grocy / grocy-docker Goto Github PK
View Code? Open in Web Editor NEWERP beyond your fridge - now containerized - this is the docker repo of https://github.com/grocy/grocy
License: MIT License
ERP beyond your fridge - now containerized - this is the docker repo of https://github.com/grocy/grocy
License: MIT License
Hello,
I'm trying to set up grocy (docker-compose way) with Traefik to handle a subdomain (grocy.xxxx.xx) .
I can start grocy but I get a 404 on all the resources , the main html file is fine though and I see an ugly html , links are working and login as well.
I'm sure I missed a stupid config somewhere but can't figure out where :x
When building the container, the build finishes with exit code 1.
[email protected]:/opt/grocy# docker-compose up -d
Building grocy
Step 1/9 : FROM php:7.2-fpm-alpine
---> 0f897e5d1001
Step 2/9 : MAINTAINER Talmai Oliveira <[email protected]>
---> Using cache
---> f180d5e29618
Step 3/9 : ENV REFRESHED_AT 2019-1-16
---> Using cache
---> ba26624d67ec
Step 4/9 : ENV GROCY_VERSION 1.24.1
---> Using cache
---> 7845e76c8e55
Step 5/9 : RUN apk update && apk upgrade && apk add --update yarn git wget && mkdir -p /www && sed -i "s|;*daemonize\s*=\s*yes|daemonize = no|g" /usr/local/etc/php-fpm.conf && sed -i "s|;*listen\s*=\s*127.0.0.1:9000|listen = 9000|g" /usr/local/etc/php-fpm.conf && sed -i "s|;*listen\s*=\s*/||g" /usr/local/etc/php-fpm.conf && sed -i "s|;*chdir\s*=\s*/var/www|chdir = /www|g" /usr/local/etc/php-fpm.d/www.conf && wget https://raw.githubusercontent.com/composer/getcomposer.org/1b137f8bf6db3e79a38a5bc45324414a6b1f9df2/web/installer -O - -q | php -- --quiet && mkdir -p /tmp/download && cd /tmp/download && wget -t 3 -T 30 -nv -O "grocy.zip" "https://github.com/grocy/grocy/archive/v${GROCY_VERSION}.zip" && unzip grocy.zip && rm -f grocy.zip && cd grocy-${GROCY_VERSION} && mv public /www/public && mv controllers /www/controllers && mv data /www/data && mv helpers /www/helpers && mv localization/ /www/localization && mv middleware/ /www/middleware && mv migrations/ /www/migrations && mv publication_assets/ /www/publication_assets && mv services/ /www/services && mv views/ /www/views && mv .yarnrc /www/ && mv *.php /www/ && mv *.json /www/ && mv composer.* /root/.composer/ && mv *yarn* /www/ && mv *.sh /www/ && rm -rf /tmp/download && rm -rf /var/cache/apk/*
---> Running in 1b4055a92bde
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz
v3.9.0-105-ge0f24cceea [http://dl-cdn.alpinelinux.org/alpine/v3.9/main]
v3.9.0-90-gf0b6b9da2f [http://dl-cdn.alpinelinux.org/alpine/v3.9/community]
OK: 9758 distinct packages available
(1/2) Upgrading libcurl (7.63.0-r0 -> 7.64.0-r1)
(2/2) Upgrading curl (7.63.0-r0 -> 7.64.0-r1)
Executing busybox-1.29.3-r10.trigger
OK: 18 MiB in 32 packages
(1/11) Installing expat (2.2.6-r0)
(2/11) Installing pcre2 (10.32-r1)
(3/11) Installing git (2.20.1-r0)
(4/11) Installing wget (1.20.1-r0)
(5/11) Installing c-ares (1.15.0-r0)
(6/11) Installing libgcc (8.2.0-r2)
(7/11) Installing http-parser (2.8.1-r0)
(8/11) Installing libstdc++ (8.2.0-r2)
(9/11) Installing libuv (1.23.2-r0)
(10/11) Installing nodejs (10.14.2-r0)
(11/11) Installing yarn (1.12.3-r0)
Executing busybox-1.29.3-r10.trigger
OK: 61 MiB in 43 packages
SHA384 is not supported by your openssl extension, could not verify the phar file integrity
ERROR: Service 'grocy' failed to build: The command '/bin/sh -c apk update && apk upgrade && apk add --update yarn git wget && mkdir -p /www && sed -i "s|;*daemonize\s*=\s*yes|daemonize = no|g" /usr/local/etc/php-fpm.conf && sed -i "s|;*listen\s*=\s*127.0.0.1:9000|listen = 9000|g" /usr/local/etc/php-fpm.conf && sed -i "s|;*listen\s*=\s*/||g" /usr/local/etc/php-fpm.conf && sed -i "s|;*chdir\s*=\s*/var/www|chdir = /www|g" /usr/local/etc/php-fpm.d/www.conf && wget https://raw.githubusercontent.com/composer/getcomposer.org/1b137f8bf6db3e79a38a5bc45324414a6b1f9df2/web/installer -O - -q | php -- --quiet && mkdir -p /tmp/download && cd /tmp/download && wget -t 3 -T 30 -nv -O "grocy.zip" "https://github.com/grocy/grocy/archive/v${GROCY_VERSION}.zip" && unzip grocy.zip && rm -f grocy.zip && cd grocy-${GROCY_VERSION} && mv public /www/public && mv controllers /www/controllers && mv data /www/data && mv helpers /www/helpers && mv localization/ /www/localization && mv middleware/ /www/middleware && mv migrations/ /www/migrations && mv publication_assets/ /www/publication_assets && mv services/ /www/services && mv views/ /www/views && mv .yarnrc /www/ && mv *.php /www/ && mv *.json /www/ && mv composer.* /root/.composer/ && mv *yarn* /www/ && mv *.sh /www/ && rm -rf /tmp/download && rm -rf /var/cache/apk/*' returned a non-zero code: 1
The exact error message is:
SHA384 is not supported by your openssl extension, could not verify the phar file integrity
See also composer/composer#7669
We'd save some build-time compilation time & steps by using the pre-built php7-gd binary package from the Alpine Linux upstream package repository.
