Installation Wizard not accepting database username and password

[umardraz]

Hello

The Installation wizard is not picking mysql information Here is the information what I had provided through environment variables.

-e MYSQL_HOST=10.0.201.120 \
-e MYSQL_DATABASE=ncdb \
-e MYSQL_USER=ncloud \
-e MYSQL_PASSWORD=ncloud12345 \

On the first run the installation appears and asked for crate an admin account.

But when I clicked on Finish setup button then an error appears.

Error while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[HY000] [1044] Access denied for user ‘oc_admin15’@’%’ to database ‘client1’

‘dbtype’ =>; ‘mysql’,
‘version’ =>; ‘13.0.5.2’,
‘dbname’ =>; ‘ncdb’,
‘dbhost’ =>; ‘10.0.201.120’,
‘dbport’ =>; ‘’,
‘dbtableprefix’ =>; ‘’,
‘mysql.utf8mb4’ =>; true,
‘dbuser’ =>; ‘oc_admin15’,
‘dbpassword’ =>; ‘Q9hwc3uqbzqU2G9E+TkJt6XWGqmGjE’,

Don't know why it is not accepting username and password, the other options are ok, like dbname, dbhost.

Would you please any body help me.

[r2evans]

I'm also seeing this behavior when trying to connect to a postgres instance.

root@D2SP3:/home/r2/docker# docker-compose up nextcloud
docker_postgres_1_4b526486f7ce is up-to-date
Creating docker_nextcloud_1_21d381008fc1 ... done
Attaching to docker_nextcloud_1_a56357f7c235
nextcloud_1_a56357f7c235 | Initializing nextcloud 14.0.4.2 ...
nextcloud_1_a56357f7c235 | Initializing finished
nextcloud_1_a56357f7c235 | New nextcloud instance
nextcloud_1_a56357f7c235 | Installing with PostgreSQL database
nextcloud_1_a56357f7c235 | starting nextcloud installation
nextcloud_1_a56357f7c235 | Error while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[08006] [7] FATAL:  permission denied for database "nc"
nextcloud_1_a56357f7c235 | DETAIL:  User does not have CONNECT privilege.
nextcloud_1_a56357f7c235 |  -> 
nextcloud_1_a56357f7c235 | retrying install...
nextcloud_1_a56357f7c235 | Error while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[08006] [7] FATAL:  permission denied for database "nc"
nextcloud_1_a56357f7c235 | DETAIL:  User does not have CONNECT privilege.
nextcloud_1_a56357f7c235 |  -> 
nextcloud_1_a56357f7c235 | retrying install...

Relevant portions of the docker-compose.yml file:

version: '3.7'

services:
  traefik:
    image: traefik:1.7
    command: --api --docker
    ports:
    - "80:80"
    - "8080:8080" # webui
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
  postgres:
    image: postgres:10
    ports:
    - "5432:5432"
    environment:
    - POSTGRES_PASSWORD=xxx
    - POSTGRES_DB=nc
    - POSTGRES_USER=nc_user
    volumes:
    - /home/r2/docker/pg:/var/lib/postgresql/data:Z
  nextcloud:
    image: nextcloud:14-apache
    depends_on:
    - postgres
    environment:
    - POSTGRES_HOST=postgres
    - POSTGRES_DB=nc
    - POSTGRES_USER=nc_user
    - POSTGRES_PASSWORD=xxx
    - NEXTCLOUD_ADMIN_USER=ncadmin
    - NEXTCLOUD_ADMIN_PASSWORD=xxx
    volumes:
    - /home/r2/docker/nc/config:/var/www/html/config:Z
    labels:
    - "traefik.frontend.rule=PathPrefixStrip:/cloud"

It is clearing dbport (nowhere does nextcloud/docker allow me to configure this in envvars?) and setting dbuser and dbpassword to oc_*, not at all what I'm configuring. The resulting config/config.php file after this "hiccup":

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'passwordsalt' => '9QepuB7yen9mfq7fI68YtEH/Xxnfh1',
  'secret' => 'EUUKboZz+TazUhAoqo8qViG9qHbAdSQqd3B1JN1n87Cxqd9L',
  'trusted_domains' => 
  array (
    0 => 'localhost',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'pgsql',
  'version' => '14.0.4.2',
  'overwrite.cli.url' => 'http://localhost',
  'dbname' => 'nc',
  'dbhost' => 'postgres',
  'dbport' => '',
  'dbtableprefix' => '',
  'dbuser' => 'oc_ncadmin60',
  'dbpassword' => '77bzrlaciblcpn32msqh579vogykit',
);

[r2evans]

On a whim (suggested by #1793), I also checked with postgres:9.5. Still fails.

Further: I can connect to the database with nc_user and my password, and I can create tables, so it is not a first-pass permissions problem. It appears that nextcloud/server is sabotaging the connection. (Perhaps this does not belong under nextcloud/docker.)

[r2evans]

@umardraz I think I found the culprit: nextcloud/docker#345 (comment)

This worked for me (on postgres):

1. drop database nc (the database I told nextcloud to use is nc, and since no tables had been created, this was instantaneous and no loss of anything).
2. Make sure the user/pass I set in POSTGRES_* had CREATE DATABASE and CREATE ROLE permissions in the database as a whole. I highly recommend this not be the final configuration (nextcloud should not be able to create or even see other databases!).

Since I'm on an easy test system, I didn't mind the security lapse. I have not (yet) tested with a production database, though my next step is to clone the real database and attempt an upgrade using this image. Wish me luck.

For the record, I updated my docker-compose.yml:

version: '3.7'

services:
  traefik:
    image: traefik:1.7
    command: --api --docker
    ports:
    - "80:80"
    - "8080:8080" # webui
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
  postgres:
    image: postgres:9.5
    ports:
    - "5432:5432"
    environment:
    - POSTGRES_PASSWORD=xxx
    - POSTGRES_DB=nc
    - POSTGRES_USER=nc_user
    volumes:
    - /home/r2/docker/pg:/var/lib/postgresql/data:Z
  nextcloud:
    image: nextcloud:14-apache
    depends_on:
    - postgres
    environment:
    - POSTGRES_HOST=postgres
    - POSTGRES_DB=nc
    - POSTGRES_USER=nc_user
    - POSTGRES_PASSWORD=xxx
    - NEXTCLOUD_ADMIN_USER=ncadmin
    - NEXTCLOUD_ADMIN_PASSWORD=xxx
    - NEXTCLOUD_DATA_DIR=/var/lib/nextclouddata
    volumes:
    - /home/r2/docker/nc/config:/var/www/html/config:Z
    - /home/r2/docker/nc/data:/var/lib/nextclouddata:Z
    labels:
    - "traefik.frontend.rule=PathPrefixStrip:/cloud"

and config/config.php:

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'passwordsalt' => 'k9DL+pteWJB6AaSpHiCskeb0+8CUds',
  'secret' => 'YvBvUcScMOS+3pzy9m9yzs64mPb4QYrJgwXLyWQThEtMTh/F',
  'trusted_domains' => 
  array (
    0 => 'localhost',
  ),
  'datadirectory' => '/var/lib/nextclouddata',
  'dbtype' => 'pgsql',
  'version' => '14.0.4.2',
  'overwrite.cli.url' => 'http://localhost/cloud',
  'dbname' => 'nc',
  'dbhost' => 'postgres',
  'dbport' => '',
  'dbtableprefix' => '',
  'dbuser' => 'oc_ncadmin7',
  'dbpassword' => 'NC-created-xxx',
  'installed' => true,
  'instanceid' => 'ocx15d26bvrw',
  'overwritewebroot' => '/cloud',
);

Notice that NC still over-rode my dbuser and dbpassword. After pasting here, I did change them back to what I had set in the docker-compose.yml file and they stuck this time. (I think a bit of work needs to go into streamlining this docker image ... having to juggle db-superusers and databases like that is worrisome.)

[8ear]

I have the same problem as @r2evans. This problem is only there if you choose postgresql, with MariaDB all is fine. The problem is in the occ maintenance:install because all other looks ok.

[luther84]

Am also having the same issue as @r2evans . Am using postgresql, docker-compose. I appear to be unable to set a custom dbuser or dbpassword with environmental variables. Are the Environmental labels POSTGRES_USER and POSTGRES_PASSWORD as listed in the README incorrect?

[ptrj]

now is version 18 and no fix :-(

maybe problem is that in /entrypoint.sh script on line 156 is

 until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]

and

root@6d2cd9785196:/var/www/html# su -p www-data -s /bin/sh -c "php /var/www/html/occ maintenance:install"

                                                 
  Command "maintenance:install" is not defined.  
                                                 
  Did you mean one of these?                     
      app:install                                
      maintenance:data-fingerprint               
      maintenance:mimetype:update-db             
      maintenance:mimetype:update-js             
      maintenance:mode                           
      maintenance:repair                         
      maintenance:theme:update                   
      maintenance:update:htaccess               

Update:
maybe not: https://help.nextcloud.com/t/command-maintenance-install-is-not-defined/60799

[nicbou]

If I specifically tell Nextcloud to use certain database credentials, why does it create a completely separate user behind my back and uses it instead? What is the logic behind this?

Here is what happened as a result of it:

1. I used pg_dump to move my database elsewhere.
2. My Nextcloud install suddenly stopped working.
3. After much digging, I find this thread and realize Nextcloud created its own postgres user.
4. Since I expected Nextcloud to use the user I specifically told it to use, I didn't copy that unexpected user to the new database, so now the credentials are invalid.
5. Even worse, since the Nextcloud tables were created by a user whose existence I was not aware of, the Nextcloud tables were not part of the database dump. In other words, that data is gone.

This is the last straw for me. Nextcloud bricked itself twice in a week. It's simply too fragile for me, and I can't sink more evenings into getting it to work again.

[r2evans]

@nicbou note that you may also want to go back and remove the auto-created user.

FWIW, to prevent you from having to install a text editor, with some practice you can do it with sed:

sed -i -e "s/.*'dbuser'.*/'dbuser' => 'newuser',/g; s/.*'dbpassword'.*/'dbpassword' => 'newpass',/g" config/config.php

This capitalizes on the assumption that each key/value pair is isolated on a line, and assumes (safely, I believe) that no other field contains the literals 'dbuser' or 'dbpassword'. If you want to test this ...

# docker exec -it mynextcloud bash

root@ffc242067596:/var/www/html# diff -u config/config.php <(sed -e "s/.*'dbuser'.*/'dbuser' => 'newuser',/g; s/.*'dbpassword'.*/'dbpassword' => 'newpass',/g" config/config.php)
--- config/config.php   2020-12-14 01:51:52.534286458 +0000
+++ /dev/fd/63  2020-12-14 18:07:27.032281130 +0000
@@ -40,8 +40,8 @@
   'dbhost' => 'postgres',
   'dbport' => '',
   'dbtableprefix' => 'oc_',
-  'dbuser' => 'olduser',
-  'dbpassword' => 'oldpassword',
+'dbuser' => 'newuser',
+'dbpassword' => 'newpass',
   'installed' => true,
   'overwritehost' => 'oc.activedecisionsupport.com',
   'overwritewebroot' => '/cloud',

[nicbou]

@r2evans , I updated my comment with a longer description of the catastrophe this led to. Editing the config indeed fixes the credentials, but it won't bring the data back.

Nonetheless, thank you for your quick reply and assistance.

[r2evans]

Oooof, that's a frustrating sequence of events. I agree that NC installation seems to be a bit fragile, and I'm a bit frustrated that there has been no discussion or attention from NC on this in a couple of years, focusing instead on adding third-party integration (that will be lost when nextcloud needs to be re-instantiated).

[jancborchardt]

This seems not only related to the Docker setup but generally regarding the server – we should transfer the issue to the server repo? cc @rullzer @MorrisJobke

[dghodgson]

This is still an issue for me. Seems to be a race condition in the entrypoint, or how the server handles the installation process.

What should happen is that the installation tries again with the exact same settings. Seems like instead, it tries to get smart with it and that's causing problems.

While this does seem to be an issue with how the installer handles things, the docker image could still implement a better method of waiting on the server that doesn't involve calling the installer repeatedly.

I overrode the entrypoint by mounting in my own, and used wait-for-it.sh to wait on the DB connection before the installer got called. This fixed the issue for me, but overriding the entrypoint is bad practice.

[joshtrichards]

Related: #36428

[joshtrichards]

Closing this for the following reasons:

• This Issue hasn't seen any traffic in >3 years ago
• The creation of a dedicated oc_* user with less privileges than the superuser account is documented behavior. There are ways of avoiding it as well if desired (but they require taking some manual steps such as provisioning the databases and credentials ahead of time and/or applying the approach in add option to disable db user creation trough environment variable #36428)
• Both the Docker image and the installer process in Server have had several changes in the area of retries/etc since this Issue last saw traffic
• Docker's own healthchecks + depends_on can be used if you wish to have the app container(s) wait until the db container is on-line

Refs:

• https://docs.nextcloud.com/server/latest/admin_manual/installation/installation_wizard.html#database-choice
• https://docs.docker.com/compose/how-tos/startup-order/
• Add depends_on w/ `condition + healthcheck example docker#2250