Hello,

I am working with some of the Grocy API's and am running into CORS issues. I see from this line https://github.com/grocy/grocy/blob/master/routes.php#L252 that you are adding some middleware to handle the request, but OPTIONS requests are all failing.

Making a request to OPTIONS http://localhost/api/objects/locations results in a response of Allowed methods: GET, POST.

This is a tracking issue for pre-release testing.

Hello,

I'm trying to set up grocy (docker-compose way) with Traefik to handle a subdomain (grocy.xxxx.xx) .
I can start grocy but I get a 404 on all the resources , the main html file is fine though and I see an ugly html , links are working and login as well.

I'm sure I missed a stupid config somewhere but can't figure out where :x

I'm running a docker of Grocy (specifically this one, but I've tried this one as well with the same issue) and I get a 502 error whenever I attempt to add or edit the types of quantities on the site. Adding or editing other types of things (locations, stores, products, etc) works perfectly fine, I'm only having trouble with quantities.

I used the default docker-file and docker-compose settings (literally only changed the timezone and ), and I have no idea what could be the problem.

Here's my server settings!

Distributor ID: Debian
Description:    Debian GNU/Linux 9.12 (stretch)
Release:        9.12
Codename:       stretch

Thanks for any help in advance!

I want to disable some features. As you described this is possible with setting the environment variables. This is the relevant part from my docker-compose.yml file:

    environment:
      PHP_MEMORY_LIMIT: 512M
      MAX_UPLOAD: 50M
      PHP_MAX_FILE_UPLOAD: 200
      PHP_MAX_POST: 100M
      GROCY_CULTURE: de
      GROCY_FEATURE_FLAG_RECIPES: false
      GROCY_FEATURE_FLAG_TASKS: false

This config doesn't work and Docker Compose throws the following error:

The variables GROCY_FEATURE_FLAG_RECIPES and GROCY_FEATURE_FLAG_TASKS can't be a boolean and must be a string. If I set the variables with 'true' docker composer start without the error. But the true string won't be parsed in the app correctly.

Do you have an idea to disable features with the docker environment variables?

This issue has come up a couple of other times - grocy/grocy#96 and grocy-docker grocy/grocy#34. In those issues, Bernd has pointed out that they're only warnings, but this is a more serious issue, from both a usability and a security standpoint. Unauthenticated users are not redirected to /login for 4 of the 9 possible values of the ENTRY_PAGE setting, including the shipped default, stock.

When you spin up a brand new grocy-docker image, it is in default/production mode because of the null GROCY_MODE environment variable in the then-shipped grocy.env . (All of the behavior documented below is the same if it's explicitly set to production as well.) If you spin it up and go to http://localhost, you are redirected to http://localhost/stockoverview, as 'stock' is the default value for ENTRY_PAGE in the config.php that get's copied from config-dist.php. You get the "warning" about "undefined constant GROCY_USER_ID" because you're not logged in, and so GROCY_USER_ID hasn't been set! What should happen is that the user is redirected to http://localhost/login so that they can, well, log in.

I tested all of the possible values for ENTRY_PAGE by setting GROCY_ENTRY_PAGE in grocy.env.
The following values do not redirect the unauth'd user and show a partially rendered page with the "undefined constant GROCY_USER_ID" warning:

• stock
• chores
• batteries
• tasks

The following values work as expected — an unauthenticated user hitting the base URL is redirected to /login:

• shoppinglist
• recipes
• equipment
• calendar
• mealplan

What's interesting is that stock, chores, and batteries all correspond to an "overview" path, ie, the resulting URL is /stockoverview, /choresoverview, etc. tasks just sends the user to /tasks, but still doesn't redirect them to /login.

I tested a few other/deeper URLs as an unauth'd user, and all those I tested redirected to /login, but it wasn't a comprehensive test:

• /products
• /product/3
• /locations
• /location/2
• /taskcategories
• /recipe/1

First and foremost, thank you all for creating this great piece of software. I thoroughly enjoy it and find it very useful.

I suppose the title of this suggests my problem. I am wanting to work on a pull request to use an environment variable to sed out the BASE_URL in config.php in the container so I can configure the BASE_URL before ever provisioning the container.

Hi there.

I just cloned the repo and run the docker-compose
Apart from a small fix ( needed to add a mkdir -p /var/tmp/nginx in one of the Dockerfiles ) everything else ran fine.

So now the containers are up and I can see it at port 8080 ( I have something else running at 80 ).

My question is :

• how do I create users and how do I admin the whole thing?
  I've been looking the grocy repo and website, and I cannot find anything on that anywhere.

Any help?

All I can see at 8080 is this :

Hi. I've been trying for a day to get this to work and I can't figure it out. I have Home Assistant (Hassbian not Hass.io) and HA-Bridge installed via docker so I have some experience doing this but I can't for the life of me figure out Grocy. This is what it looks like in Synology docker.

These are the images I downloaded:

This is what I have in the settings for the grocy container before launcing it as an example. Is this even remotely correct? When I launch the container nothing gets created in the web/grocy folder. The web folder is synologys folder where you can access via a share and a webpage.

There is a separate container for nginx as well. What should go in those settings? When I try to launch the nginx container it stops immediately. I see this in the log. nginx: [emerg] host not found in upstream "grocy" in /etc/nginx/common.conf:20. The port is 9000 by default and I get err connection refused after launching the container when trying to access through a browser. I'm clearly lost. Does anyone have a set of synology instructions? Thanks for any help

HI there,

Thanks for the project, it's really nice.
I have a question when will we be able to use the French language ?

Thanks.

I get these errors when trying to download the images:

$ docker pull grocy/grocy
Using default tag: latest
Error response from daemon: manifest for grocy/grocy:latest not found: manifest unknown: manifest unknown

The error says that manifest was not found for grocy/grocy:latest

It shouldn't be necessary for packaged container images to contain the composer dependency from Alpine Linux.

It's required at build-time to install application dependencies, but should be removed before the application begins.

Strangely the application currently encounters an exception in the lessql PHP vendor dependency if composer is removed via apk del composer before runtime.

A potential fix / workaround for the issue - with some more context - is available in morris/lessql#55

When building the container, the build finishes with exit code 1.

[email protected]:/opt/grocy# docker-compose up -d
Building grocy
Step 1/9 : FROM php:7.2-fpm-alpine
 ---> 0f897e5d1001
Step 2/9 : MAINTAINER Talmai Oliveira <[email protected]>
 ---> Using cache
 ---> f180d5e29618
Step 3/9 : ENV REFRESHED_AT  2019-1-16
 ---> Using cache
 ---> ba26624d67ec
Step 4/9 : ENV GROCY_VERSION 1.24.1
 ---> Using cache
 ---> 7845e76c8e55
Step 5/9 : RUN  apk update &&   apk upgrade &&  apk add --update yarn git wget &&       mkdir -p /www &&        sed -i "s|;*daemonize\s*=\s*yes|daemonize = no|g" /usr/local/etc/php-fpm.conf &&        sed -i "s|;*listen\s*=\s*127.0.0.1:9000|listen = 9000|g" /usr/local/etc/php-fpm.conf &&      sed -i "s|;*listen\s*=\s*/||g" /usr/local/etc/php-fpm.conf &&   sed -i "s|;*chdir\s*=\s*/var/www|chdir = /www|g" /usr/local/etc/php-fpm.d/www.conf &&   wget https://raw.githubusercontent.com/composer/getcomposer.org/1b137f8bf6db3e79a38a5bc45324414a6b1f9df2/web/installer -O - -q | php -- --quiet &&   mkdir -p /tmp/download &&       cd /tmp/download &&     wget -t 3 -T 30 -nv -O "grocy.zip" "https://github.com/grocy/grocy/archive/v${GROCY_VERSION}.zip" &&         unzip grocy.zip &&      rm -f grocy.zip &&      cd grocy-${GROCY_VERSION} &&    mv public /www/public &&        mv controllers /www/controllers &&      mv data /www/data &&    mv helpers /www/helpers &&   mv localization/ /www/localization &&   mv middleware/ /www/middleware &&       mv migrations/ /www/migrations &&       mv publication_assets/ /www/publication_assets &&       mv services/ /www/services &&   mv views/ /www/views &&      mv .yarnrc /www/ &&     mv *.php /www/ &&       mv *.json /www/ &&      mv composer.* /root/.composer/ &&       mv *yarn* /www/ &&      mv *.sh /www/ &&     rm -rf /tmp/download &&    rm -rf /var/cache/apk/*
 ---> Running in 1b4055a92bde
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz
v3.9.0-105-ge0f24cceea [http://dl-cdn.alpinelinux.org/alpine/v3.9/main]
v3.9.0-90-gf0b6b9da2f [http://dl-cdn.alpinelinux.org/alpine/v3.9/community]
OK: 9758 distinct packages available
(1/2) Upgrading libcurl (7.63.0-r0 -> 7.64.0-r1)
(2/2) Upgrading curl (7.63.0-r0 -> 7.64.0-r1)
Executing busybox-1.29.3-r10.trigger
OK: 18 MiB in 32 packages
(1/11) Installing expat (2.2.6-r0)
(2/11) Installing pcre2 (10.32-r1)
(3/11) Installing git (2.20.1-r0)
(4/11) Installing wget (1.20.1-r0)
(5/11) Installing c-ares (1.15.0-r0)
(6/11) Installing libgcc (8.2.0-r2)
(7/11) Installing http-parser (2.8.1-r0)
(8/11) Installing libstdc++ (8.2.0-r2)
(9/11) Installing libuv (1.23.2-r0)
(10/11) Installing nodejs (10.14.2-r0)
(11/11) Installing yarn (1.12.3-r0)
Executing busybox-1.29.3-r10.trigger
OK: 61 MiB in 43 packages
SHA384 is not supported by your openssl extension, could not verify the phar file integrity
ERROR: Service 'grocy' failed to build: The command '/bin/sh -c apk update &&   apk upgrade &&  apk add --update yarn git wget &&       mkdir -p /www &&        sed -i "s|;*daemonize\s*=\s*yes|daemonize = no|g" /usr/local/etc/php-fpm.conf &&     sed -i "s|;*listen\s*=\s*127.0.0.1:9000|listen = 9000|g" /usr/local/etc/php-fpm.conf &&         sed -i "s|;*listen\s*=\s*/||g" /usr/local/etc/php-fpm.conf &&   sed -i "s|;*chdir\s*=\s*/var/www|chdir = /www|g" /usr/local/etc/php-fpm.d/www.conf &&        wget https://raw.githubusercontent.com/composer/getcomposer.org/1b137f8bf6db3e79a38a5bc45324414a6b1f9df2/web/installer -O - -q | php -- --quiet &&      mkdir -p /tmp/download &&       cd /tmp/download &&     wget -t 3 -T 30 -nv -O "grocy.zip" "https://github.com/grocy/grocy/archive/v${GROCY_VERSION}.zip" &&         unzip grocy.zip &&      rm -f grocy.zip &&      cd grocy-${GROCY_VERSION} &&    mv public /www/public &&        mv controllers /www/controllers &&   mv data /www/data &&    mv helpers /www/helpers &&      mv localization/ /www/localization &&   mv middleware/ /www/middleware &&       mv migrations/ /www/migrations &&       mv publication_assets/ /www/publication_assets &&    mv services/ /www/services &&   mv views/ /www/views &&         mv .yarnrc /www/ &&     mv *.php /www/ &&       mv *.json /www/ &&      mv composer.* /root/.composer/ &&       mv *yarn* /www/ &&      mv *.sh /www/ &&     rm -rf /tmp/download &&         rm -rf /var/cache/apk/*' returned a non-zero code: 1

The exact error message is:

SHA384 is not supported by your openssl extension, could not verify the phar file integrity

See also composer/composer#7669

The grocy application database is initialized on first-request if it does not previously exist.

This first-request can take a few seconds while the database is created.

It'd be good to investigate performing this initialization at build-time, for two reasons:

• It would reduce the user time-to-application-usage
• It would allow us to use lower request-timeout thresholds in nginx configuration

Hi

The build fails sometimes on Travis when grabbing the latest version or cleaning cache apk.

Best regards

with the current docker hub setup the one repository is being overused. there should be two different repositories for grocy and the custom nginx image.

the setup could look like this:

grocy/grocy
grocy/nginx

this way one can also use the latest tag for the two images

here an example for the separation: docker-compose | docker hub

Hi,

I've used docker-compose to install grocy and used Let's Encrypt for SSL of my Apache2 reverse-proxy, but every time I will access grocy with https the Website is not correctly displayed, in the web source code stands any link to my domain with http and not with https, and thats the reason why my browser blocking this connections.

Source of grocy.domain.de-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443> 
    ProxyPreserveHost On
    ProxyRequests Off
    ServerName grocy.domain.de
    ProxyPass / http://0.0.0.0:8443/
    ProxyPassReverse / http://0.0.0.0:8443/

SSLCertificateFile /etc/letsencrypt/live/grocy.domain.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/grocy.domain.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Source of docker-compose.yml:

version: '2.4'

services:

  nginx:
    image: "grocy/nginx:v2.7.1-4"
    build:
      args:
        GROCY_VERSION: v2.7.1
      context: .
      dockerfile: Dockerfile-grocy-nginx
    depends_on:
      - grocy
    ports:
      - '127.0.0.1:8443:8080'
    read_only: true
    tmpfs:
      - /tmp
    volumes:
      - /var/log/nginx
    container_name: nginx

  grocy:
    image: "grocy/grocy:v2.7.1-4"
    restart: always
    expose:
      - '9000'
    read_only: true
    tmpfs:
      - /tmp
    volumes:
      - /var/log/php7
      - app-db:/opt/grocy-data/
    env_file:
      - grocy.env
    container_name: grocy

volumes:
  app-db:

Source of grocy.env:

# Grocy Environment Variables

# These environment variables affect PHP and the grocy application
# For a full list of grocy settings, see config-dist.php in the main grocy repo:
#
#       https://github.com/grocy/grocy/blob/master/config-dist.php
#
# Grocy application settings must be prefixed with 'GROCY_'.
#
# For example, if we'd like to configure grocy to use Euros (EUR):
#
#       Setting('CURRENCY', 'USD');
#
# Then we would set GROCY_CURRENCY='EUR'. 


## User-supplied Variables

# These are environment variables that may be supplied by the user
# No values are supplied for these as part of this distribution

# When you're ready to deploy grocy in production, set GROCY_MODE=production
# to enable user authentication
GROCY_MODE


## Distribution-supplied Variables

# These are 'sensible defaults' provided as part of the grocy-docker
# distribution.

# GROCY_CULTURE configures localization of the grocy application
# Supported locales: https://github.com/grocy/grocy/tree/master/localization
GROCY_CULTURE=de
GROCY_CURRENCY='EUR'

# PHP Environment variables
MAX_UPLOAD=50M
PHP_MAX_FILE_UPLOAD=200
PHP_MAX_POST=100M
PHP_MEMORY_LIMIT=512M

I hope anyone can help me.

Finished the steps here: https://github.com/grocy/docs/blob/master/tutorials/setup.md#docker-container, but my site cannot be reached at http://< ip-address-of-your-server >. I think I'm pretty smart because I put in my public EC2 IP address in for < ip-address-of-your-server >. I also made the changes to the docker-compose.yml file recommended by @verginer here: #95 (comment).

What are some tests I can run to see if my EC2 instance of AMI with Docker and grocy-docker is working besides hitting the public IP in a browser?

[ec2-user@ip- ~]$ cd grocy-docker/
[ec2-user@ip- grocy-docker]$ ls
CHANGELOG.md        Dockerfile-grocy-nginx  grocy.env  package.json
docker-compose.yml  docker_grocy            LICENSE    package-lock.json
Dockerfile-grocy    docker_nginx            Makefile   README.md

[ec2-user@ip- ~]$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[ec2-user@ip- ~]$ curl http://localhost:49167
curl: (7) Failed to connect to localhost port 49167: Connection refused

in the current docker-compose.yml no volumes are being used for persistent data

I think that at least the sqlite db has to be persisted

Hi
Thanks for your work 👍
For my needs I modified your Grocy docker file and docker-compose :
It is running the latest commit from Grocy in demo mode. (Travis testing :) )

Can I do a PR ? But not on master branch because it's for people who want to test.

Kind regards (and sorry for my English)

I pulled the grocy-docker repo here to try upgrading it but the image build won't work (likely my version of openssl on my main rig). Just throws this during the build - haven't got time to fix today either:

SHA384 is not supported by your openssl extension, could not verify the phar file integrity

Anyone tried building for 2.4.0 or even 2.3.0 yet?

I cloned this repo and ran docker-compose pull then docker compose up.

Here is the output:

Removing grocy-nginx
Recreating grocy ... done
Recreating 7cf5bd99b9fc_grocy-nginx ...

ERROR: for 7cf5bd99b9fc_grocy-nginx  a bytes-like object is required, not 'str'

ERROR: for grocy-nginx  a bytes-like object is required, not 'str'
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/docker/api/client.py", line 261, in _raise_for_status
    response.raise_for_status()
  File "/usr/lib/python3.8/site-packages/requests/models.py", line 940, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 500 Server Error: Internal Server Error for url: http+docker://localhost/v1.22/containers/b06e81bc218cfab614b27afb471d5abef54f5b6dbdf872d2b9131d25e1a856f9/start

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/compose/service.py", line 625, in start_container
    container.start()
  File "/usr/lib/python3.8/site-packages/compose/container.py", line 241, in start
    return self.client.start(self.id, **options)
  File "/usr/lib/python3.8/site-packages/docker/utils/decorators.py", line 19, in wrapped
    return f(self, resource_id, *args, **kwargs)
  File "/usr/lib/python3.8/site-packages/docker/api/container.py", line 1095, in start
    self._raise_for_status(res)
  File "/usr/lib/python3.8/site-packages/docker/api/client.py", line 263, in _raise_for_status
    raise create_api_error_from_http_exception(e)
  File "/usr/lib/python3.8/site-packages/docker/errors.py", line 31, in create_api_error_from_http_exception
    raise cls(e, response=response, explanation=explanation)
docker.errors.APIError: 500 Server Error: Internal Server Error ("b'driver failed programming external connectivity on endpoint grocy-nginx (08a432792f7c28033186b9de3b055ab8f561dd38ce6984f4b150f04c3c8b3688): Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use'")

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/docker-compose", line 11, in <module>
    load_entry_point('docker-compose==1.25.0', 'console_scripts', 'docker-compose')()
  File "/usr/lib/python3.8/site-packages/compose/cli/main.py", line 72, in main
    command()
  File "/usr/lib/python3.8/site-packages/compose/cli/main.py", line 128, in perform_command
    handler(command, command_options)
  File "/usr/lib/python3.8/site-packages/compose/cli/main.py", line 1107, in up
    to_attach = up(False)
  File "/usr/lib/python3.8/site-packages/compose/cli/main.py", line 1088, in up
    return self.project.up(
  File "/usr/lib/python3.8/site-packages/compose/project.py", line 565, in up
    results, errors = parallel.parallel_execute(
  File "/usr/lib/python3.8/site-packages/compose/parallel.py", line 112, in parallel_execute
    raise error_to_reraise
  File "/usr/lib/python3.8/site-packages/compose/parallel.py", line 210, in producer
    result = func(obj)
  File "/usr/lib/python3.8/site-packages/compose/project.py", line 548, in do
    return service.execute_convergence_plan(
  File "/usr/lib/python3.8/site-packages/compose/service.py", line 561, in execute_convergence_plan
    return self._execute_convergence_recreate(
  File "/usr/lib/python3.8/site-packages/compose/service.py", line 486, in _execute_convergence_recreate
    containers, errors = parallel_execute(
  File "/usr/lib/python3.8/site-packages/compose/parallel.py", line 112, in parallel_execute
    raise error_to_reraise
  File "/usr/lib/python3.8/site-packages/compose/parallel.py", line 210, in producer
    result = func(obj)
  File "/usr/lib/python3.8/site-packages/compose/service.py", line 481, in recreate
    return self.recreate_container(
  File "/usr/lib/python3.8/site-packages/compose/service.py", line 602, in recreate_container
    self.start_container(new_container)
  File "/usr/lib/python3.8/site-packages/compose/service.py", line 627, in start_container
    if "driver failed programming external connectivity" in ex.explanation:
TypeError: a bytes-like object is required, not 'str'

docker --version:

Docker version 19.03.5-ce, build 633a0ea838

docker-compose --version:

docker-compose version 1.25.0, build unknown

uname -a:

Linux robitaille.host 5.4.2-arch1-1 #1 SMP PREEMPT Thu, 05 Dec 2019 12:29:40 +0000 x86_64 GNU/Linux

• Ensure changelog is populated prior to release
• Ensure release commit is tagged and that an associated release is packaged (solved via #111)
• Ensure upstream grocy version tag is used consistently (i.e. in Makefile, docker-compose, package.json, ...)
  • Migrate GitHub actions workflow to retrieve application version from git tag (#169)
  • Removed package.json and package-lock.json files (and the associated container release version references in them) (#170)
  • Makefile version reference improvements
  • docker-compose.yml version reference improvements
• Rebuild package-lock.json automatically? (outdated due to file removal in #170)
• Push images automatically? (solved via #111)
• Reconsider how release notes are handled; these are currently copy-paste from the changelog, which is a manual process where mistakes could occur
• Tag the latest image on Docker Hub? (currently a WONTDO)

It may be possible to perform some of these checks by using git pre-commit / pre-push scripts.

I try to access the (freshly downloaded) application under a subdomain like this: https://grocy.example.com. Sadly I only get a 403 Forbidden error.

The database folder only contains an empty folder called public.

Using curl on localhost / from inside the container leads to the same results.

root@host:/opt/grocy# curl localhost:5002
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.14.0</center>
</body>
</html>
root@host:/opt/grocy# curl localhost:5002/stockoverview
File not found.
root@host:/opt/grocy# curl localhost:5002/stockoverview/
File not found.

docker-compose logs returns this:

root@host:/opt/grocy# docker-compose logs
Attaching to grocy-nginx, grocy
grocy          | [03-Mar-2019 13:34:38] NOTICE: fpm is running, pid 1
grocy          | [03-Mar-2019 13:34:38] NOTICE: ready to handle connections
grocy          | 172.20.0.3 -  03/Mar/2019:13:34:41 +0000 "GET /index.php" 404
grocy          | 172.20.0.3 -  03/Mar/2019:13:34:43 +0000 "GET /index.php" 404
grocy          | 172.20.0.3 -  03/Mar/2019:13:34:43 +0000 "GET /index.php" 404
grocy          | 172.20.0.3 -  03/Mar/2019:13:51:33 +0000 "GET /index.php" 404
grocy          | 172.20.0.3 -  03/Mar/2019:13:52:45 +0000 "GET /index.php" 404
grocy          | 172.20.0.3 -  03/Mar/2019:13:53:06 +0000 "GET /index.php" 404
grocy          | 172.20.0.3 -  03/Mar/2019:13:53:27 +0000 "GET /index.php" 404
grocy          | 172.20.0.3 -  03/Mar/2019:13:53:32 +0000 "GET /index.php" 404
grocy          | 172.20.0.3 -  03/Mar/2019:13:53:43 +0000 "GET /index.php" 404

Do you have any idea how to get it running?

This is my first time self-hosting grocy. I used Docker's Synology app to download the grocy image and create a container, then configured the volume and network settings as instructed. When I try to connect to grocy, I get an error saying the connection was refused. I have never used Docker before, but online it seems this is a configuration issue with Docker that I don't even think the Synology app gives me enough control to fix.

$ docker container ls
CONTAINER ID        IMAGE                  COMMAND             CREATED             STATUS              PORTS                                          NAMES
744fa94507e9        grocy/grocy:v2.7.1-4   "php-fpm7"          About an hour ago   Up 4 seconds        0.0.0.0:9000->9000/tcp, 0.0.0.0:8001->80/tcp   grocy

I've tried to install Grocy via docker on a Synology nas. But I cannot seem to get the data in the correct volume. Images are also not uploaded.

- database:/www
...
volumes:
  database:

I want this folder in /volume2/docker/grocy/database. But changing the volumes rule to

      - /volume2/docker/grocy/database:/www

Results in:

Creating grocy ...
Creating grocy ... error

ERROR: for grocy  Cannot start service grocy: oci runtime error: container_linux.go:247: starting container process caused "chdir to cwd (\"/www/public\") set in config.json failed: no such file or directory"

ERROR: for grocy  Cannot start service grocy: oci runtime error: container_linux.go:247: starting container process caused "chdir to cwd (\"/www/public\") set in config.json failed: no such file or directory"
ERROR: Encountered errors while bringing up the project.

When adding a folder /volume2/docker/grocy/database/public it starts, but the nginx gives a 403 error.

I'm a bit lost here. It works on other docker containers I'm using.

Hello grocy team.
I'm copy docker-compose.yml as is, and when I run "docker compose up -d" I got two containers is running, but when I connect to http://localhost with links2 I got page with php error:
Slim application Error
The application could not run because of the following error:
Details
Type: PROEXception
Code: HY000
Message: SQLSTATE[HY000]: General error: 13 database or disk is full
File: /www/services/DatabaseService.php
Line: 55

Trace
...
I think something wrong with persistent storage and try to map in docker-compose in grocy section like:
grocy:
...
volume:
- /home/myuser/grocy_vol/www:/usr/local/www - and error message is gone, but I got "403 forbidden/ nginx" error.

And log file was not created in /usr/local/var/log inside container.

As it becomes easier to use and deploy grocy, it makes sense to improve the security of the default login credentials.

There's a tricky balance here; we want to reduce the possibility for unauthorized access to a grocy instance, while allowing users to restore access to the application and data if they forget their password in future.

It may be reasonable to assume that a person running grocy on a home device would be able to access the device and/or filesystem for truly urgent for recovery purposes.

Logging into the device and/or accessing the filesystem directly might also be able to provide 'in-person-only' reset workflows.

A suggested new-instance setup phase would involve:

• Begin with a limited user dialog that only listens on limited network interfaces/ports (todo: how?)
• Prompt for a password via the dialog, and ensure that it is a strong password -- or generate a strong password for the user if they prefer
• Start the full application

There are a lot of possible tradeoffs and design options here; we might be able to discover how other projects achieve this and get some ideas from them (linuxserver, for example?).

It'd be great to allow users to automatically provision a hostname and letsencrypt certificate by using environment variables and/or build arguments supplied to docker-compose build.

There are a few projects which provide similar or related functionality, and it may be possible to integrate with one of them, or select some functionality from them:

• https://github.com/wmnnd/nginx-certbot (requires an init script)
• https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion (creates an nginx proxy)
• https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion (creates an nginx proxy)
• https://github.com/linuxserver/docker-letsencrypt (creates an nginx proxy, has good documentation)

Edit: condense research-related comments into the pull request description

I've installed Grocy inside Docker, but every time I try to access it, I get an HTTP 400 "Bad Request" page with the error "Request Header Or Cookie Too Large." I can work around this by manually removing all my stored cookies for that host, but that's a pain to do every time. The problem occurs just the same over HTTP or HTTPS.

I found some help online for nginx generally, but do you know of a quick way to increase the allowed header size in the nginx container? Alternatively, is there any way to fix it in the repo so that this isn't an issue for anyone else?

Hi,

maybe a silly question. I want to upgrade to grocy 2.4.4, but whatever I do, it stays on v 2.2.0. Are there steps I forgot (given I'm new to docker)?

1. git pull this repo
2. docker-compose pull
3. docker-compose build --no-cache --pull (I see that grocy-2.4.4 is being unzipped)
4. docker-container up
   -> still grocy v2.2.0

Thank you for any suggestions

At the moment when cloning grocy application code (PHP assets, web assets) into grocy-docker containers, extraction runs under the www-data and nginx user accounts respectively.

This means that the files are owned by the same user account that the web server (php-fpm, nginx, respectively) process runs as.

Although the root filesystems are read-only already, we could apply another layer of security by ensuring that the files are owned by a separate user account.

That could place a further roadblock against any potential application-level exploits from modifying and/or persisting in the containers.

I typically can figure it out on my own and may eventually do it but there's a variety of reverse proxies many of which maintain their own TLS certificates Nginx not being one of them. Would it be reasonable to ask for an example where there isn't a webserver included in case someone like me wanted to use Traefik on the front end or someone else who might want to use Caddy server? You wouldn't even really need to maintain much more with this route of publishing an example without a webserver front end.

They appear at the service level for both grocy and grocy-nginx. Per the docs for v2 of docker-compose YAML, read_only:true is only supposed to be a field within a volume definition. The file validates, and seems to work (mostly - posting another issue in a second), but it doesn't make sense to me that all the volumes in each container would be read-only, and the short-form definition for grocy-nginx's access to www-public is marked with the :ro suffix. So it seems like at best that line isn't doing anything, and at worst preventing write to one or more volumes that clearly need writing to. But I'm a grocy and docker noob, and could definitely be wrong here.

I'm trying to get a docker version set up on Amazon EC2 a Amazon Linux AMI server.

"docker run hello-world" has succeeded.

[ec2-user@ip- ~]$ docker login
Authenticating with existing credentials...
Login Succeeded
[ec2-user@ip- ~]$ docker pull grocy/grocy
Using default tag: latest
Error response from daemon: manifest for grocy/grocy:latest not found: manifest unknown: manifest unknown

Also tried:
docker-compose pull
docker-compose up

So you know that I'm a docker n00b. I'm happy to add some documentation once I get it running.

I've got a Jwilder Nginx Proxy Docker Container Running that handles the HTTPS Reverse Proxying.

I've got other various containers running as well succesfully and had no problems getting Grocy to run.

However i've been trying to upload product images and had some troubles. Oddly enough I was able to get 1 image to load no problem I thought initially it was pixel size or perhaps the file size itself, but I haven't been able to get any others to upload.

I checked the logs on the proxy and here is what I'm seeing:

 nginx.1    | grocy.thechickenmoo.com XXX.XX.X.X - - [02/Mar/2019:06:21:12 +0000] "GET /node_modules/moment/locale/x.js?v=1.24.1 HTTP/2.0" 404 888 "https://grocy.thechickenmoo.com/product/5"
 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"

 nginx.1    | grocy.thechickenmoo.com XXX.XX.X.X - - [02/Mar/2019:06:21:12 +0000] "GET /api/file/productpictures?file_name=j3f91l0ybbnlp95067xynabc123.jpg HTTP/2.0" 404 50 "https://grocy.the
chickenmoo.com/product/5" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"

So I get a 404 on the module and then a 404 on the image since it didn't actually get uploaded.
The logs on the grocy server are:

172.24.0.14 -  02/Mar/2019:06:25:10 +0000 "POST /index.php" 200
172.24.0.14 -  02/Mar/2019:06:25:10 +0000 "GET /index.php" 200
172.24.0.14 -  02/Mar/2019:06:25:10 +0000 "GET /index.php" 200
172.24.0.14 -  02/Mar/2019:06:25:16 +0000 "GET /index.php" 200
172.24.0.14 -  02/Mar/2019:06:25:16 +0000 "GET /index.php" 200
172.24.0.14 -  02/Mar/2019:06:25:16 +0000 "GET /index.php" 404
172.24.0.14 -  02/Mar/2019:06:25:16 +0000 "GET /index.php" 404
172.24.0.14 -  02/Mar/2019:06:25:16 +0000 "POST /index.php" 200
172.24.0.14 -  02/Mar/2019:06:25:16 +0000 "GET /index.php" 200
172.24.0.14 -  02/Mar/2019:06:25:16 +0000 "GET /index.php" 200

My Docker Compose:

version: '2'

services:
  grocy-nginx:
    image: grocy/grocy-docker:nginx
    build:
      context: .
      dockerfile: Dockerfile-grocy-nginx
    depends_on:
      - grocy
    expose:
      - '80'
      - '443'
    environment:
      - VIRTUAL_HOST=grocy.thechickenmoo.com
      - LETSENCRYPT_HOST=grocy.thechickenmoo.com
      - [email protected]
    volumes_from:
      - grocy
    container_name: grocy-nginx

  grocy:
    image: grocy/grocy-docker:grocy
    build:
      context: .
      dockerfile: Dockerfile-grocy
    expose:
      - 9000
    volumes:
      - database:/www
    environment:
      PHP_MEMORY_LIMIT:    512M
      MAX_UPLOAD:          50M
      PHP_MAX_FILE_UPLOAD: 200
      PHP_MAX_POST:        100M
      GROCY_CULTURE: en
    container_name: grocy
volumes:
  database:
networks:
   default:
     external:
       name: nginx-proxy

Am I missing something stupid? I keep trying but I'm going in circles so I figured I'd ask in the hopes of somebody being able to point me in the right direction.

I made sure that the proxy (It's nginx based) has the settings below:
client_max_body_size 200m;
client_body_buffer_size 200m;

The error I get on the page is:

What can I do to fix this? I want to use this in my home but I know my wife won't touch it unless I get it up and running without errors :D

We currently build amd64 images for grocy-docker. It'd be worth building multi-architecture images. This might raise questions about the OS images and libraries we're using, since it's possible that some of them contain architecture-specific compiled code.

Several new features are in the current 1.24.0 version of Grocy, can the Docker container be updated?

https://github.com/grocy/grocy/releases/tag/v1.24.0

Thank you :)

I am using just the standalone docker container since I have a separate nginx container I use for everything. When I spin it up the log says the following:

[04-Mar-2020 01:35:53] NOTICE: fpm is running, pid 1,
[04-Mar-2020 01:35:53] NOTICE: ready to handle connections,

However if I try to connect to the exposed port it doesn't work.

Logging in and trying to curl the port gives the following:

/www/public # curl localhost:9000
curl: (56) Recv failure: Connection reset by peer

It does show that it's listening on 9000 though

netstat -tulpn | grep LISTEN
tcp        0      0 127.0.0.11:43733        0.0.0.0:*               LISTEN      -
tcp        0      0 :::9000                 :::*                    LISTEN      1/php-fpm.conf)

Here is my docker-compose:

  grocy:
    build:
      context: ./containers/grocy
    container_name: grocy
    ports:
      - 8234:9000
    volumes:
      - /srv/docker/grocy:/www
    environment:
      - PHP_MEMORY_LIMIT=512M
      - MAX_UPLOAD=50M
      - PHP_MAX_FILE_UPLOAD=200
      - PHP_MAX_POST=100M
      - GROCY_CULTURE=en

I also tried using the image directly first.

We'd save some build-time compilation time & steps by using the pre-built php7-gd binary package from the Alpine Linux upstream package repository.

This isn't compatible as-is with the php:7.2-fpm-alpine Docker image's php environment, so some further investigation would be required.

Hi,

To use LDAP and EXIF packages currently contained in Grocy v3.0.0, the docker image requires additional packages not currently installed during the build. The system dependencies statement should look like the following:

# Install system dependencies
RUN     apk add --no-cache \
            php7-ctype \
            php7-fpm \
            php7-fileinfo \
            php7-iconv \
            php7-json \
            php7-gd \
            php7-pdo_sqlite \
            php7-simplexml \
            php7-tokenizer \
            php7-ldap \
            php7-exif

I just discovered grocy and want to start to use it. I've used this docker-compose to pull and start it, but this will use grocy 2.5.2.

Also after a docker-compose build the version is still 2.5.2.

I would like to use the latest available version.

Running grocy-docker on Raspbian, yesterday I was able to build grocy-nginx, but not today.
When running docker-compose up -d on the directory where I downloaded the sourcecode of this repo (#103), I get this error for nginx:

ERROR: for nginx  Cannot start service nginx: driver failed programming external connectivity on endpoint nginx (6e4362d7001bac77a95f14887f4b53733b003f895cfabc4d92d811822ca43c4b): Error starting userland proxy: listen tcp 127.0.0.1:80: bind: address already in use

ERROR: for nginx  Cannot start service nginx: driver failed programming external connectivity on endpoint nginx (6e4362d7001bac77a95f14887f4b53733b003f895cfabc4d92d811822ca43c4b): Error starting userland proxy: listen tcp 127.0.0.1:80: bind: address already in use
ERROR: Encountered errors while bringing up the project.

Does someone know why is this? Seems a misconfiguration on Nginx ports, but I have changed nothing.

@talmai It'd be good to ensure that people find images containing the recent grocy application security fixes when they search for the term 'grocy'.

Do you have any preferences for how we could do this?

Unfortunately it looks like it's not currently possible to rename Docker repositories (as per the Docker Hub docs).

Given that we (should?) have all of the code history in this repository, I'd be tempted to suggest we delete the grocy/grocy-docker repository, after taking backups of any images that we want to keep for later re-upload elsewhere.

Love this project first of all! Got a little one on the way and can't wait to use this to it's fullest.

Has there been any talks of creating a Pi Image for this? I'd love to assist in setting this up. I got my instance running on a Pi but for someone with little experience this would be tough.

If anyone wants/attempts to run grocy on AWS as a docker image this is an important point.

For the docker port to be visible outside the EC2 instance, beyond setting up the correct Security Groups (i.e., HTTP and HTTPS), it is necessary to change the "localhost" ip to 0.0.0.0.

Change in docker-compose.yml this

    ports:
      - '127.0.0.1:80:8080'
      - '127.0.0.1:443:8443'

to this

    ports:
      - '0.0.0.0:80:8080'
      - '0.0.0.0:443:8443'

Hope this helps someone :)

IMPORTANT UPDATE: Note that by doing this you expose your instance to the public internet, where anyone can access it. Be sure to follow best practice. e.g. set strong passwords, be aware that by using HTTP your traffic is unencrypted.

Whenever I add a manual PDF, Nginx throws 404 on the PUT request, like so:

Could be an issue with Docker-compose / Nginx config. I'm not really familiar with CRUD, but any ideas on how I can fix?

Hey there, love your work so far!

But i think it's a shame you can't import recipies. So i red a few issues about this topic and found your answer to just import it into the db.
But now i can't find the db on my docker (running on OSX).
I'm using docker-compose bone config:

`version: '2'

services:
grocy-nginx:
image: grocy/grocy-docker:nginx
build:
context: .
dockerfile: Dockerfile-grocy-nginx
depends_on:
- grocy
ports:
- '80:80'
- '443:443'
volumes_from:
- grocy
container_name: grocy-nginx

grocy:
image: grocy/grocy-docker:grocy
build:
context: .
dockerfile: Dockerfile-grocy
expose:
- 9000
volumes:
- database:/www
environment:
PHP_MEMORY_LIMIT: 512M
MAX_UPLOAD: 50M
PHP_MAX_FILE_UPLOAD: 200
PHP_MAX_POST: 100M
GROCY_CULTURE: de
container_name: grocy
volumes:
database:
`

I would be very greatful if you'd help me out finding the /www folder with it's database.
Sorry if this is a dumb post but i kinda suck using docker.

tl;dr - some sed commands in Dockerfile-grocy are no-ops and can be removed.

Detailed Summary

Although the sed ... php-fpm.conf commands in Dockerfile-grocy succeed, they don't appear to be applying edits to /usr/local/etc/php-fpm.conf currently.

The listen directives may have been moved into different files in the image's filesystem (image ref: php:7.2-fpm-alpine).

Steps to check the contents of the base image:

# create and start a root shell in a container
$ buildah run $(buildah from php:7.2-fpm-alpine) sh -c "PS1='% ' sh"

# look for 'listen' directives in the base fpm conf file
% grep "listen\s*=" /usr/local/etc/php-fpm.conf

# perform the same search in the fpm conf include directory
% grep "listen\s*=" /usr/local/etc/php-fpm.d/*.conf
/usr/local/etc/php-fpm.d/www.conf:listen = 127.0.0.1:9000
/usr/local/etc/php-fpm.d/zz-docker.conf:listen = 9000

Cause (pending further investigation)

The php:7.2-fpm-alpine Dockerfile hasn't changed much between 7.2-alpha3 and the latest version.

It seems most likely that change(s) to the underlying Alpine filesystem (3.6 -> 3.11) and/or PHP release (7.2.0-alpha3 -> 7.2.29) may have changed between 3.6 and 3.11?