This isn't compatible as-is with the php:7.2-fpm-alpine Docker image's php
environment, so some further investigation would be required.
HI there,
Thanks for the project, it's really nice.
I have a question when will we be able to use the French language ?
Thanks.
This issue has come up a couple of other times - grocy/grocy#96 and grocy-docker grocy/grocy#34. In those issues, Bernd has pointed out that they're only warnings, but this is a more serious issue, from both a usability and a security standpoint. Unauthenticated users are not redirected to /login
for 4 of the 9 possible values of the ENTRY_PAGE
setting, including the shipped default, stock
.
When you spin up a brand new grocy-docker image, it is in default/production
mode because of the null GROCY_MODE
environment variable in the then-shipped grocy.env
. (All of the behavior documented below is the same if it's explicitly set to production
as well.) If you spin it up and go to http://localhost, you are redirected to http://localhost/stockoverview, as 'stock'
is the default value for ENTRY_PAGE
in the config.php
that get's copied from config-dist.php
. You get the "warning" about "undefined constant GROCY_USER_ID
" because you're not logged in, and so GROCY_USER_ID
hasn't been set! What should happen is that the user is redirected to http://localhost/login so that they can, well, log in.
I tested all of the possible values for ENTRY_PAGE
by setting GROCY_ENTRY_PAGE
in grocy.env
.
The following values do not redirect the unauth'd user and show a partially rendered page with the "undefined constant GROCY_USER_ID
" warning:
The following values work as expected โ an unauthenticated user hitting the base URL is redirected to /login:
What's interesting is that stock
, chores
, and batteries
all correspond to an "overview" path, ie, the resulting URL is /stockoverview
, /choresoverview
, etc. tasks
just sends the user to /tasks
, but still doesn't redirect them to /login
.
I tested a few other/deeper URLs as an unauth'd user, and all those I tested redirected to /login, but it wasn't a comprehensive test:
I want to disable some features. As you described this is possible with setting the environment variables. This is the relevant part from my docker-compose.yml file:
environment:
PHP_MEMORY_LIMIT: 512M
MAX_UPLOAD: 50M
PHP_MAX_FILE_UPLOAD: 200
PHP_MAX_POST: 100M
GROCY_CULTURE: de
GROCY_FEATURE_FLAG_RECIPES: false
GROCY_FEATURE_FLAG_TASKS: false
This config doesn't work and Docker Compose throws the following error:
The variables GROCY_FEATURE_FLAG_RECIPES
and GROCY_FEATURE_FLAG_TASKS
can't be a boolean and must be a string. If I set the variables with 'true'
docker composer start without the error. But the true string won't be parsed in the app correctly.
Do you have an idea to disable features with the docker environment variables?
It shouldn't be necessary for packaged container images to contain the composer
dependency from Alpine Linux.
It's required at build-time to install application dependencies, but should be removed before the application begins.
Strangely the application currently encounters an exception in the lessql PHP vendor dependency if composer
is removed via apk del composer
before runtime.
A potential fix / workaround for the issue - with some more context - is available in morris/lessql#55
This is my first time self-hosting grocy. I used Docker's Synology app to download the grocy image and create a container, then configured the volume and network settings as instructed. When I try to connect to grocy, I get an error saying the connection was refused. I have never used Docker before, but online it seems this is a configuration issue with Docker that I don't even think the Synology app gives me enough control to fix.
$ docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
744fa94507e9 grocy/grocy:v2.7.1-4 "php-fpm7" About an hour ago Up 4 seconds 0.0.0.0:9000->9000/tcp, 0.0.0.0:8001->80/tcp grocy
@talmai It'd be good to ensure that people find images containing the recent grocy application security fixes when they search for the term 'grocy'.
