Lighttpd not starting correctly in docker (Portainer)

Tieelo · May 7, 2023, 4:34pm

Hi everyone,
I'll try to give you as much info as possible, but bear with me. I'm a noob and I'm stuck on this problem the whole day so far.

I have been using pihole so far as a dockerimage in Openmediavault. Everything was fine so far, but I noticed to getting into the GUI today. I have tried a lot of different stuff but I can't figure out, how to solve this problem.

Stuff included:
Deleting the volumes
Deleting and recreating the docker image in different versions
deleting and recreating the macvlan network and using other networks like "host"
and more...

Expected Behaviour

lighttpd starting correctly up

Actual Behaviour:

portainer gives out this in the log for all eternity:

Stopping lighttpd
lighttpd: no process found

As far as I can see he even seems to start the service and even stopping it, when I'm stopping the container.
But I cannot access the webui

The most interesting Part I have found so far would be this part out of the errorlog of lighttpd

Tail of Error Log

2023-05-07 16:40:27: server.c.1513) server started (lighttpd/1.4.59)
2023-05-07 16:40:27: gw_backend.c.475) unlink /run/lighttpd/pihole-php-fastcgi.socket-0 after connect failed: Permission denied
2023-05-07 16:40:27: gw_backend.c.503) bind failed for: unix:/run/lighttpd/pihole-php-fastcgi.socket-0: Permission denied
2023-05-07 16:40:27: gw_backend.c.1655) [ERROR]: spawning gw failed.
2023-05-07 16:40:27: server.c.1517) Configuration of plugins failed. Going down.
2023-05-07 16:40:28: server.c.1513) server started (lighttpd/1.4.59)
2023-05-07 16:40:28: gw_backend.c.475) unlink /run/lighttpd/pihole-php-fastcgi.socket-0 after connect failed: Permission denied
2023-05-07 16:40:28: gw_backend.c.503) bind failed for: unix:/run/lighttpd/pihole-php-fastcgi.socket-0: Permission denied
2023-05-07 16:40:28: gw_backend.c.1655) [ERROR]: spawning gw failed.
2023-05-07 16:40:28: server.c.1517) Configuration of plugins failed. Going down.

Also:

*** [ DIAGNOSING ]: contents of /etc/lighttpd/conf.d
/etc/lighttpd/conf.d does not exist.

I would guess, the there should be one, if the deamon started at least once?

Debug Token:

https://tricorder.pi-hole.net/SECHXSpA/

rdwebdesign · May 7, 2023, 9:15pm

NOTE:

This is expected for Debian installs (like the docker image). Only Fedora/CentOS should have this directory.

rdwebdesign · May 7, 2023, 9:16pm

What is the output of ls -la /run/lighttpd (inside the container)?

Also, can you provide the compose file or docker command used to start the container?

Tieelo · May 7, 2023, 9:23pm

Hey, the output is as follows:

`ls -la /run/lighttpd`

total 16
drwxr-xr-x+ 1 www-data www-data 4096 Mar 25 19:19 .
drwxr-x---+ 1 root root 4096 May 7 21:18 ..

Unfortunately I cannot provide the compose file oder docker command since I usually use the portainer interface. But never the less: I have tried a lot of different builds with the same outcome.
At this point I'm convinced it's something on the host system, since I have basically changed everything arround the container with the same result

rdwebdesign · May 7, 2023, 9:40pm

The permissions are different from my 2 containers:

root@pihole:/# ls -la /run/lighttpd
total 12
drwxr-xr-x 1 www-data www-data 4096 May  2 22:09 .
drwxr-xr-x 1 root     root     4096 May  2 22:08 ..
srwxr-xr-x 1 www-data www-data    0 May  2 22:09 pihole-php-fastcgi.socket-0

Did you change permissions on the host? or inside the container?

Tieelo · May 8, 2023, 5:30am

It's a fresh container. I just tried repulling the image, and it stays the same.

So, the permissions are different and i do not have the socket in there in a freshly pulled container.
How should that be possible?

Bucking_Horn · May 8, 2023, 8:03am

The answer to that may lie in your container's configuration.

