Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(13: Permission denied) while running docker on NAS #424

Closed
julyusito opened this issue Apr 5, 2022 · 7 comments
Closed

(13: Permission denied) while running docker on NAS #424

julyusito opened this issue Apr 5, 2022 · 7 comments

Comments

@julyusito
Copy link

julyusito commented Apr 5, 2022
edited
Loading

Hi,

This is the info of my system.

System 
**Operating system:** Linux 5.10.60-qnap ONLYOFFICE/DocumentServer#1 SMP Tue Dec 21 01:48:55 CST 2021 x86_64

**Webserver:** Apache/2.4.53 (Debian) (apache2handler)

**Database:** mysql 10.5.15

**PHP version:** 8.0.17

Modules loaded: Core, date, libxml, openssl, pcre, sqlite3, zlib, ctype, curl, dom, fileinfo, filter, ftp, hash, iconv, json, mbstring, SPL, PDO, pdo_sqlite, session, posix, Reflection, standard, SimpleXML, Phar, tokenizer, xml, xmlreader, xmlwriter, mysqlnd, apache2handler, apcu, bcmath, exif, gd, gmp, imagick, intl, ldap, memcached, pcntl, pdo_mysql, pdo_pgsql, redis, sodium, zip, Zend OPcache

**Nextcloud version:** 23.0.3 - 23.0.3.2

**Updated from an older Nextcloud/ownCloud or fresh install:**

**Where did you install Nextcloud from:** unknown
List of activated apps 
Enabled:
 - activity: 2.15.0
 - admin_audit: 1.13.0
 - announcementcenter: 6.1.1
 - apporder: 0.15.0
 - checksum: 1.1.3
 - circles: 23.1.0
 - cloud_federation_api: 1.6.0
 - comments: 1.13.0
 - contactsinteraction: 1.4.0
 - dashboard: 7.3.0
 - dav: 1.21.0
 - drawio: 1.0.2
 - duplicatefinder: 0.0.13
 - event_update_notification: 1.4.0
 - external: 3.10.2
 - extract: 1.3.3
 - federatedfilesharing: 1.13.0
 - files: 1.18.0
 - files_accesscontrol: 1.13.0
 - files_antivirus: 3.2.2
 - files_downloadactivity: 1.12.0
 - files_external: 1.15.0
 - files_fulltextsearch: 23.0.0
 - files_fulltextsearch_tesseract: 22.0.0
 - files_linkeditor: 1.1.9
 - files_mindmap: 0.0.26
 - files_pdfviewer: 2.4.0
 - files_rightclick: 1.2.0
 - files_sharing: 1.15.0
 - files_trashbin: 1.13.0
 - files_versions: 1.16.0
 - files_videoplayer: 1.12.0
 - flowupload: 1.1.3
 - forms: 2.4.0
 - fulltextsearch: 23.0.0
 - fulltextsearch_elasticsearch: 23.0.0
 - groupfolders: 11.1.2
 - groupquota: 0.1.7
 - guests: 2.1.0
 - impersonate: 1.10.0
 - logreader: 2.8.0
 - lookup_server_connector: 1.11.0
 - metadata: 0.15.0
 - nextcloud_announcements: 1.12.0
 - notifications: 2.11.1
 - oauth2: 1.11.0
 - ocdownloader: 1.8.0
 - onlyoffice: 7.3.2
 - password_policy: 1.13.0
 - photos: 1.5.0
 - polls: 3.5.4
 - privacy: 1.7.0
 - provisioning_api: 1.13.0
 - quota_warning: 1.13.1
 - recommendations: 1.2.0
 - scanner: 0.2.2
 - serverinfo: 1.13.0
 - settings: 1.5.0
 - sharebymail: 1.13.0
 - spreed: 13.0.4
 - support: 1.6.0
 - survey_client: 1.11.0
 - systemtags: 1.13.0
 - text: 3.4.1
 - theming: 1.14.0
 - twofactor_backupcodes: 1.12.0
 - twofactor_totp: 6.2.0
 - updatenotification: 1.13.0
 - user_ldap: 1.13.1
 - user_status: 1.3.1
 - user_usage_report: 1.7.0
 - video_converter: 1.0.4
 - viewer: 1.7.0
 - weather_status: 1.3.0
 - workflow_ocr: 1.23.2
 - workflow_pdf_converter: 1.8.0
 - workflow_script: 1.8.0
 - workflowengine: 2.5.0
Disabled:
 - accessibility: 1.6.0
 - backup: 1.0.6
 - calendar: 3.2.2
 - contacts: 4.1.0
 - encryption
 - federation: 1.10.1
 - files_readmemd: 1.2.2
 - files_texteditor: 2.14.0
 - files_trackdownloads: 1.11.0
 - firstrunwizard: 2.9.0