Do you have any preferences for how we could do this?
Unfortunately it looks like it's not currently possible to rename Docker repositories (as per the Docker Hub docs).
Given that we (should?) have all of the code history in this repository, I'd be tempted to suggest we delete the grocy/grocy-docker
repository, after taking backups of any images that we want to keep for later re-upload elsewhere.
with the current docker hub setup the one repository is being overused. there should be two different repositories for grocy and the custom nginx image.
the setup could look like this:
grocy/grocy
grocy/nginx
this way one can also use the latest tag for the two images
here an example for the separation: docker-compose | docker hub
grocy
version tag is used consistently (i.e. in Makefile
, docker-compose
, package.json
, ...)
package-lock.json
automatically?latest
image on Docker Hub?It may be possible to perform some of these checks by using git
pre-commit / pre-push scripts.
We currently build amd64
images for grocy-docker
. It'd be worth building multi-architecture images. This might raise questions about the OS images and libraries we're using, since it's possible that some of them contain architecture-specific compiled code.
I get these errors when trying to download the images:
$ docker pull grocy/grocy
Using default tag: latest
Error response from daemon: manifest for grocy/grocy:latest not found: manifest unknown: manifest unknown
The error says that manifest was not found for grocy/grocy:latest
Hi
Thanks for your work ๐
For my needs I modified your Grocy docker file and docker-compose :
It is running the latest commit from Grocy in demo mode. (Travis testing :) )
Can I do a PR ? But not on master branch because it's for people who want to test.
Kind regards (and sorry for my English)
First and foremost, thank you all for creating this great piece of software. I thoroughly enjoy it and find it very useful.
I suppose the title of this suggests my problem. I am wanting to work on a pull request to use an environment variable to sed out the BASE_URL in config.php in the container so I can configure the BASE_URL before ever provisioning the container.
I'm running a docker of Grocy (specifically this one, but I've tried this one as well with the same issue) and I get a 502 error whenever I attempt to add or edit the types of quantities on the site. Adding or editing other types of things (locations, stores, products, etc) works perfectly fine, I'm only having trouble with quantities.
I used the default docker-file and docker-compose settings (literally only changed the timezone and ), and I have no idea what could be the problem.
Here's my server settings!
Distributor ID: Debian
Description: Debian GNU/Linux 9.12 (stretch)
Release: 9.12
Codename: stretch
Thanks for any help in advance!
Several new features are in the current 1.24.0 version of Grocy, can the Docker container be updated?
https://github.com/grocy/grocy/releases/tag/v1.24.0
Thank you :)
Hi. I've been trying for a day to get this to work and I can't figure it out. I have Home Assistant (Hassbian not Hass.io) and HA-Bridge installed via docker so I have some experience doing this but I can't for the life of me figure out Grocy. This is what it looks like in Synology docker.
These are the images I downloaded:
This is what I have in the settings for the grocy container before launcing it as an example. Is this even remotely correct? When I launch the container nothing gets created in the web/grocy folder. The web folder is synologys folder where you can access via a share and a webpage.
There is a separate container for nginx as well. What should go in those settings? When I try to launch the nginx container it stops immediately. I see this in the log. nginx: [emerg] host not found in upstream "grocy" in /etc/nginx/common.conf:20. The port is 9000 by default and I get err connection refused after launching the container when trying to access through a browser. I'm clearly lost. Does anyone have a set of synology instructions? Thanks for any help
Hi there.
I just cloned the repo and run the docker-compose
Apart from a small fix ( needed to add a mkdir -p /var/tmp/nginx
in one of the Dockerfiles ) everything else ran fine.
So now the containers are up and I can see it at port 8080 ( I have something else running at 80 ).
My question is :
Any help?
tl;dr - some sed
commands in Dockerfile-grocy
are no-ops and can be removed.
Although the sed ... php-fpm.conf
commands in Dockerfile-grocy succeed, they don't appear to be applying edits to /usr/local/etc/php-fpm.conf
currently.
The listen
directives may have been moved into different files in the image's filesystem (image ref: php:7.2-fpm-alpine).
Steps to check the contents of the base image:
# create and start a root shell in a container
$ buildah run $(buildah from php:7.2-fpm-alpine) sh -c "PS1='% ' sh"
# look for 'listen' directives in the base fpm conf file
% grep "listen\s*=" /usr/local/etc/php-fpm.conf
# perform the same search in the fpm conf include directory
% grep "listen\s*=" /usr/local/etc/php-fpm.d/*.conf
/usr/local/etc/php-fpm.d/www.conf:listen = 127.0.0.1:9000
/usr/local/etc/php-fpm.d/zz-docker.conf:listen = 9000
The php:7.2-fpm-alpine
Dockerfile hasn't changed much between 7.2-alpha3 and the latest version.
