Lighttpd: no process found after fresh Raspberry Pi OS 64 and OMV6

nick2k3 · July 24, 2023, 6:17pm

Hi I am using a Raspberry Pi 3 with Openmediavault.
I have just today installed fresh OMV using Raspberry OS 64bit base image and the latest OMV 6.

I am trying to spawn a Pihole container using the simple setup that is on the Github readme of docker-pi-hole: GitHub - pi-hole/docker-pi-hole: Pi-hole in a docker container
(my previous setup was more complicated with macvlan etc, I tried to diagnose but I decided to start fresh to narrow down the issue).

I have on purpose changed the default port of OMV from :80 to :83 to allow pihole to use the :80

Expected Behaviour:

I expect pi-hole to start normally

-operating system : Linux mars 6.1.21-v8+ #1642 SMP PREEMPT Mon Apr 3 17:24:16 BST 2023 aarch64 GNU/Linux
-hardware: Raspberry Pi

Actual Behaviour:

Pi-hole starts but loops with the errors:

lighttpd: no process found
Stopping lighttpd

/var/log/lighttpd/error-pihole.log content:

2023-07-24 20:15:40: server.c.1513) server started (lighttpd/1.4.59)
2023-07-24 20:15:40: gw_backend.c.475) unlink /run/lighttpd/pihole-php-fastcgi.socket-0 after connect failed: Permission denied
2023-07-24 20:15:40: gw_backend.c.503) bind failed for: unix:/run/lighttpd/pihole-php-fastcgi.socket-0: Permission denied
2023-07-24 20:15:40: gw_backend.c.1655) [ERROR]: spawning gw failed.
2023-07-24 20:15:40: server.c.1517) Configuration of plugins failed. Going down.

Debug Token:

https://tricorder.pi-hole.net/3WBRl2ne/

Docker compose used:

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole3
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "80:80/tcp"
    environment:
      TZ: 'Europe/Rome'
      WEBPASSWORD: '12345' #'set a secure password here or it will be random'
      IPv6: "false"
      FTLCONF_LOCAL_IPV4: 192.168.10.110
    # Volumes store your data between container upgrades
    network_mode: host
    volumes:
      - '/docker/SSD/appdata/pihole8/etc-pihole:/etc/pihole'
      - '/docker/SSD/appdata/pihole8/etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities

    restart: unless-stopped

nick2k3 · July 24, 2023, 6:30pm

I can add that it does not seem to be a port conflict:

I tried changing the mapping via docker 8080:80 and same result
after stopping the container I run :

nick2k3@mars:~ $ sudo lsof -i -P -n | grep LISTEN
systemd-r  402 systemd-resolve   12u  IPv4  14449      0t0  TCP *:5355 (LISTEN)
systemd-r  402 systemd-resolve   14u  IPv6  14452      0t0  TCP *:5355 (LISTEN)
python3    811            wsdd   10u  IPv4  15373      0t0  TCP 192.168.10.110:5357 (LISTEN)
python3    811            wsdd   14u  IPv4  15588      0t0  TCP 172.17.0.1:5357 (LISTEN)
python3    811            wsdd   18u  IPv4  15647      0t0  TCP 172.21.0.1:5357 (LISTEN)
python3    811            wsdd   22u  IPv4  15705      0t0  TCP 172.18.0.1:5357 (LISTEN)
python3    811            wsdd   26u  IPv6  15265      0t0  TCP [fe80::2444:81ff:fe76:d758]:5357 (LISTEN)
python3    811            wsdd   30u  IPv6  15993      0t0  TCP [fe80::42:d7ff:fe52:59fb]:5357 (LISTEN)
python3    811            wsdd   38u  IPv6  43146      0t0  TCP [fe80::42:cdff:fe42:e431]:5357 (LISTEN)
sshd       839            root    3u  IPv4  12988      0t0  TCP *:22 (LISTEN)
sshd       839            root    4u  IPv6  12990      0t0  TCP *:22 (LISTEN)
nginx      849            root    8u  IPv4    570      0t0  TCP *:82 (LISTEN)
nginx      849            root    9u  IPv6    571      0t0  TCP *:82 (LISTEN)
nginx      850        www-data    8u  IPv4    570      0t0  TCP *:82 (LISTEN)
nginx      850        www-data    9u  IPv6    571      0t0  TCP *:82 (LISTEN)
nginx      851        www-data    8u  IPv4    570      0t0  TCP *:82 (LISTEN)
nginx      851        www-data    9u  IPv6    571      0t0  TCP *:82 (LISTEN)
nginx      852        www-data    8u  IPv4    570      0t0  TCP *:82 (LISTEN)
nginx      852        www-data    9u  IPv6    571      0t0  TCP *:82 (LISTEN)
nginx      853        www-data    8u  IPv4    570      0t0  TCP *:82 (LISTEN)
nginx      853        www-data    9u  IPv6    571      0t0  TCP *:82 (LISTEN)
smbd       876            root   43u  IPv6  15543      0t0  TCP *:445 (LISTEN)
smbd       876            root   44u  IPv6  15544      0t0  TCP *:139 (LISTEN)
smbd       876            root   45u  IPv4  15545      0t0  TCP *:445 (LISTEN)
smbd       876            root   46u  IPv4  15546      0t0  TCP *:139 (LISTEN)
docker-pr 1166            root    4u  IPv4  16577      0t0  TCP *:9000 (LISTEN)
docker-pr 1173            root    4u  IPv6  15874      0t0  TCP *:9000 (LISTEN)

so no port used by pi-hole is in use by some other process

rdwebdesign · July 24, 2023, 10:16pm

It seems a permission issue:

... bind failed for: unix:/run/lighttpd/pihole-php-fastcgi.socket-0: Permission denied

Can you please check the permissions/ownership of the directory running this command?

ls -la /run/lighttpd

nick2k3 · July 25, 2023, 5:42am

sure,here it is:

root@mars:/# ls -la /run/lighttpd
total 16
drwxr-xr-x+ 1 www-data www-data 4096 May 30 20:53 .
drwxr-x---+ 1 root     root     4096 Jul 25 07:41 ..
root@mars:/#

I tried to write something there and it worked:

root@mars:/# cd /run/lighttpd
root@mars:/run/lighttpd# touch a
root@mars:/run/lighttpd# ls
a
root@mars:/run/lighttpd# ls -la
total 16
drwxr-xr-x+ 1 www-data www-data 4096 Jul 25 07:45 .
drwxr-x---+ 1 root     root     4096 Jul 25 07:41 ..
-rw-rw----+ 1 root     root        0 Jul 25 07:45 a

Bucking_Horn · July 25, 2023, 6:20am

Did you run that command from inside your Pi-hole container?
E.g.:

docker exec pihole3 ls -la /run/lighttpd

From your debug log, I noticed that the permissions for 15-pihole-admin-redirect-docker.conf differ:

*** [ DIAGNOSING ]: contents of /etc/lighttpd/conf-enabled
-rw-rw----+ 1 root root 220 Jul 24 20:12 15-pihole-admin-redirect-docker.conf

My container shows them as:

-rw-r--r-- 1 root   root  221 Jul 21 08:07 15-pihole-admin-redirect-docker.conf

And just as a note:

You can't map ports in host mode.

nick2k3 · July 25, 2023, 7:04am

Yes, I run it trough portainer console functions for the pihole3 container.
I have run it again from the host using docker exec with the same result.

From your debug log, I noticed that the permissions for 15-pihole-admin-redirect-docker.conf differ:
*** [ DIAGNOSING ]: contents of /etc/lighttpd/conf-enabled
-rw-rw----+ 1 root root 220 Jul 24 20:12 15-pihole-admin-redirect-docker.conf
My container shows them as:
-rw-r--r-- 1 root   root  221 Jul 21 08:07 15-pihole-admin-redirect-docker.conf

I don't know how to explain it, I am using the pihole/pihole:latest
The folder /etc/lighttpd/conf-enabled should be part of the default image, right?
I have deleted the pihole image and repulled it, started the container and checked that folder:

drwxr-xr-x+ 1 pihole root 4096 Jul 25 09:03 ..
lrwxrwxrwx  1 root   root   32 May 30 20:53 05-setenv.conf -> ../conf-available/05-setenv.conf
lrwxrwxrwx  1 root   root   35 May 30 20:53 10-accesslog.conf -> ../conf-available/10-accesslog.conf
lrwxrwxrwx  1 root   root   33 May 30 20:53 10-fastcgi.conf -> ../conf-available/10-fastcgi.conf
-rw-rw----+ 1 root   root  220 Jul 25 09:03 15-pihole-admin-redirect-docker.conf
lrwxrwxrwx  1 root   root   38 May 30 20:53 15-pihole-admin.conf -> ../conf-available/15-pihole-admin.conf

for the port mappings and host mode: you are right, the host mode prevails, I just left them there through the tests, I will comment the port mappings

rdwebdesign · July 25, 2023, 7:10am

The + sign means your directory has extended permissions (ACL) and the resulting permissions could be different.

What is the output of getfacl -e /run/lighttpd on your host system?

nick2k3 · July 25, 2023, 7:39am

The host OS does not have the /run/lighttpd folder.
Did you mean to check within the container instead?
Within the pihole container I don't have the command getfacl command and apt-get is not able to install it..
should I try anything else?

nick2k3 · July 25, 2023, 8:01am

I managed to install acl package on the pihole container:

getfacl: Removing leading '/' from absolute path names
# file: run/lighttpd
# owner: www-data
# group: www-data
user::rwx
user:1002:rwx                   #effective:r-x
group::--x                      #effective:--x
mask::r-x
other::r-x
default:user::rwx
default:user:1002:rwx           #effective:rwx
default:group::--x              #effective:--x
default:mask::rwx
default:other::---

nick2k3 · July 25, 2023, 8:38am

I found it!

the folder that contained the docker overlay files had incorrect permission (I created it as root but then used it as another appuser for docker.

I set the permission on that folder to:

owner: root
group : users
permissions: 775

after that I rebuilt the whole stack (redownloaded the image) and everything works!

system · August 15, 2023, 8:39am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.