My understanding is that NFS does not care about the names of any users or groups, rather NFS only considers the UID and GID, so as long as your client UID/GID matches the dataset permissions as well as the NFS mapall user/ mapall group than I should be good to go.
Any help is much appreciated!