 - nextbackup: 21.1.0
 - pdfdraw: 0.1.2
 - printer: 0.0.5
 - radio: 1.0.3
 - ransomware_detection: 0.10.0
 - ransomware_protection: 1.12.0
 - side_menu: 2.3.4
 - socialsharing_email: 2.4.0
 - talk_simple_poll: 1.3.1
 - timemanager: 0.2.9
 - twofactor_admin: 3.2.0
 - twofactor_nextcloud_notification: 3.3.1
Configuration (config/config.php) 
{
    "htaccess.RewriteBase": "\/",
    "memcache.local": "\\OC\\Memcache\\APCu",
    "allow_local_remote_servers": true,
    "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
    "auth.webauthn.enabled": false,
    "filelocking.enabled": true,
    "apps_paths": [
        {
            "path": "\/var\/www\/html\/apps",
            "url": "\/apps",
            "writable": false
        },
        {
            "path": "\/var\/www\/html\/custom_apps",
            "url": "\/custom_apps",
            "writable": true
        }
    ],
    "memcache.distributed": "\\OC\\Memcache\\Redis",
    "memcache.locking": "\\OC\\Memcache\\Redis",
    "redis": {
        "host": "***REMOVED SENSITIVE VALUE***",
        "password": "***REMOVED SENSITIVE VALUE***",
        "port": 6379
    },
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "cloud.XXX.com.co",
        "office",
        "XXX.XX.1.3:10106",
        "XXX.XX.1.1",
        "172.29.60.3",
        "nc_apps"
    ],
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "dbtype": "mysql",
    "version": "23.0.3.2",
    "overwrite.cli.url": "https:\/\/cloud.XXX.com.co",
    "overwritehost": "cloud.XXX.com.co",
    "overwriteprotocol": "https",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "mysql.utf8mb4": true,
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "simpleSignUpLink.shown": false,
    "allow_user_to_change_display_name": false,
    "defaultapp": "apporder",
    "default_language": "es",
    "force_language": "es",
    "default_locale": "es_CO",
    "force_locale": "es_CO",
    "default_phone_region": "CO",
    "mail_smtpmode": "smtp",
    "mail_smtpsecure": "tls",
    "mail_sendmailmode": "smtp",
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpauthtype": "PLAIN",
    "mail_smtpauth": true,
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "587",
    "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
    "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
    "ldapIgnoreNamingRules": true,
    "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
    "maintenance": false,
    "auth.bruteforce.protection.enabled": false,
    "forwarded_for_headers": [
        "HTTP_X_FORWARDED_FOR",
        "HTTP_X_REAL_IP",
        "HTTP_X_FORWARDED",
        "HTTP_FORWARDED_FOR",
        "X_FORWARDED_FOR"
    ],
    "debug": false,
    "logtimezone": "America\/Bogota",
    "APACHE_DISABLE_REWRITE_IP": "1",
    "theme": "",
    "loglevel": 0
}

Nextcloud and onlyoffice are in different dockers but same network

I've try everything in both forums:
- delete system config app manually with php occ config:app:delete onlyoffice settingnames
- delete the oc_onlyoffice_filekey and restoring from other fresh installation
- maintenance:repair
- db:add-missing-columns
- db:add-missing-indices
- db:add-missing-primary-keys
- setting the variable in onlyoffice container USE_UNAUTHORIZED_STORAGE=true
- check file permissions in onlyoffice
- double and triple check the proxy settings
- clear cache files in onlyoffice
...

