smb support unavailable even from "full" image #1638
Comments
|
For now you need to access your containers command line, run |
|
I suppose I could place the commands inside the Docker file, before building. |
True |
|
As a personal comment, I have moved toward an alternative deployment solution, at least for now. However, if the problem is as simple as the Aptitude package missing from the original build, then it would seem trivial to fix, in case someone has the wish to try it and to test, and then to submit a pull request. |
|
Which I tested and it works. It may just be from a standpoint of security
to not have it installed from the get-go.
…On Wed, Jan 19, 2022, 16:06 brainchild0 ***@***.***> wrote:
As a personal comment, I have moved toward an alternative deployment
solution, at least for now.
However, if the problem is as simple as the Aptitude package missing from
the original build, then it would seem trivial to fix, in case someone has
the wish to try it and to test, and then to submit a pull request.
—
Reply to this email directly, view it on GitHub
<#1638 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AD57J6UC5QLRT2J5T6HH3N3UW47XNANCNFSM5INGAIMQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
What is the security concern? |
|
I am by no means an expert, but my understanding is that when you install more packages, the more you have potential for areas where someone can hack in.
|
|
The documented behavior requires inclusion of the package. I don't imagine any security concern that would offset this benefit. |
|
Right but only if you need SMB capability. The stock docker image and regular install of nextloud does not automatically install SMB capability. So even on a fresh linux install you would still have to install smbclient package manually since it is more of an add-on. If this was a standard feature I could see it being included as a dependency package but it's not. Though another solution especially for those that are new, would be to have a separate docker-compose.yml file that points to a different Dockerfile that would include this. The only problem there would be that if the do that for this option, why not create more for other options.
|
Such is the current situation for this repository. Please review the documentation referenced in my original comments for this topic, and consider browsing the directories referenced in the target document. |
My understanding is that it is optional as an add-on. I am going to see if I can take this on as a side project. The only problem is that I only know ubuntu so even though I can do a pull request and fork it, I would only be able to try this with similar systems for the Dockerfile. If someone uses something I am not familiar with, it may be out of my capabilities. |
|
Would very much like to see smb support in a "full" image; it seems entirely reasonable for a "full" image to include all the dependencies for all the features so that the container is ready to go. I hate having to drop into a shell and do manual stuff every time I pull the latest image to keep up with my security patches. |
You understand Samba support being "optional" with respect to what context? Please read the documentation. With respect to the broader Nextcloud project, Samba support may be optional, but with respect to the Full image, functionality is documented as a superset of the Samba image, which is documented to support Samba client access.
Docker containers have full isolation from any system details that vary by distribution. Any image targeting Linux for some processor architecture behaves entirely consistently irrespective of distribution. |
Please do the same. If you navigate within the source files documentation, it points to the examples containing the full image. one such example is listed in the following path. .examples/dockerfiles/full/apache/Dockerfile , when you examine the file, it clearly lists installing smbclient on line 10. In the documentation you posted to, it states "full Dockerfile example." Which when you look in .examples/dockerfiles/full/apache/Dockerfile it has the smbclient portion listed. You would then copy that Dockerfile and it would have the full install to include smbclient. If you go to .examples/dockerfiles/full and choose which one you need you should be fine. |
|
@foxhoundv: The observation I documented is that the Nextcloud instance deployed from the Full image fails to establish connections with a Samba service, despite being documented as including such support. |
|
@brainchild0 Please bear with me in all this, I really want to help if I can. So to make sure I understand you correctly, you took the Full Dockerfile example and used that to create your instance, and the Samba service didn't work? |
|
@foxhoundv: Yes. |
|
@brainchild0 Ok. I am going to try and spin one up and see what I get. Which version did you use: fpm-alpine, fp, or apache? |
|
@foxhoundv: I included the exact steps in the original comments. |
|
@brainchild0 What options / compose file did you use to run the container? |
|
@foxhoundv: I don't have a reproducible record of the procedure for provisioning the container from the image. I copied the image captured in the tarball to the target device, a Synology DiskStation running DSM, and launched the container. I used no Compose file (which is not supported by DSM), but did separately provision a MariaDB container and configure it against the Nextcloud image with container linking. I used specific environment settings to ensure that the proxy inside the container exposed the domain correctly and forwarded through the right secure versus insecure protocols. These steps worked the same for all Apache-based variations, and I would not expect them to affect Samba client access. |