It seems most likely that change(s) to the underlying Alpine filesystem (3.6 -> 3.11) and/or PHP release (7.2.0-alpha3 -> 7.2.29) may have changed between 3.6 and 3.11?
Hey there, love your work so far!
But i think it's a shame you can't import recipies. So i red a few issues about this topic and found your answer to just import it into the db.
But now i can't find the db on my docker (running on OSX).
I'm using docker-compose bone config:
`version: '2'
services:
grocy-nginx:
image: grocy/grocy-docker:nginx
build:
context: .
dockerfile: Dockerfile-grocy-nginx
depends_on:
- grocy
ports:
- '80:80'
- '443:443'
volumes_from:
- grocy
container_name: grocy-nginx
grocy:
image: grocy/grocy-docker:grocy
build:
context: .
dockerfile: Dockerfile-grocy
expose:
- 9000
volumes:
- database:/www
environment:
PHP_MEMORY_LIMIT: 512M
MAX_UPLOAD: 50M
PHP_MAX_FILE_UPLOAD: 200
PHP_MAX_POST: 100M
GROCY_CULTURE: de
container_name: grocy
volumes:
database:
`
I would be very greatful if you'd help me out finding the /www folder with it's database.
Sorry if this is a dumb post but i kinda suck using docker.
I am using just the standalone docker container since I have a separate nginx container I use for everything. When I spin it up the log says the following:
[04-Mar-2020 01:35:53] NOTICE: fpm is running, pid 1,
[04-Mar-2020 01:35:53] NOTICE: ready to handle connections,
However if I try to connect to the exposed port it doesn't work.
Logging in and trying to curl the port gives the following:
/www/public # curl localhost:9000
curl: (56) Recv failure: Connection reset by peer
It does show that it's listening on 9000 though
netstat -tulpn | grep LISTEN
tcp 0 0 127.0.0.11:43733 0.0.0.0:* LISTEN -
tcp 0 0 :::9000 :::* LISTEN 1/php-fpm.conf)
Here is my docker-compose:
grocy:
build:
context: ./containers/grocy
container_name: grocy
ports:
- 8234:9000
volumes:
- /srv/docker/grocy:/www
environment:
- PHP_MEMORY_LIMIT=512M
- MAX_UPLOAD=50M
- PHP_MAX_FILE_UPLOAD=200
- PHP_MAX_POST=100M
- GROCY_CULTURE=en
I also tried using the image directly first.
I typically can figure it out on my own and may eventually do it but there's a variety of reverse proxies many of which maintain their own TLS certificates Nginx not being one of them. Would it be reasonable to ask for an example where there isn't a webserver included in case someone like me wanted to use Traefik on the front end or someone else who might want to use Caddy server? You wouldn't even really need to maintain much more with this route of publishing an example without a webserver front end.
I've got a Jwilder Nginx Proxy Docker Container Running that handles the HTTPS Reverse Proxying.
I've got other various containers running as well succesfully and had no problems getting Grocy to run.
However i've been trying to upload product images and had some troubles. Oddly enough I was able to get 1 image to load no problem I thought initially it was pixel size or perhaps the file size itself, but I haven't been able to get any others to upload.
I checked the logs on the proxy and here is what I'm seeing:
nginx.1 | grocy.thechickenmoo.com XXX.XX.X.X - - [02/Mar/2019:06:21:12 +0000] "GET /node_modules/moment/locale/x.js?v=1.24.1 HTTP/2.0" 404 888 "https://grocy.thechickenmoo.com/product/5"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
nginx.1 | grocy.thechickenmoo.com XXX.XX.X.X - - [02/Mar/2019:06:21:12 +0000] "GET /api/file/productpictures?file_name=j3f91l0ybbnlp95067xynabc123.jpg HTTP/2.0" 404 50 "https://grocy.the
chickenmoo.com/product/5" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
So I get a 404 on the module and then a 404 on the image since it didn't actually get uploaded.
The logs on the grocy server are:
172.24.0.14 - 02/Mar/2019:06:25:10 +0000 "POST /index.php" 200
172.24.0.14 - 02/Mar/2019:06:25:10 +0000 "GET /index.php" 200
172.24.0.14 - 02/Mar/2019:06:25:10 +0000 "GET /index.php" 200
172.24.0.14 - 02/Mar/2019:06:25:16 +0000 "GET /index.php" 200
172.24.0.14 - 02/Mar/2019:06:25:16 +0000 "GET /index.php" 200
172.24.0.14 - 02/Mar/2019:06:25:16 +0000 "GET /index.php" 404
172.24.0.14 - 02/Mar/2019:06:25:16 +0000 "GET /index.php" 404
172.24.0.14 - 02/Mar/2019:06:25:16 +0000 "POST /index.php" 200
172.24.0.14 - 02/Mar/2019:06:25:16 +0000 "GET /index.php" 200
172.24.0.14 - 02/Mar/2019:06:25:16 +0000 "GET /index.php" 200
My Docker Compose:
version: '2'
services:
grocy-nginx:
image: grocy/grocy-docker:nginx
build:
context: .