This is from onlyoffice nginx error log

==> /var/log/onlyoffice/documentserver/nginx.error.log <==
2022/04/05 04:22:37 [error] 6737#6737: *16105 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/conv_check_1630946211_docx/output.docx" failed (13: Permission denied), client: 172.29.60.3, server: , request: "GET /cache/files/conv_check_1630946211_docx/output.docx/check_1630946211.docx?md5=wBVLoBKTVfgfUWJa_gDkfA&expires=1649151458&filename=check_1630946211.docx HTTP/1.1", host: "office"

Just after deleting the settings_error option:

php occ config:app:delete onlyoffice settings_error

The onlyoffice options turn enable in nextcloud, but when I try to open a file I get this error in onlyoffice logs:

2022/04/05 04:56:59 [error] 6737#6737: *18146 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/4192161833/Editor.bin" failed (13: Permission denied), client: XXX.XX.1.1, server: , request: "GET /cache/files/4192161833/Editor.bin/Editor.bin?md5=9fWEuGURrQuNfMWGn7jcFg&expires=1651744764&filename=Editor.bin HTTP/1.1", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/7.0.1-37/web-apps/apps/documenteditor/main/index_loader.html?_dc=7.0.1-37&lang=es&customer=ONLYOFFICE&frameEditorId=iframeEditor&compact=true&parentOrigin=https://cloud.XXX.com.co"

And "Unknown error" window in nextcloud.

This is my docker configuration:

Docker config 
version: '3' 

services:

  nc_db:
    image: mariadb:10.5
    hostname: nc_db
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --max_connections=1000
    env_file: /share/DockerVolumes/cloud/nextcloud-db.env
    networks:
      - containers_b_private 
    deploy:
      restart_policy:
        condition: on-failure
    volumes:
      - /share/DockerVolumes/cloud/nextcloud-db/var/lib/mysql:/var/lib/mysql
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
  
  nc_apps:
    image: nextcloud:23.0.3
    hostname: nextcloud
    env_file: /share/DockerVolumes/cloud/nextcloud-apps.env
    networks:
      - containers_a_public 
      - containers_b_private 
    deploy:
      update_config:
        delay: 10s
      restart_policy:
        condition: on-failure
    ports:
      - XXX.XX.1.3:10106:80
    depends_on:
      - nc_db
    volumes:
      - /share/DockerVolumes/cloud/nextcloud-apps/var/www/html:/var/www/html
      - /share/DockerVolumes/cloud/nextcloud-apps/var/www/html/config:/var/www/html/config
      - /share/DockerVolumes/cloud/nextcloud-apps/var/www/html/custom_apps:/var/www/html/custom_apps
      - /share/CACHEDEV1_DATA/NCData/cloud:/var/www/html/data
      - /share/DockerVolumes/cloud/nextcloud-apps/var/www/html/themes:/var/www/html/themes
      - /etc/localtime:/etc/localtime:ro
      - /share/DockerVolumes/cloud/nextcloud-apps/etc/apache2/mods-enabled/mpm_prefork.conf:/etc/apache2/mods-enabled/mpm_prefork.conf
    restart: unless-stopped

  nc_cron:
    image: nextcloud:23.0.3
    hostname: nc_cron
    deploy:
      update_config:
        delay: 15s
      restart_policy:
        condition: on-failure
    depends_on:
      - nc_apps
    volumes:
      - /share/DockerVolumes/cloud/nextcloud-apps/var/www/html:/var/www/html
      - /share/CACHEDEV1_DATA/NCData/cloud:/var/www/html/data
    user: www-data
    networks:
      - containers_b_private 
    entrypoint: |
      bash -c 'bash -s <<EOF
        trap "break;exit" SIGHUP SIGINT SIGTERM
        while [ ! -f /var/www/html/config/config.php ]; do
          sleep 1
        done
        while true; do
          php -f /var/www/html/cron.php
          sleep 5m
        done
      EOF'

networks:
  containers_a_public :
    external: true
  containers_b_private :
    external: true

I have another NC+Onlyoffice installation in other machine and works fine.

Could you please help?
@julyusito julyusito changed the title Nextcloud and Onlyoffice dockerized Nextcloud and Onlyoffice dockerized forbidden Apr 5, 2022
@ShockwaveNN
Copy link
Contributor

Hi

2022/04/05 04:22:37 [error] 6737#6737: *16105 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/conv_check_1630946211_docx/output.docx" failed (13: Permission denied), client: 172.29.60.3, server: , request: "GET /cache/files/conv_check_1630946211_docx/output.docx/check_1630946211.docx?md5=wBVLoBKTVfgfUWJa_gDkfA&expires=1649151458&filename=check_1630946211.docx HTTP/1.1", host: "office"

This is interesting, looks like some permission on file system do not allow file to be created
Am I right that your system some kind of NAS and not usual Linux desktop-server?

We can start to analyze your problem with ruling out nextcloud from equation
Could you stop your compose
Run simplest docker run -itd -p 80:80 onlyoffice/documentserver
Open http://docserverurl/welcome - enable /example page via commands and check if you can create and edit file using integrated example

@julyusito
Copy link
Author

julyusito commented Apr 6, 2022
edited
Loading

Hi,

Thanks for your quick response, yes you are right It is a Qnap NAS.

From a windows in the same network I got this:
imagen

I enabled the example page and when I hit create a document, got this:
imagen

I bypass the HAProxy address, connecting to the machine that host the onlyoffice docker and same results:
imagen

@julyusito
Copy link
Author

julyusito commented Apr 6, 2022
edited
Loading

And in logs:

==> /var/log/onlyoffice/documentserver/nginx.error.log <== (**access before enable example**)
2022/04/06 15:37:08 [error] 6737#6737: *137708 connect() failed (111: Connection refused) while connecting to upstream, client: XXX.XX.1.1, server: , request: "GET /example/ HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/welcome/"
2022/04/06 15:37:08 [error] 6737#6737: *137708 connect() failed (111: Connection refused) while connecting to upstream, client: XXX.XX.1.1, server: , request: "GET /example/ HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/welcome/"

==> /var/log/onlyoffice/documentserver/nginx.error.log <==
2022/04/06 15:41:59 [error] 6737#6737: *138257 open() "/var/www/onlyoffice/documentserver/sdkjs/common/libfont/wasm/engine.js" failed (2: No such file or directory), client: XXX.XX.1.1, server: , request: "GET /sdkjs/common/libfont/wasm/engine.js HTTP/1.1", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/web-apps/apps/api/documents/cache-scripts.html"
2022/04/06 15:41:59 [error] 6737#6737: *138258 open() "/var/www/onlyoffice/documentserver/sdkjs/common/libfont/wasm/file.js" failed (2: No such file or directory), client: XXX.XX.1.1, server: , request: "GET /sdkjs/common/libfont/wasm/file.js HTTP/1.1", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/web-apps/apps/api/documents/cache-scripts.html"
2022/04/06 15:41:59 [error] 6737#6737: *138259 open() "/var/www/onlyoffice/documentserver/sdkjs/common/libfont/wasm/manager.js" failed (2: No such file or directory), client: XXX.XX.1.1, server: , request: "GET /sdkjs/common/libfont/wasm/manager.js HTTP/1.1", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/web-apps/apps/api/documents/cache-scripts.html"
2022/04/06 15:41:59 [error] 6737#6737: *138274 open() "/var/www/onlyoffice/documentserver/sdkjs/common/libfont/wasm/engine.js" failed (2: No such file or directory), client: XXX.XX.1.1, server: , request: "GET /sdkjs/common/libfont/wasm/engine.js HTTP/1.1", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/web-apps/apps/api/documents/cache-scripts.html"
2022/04/06 15:41:59 [error] 6737#6737: *138275 open() "/var/www/onlyoffice/documentserver/sdkjs/common/libfont/wasm/file.js" failed (2: No such file or directory), client: XXX.XX.1.1, server: , request: "GET /sdkjs/common/libfont/wasm/file.js HTTP/1.1", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/web-apps/apps/api/documents/cache-scripts.html"
2022/04/06 15:41:59 [error] 6737#6737: *138276 open() "/var/www/onlyoffice/documentserver/sdkjs/common/libfont/wasm/manager.js" failed (2: No such file or directory), client: XXX.XX.1.1, server: , request: "GET /sdkjs/common/libfont/wasm/manager.js HTTP/1.1", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/web-apps/apps/api/documents/cache-scripts.html"
2022/04/06 15:41:59 [error] 6737#6737: *138277 open() "/var/www/onlyoffice/documentserver/sdkjs/common/libfont/wasm/manager.js" failed (2: No such file or directory), client: XXX.XX.1.1, server: , request: "GET /sdkjs/common/libfont/wasm/manager.js HTTP/1.1", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/web-apps/apps/api/documents/cache-scripts.html"
2022/04/06 15:41:59 [error] 6737#6737: *138279 open() "/var/www/onlyoffice/documentserver/sdkjs/common/libfont/wasm/engine.js" failed (2: No such file or directory), client: XXX.XX.1.1, server: , request: "GET /sdkjs/common/libfont/wasm/engine.js HTTP/1.1", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/web-apps/apps/api/documents/cache-scripts.html"
2022/04/06 15:41:59 [error] 6737#6737: *138280 open() "/var/www/onlyoffice/documentserver/sdkjs/common/libfont/wasm/file.js" failed (2: No such file or directory), client: XXX.XX.1.1, server: , request: "GET /sdkjs/common/libfont/wasm/file.js HTTP/1.1", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/web-apps/apps/api/documents/cache-scripts.html"
2022/04/06 15:42:15 [error] 6737#6737: *138369 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/XXX.XX.1.19__XXX.XX.1.1https___documentserver.XXX.com.co_example_files_XXX.XX.1.19__XXX.XX.1.1_Documento.docx1649277718072/Editor.bin" failed (13: Permission denied), client: XXX.XX.1.1, server: , request: "GET /cache/files/XXX.XX.1.19__XXX.XX.1.1https___documentserver.XXX.com.co_example_files_XXX.XX.1.19__XXX.XX.1.1_Documento.docx1649277718072/Editor.bin/Editor.bin?md5=HKRSvIzzJA4Q8bE9acFm-w&expires=1651869880&filename=Editor.bin HTTP/1.1", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/7.0.1-37/web-apps/apps/documenteditor/main/index.html?_dc=7.0.1-37&lang=en&customer=ONLYOFFICE&frameEditorId=iframeEditor&mode=view&parentOrigin=https://documentserver.XXX.com.co"
2022/04/06 15:47:13 [error] 6737#6737: *138716 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/XXX.XX.1.19http___XXX.XX.1.3_10108_example_files_XXX.XX.1.19_new.docx1649278031802/Editor.bin" failed (13: Permission denied), client: XXX.XX.1.19, server: , request: "GET /cache/files/XXX.XX.1.19http___XXX.XX.1.3_10108_example_files_XXX.XX.1.19_new.docx1649278031802/Editor.bin/Editor.bin?md5=tYoNLrfg3gR0TVHR0JMe1A&expires=1651870178&filename=Editor.bin HTTP/1.1", host: "XXX.XX.1.3:10108", referrer: "http://XXX.XX.1.3:10108/7.0.1-37/web-apps/apps/documenteditor/main/index.html?_dc=7.0.1-37&lang=en&customer=ONLYOFFICE&frameEditorId=iframeEditor&parentOrigin=http://XXX.XX.1.3:10108"

There is no engine.js, file.js o manager.js

ds@office:/$ ls -l /var/www/onlyoffice/documentserver/sdkjs/common/libfont/wasm/
total 600
-r--r--r-- 1 ds ds  30717 Feb 18 11:28 fonts.js
-r--r--r-- 1 ds ds  10859 Feb 18 11:28 fonts.js.gz
-r--r--r-- 1 ds ds 567584 Feb 18 11:28 fonts.wasm

ds@office:/$ ls -l /var/lib/onlyoffice/documentserver/App_Data/cache/files/
total 304
drwxr-xr-x+ 3 ds ds 4096 Apr  5 16:36 1627701828
drwxr-xr-x+ 2 ds ds 4096 Apr  6 15:42 XXX.XX.1.19__XXX.XX.1.1https___documentserver.XXX.com.co_example_files_XXX.XX.1.19__XXX.XX.1.1_Documento.docx1649277718072
drwxr-xr-x+ 2 ds ds 4096 Apr  6 15:41 XXX.XX.1.19__XXX.XX.1.1https___documentserver.XXX.com.co_example_files_XXX.XX.1.19__XXX.XX.1.1_new.docx1649277677313
drwxr-xr-x+ 2 ds ds 4096 Apr  6 15:47 XXX.XX.1.19http___XXX.XX.1.3_10108_example_files_XXX.XX.1.19_new.docx1649278031802

ds@office:/var/lib/onlyoffice/documentserver/App_Data/cache/files/XXX.XX.1.19http___XXX.XX.1.3_10108_example_files_XXX.XX.1.19_new.docx1649278031802$ ls -l
total 12
-rw-r--r--+ 1 ds ds 4320 Apr  6 15:47 Editor.bin

@ShockwaveNN
Copy link
Contributor

You can safetly ignore all errors about /wasm/ files error - we already got an issue about this, but errors are harmless, so just ignore them

2022/04/06 15:42:15 [error] 6737#6737: *138369 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/XXX.XX.1.19__XXX.XX.1.1https___documentserver.XXX.com.co_example_files_XXX.XX.1.19__XXX.XX.1.1_Documento.docx1649277718072/Editor.bin" failed (13: Permission denied), client: XXX.XX.1.1, server: , request: "GET /cache/files/XXX.XX.1.19__XXX.XX.1.1https___documentserver.XXX.com.co_example_files_XXX.XX.1.19__XXX.XX.1.1_Documento.docx1649277718072/Editor.bin/Editor.bin?md5=HKRSvIzzJA4Q8bE9acFm-w&expires=1651869880&filename=Editor.bin HTTP/1.1", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/7.0.1-37/web-apps/apps/documenteditor/main/index.html?_dc=7.0.1-37&lang=en&customer=ONLYOFFICE&frameEditorId=iframeEditor&mode=view&parentOrigin=https://documentserver.XXX.com.co"

This error is interesting, I think it's the reason of open document failure - for some reason permissions for subfolder is not allowing creating of temp files
Do you use volume to mount this folder? I heard before that sometimes NASes just mount all volumes by default and we got this subflder as VOLUME

Maybe temproraly make chmod 777 -R /var/lib - I know this is a very dirty solution, but I really think this problem is somehow related to your NAS only and we have no access to this system to check it out by ourselfs

@julyusito
Copy link
Author

julyusito commented Apr 7, 2022
edited
Loading

Hi,

Permissions 
root@office:/var/lib# ls -l
total 208
drwxrwxrwx  1 root     root     4096 Feb 18 11:48 apt
drwxrwxrwx  1 root     root     4096 Feb 13 19:58 dbus
drwxrwxrwx  1 root     root     4096 Feb 18 11:50 dpkg
drwxrwxrwx  1 root     root     4096 Feb 13 19:57 gconf
drwxrwxrwx  1 root     root     4096 Jan 21  2019 logrotate
drwxrwxrwx  1 root     root     4096 Apr 15  2020 misc
drwxrwxrwx  1 root     root     4096 Feb 13 20:00 msttcorefonts
drwxrwxrwx  1 root     root     4096 Feb 13 19:58 nginx
drwxrwxrwx+ 4 ds       ds       4096 Apr  7 14:17 onlyoffice
drwxrwxrwx  1 root     root     4096 Sep 23  2020 PackageKit
drwxrwxrwx  1 root     root     4096 Feb 13 19:58 pam
drwxrwxrwx  1 root     root     4096 Feb 13 19:57 polkit-1
drwxrwxrwx+ 3 postgres postgres 4096 Apr  7 14:17 postgresql
drwxrwxrwx  1 root     root     4096 Feb 13 19:57 private
drwxrwxrwx  1 root     root     4096 Feb 13 19:57 python
drwxrwxrwx  3 rabbitmq rabbitmq 4096 Apr  7 14:17 rabbitmq
drwxrwxrwx  2 redis    redis    4096 Feb 13 19:58 redis
drwxrwxrwx  1 root     root     4096 Feb 13 19:57 sudo
drwxrwxrwx  1 root     root     4096 Feb 13 19:57 systemd
drwxrwxrwx  1 root     root     4096 Jan 20 16:02 ubuntu-advantage
drwxrwxrwx  1 root     root     4096 Aug  3  2021 ubuntu-release-upgrader
drwxrwxrwx  1 root     root     4096 Feb 13 19:58 ucf
drwxrwxrwx  1 root     root     4096 Jul 21  2020 unattended-upgrades
drwxrwxrwx  1 root     root     4096 Jan 14 13:28 update-manager
drwxrwxrwx  1 root     root     4096 Feb 18 11:50 update-notifier
drwxrwxrwx  1 root     root     4096 Feb 13 19:58 xfonts
drwxrwxrwx  1 root     root     4096 Feb 13 19:58 xkb

Same results:

==> /var/log/onlyoffice/documentserver/nginx.error.log <==
2022/04/07 14:52:34 [error] 6644#6644: *1445 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/XX.XX.1.19http___XX.XX.1.3_10108_example_files_XX.XX.1.19_new_20_1_.pptx1649361152384/Editor.bin" failed (13: Permission denied), client: XX.XX.1.19, server: , request: "GET /cache/files/XX.XX.1.19http___XX.XX.1.3_10108_example_files_XX.XX.1.19_new_20_1_.pptx1649361152384/Editor.bin/Editor.bin?md5=j6mu2facAfBi4MMh66dXVg&expires=1651953298&filename=Editor.bin HTTP/1.1", host: "XX.XX.1.3:10108", referrer: "http://XX.XX.1.3:10108/7.0.1-37/web-apps/apps/presentationeditor/main/index.html?_dc=7.0.1-37&lang=en&customer=ONLYOFFICE&frameEditorId=iframeEditor&parentOrigin=http://XX.XX.1.3:10108"

Sorry, I did not publish my docker configuration for onlyoffice.

Docker configuration for onlyoffice 
  office:
    hostname: office
    image: onlyoffice/documentserver:7.0.1.37
    env_file: /share/DockerVolumes/utils/office.env
    networks:
      - containers_a_public
    deploy:
      update_config:
        delay: 15s
      restart_policy:
        condition: on-failure
    ports:
      - XXX.XX.1.3:10108:80
    volumes:
      - /share/DockerVolumes/utils/office/var/lib/onlyoffice:/var/lib/onlyoffice:rw
      - /share/DockerVolumes/utils/office/var/www/onlyoffice/Data:/var/www/onlyoffice/Data 
      - /share/DockerVolumes/utils/office/var/log/onlyoffice:/var/log/onlyoffice  
      - /share/DockerVolumes/utils/office/var/lib/postgresql:/var/lib/postgresql
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped

Evironment file:

/share/DockerVolumes/utils] # cat office.env 
JWT_ENABLED=true
JWT_SECRET=**REPLACED**
REDIS_SERVER_HOST=cache
REDIS_SERVER_PORT=6379
USE_UNAUTHORIZED_STORAGE=true
TZ=America/Bogota
docker version 
Client:
 Version:           20.10.11-qnap3
 API version:       1.41
 Go version:        go1.16.9
 Git commit:        90a753c
 Built:             Mon Mar 14 01:56:49 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.11-qnap3
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.10
  Git commit:       9070fa8
  Built:            Fri Mar 11 10:53:00 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.4.12
  GitCommit:        7b11cfaabd73bb80907dd23182b9347b4245eb5d
 runc:
  Version:          1.0.2
  GitCommit:        v1.0.2-0-g52b36a2d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

@julyusito
Copy link
Author

Yes you are right. It works!!!!

I changed my docker configuration volumes for onlyoffice and It works.

    volumes:
      - /share/DockerVolumes/utils/office/var/www/onlyoffice/Data:/var/www/onlyoffice/Data 
      - /share/DockerVolumes/utils/office/var/log/onlyoffice:/var/log/onlyoffice  
#      - /share/DockerVolumes/utils/office/var/lib/postgresql:/var/lib/postgresql
#      - /share/DockerVolumes/utils/office/var/lib/onlyoffice:/var/lib/onlyoffice:rw
      - /etc/localtime:/etc/localtime:ro

I think there is no problem to persist that volume because is just for view documents.
I really apreciate your effort. Thank you very much.

@ShockwaveNN
Copy link
Contributor

In case your problem is solved I'll close this issue (and move it to Docker-DocumentServer repo since problem seems for Docker configuration and I think somehow is only for your NAS (have little experience with them)

@ShockwaveNN ShockwaveNN transferred this issue from ONLYOFFICE/DocumentServer Apr 8, 2022
@ShockwaveNN ShockwaveNN changed the title Nextcloud and Onlyoffice dockerized forbidden (13: Permission denied) while running docker on NAS Apr 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ShockwaveNN @julyusito