You should be able to generate a docker-compose file from your running Pi-hole container via a docker-autocompose container, e.g. by running:

sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock ghcr.io/red5d/docker-autocompose <container-name-or-id>

In case you're unsure about your <container-name-or-id>, retrieve that via docker -ps.

Please share the resulting docker-compose output (which may be more verbose than a manually created one).

Tieelo · May 8, 2023, 8:30am

There you go:

sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock ghcr.io/red5d/docker-autocompose <container-name-or-id>

networks:
  t_network:
    external: yes
    name: "t_network"

services:
  pi-hole:

    cap_drop:
      - "AUDIT_CONTROL"
      - "BLOCK_SUSPEND"
      - "DAC_READ_SEARCH"
      - "IPC_LOCK"
      - "IPC_OWNER"
      - "LEASE"
      - "LINUX_IMMUTABLE"
      - "MAC_ADMIN"
      - "MAC_OVERRIDE"
      - "NET_BROADCAST"
      - "SYSLOG"
      - "SYS_ADMIN"
      - "SYS_BOOT"
      - "SYS_MODULE"
      - "SYS_NICE"
      - "SYS_PACCT"
      - "SYS_PTRACE"
      - "SYS_RAWIO"
      - "SYS_RESOURCE"
      - "SYS_TIME"
      - "SYS_TTY_CONFIG"
      - "WAKE_ALARM"

    container_name: "pi-hole"

    entrypoint:
      - "/s6-init"

    environment:
      - "PATH=/opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
      - "phpver=php"
      - "PHP_ERROR_LOG=/var/log/lighttpd/error-pihole.log"
      - "IPv6=True"
      - "S6_KEEP_ENV=1"
      - "S6_BEHAVIOUR_IF_STAGE2_FAILS=2"
      - "S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0"
      - "FTLCONF_LOCAL_IPV4=192.168.10.192"
      - "FTL_CMD=no-daemon"
      - "DNSMASQ_USER=pihole"

    hostname: "3888d04a74e2"

    image: "pihole/pihole:latest"

    ipc: "private"

    labels:
      org.opencontainers.image.created: "2023-03-25T19:18:44.609Z"
      org.opencontainers.image.description: "Pi-hole in a docker container"
      org.opencontainers.image.licenses: ""
      org.opencontainers.image.revision: "aeb42394738aa652845c652b45438fb1edcfbbee"
      org.opencontainers.image.source: "https://github.com/pi-hole/docker-pi-hole"
      org.opencontainers.image.title: "docker-pi-hole"
      org.opencontainers.image.url: "https://github.com/pi-hole/docker-pi-hole"
      org.opencontainers.image.version: "2023.03.1"

    logging:
      driver: "json-file"
      options: {}

    networks:
      - "t_network"

    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "80:80/tcp"

    restart: "always"

version: "3.6

I took the liberty to delete the password of course

Bucking_Horn · May 9, 2023, 6:32am

I see a few differences, e.g. my docker-autocompose output does not even contain that cap_drop section, and my environment has an explicit reference to
"PHP_ENV_CONFIG=/etc/lighttpd/conf-enabled/15-fastcgi-php.conf".

But then, I am running a plain Docker Pi-hole container, so I can't really tell if that would be normal for Portainer installations.
At least, the dropped CAPs are not noted as required.

That would again leave us without tangible clues.

Tieelo · May 10, 2023, 8:48am

I could not find out what the problem is.
Now I removed the packages, deleted everything left over and started from scratch. It works again.
Thank you all for your help, I learned a lot!

Bucking_Horn · May 10, 2023, 10:33am

Now, that triggers a note:
Portainer has a tendency to hold on to environment values from previous containers even on container restart.

In the past, this has ocassionally stopped unlucky users from starting their Pi-hole container in Portainer after image upgrades, see e.g. Pihole Portainer/Docker 5.8.1 startup error?.

Would you also have been upgrading your Pi-hole to a new image, or was this a fresh installation?

Anyway, glad it's working for you now.

Tieelo · May 10, 2023, 11:28am

No, it was not after the latest update in march. But the tendency of Portainer would explain why tf even after I removed everything (in Portainer) it still wouldn't work. And I tried several other images than the latest...

How and why the problem came to be is still a mystery.

system · May 31, 2023, 11:28am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.