dockerfile: Dockerfile-grocy-nginx
depends_on:
- grocy
expose:
- '80'
- '443'
environment:
- VIRTUAL_HOST=grocy.thechickenmoo.com
- LETSENCRYPT_HOST=grocy.thechickenmoo.com
- [email protected]
volumes_from:
- grocy
container_name: grocy-nginx
grocy:
image: grocy/grocy-docker:grocy
build:
context: .
dockerfile: Dockerfile-grocy
expose:
- 9000
volumes:
- database:/www
environment:
PHP_MEMORY_LIMIT: 512M
MAX_UPLOAD: 50M
PHP_MAX_FILE_UPLOAD: 200
PHP_MAX_POST: 100M
GROCY_CULTURE: en
container_name: grocy
volumes:
database:
networks:
default:
external:
name: nginx-proxy
Am I missing something stupid? I keep trying but I'm going in circles so I figured I'd ask in the hopes of somebody being able to point me in the right direction.
I made sure that the proxy (It's nginx based) has the settings below:
client_max_body_size 200m;
client_body_buffer_size 200m;
The error I get on the page is:
What can I do to fix this? I want to use this in my home but I know my wife won't touch it unless I get it up and running without errors :D
I've tried to install Grocy via docker on a Synology nas. But I cannot seem to get the data in the correct volume. Images are also not uploaded.
- database:/www
...
volumes:
database:
I want this folder in /volume2/docker/grocy/database. But changing the volumes rule to
- /volume2/docker/grocy/database:/www
Results in:
Creating grocy ...
Creating grocy ... error
ERROR: for grocy Cannot start service grocy: oci runtime error: container_linux.go:247: starting container process caused "chdir to cwd (\"/www/public\") set in config.json failed: no such file or directory"
ERROR: for grocy Cannot start service grocy: oci runtime error: container_linux.go:247: starting container process caused "chdir to cwd (\"/www/public\") set in config.json failed: no such file or directory"
ERROR: Encountered errors while bringing up the project.
When adding a folder /volume2/docker/grocy/database/public it starts, but the nginx gives a 403 error.
I'm a bit lost here. It works on other docker containers I'm using.
root@docker:~# docker pull grocy/grocy-docker
Using default tag: latest
Error response from daemon: manifest for grocy/grocy-docker:latest not found: manifest unknown: manifest unknown
root@docker:~#
It'd be great to allow users to automatically provision a hostname and letsencrypt certificate by using environment variables and/or build arguments supplied to docker-compose build
.
There are a few projects which provide similar or related functionality, and it may be possible to integrate with one of them, or select some functionality from them:
Edit: condense research-related comments into the pull request description
I'm trying to get a docker version set up on Amazon EC2 a Amazon Linux AMI server.
"docker run hello-world" has succeeded.
[ec2-user@ip- ~]$ docker login
Authenticating with existing credentials...
Login Succeeded
[ec2-user@ip- ~]$ docker pull grocy/grocy
Using default tag: latest
Error response from daemon: manifest for grocy/grocy:latest not found: manifest unknown: manifest unknown
Also tried:
docker-compose pull
docker-compose up
So you know that I'm a docker n00b. I'm happy to add some documentation once I get it running.
As it becomes easier to use and deploy grocy
, it makes sense to improve the security of the default login credentials.
There's a tricky balance here; we want to reduce the possibility for unauthorized access to a grocy instance, while allowing users to restore access to the application and data if they forget their password in future.
It may be reasonable to assume that a person running grocy on a home device would be able to access the device and/or filesystem for truly urgent for recovery purposes.
Logging into the device and/or accessing the filesystem directly might also be able to provide 'in-person-only' reset workflows.
A suggested new-instance setup phase would involve:
There are a lot of possible tradeoffs and design options here; we might be able to discover how other projects achieve this and get some ideas from them (linuxserver, for example?).
Running grocy-docker
on Raspbian, yesterday I was able to build grocy-nginx
, but not today.
When running docker-compose up -d
on the directory where I downloaded the sourcecode of this repo (#103), I get this error for nginx:
ERROR: for nginx Cannot start service nginx: driver failed programming external connectivity on endpoint nginx (6e4362d7001bac77a95f14887f4b53733b003f895cfabc4d92d811822ca43c4b): Error starting userland proxy: listen tcp 127.0.0.1:80: bind: address already in use
ERROR: for nginx Cannot start service nginx: driver failed programming external connectivity on endpoint nginx (6e4362d7001bac77a95f14887f4b53733b003f895cfabc4d92d811822ca43c4b): Error starting userland proxy: listen tcp 127.0.0.1:80: bind: address already in use
ERROR: Encountered errors while bringing up the project.
Does someone know why is this? Seems a misconfiguration on Nginx ports, but I have changed nothing.
Hi
The build fails sometimes on Travis when grabbing the latest version or cleaning cache apk.
Best regards
Hi,
maybe a silly question. I want to upgrade to grocy 2.4.4, but whatever I do, it stays on v 2.2.0. Are there steps I forgot (given I'm new to docker)?
Thank you for any suggestions
I just discovered grocy and want to start to use it. I've used this docker-compose to pull and start it, but this will use grocy 2.5.2.
Also after a docker-compose build the version is still 2.5.2.
I would like to use the latest available version.
Hi,
I've used docker-compose to install grocy and used Let's Encrypt for SSL of my Apache2 reverse-proxy, but every time I will access grocy with https the Website is not correctly displayed, in the web source code stands any link to my domain with http and not with https, and thats the reason why my browser blocking this connections.
Source of grocy.domain.de-le-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyRequests Off
ServerName grocy.domain.de
ProxyPass / http://0.0.0.0:8443/
ProxyPassReverse / http://0.0.0.0:8443/
SSLCertificateFile /etc/letsencrypt/live/grocy.domain.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/grocy.domain.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Source of docker-compose.yml:
version: '2.4'
services:
nginx:
image: "grocy/nginx:v2.7.1-4"
build:
args:
GROCY_VERSION: v2.7.1
context: .
dockerfile: Dockerfile-grocy-nginx
depends_on:
- grocy
ports:
- '127.0.0.1:8443:8080'
read_only: true
tmpfs:
- /tmp
volumes:
- /var/log/nginx
container_name: nginx
grocy:
image: "grocy/grocy:v2.7.1-4"
restart: always
expose:
- '9000'
read_only: true
tmpfs:
- /tmp
volumes:
- /var/log/php7
- app-db:/opt/grocy-data/
env_file:
- grocy.env
container_name: grocy
volumes:
app-db:
Source of grocy.env:
# Grocy Environment Variables
# These environment variables affect PHP and the grocy application
# For a full list of grocy settings, see config-dist.php in the main grocy repo:
#
# https://github.com/grocy/grocy/blob/master/config-dist.php
#
# Grocy application settings must be prefixed with 'GROCY_'.
#
# For example, if we'd like to configure grocy to use Euros (EUR):
#
# Setting('CURRENCY', 'USD');
#
# Then we would set GROCY_CURRENCY='EUR'.
## User-supplied Variables
# These are environment variables that may be supplied by the user
# No values are supplied for these as part of this distribution
# When you're ready to deploy grocy in production, set GROCY_MODE=production
# to enable user authentication
GROCY_MODE
## Distribution-supplied Variables
# These are 'sensible defaults' provided as part of the grocy-docker
# distribution.
# GROCY_CULTURE configures localization of the grocy application
# Supported locales: https://github.com/grocy/grocy/tree/master/localization
GROCY_CULTURE=de
GROCY_CURRENCY='EUR'
# PHP Environment variables
MAX_UPLOAD=50M
PHP_MAX_FILE_UPLOAD=200
PHP_MAX_POST=100M
PHP_MEMORY_LIMIT=512M
I hope anyone can help me.
They appear at the service level for both grocy
and grocy-nginx
. Per the docs for v2 of docker-compose YAML, read_only:true
is only supposed to be a field within a volume
definition. The file validates, and seems to work (mostly - posting another issue in a second), but it doesn't make sense to me that all the volumes in each container would be read-only, and the short-form definition for grocy-nginx
's access to www-public
is marked with the :ro
suffix. So it seems like at best that line isn't doing anything, and at worst preventing write to one or more volumes that clearly need writing to. But I'm a grocy and docker noob, and could definitely be wrong here.
in the current docker-compose.yml no volumes are being used for persistent data
I think that at least the sqlite db has to be persisted
The grocy
application database is initialized on first-request if it does not previously exist.
This first-request can take a few seconds while the database is created.
It'd be good to investigate performing this initialization at build-time, for two reasons:
nginx
configurationHello grocy team.
I'm copy docker-compose.yml as is, and when I run "docker compose up -d" I got two containers is running, but when I connect to http://localhost with links2 I got page with php error:
Slim application Error
The application could not run because of the following error:
Details
Type: PROEXception
Code: HY000
Message: SQLSTATE[HY000]: General error: 13 database or disk is full
File: /www/services/DatabaseService.php
Line: 55
Trace
...
I think something wrong with persistent storage and try to map in docker-compose in grocy section like:
grocy:
...
volume:
- /home/myuser/grocy_vol/www:/usr/local/www - and error message is gone, but I got "403 forbidden/ nginx" error.
And log file was not created in /usr/local/var/log inside container.
I cloned this repo and ran docker-compose pull
then docker compose up
.
Here is the output:
Removing grocy-nginx
Recreating grocy ... done
Recreating 7cf5bd99b9fc_grocy-nginx ...
ERROR: for 7cf5bd99b9fc_grocy-nginx a bytes-like object is required, not 'str'
ERROR: for grocy-nginx a bytes-like object is required, not 'str'
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/docker/api/client.py", line 261, in _raise_for_status
response.raise_for_status()
File "/usr/lib/python3.8/site-packages/requests/models.py", line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 500 Server Error: Internal Server Error for url: http+docker://localhost/v1.22/containers/b06e81bc218cfab614b27afb471d5abef54f5b6dbdf872d2b9131d25e1a856f9/start
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/compose/service.py", line 625, in start_container
container.start()
File "/usr/lib/python3.8/site-packages/compose/container.py", line 241, in start
return self.client.start(self.id, **options)
File "/usr/lib/python3.8/site-packages/docker/utils/decorators.py", line 19, in wrapped
return f(self, resource_id, *args, **kwargs)
File "/usr/lib/python3.8/site-packages/docker/api/container.py", line 1095, in start
self._raise_for_status(res)
File "/usr/lib/python3.8/site-packages/docker/api/client.py", line 263, in _raise_for_status
raise create_api_error_from_http_exception(e)
File "/usr/lib/python3.8/site-packages/docker/errors.py", line 31, in create_api_error_from_http_exception
raise cls(e, response=response, explanation=explanation)
docker.errors.APIError: 500 Server Error: Internal Server Error ("b'driver failed programming external connectivity on endpoint grocy-nginx (08a432792f7c28033186b9de3b055ab8f561dd38ce6984f4b150f04c3c8b3688): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use'")
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/bin/docker-compose", line 11, in <module>
load_entry_point('docker-compose==1.25.0', 'console_scripts', 'docker-compose')()
File "/usr/lib/python3.8/site-packages/compose/cli/main.py", line 72, in main
command()
File "/usr/lib/python3.8/site-packages/compose/cli/main.py", line 128, in perform_command
handler(command, command_options)
File "/usr/lib/python3.8/site-packages/compose/cli/main.py", line 1107, in up
to_attach = up(False)
File "/usr/lib/python3.8/site-packages/compose/cli/main.py", line 1088, in up
return self.project.up(
File "/usr/lib/python3.8/site-packages/compose/project.py", line 565, in up
results, errors = parallel.parallel_execute(
File "/usr/lib/python3.8/site-packages/compose/parallel.py", line 112, in parallel_execute
raise error_to_reraise
File "/usr/lib/python3.8/site-packages/compose/parallel.py", line 210, in producer
result = func(obj)
File "/usr/lib/python3.8/site-packages/compose/project.py", line 548, in do
return service.execute_convergence_plan(
File "/usr/lib/python3.8/site-packages/compose/service.py", line 561, in execute_convergence_plan
return self._execute_convergence_recreate(
File "/usr/lib/python3.8/site-packages/compose/service.py", line 486, in _execute_convergence_recreate
containers, errors = parallel_execute(
File "/usr/lib/python3.8/site-packages/compose/parallel.py", line 112, in parallel_execute
raise error_to_reraise
File "/usr/lib/python3.8/site-packages/compose/parallel.py", line 210, in producer
result = func(obj)
File "/usr/lib/python3.8/site-packages/compose/service.py", line 481, in recreate
return self.recreate_container(
File "/usr/lib/python3.8/site-packages/compose/service.py", line 602, in recreate_container
self.start_container(new_container)
File "/usr/lib/python3.8/site-packages/compose/service.py", line 627, in start_container
if "driver failed programming external connectivity" in ex.explanation:
TypeError: a bytes-like object is required, not 'str'
docker --version
:
Docker version 19.03.5-ce, build 633a0ea838
docker-compose --version
:
docker-compose version 1.25.0, build unknown
uname -a
:
Linux robitaille.host 5.4.2-arch1-1 #1 SMP PREEMPT Thu, 05 Dec 2019 12:29:40 +0000 x86_64 GNU/Linux
Hello,
I am working with some of the Grocy API's and am running into CORS issues. I see from this line https://github.com/grocy/grocy/blob/master/routes.php#L252 that you are adding some middleware to handle the request, but OPTIONS requests are all failing.
Making a request to OPTIONS http://localhost/api/objects/locations
results in a response of Allowed methods: GET, POST
.
I pulled the grocy-docker repo here to try upgrading it but the image build won't work (likely my version of openssl on my main rig). Just throws this during the build - haven't got time to fix today either:
SHA384 is not supported by your openssl extension, could not verify the phar file integrity
Anyone tried building for 2.4.0 or even 2.3.0 yet?
Love this project first of all! Got a little one on the way and can't wait to use this to it's fullest.
Has there been any talks of creating a Pi Image for this? I'd love to assist in setting this up. I got my instance running on a Pi but for someone with little experience this would be tough.
I try to access the (freshly downloaded) application under a subdomain like this: https://grocy.example.com
. Sadly I only get a 403 Forbidden error.
The database
folder only contains an empty folder called public
.
Using curl on localhost / from inside the container leads to the same results.
root@host:/opt/grocy# curl localhost:5002
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.14.0</center>
</body>
</html>
root@host:/opt/grocy# curl localhost:5002/stockoverview
File not found.
root@host:/opt/grocy# curl localhost:5002/stockoverview/
File not found.
docker-compose logs
returns this:
root@host:/opt/grocy# docker-compose logs
Attaching to grocy-nginx, grocy
grocy | [03-Mar-2019 13:34:38] NOTICE: fpm is running, pid 1
grocy | [03-Mar-2019 13:34:38] NOTICE: ready to handle connections
grocy | 172.20.0.3 - 03/Mar/2019:13:34:41 +0000 "GET /index.php" 404
grocy | 172.20.0.3 - 03/Mar/2019:13:34:43 +0000 "GET /index.php" 404
grocy | 172.20.0.3 - 03/Mar/2019:13:34:43 +0000 "GET /index.php" 404
grocy | 172.20.0.3 - 03/Mar/2019:13:51:33 +0000 "GET /index.php" 404
grocy | 172.20.0.3 - 03/Mar/2019:13:52:45 +0000 "GET /index.php" 404
grocy | 172.20.0.3 - 03/Mar/2019:13:53:06 +0000 "GET /index.php" 404
grocy | 172.20.0.3 - 03/Mar/2019:13:53:27 +0000 "GET /index.php" 404
grocy | 172.20.0.3 - 03/Mar/2019:13:53:32 +0000 "GET /index.php" 404
grocy | 172.20.0.3 - 03/Mar/2019:13:53:43 +0000 "GET /index.php" 404
Do you have any idea how to get it running?
If anyone wants/attempts to run grocy on AWS as a docker image this is an important point.
For the docker port to be visible outside the EC2 instance, beyond setting up the correct Security Groups (i.e., HTTP and HTTPS), it is necessary to change the "localhost" ip to 0.0.0.0
.
Change in docker-compose.yml
this
ports:
- '127.0.0.1:80:8080'
- '127.0.0.1:443:8443'
to this
ports:
- '0.0.0.0:80:8080'
- '0.0.0.0:443:8443'
Hope this helps someone :)
IMPORTANT UPDATE: Note that by doing this you expose your instance to the public internet, where anyone can access it. Be sure to follow best practice. e.g. set strong passwords, be aware that by using HTTP your traffic is unencrypted.
I've installed Grocy inside Docker, but every time I try to access it, I get an HTTP 400 "Bad Request" page with the error "Request Header Or Cookie Too Large." I can work around this by manually removing all my stored cookies for that host, but that's a pain to do every time. The problem occurs just the same over HTTP or HTTPS.
I found some help online for nginx generally, but do you know of a quick way to increase the allowed header size in the nginx container? Alternatively, is there any way to fix it in the repo so that this isn't an issue for anyone else?
Hi,
To use LDAP and EXIF packages currently contained in Grocy v3.0.0, the docker image requires additional packages not currently installed during the build. The system dependencies statement should look like the following:
# Install system dependencies
RUN apk add --no-cache \
php7-ctype \
php7-fpm \
php7-fileinfo \
php7-iconv \
php7-json \
php7-gd \
php7-pdo_sqlite \
php7-simplexml \
php7-tokenizer \
php7-ldap \
php7-exif
At the moment when cloning grocy application code (PHP assets, web assets) into grocy-docker
containers, extraction runs under the www-data
and nginx
user accounts respectively.
This means that the files are owned by the same user account that the web server (php-fpm
, nginx
, respectively) process runs as.
Although the root filesystems are read-only already, we could apply another layer of security by ensuring that the files are owned by a separate user account.
That could place a further roadblock against any potential application-level exploits from modifying and/or persisting in the containers.
This is a tracking issue for pre-release testing.
Finished the steps here: https://github.com/grocy/docs/blob/master/tutorials/setup.md#docker-container, but my site cannot be reached at http://< ip-address-of-your-server >
. I think I'm pretty smart because I put in my public EC2 IP address in for < ip-address-of-your-server >
. I also made the changes to the docker-compose.yml
file recommended by @verginer here: #95 (comment).
What are some tests I can run to see if my EC2 instance of AMI with Docker and grocy-docker is working besides hitting the public IP in a browser?
[ec2-user@ip- ~]$ cd grocy-docker/
[ec2-user@ip- grocy-docker]$ ls
CHANGELOG.md Dockerfile-grocy-nginx grocy.env package.json
docker-compose.yml docker_grocy LICENSE package-lock.json
Dockerfile-grocy docker_nginx Makefile README.md
[ec2-user@ip- ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[ec2-user@ip- ~]$ curl http://localhost:49167
curl: (7) Failed to connect to localhost port 49167: Connection refused
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.