|
@brainchild0 Ok, to replicate this I am going to use the docker-compose file located here, I am going to change some ports and see what comes up. |
|
@foxhoundv: It seems close enough to my environment that I hope you would be able to replicate the problem. |
|
@brainchild0 Okay, so what I have done is:
|
|
@foxhoundv: Based on your description of the method, I would have expected that you would discover the same problems as in my attempts. I am unable to find any particular reason for the difference, as the essential core of the test was similar enough to my deployment. The best ideas I have at the moment are a problem with the packages that were downloaded when I generated my image, which has since resolved from newer versions populating the repositories, or some peculiar quirk of my environment, which is an embedded target not a vanilla server. It would be helpful for me to try again from scratch, but as this path is no longer a personal priority, and as the work is quite tedious to deploy on the target environment, having only a primitive and cumbersome user interface, and no support for Compose, I may not actually get to it any time soon. |
|
just some suggestion, try build with |
|
This is ridiculous. |
|
You're not "supposed to install" anything "inside the image. The text you quoted is from a generic message generated by the software running inside the container, which is not specifically aware that it is in fact inside a container. |
The container is running on the nextcloud image, as per my docker-compose.yml file app:
image: <%=$docker_registry%>/nextcloudSo if I want to install "smbclient" which is required for "local" storage, then I need to somehow include something like "RUN apt install smbclient" in the nextcloud dockerfile, no? Which I guess means I have to make my own Dockerfile a la FROM nextcloud
RUN apt install smbclient
# A lot of other stuff, like remaking the entrypoint. I don't know enough about Docker to know what would be neededThen I'd also need to make a CI pipeline that builds this image from the Dockerfile and uploads it to our Docker registry, so the docker-compose.yml file can use that image which now has "smbclient". And set up a scheduler so that image gets frequently rebuilt with new updates from nextcloud. That is just a lot to me. For just one package, which seems to be absolutely necessary for a very important functionality like external storage. Is there a "Full" nextcloud image somewhere I can use which has this smbclient package? |
|
@foxhoundv has used the image without finding the same problem. Have you actually deployed the image yet? |
Yeah, I have it running. Shows that warning.
Yeah, my request is for the |
afaik for smb it also need the php module, only install the smbclient wont do. |
|
@maltewhiite If you are doing a build from docker build https://github.com/nextcloud/docker.git#:.examples/dockerfiles/full/apache, it will pull from that Dockerfile. It then will run smbclient on line 10 as you can see below.
|
yah true if it |
Correct, however when @maltewhiite was informed of the procedure I used, the reference was to the @maltewhiite Can you confirm that you did use the |
referencing this #1638 (comment) i think he/she go |
In the comment referenced, at the bottom, @maltewhiite asked...
to which @brainchild0 responded...
to which @maltewhiite responded...
|
|
@maltewhiite If you would like help going through the process I described in my referenced process, I would be more than happy to help. To also clarify any misunderstanding, yes the full Dockerfile has smbclient included. For anyone else interested in this thread, there is a Nextcloud All-In-One in the works that has smbclient included as well as a bunch of other goodies. Great for SMB's. Check it out as it may be a good alternative and fit. |
|
Thank you for taking the time ❤️ Much appreciated. Sorry for my rude tone, I was quite tilted at the time. @foxhoundv asked:
I don't think so. I followed the examples. How does one use the I am still relatively new to Docker. This is my first time trying compose. It is also my first time doing anything with NextCloud. We are in the process of migrating a very very old nextcloud instance that is no longer under "Infrastructure as Code" control. My team has considered deciding to drop using external storage, since it seemed too difficult. We consider just telling the users that they must migrate their own data. Not ideal, but.... At least we'd not have old data that no one uses from people who are no longer hired. Also, the storage type is "Local". On the old host, we had a datastorage mount. We just used that for datadir and then used external storage with "local". We were thinking of just mounting this disk from our DS into the new nextcloud docker host, and then bind mounting that into the container, and then using external storage to access it and set LDAP group restrictions. This might be totally over-engineered and dumb. Let me know if it is. version: '3'
volumes:
nextcloud:
db:
apps:
config:
data:
services:
db:
image: <%=$docker_registry%>/mariadb:10.5
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- db:/var/lib/mysql:z
environment:
- MYSQL_ROOT_PASSWORD=<%=$mysql_root_password%>
- MYSQL_PASSWORD=<%=$mysql_password%>
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
redis:
image: <%=$docker_registry%>/redis:alpine
restart: always
app:
image: <%=$docker_registry%>/nextcloud
restart: always
ports:
- <%=$ip%>:<%=$nextcloud_port%>:80
links:
- db
volumes:
# Main folder, needed for updating
- nextcloud:/var/www/html:z
# installed / modified apps
- apps:/var/www/html/custom_apps:z
# local configuration
- config:/var/www/html/config:z
# the actual data of Nextcloud
- data:/var/www/html/data:z
# Certificates
- /etc/pki/ca-trust/source/anchors/ca.crt:/etc/ssl/certs/ca.pem:z
- /etc/pki/ca-trust/source/anchors/ca.crt:/etc/ssl/certs/ca-certificates.crt:z
environment:
- MYSQL_PASSWORD=<%=$mysql_password%>
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db
- REDIS_HOST=redis
depends_on:
- db
- redis
cron:
image: <%=$docker_registry%>/nextcloud:apache
restart: always
volumes:
- nextcloud:/var/www/html:z
- apps:/var/www/html/custom_apps:z
- config:/var/www/html/config:z
- data:/var/www/html/data:z
entrypoint: /cron.sh
depends_on:
- db
- redis
environment:
- REDIS_HOST=redisI attached a screenshot of our nextcloud running the above docker-compose here: (I censored the names, since they're classified) Quite strange that one mount is green. The red ones provide no error message if I press the red error icon. It only says "Click to recheck the configuration" so I have no idea what is wrong. I assume the problem is the error message
We are in an airgapped environment, so it would be quite a hassle to make our own image. That would involve getting the package through several artifactories via DMZ etc. And then making our own Dockerfile and then pushing it to our docker registry via a CI pipeline. And then schedule that regularly so we get frequent security updates. And security scanning the container as a job in the CI. That is just a lot of work, for one little extra "smbclient" package. |
|
if you already use docker compose, it made things easier. and add a build to your compose |
|
@martadinata666 Correct me if I am wrong... but won't this then pull an image AND build an image? Seems a little bit much to do since you only need one image to create the container from. In my example I built the image from the linked url Dockerfile, and pointed the docker-compose.yml to the one built. |
|
@maltewhiite If your pulling an image from your own registry, why not rebuild that registry's image for nextcloud using the |
|
@foxhoundv well, via the compose it build image from Dockerfile and tag with <%=$docker_registry%>/nextcloud |
Okay, thank you for that information. I just hope it still has certain setup features that may be needed. Seeing how the image maltewhiite might be using may be customized already. I am assuming this because we aren't shown the registry. |
It it just a mirror of docker hub basically. |
|
@maltewhiite Did you get it figured out? |
|
@foxhoundv Thanks for the follow-up, but no. We simply decided to not use the external storage feature. |
|
@maltewhiite Hey, I know this post is getting kind of stale however I do want to leave a follow-up in regards to this. There is an image that is fairly new (started in 01-13-22 with v0.1.0). I started using it about the end of May but was having issues with certain setup options which we got resolved. I have since had no issues and it has been running wonderfully since the end of June. It is called Nextcloud AIO. They are currently on v1.7.0. Not only can you easily setup this instance but it does setup for several other features:
And has smbclient already included and runs smoothly. I highly recommend this, at least check it out as a viable option. |
|
@foxhoundv woah that looks awesome. Thanks for making me aware. I'll make a note of it in our internal nextcloud docs |
|
I can confirm uploading files to a SMB-share works again since v26.0.2 |
|
Ones, who don't want to use AIO, are welcomed to try our image. Thanks for the great product, BTW. |
joshtrichards
added
the
needs review
|
It seems there are two situations arising here:
|
|
@brainchild0 I believe the reason you didn't get what you expected, but @foxhoundv did is because you did this: That build command would have created an untagged image. You'd either have to tag it or refer to it by image id. Your second command just saved the Whereas @foxhoundv tagged their image:
If you'd wanted to save the one you just built, you'd either tag it using In any case, this is WAY outside the scope of what we should be discussing here. Since this isn't a bug in the image or examples, I'm going to close this out. Follow-up that is general Docker discussion or troubleshooting (i.e. anything that isn't a likely bug in the image), should be moved to the Help Forum: https://help.nextcloud.com |
I am seeking to launch a Docker container on an embedded target, in particular a NAS, with inclusion of an SMB/CIFS client, for external storage.
I am new to Docker, but have done my best to find appropriate background resources to resolve a path for provisioning the container. Among these resources is the examples documentation.
My approach has been the following steps:
nextcloud-full-apache.tar, into the target system.Unfortunately, after establishing the Nextcloud instance on the target system, the following message is shown in the External storage page:
This message is the same as had appeared when running from the image distributed through the Docker hub.
The expectation had been that the image built from the repository, described as a "full" image, would contain the SMB client components.
Perhaps I am misunderstanding some essential attribute of the Docker workflow. In any case, I am grateful for any support available, and I would try to assist providing any further details that may help resolve whether my observations reflect any issues in the repository for the Nextcloud Docker image.
The text was updated successfully, but these errors were encountered: