hedgedoc / container Goto Github PK

View Code? Open in Web Editor NEW

193.0 17.0 51.0 892 KB

HedgeDoc container image resources

Home Page: https://docs.hedgedoc.org/setup/docker/

Dockerfile 28.41% Shell 67.25% JavaScript 4.35%

codimd docker-image docker-compose codimd-container hacktoberfest hedgedoc

container's Introduction

HedgeDoc container

This repository contains resources for building the official HedgeDoc containers published to quay.io.

Getting Started

Have a look at our getting started guide and follow the instructions for Docker.

Documentation

The official docs can be found at https://docs.hedgedoc.org/setup/docker/.

They are maintained in the main HedgeDoc repository, so PRs must be filed over there.

License

View license information for the software contained in this image.

User Feedback

Issues

If you have any problems with or questions about this image, please contact us through a GitHub issue.

You can also reach many of the project maintainers via our matrix room #hedgedoc:matrix.org.

Contributing

You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can.

Happy HedgeDoc 😄

container's People

Contributors

Stargazers

Watchers

container's Issues

building image takes forever, stuck at webpack.Progress

running docker-compose build, it takes quite forever to build the app image

the point where it gets stuck is shown below.

<s> [webpack.Progress] 92% additional asset processing PersistentChildCompilerSingletonPlugin
<s> [webpack.Progress] 92% chunk asset optimization
<s> [webpack.Progress] 92% chunk asset optimization TerserPlugin

Anyone having the same issue?

Under docker env image upload type minio failing

Hi,

I am trying to run codimd in docker, I followed guidelines from below link

For "CMD_IMAGE_UPLOAD_TYPE" imgur & filesystem its working type, but for "minio"
I stuck with below error.

app_1_565dcdd3e1e9 | 2018-11-08T14:21:40.743Z - info: 10.0.2.2 - - [08/Nov/2018:14:21:40 +0000] "GET /me HTTP/1.1" 304 - "http://127.0.0.1:3000/aZIidA5MQta8uNjhKWnRWw" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Vivaldi/2.1.1337.36"
app_1_565dcdd3e1e9 | 
app_1_565dcdd3e1e9 | 2018-11-08T14:21:56.801Z - info: deserializeUser: f9341c86-cc07-486e-8500-64dcaedf62a7
app_1_565dcdd3e1e9 | 2018-11-08T14:21:56.973Z - error:  Error: Error: connect ECONNREFUSED 127.0.0.1:9000
app_1_565dcdd3e1e9 |     at /hackmd/lib/web/imageRouter/minio.js:40:18
app_1_565dcdd3e1e9 |     at ObjectUploader.<anonymous> (/hackmd/node_modules/minio/dist/main/object-uploader.js:55:7)
app_1_565dcdd3e1e9 |     at emitOne (events.js:121:20)
app_1_565dcdd3e1e9 |     at ObjectUploader.emit (events.js:211:7)
app_1_565dcdd3e1e9 |     at onwriteError (_stream_writable.js:417:12)
app_1_565dcdd3e1e9 |     at onwrite (_stream_writable.js:439:5)
app_1_565dcdd3e1e9 |     at ObjectUploader.afterTransform (_stream_transform.js:90:3)
app_1_565dcdd3e1e9 |     at /hackmd/node_modules/minio/dist/main/object-uploader.js:84:25
app_1_565dcdd3e1e9 |     at _makeRequest (/hackmd/node_modules/minio/dist/main/minio.js:382:21)
app_1_565dcdd3e1e9 |     at /hackmd/node_modules/minio/dist/main/minio.js:485:16
app_1_565dcdd3e1e9 |     at ClientRequest.<anonymous> (/hackmd/node_modules/minio/dist/main/minio.js:425:9)
app_1_565dcdd3e1e9 |     at emitOne (events.js:121:20)
app_1_565dcdd3e1e9 |     at ClientRequest.emit (events.js:211:7)
app_1_565dcdd3e1e9 |     at Socket.socketErrorListener (_http_client.js:387:9)
app_1_565dcdd3e1e9 |     at emitOne (events.js:116:13)
app_1_565dcdd3e1e9 |     at Socket.emit (events.js:211:7)
app_1_565dcdd3e1e9 | 2018-11-08T14:21:57.055Z - info: 10.0.2.2 - - [08/Nov/2018:14:21:57 +0000] "POST /uploadimage HTTP/1.1" 500 - "http://127.0.0.1:3000/aZIidA5MQta8uNjhKWnRWw?both" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Vivaldi/2.1.1337.36"
app_1_565dcdd3e1e9 | 
^CGracefully stopping... (press Ctrl+C again to force)
Stopping codimd-container_app_1_565dcdd3e1e9      ... done
Stopping codimd-container_database_1_c73980818236 ... done

I am able to access "minio" via web & mc client, and I am using same working secret & access key in docker conf ...

  app:
    # Uncomment the following section to build the image yourself:
    #build:
    #  context: .
    #  dockerfile: debian/Dockerfile
    #  args:
    #    - "VERSION=master"
    #    - "CODIMD_REPOSITORY=https://github.com/hackmdio/codimd.git"
    image: hackmdio/hackmd:1.2.1

    environment:
      - CMD_DB_URL=postgres://hackmd:hackmdpass@database:5432/hackmd
      - CMD_IMAGE_UPLOAD_TYPE=minio
      - CMD_MINIO_ACCESS_KEY="XXXXXXXXXXXXX"
      - CMD_MINIO_SECRET_KEY="iYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"
      - CMD_MINIO_ENDPOINT=127.0.0.1
      - CMD_MINIO_PORT=9000
      - CMD_MINIO_SECURE=false
      - CMD_S3_BUCKET=hackmd

Plz let me know what I am making wrong here ...

OAUTH2/OpenID-Connect fails with alpine based image

Authentication via OAUTH2/OpenID-Connect with Keycloak as IdP fails when using the Alpine based image, it succeeds with Debian based one.

The images used where quay.io/hedgedoc/hedgedoc:1.7.1-alpine and quay.io/hedgedoc/hedgedoc:1.7.1-debian respectively.

Error log:

2021-01-14T02:07:05.827Z info:  10.244.0.1 - - [14/Jan/2021:02:07:05 +0000] "GET /auth/oauth2 HTTP/1.1" 302 0 "https://codimd.<redacted>.de/" "Mozilla/5.0 (X11; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0"
InternalOAuthError: Failed to obtain access token
    at OAuth2CustomStrategy.OAuth2Strategy._createOAuthError (/hedgedoc/node_modules/passport-oauth2/lib/strategy.js:408:17)
    at /hedgedoc/node_modules/passport-oauth2/lib/strategy.js:175:45
    at /hedgedoc/node_modules/oauth/lib/oauth2.js:191:18
    at ClientRequest.<anonymous> (/hedgedoc/node_modules/oauth/lib/oauth2.js:162:5)
    at ClientRequest.emit (events.js:314:20)
    at TLSSocket.socketErrorListener (_http_client.js:427:9)
    at TLSSocket.emit (events.js:314:20)
    at emitErrorNT (internal/streams/destroy.js:92:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)
    at processTicksAndRejections (internal/process/task_queues.js:84:21)
2021-01-14T02:07:06.103Z info:  10.244.0.1 - - [14/Jan/2021:02:07:06 +0000] "GET /auth/oauth2/callback?state=hCFMfFSMhyiYlCWCFj1qSbl4&session_state=164abb2b-382b-4a35-a3ec-f477782e0ad0&code=5aa9ca5c-bbb2-4e9d-a531-bead95b37a6d.164abb2b-382b-4a35-a3ec-f477782e0ad0.5051cf56-7697-4b0e-b62a-7f5f84a10cd8 HTTP/1.1" 500 148 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0"

Can't register new user via email (getting "Invalid email or password.")

After setting up CodiMD like described I tried to register a new user but I just get an error: "Invalid email or password."

Is there a way to see any CodiMD log output? What can go wrong this way?

Using SSL for domain: connection refused

I just discovered codimd thanks to a mention on the Ask Noah podcast, and the project looks great! I have successfully deployed using this repo's docker-compose.yml in a digital ocean droplet running ubuntu 18.04, and docker + docker-compose. I would like to switch the protocol from http to https and I tried making the following additions for environment variables:

- CMD_DOMAIN=https://notes.mydomain.com
- CMD_PROTOCOL_USESSL=true

I also used the following for the ports definitions:

- "80:3000"
- "443:3000"

But I am unable to connect to the site with https (says connection refused). Did I miss other settings i need to change?

Use node:12.13-slim baseimage

By using FROM node:12.13-slim for the debian version, the resulting image could be nearly as small as the alpine linux version, while maintaining compatibility with the "full" debian image.

running the container without root permission

We're trying to run the container without root permission. It does not work and we get the following error in the log:

/usr/local/bin/docker-entrypoint.sh: 80: exec: app.js: not found

We can make it work by overriding the entrypoint, but we do not have features such as db migration.

Why is there so many rights management in the entrypoint? The rights management should be embedded in the Dockerfile. This would make the startup of the container faster.

We should maybe work together on Dockerfile and docker-entrypoint.sh optimisations.

error on "sequelize db:migrate", container start is stuck

I'm trying to instanciate a HedgeDoc container on OpenShift/K8S and I'm having some trouble in making it running.

The strange thing is that the deployement runs well when the database is a separate MariaDB.

The deployement runs well also when I deploy a container from my local Docker engine.

The main differences between the previous environments (which are working) and the one which is not working are :

env	platform	database	OK/KO
no 1	OpenShift (container is not run as root)	MariaDB	OK
no 2	local Docker (container can be run as root)	sqlite	OK
no 3	OpenShift (container is not run as root)	sqlite	KO

It appears that the container that works is starting well until it start the following database migration:

== 20200321153000-fix-account-deletion: migrating =======

And unlike other working environments, the following line never comes:

== 20200321153000-fix-account-deletion: migrated (0.692s)

I tried to launch it again from the container, but the process never ends.

Is there something special with this batch that could explain that is never ends with sqlite in a specific environment (when the container is not run as root.

(Howto) migrate default database credentials from hackmd to hedgedoc?

Together with the update to HedgeDoc 1.7, the database user name, password and database name have been changed in docker-compose.yml.

Users running with the default credentials just doing git pull end up with a non-working config and seek information whether to change the settings back to hackmd/... or how to migrate their database name and credentials.

The quick solution is to revert database and user name in from hedgedoc to hackmd and user password to hackmdpass in docker-compose.yml before running ducker-compose up.

Alternatively, a migration can be done by running

docker-compose exec database createuser --superuser -Uhackmd postgres
docker-compose exec database psql -Upostgres -c "alter role hackmd rename to hedgedoc; alter role hedgedoc with password 'password'; alter database hackmd rename to hedgedoc;"

before running docker-compose up.

It would be useful to add this or something similar to the update section in the readme.

Proxy from another port not working

I have a nginx proxy from Port 443 pointing to Port 3000 of the container.
Some links are somehow not working anymore after an update.
E.g. the link to a new guest note is https://md.example.com:3000/new or to the screenshot of the start-page is https://md.example.com:3000/screenshot.png
My nginx server is just listening at https://md.example.com

Before the update I tried to set the CMD_PORT to 443 and it worked.
When I do this now, I get an EACCES error

uncaughtException: listen EACCES 0.0.0.0:443
Error: listen EACCES 0.0.0.0:443

Were the privileges of the execution changed?

My docker-compose.yml is the following:

version: '3'
services:
  database:
    image: postgres:9.6-alpine
    environment:
      - POSTGRES_USER=hackmd
      - POSTGRES_PASSWORD=hackmdpass
      - POSTGRES_DB=hackmd
    volumes:
      - database:/var/lib/postgresql/data
    networks:
      - backend
    restart: always

  app:
    image: quay.io/codimd/server:1.5.0
    environment:
      - CMD_DB_URL=postgres://hackmd:hackmdpass@database:5432/hackmd
      - CMD_EMAIL=false
      - CMD_ALLOW_EMAIL_REGISTER=false
      - CMD_GITHUB_CLIENTID=pass
      - CMD_GITHUB_CLIENTSECRET=pass
      - CMD_TWITTER_CONSUMERKEY=pass
      - CMD_TWITTER_CONSUMERSECRET=pass
      - CMD_ALLOW_FREEURL=true
      - CMD_DOMAIN=md.example.com
      - CMD_PROTOCOL_USESSL=true
      - CMD_ALLOW_ORIGIN=md.example.com
      - CMD_PORT=3000
      - CMD_USECDN=false
    ports:
      - "3000:3000"
    networks:
      - backend
    restart: always
    links:
      - database

networks:
  backend:
    driver: bridge

volumes:
  database:

Switch to package repository for gosu

Gosu is both in Alpine and Debian. I think it would be less maintenance work and would reduce the image complexity by a bit if we start to use them. Thoughts?

Database name seems to be hardcoded

@ErikMichelson and I noticed a very weird behavior:

Use the example docker-compose.yml with MariaDB

version: '3'
services:
  database:
    image: mariadb:10
    environment:
      - MYSQL_USER=hedgedoc
      - MYSQL_PASSWORD=password
      - MYSQL_DATABASE=hedgedoc
      - MYSQL_ALLOW_EMPTY_PASSWORD=true
    volumes:
      - database:/var/lib/mysql
      - ./resources/utf8.cnf:/etc/mysql/conf.d/utf8.cnf
    networks:
      backend:
    restart: always
  app:
    image: quay.io/hedgedoc/hedgedoc:1.6.0
    environment:
      - CMD_DB_URL=mariadb://hedgedoc:password@database:3306/hedgedoc
    volumes:
      - uploads:/hedgedoc/public/uploads
    ports:
      - "3000:3000"
    networks:
      backend:
    restart: always
    depends_on:
      - database
networks:
  backend:
volumes:
  database:
  uploads:

Start the stack. Everything starts up normally.
Change the image to quay.io/codimd/server:1.6.0, down and up the stack.
HedgeDoc now fails to start:

app_1       | Sequelize CLI [Node: 12.19.0, CLI: 5.5.1, ORM: 5.21.4]
app_1       | 
app_1       | Parsed url mariadb://hedgedoc:*****@database:3306/hedgedoc
app_1       | warning: please use IANA standard timezone format ('Etc/GMT0')
app_1       | warning: please use IANA standard timezone format ('Etc/GMT0')
app_1       | No migrations were executed, database schema was already up to date.
database_1  | 2020-12-03  9:43:54 5 [Warning] Aborted connection 5 to db: 'hedgedoc' user: 'hedgedoc' host: '172.23.0.3' (Got an error reading communication packets)
app_1       | 2020-12-03T09:43:57.532Z warn: 	Neither 'domain' nor 'CMD_DOMAIN' is configured. This can cause issues with various components.
app_1       | Hint: Make sure 'protocolUseSSL' and 'urlAddPort' or 'CMD_PROTOCOL_USESSL' and 'CMD_URL_ADDPORT' are configured properly.
app_1       | 2020-12-03T09:43:57.534Z warn: 	Session secret not set. Using random generated one. Please set `sessionSecret` in your config.js file. All users will be logged out.
app_1       | 2020-12-03T09:43:57.535Z warn: 	PDF export was disabled for this release to mitigate a critical security issue. This feature will hopefully become available again in future releases.
app_1       | Thu, 03 Dec 2020 09:43:57 GMT hsts deprecated The "includeSubdomains" parameter is deprecated. Use "includeSubDomains" (with a capital D) instead. at app.js:85:18
app_1       | warning: please use IANA standard timezone format ('Etc/GMT0')
app_1       | warning: please use IANA standard timezone format ('Etc/GMT0')
app_1       | Unhandled rejection SequelizeDatabaseError: (conn=7, no: 1142, SQLState: 42000) SELECT command denied to user 'hedgedoc'@'172.23.0.3' for table 'Users'
app_1       | sql: SHOW INDEX FROM `Users` FROM `hackmd` - parameters:[]
app_1       |     at Query.formatError (/codimd/node_modules/sequelize/lib/dialects/mariadb/query.js:285:16)
app_1       |     at /codimd/node_modules/sequelize/lib/dialects/mariadb/query.js:68:22
app_1       |     at processTicksAndRejections (internal/process/task_queues.js:97:5)

The two FROMs in sql: SHOW INDEX FROM UsersFROMhackmd - parameters:[] look like Sequelize is for some reason trying to use a hackmd database. Note that the URL still uses hedgedoc and the sequelize-cli uses the correct database to check for migrations.

This problem seems to also occur the other way round: If you previously deployed the old codimd/server image and used a database named hackmd (the default before 298f793) and now upgrade to a image under hedgedoc/hedgedoc without touching anything else, HedgeDoc fails to connect to the database (as it wants to use hedgedoc).

So it looks like we use a database called hackmd for images before 298f793 and a database called hedgedoc for images after that, regardless of what is configured in CMD_DB_URL?

Typo in project description

CodiMD container image ressources

should be

CodiMD container image resources

Cheers!

Use as component in Vue ？

How to set environment variables in codimd-container

Sorry if this is a "stupid" question. But how can I set environment variables by using the codimd-container. I would like to set CMD_ALLOW_EMAIL_REGISTER to false for example. Do I need to built my own image? If yes how?

404 with a reverse proxy

Hi,
I did an install of CodiMD using the docker-container.
Over the port 3000 Codi is working well. I set up a reverse proxy using nginx in order to use my custom domain name and to access codi at mydomain/pad
I use the https://hackmd.io/c/codimd-documentation/%2F%40codimd%2Fweb-server-nginx for my configuration
On the docker-compose.yml, I add:
- CMD_URL_PATH=pad
- CMD_DOMAIN=mydomain
- CMD_PROTOCOL_USESSL=true
I let also - "3000:3000"
However, when I go to mydomain/pad, I got a 404 not found and the links a referring to https://mydomain:3000/pad/new instead of https://mydomain/pad/new

Sincerely

How to mount docker-compose data locally?

Hiya guys!

I am trying to get the docker-compose volumes to map all the data into local directories. for examples the database.

database:
image: postgres:9.6-alpine

    volumes:
      - ./data:/config

How should I add volumes so the data can get to locally. Now when I make some changes or make new users on codimd.. my folders look empty.

Also I couldnt even docker -it into the codimd image as quay.io/codimd/server is weird syntax in terminal.

codimd how to enable invitee on container

how to enable invitee on codimd ?
CodiMD Configuration not write how to enable invitee
or now codimd not support invitee?
thanks

improve the way you can configure the database

As discussed in another issue (hedgedoc/hedgedoc#364), @SISheogorath explained a bit about how to configure the database with environment variables (with a default hard-coded fallback).

This is due to the following lines:

https://github.com/codimd/container/blob/7cf4194ca07628ab19f2becc4ed60dd10815d5ec/resources/docker-entrypoint.sh#L21-L23

Hard-coding a default fallback seems to be a dev-oriented hack but should not appear in production, IMHO. There could be people declaring a postgres database with hackmd:hackmdpass login and pass to make it work. Hard-coding password is a bad habit and lowers security level. It should be avoided.

In addition, the codimd server documentation states that the default value of CMD_DB_URL is undefined (which is a good thing) while this default value changes in codimd container without being documented.

I clearly think that the codimd container should be usable for most of the usecases without requiring a custom build.

In my case the database credential are offered by the platform as individual variables:

CMD_DB_URL (ip and port of the database)
CMD_DB_NAME
CMD_DB_LOGIN
CMD_DB_PASSWORD

and I don't have an easy way to concatenate them into a CMD_DB_URL as expected by the docker-entrypoint.sh script.

Could we make it clear in the issue to explain the pro and cons of each way of configuring the database?

db object in the config file
dbURL object in the config file
CMD_DB_URL environment variable

We should also explain the constraints that exists with included libraries (I'm thinking about sequelize which might add some constraints.

In the end, I would love to be able to use automatic provisionning of my database in a k8s context. I currently have to use a 3 steps deployement:

deploy the database
get the automatically created credentials and manually concatenate them into a single CMD_DB_URL string
deploy codimd with the previous concatenated string into an environment variable

Whereas I could use another feature of k8s to automatically inject maria db password into codimd configuration:

          - name: CMD_DB_PASSWORD
            valueFrom:
              secretKeyRef:
                key: MARIA_APP_PASSWORD
                name: codimd-db-staging-secret

This would add automation and security, both at one time.

What do you think?

CMD_URL_PATH not working

I've set CMD_URL_PATH to pad/ (also tried pad) in my docker-compose.yml, since I want to proxy from a different subdir.

This works partly; the screenshot for instance is loaded from https://my.domain.tld/pad//screenshot.png, but all other media is loaded from the root, e.g., https://my.domain.tld/build/cover-styles-pack.css.

I'm using NGINX, see the following config excerpt:

        location ^~ /pad/ {
                proxy_pass http://127.0.0.1:12345/;
                include proxy_params;

                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_cache_bypass $http_upgrade;
                proxy_redirect off;

                add_header X-Pad "test";
        }

It's a pretty standard websocket-enabled proxy config.

I'm not sure if it's an issue of the infra in this repo (often, env vars are translated into config files by startup scripts), or needs to go into https://github.com/codimd/server.

Exposed port on dockerfile configurable?

Hello guys! Awesome work here. 👍

Just creating the issue since I'm testing locally with docker and nginx and I notice that the exposed port (https://github.com/codimd/container/blob/2f5909aed675fb4986f920fa478c154bf721de1a/debian/Dockerfile#L75) is set to 3000, byt the configuration I'm using (https://blog.ssdnodes.com/blog/host-multiple-websites-docker-nginx/) I only want to expose port 80.

I know that we can run the container binding the ports to a desired one but maybe someone else has the same issue I have and might want to change the exposed port.

Might it be possible to file a PR setting this port into a environment variable through a build argument?

PD: I can do the PR for debian and alpine (https://github.com/codimd/container/blob/2f5909aed675fb4986f920fa478c154bf721de1a/alpine/Dockerfile#L84) if you wish.

Picture uploaded to local issue

您好~

HedgeDoc是非常好用，但是我使用docker部署遇到了如下的问题，找了很多但是都没有解决

1、开始启动docker-compose他报了如下警告，

2、当我在插入图片的时候他并没有返回正确的地址

3、但是我发现在docker 容器内图片已经是上传了，并且我可以通过http://192.168.112.200:3000/uploads/upload_897dac7bb52b9f82545e31f310848233.png（自己的ip：端口访问到）

4、插入图片时候报了如下错误

invalid host "hackmdio/hackmd" in Nginx reverseproxy

Dear dev team,

I have run the dockerized hackmd on my local server. Now I would like to add hackmd service to my server webservice. When I config Nginx config and added hackmdio/hackmd:3000 to my upstream server. The Nginx complained that it was an invalid host.

Any suggestion? Please. Many thanks.

Best regards,
Jianliang

Migrating codimd to hedgedoc with apache reverse proxy

I migrated several instances of codimd 2.2.0 to hedgedoc 1.7.1.
The instances with a traefik proxy could be migrated very easily and worked immediately.

An instance with apache2 (v2.4.38) as reverse proxy did not work after the upgrade. A login was not possible, the page reloaded and nothing happened. Temporary guest notes could not be created either, it seemed that no database access was possible.

After some research, I found out through the logs that a "serializeUser" could be executed, but not a "deserializeUser". After testing various permissions and temporarily downgrading the postgres database back from 11.6 to 9.6 and removing all volumes, it still did not work.

After resetting to all default values within the compose file I got instances working again and now I know what the problem was:
The environment variables CMD_DOMAIN and CMD_PROTOCOL_USESSL=true were set. Without these two the instance worked again. The traefik installations still works with these environment variables, as does CodiMD version 2.2.0 (nabo.codimd.dev/hackmdio/hackmd:2.2.0).

So, there still seems to be a difference here, which partly restricts the usage.

Sequelize Binary Does Not Exist

I receive error: exec: "./node_modules/.bin/sequelize": stat ./node_modules/.bin/sequelize: no such file or directory originating from the following line, but the server starts nevertheless, so I'll leave this here as a note.

https://github.com/codimd/container/blob/19b8a226875075020e61d05c57b8cf94eac8aafa/resources/docker-entrypoint.sh#L27

Unable to connect to any database

Team,

I'm attempting to add CodiMD to HomelabOS, and when I spin up the containers the app is never able to access the database.

I've tried Postgres and Mariadb, both with configs copy/pasted from: https://github.com/codimd/container/blob/master/docker-compose.yml

The following details reflect my latest testing, with Mariadb. The same issue happened with Postgres. Here's the Docker-compose yml

---
version: '3'

networks:
  traefik_network:
    external:
      name: homelabos_traefik

services:
  database:
    networks:
      - traefik_network
    image: mariadb:10
    environment:
      - MYSQL_USER=hackmd
      - MYSQL_PASSWORD=hackmdpass
      - MYSQL_DATABASE=hackmd
      - MYSQL_ALLOW_EMPTY_PASSWORD=true
    volumes:
      - "/var/homelabos/codimd/mariadb:/var/lib/mysql"
      - ./resources/utf8.cnf:/etc/mysql/conf.d/utf8.cnf
    restart: unless-stopped
  app:
    # REQUIRED
    image: quay.io/codimd/server:1.6.0
    restart: unless-stopped
    networks:
      - traefik_network
    environment:
      - CMD_DB_URL=mariadb://hackmd:hackmdpass@database:3306/hackmd
      - CMD_SESSION_SECRET=REDACTED
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=homelabos_traefik"
      - "traefik.http.services.codimd.loadbalancer.server.scheme=http"
      - "traefik.http.services.codimd.loadbalancer.server.port=3000"
      - "traefik.http.routers.codimd-http.rule=Host(`codimd.pinguinshow.com`)"
      - "traefik.http.routers.codimd-http.entrypoints=http"
      - "traefik.http.routers.codimd-http.middlewares=customFrameHomelab@file"
      - "traefik.http.routers.codimd.rule=Host(`codimd.pinguinshow.com`)"
      - "traefik.http.routers.codimd.entrypoints=https"
      - "traefik.http.routers.codimd.middlewares=customFrameHomelab@file"
      - "traefik.http.routers.codimd.tls=true"
      - "traefik.http.routers.codimd.tls.certresolver=dns"
      - "traefik.http.routers.codimd.tls.domains[0].main=pinguinshow.com"
      - "traefik.http.routers.codimd.tls.domains[0].sans=*.pinguinshow.com"
    depends_on:
      - database

On startup, the database container shows:

2020-05-07 03:29:37+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.4.12+maria~bionic started.,
2020-05-07 03:29:38+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql',
2020-05-07 03:29:38+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.4.12+maria~bionic started.,
2020-05-07  3:29:38 0 [Note] mysqld (mysqld 10.4.12-MariaDB-1:10.4.12+maria~bionic) starting as process 1 ...,
2020-05-07  3:29:38 0 [Note] InnoDB: Using Linux native AIO,
2020-05-07  3:29:38 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins,
2020-05-07  3:29:38 0 [Note] InnoDB: Uses event mutexes,
2020-05-07  3:29:38 0 [Note] InnoDB: Compressed tables use zlib 1.2.11,
2020-05-07  3:29:38 0 [Note] InnoDB: Number of pools: 1,
2020-05-07  3:29:38 0 [Note] InnoDB: Using SSE2 crc32 instructions,
2020-05-07  3:29:38 0 [Note] mysqld: O_TMPFILE is not supported on /tmp (disabling future attempts),
2020-05-07  3:29:38 0 [Note] InnoDB: Initializing buffer pool, total size = 256M, instances = 1, chunk size = 128M,
2020-05-07  3:29:39 0 [Note] InnoDB: Completed initialization of buffer pool,
2020-05-07  3:29:39 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().,
2020-05-07  3:29:39 0 [Note] InnoDB: 128 out of 128 rollback segments are active.,
2020-05-07  3:29:39 0 [Note] InnoDB: Creating shared tablespace for temporary tables,
2020-05-07  3:29:39 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...,
2020-05-07  3:29:39 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.,
2020-05-07  3:29:39 0 [Note] InnoDB: 10.4.12 started; log sequence number 60990; transaction id 21,
2020-05-07  3:29:39 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool,
2020-05-07  3:29:39 0 [Note] Plugin 'FEEDBACK' is disabled.,
2020-05-07  3:29:39 0 [Note] Server socket created on IP: '::'.,
2020-05-07  3:29:39 0 [Warning] 'proxies_priv' entry '@% root@5ff5d1b80589' ignored in --skip-name-resolve mode.,
2020-05-07  3:29:39 0 [Note] Reading of all Master_info entries succeeded,
2020-05-07  3:29:39 0 [Note] Added new Master_info '' to hash table,
2020-05-07  3:29:39 0 [Note] mysqld: ready for connections.,
Version: '10.4.12-MariaDB-1:10.4.12+maria~bionic'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  mariadb.org binary distribution,
2020-05-07  3:29:39 0 [Note] InnoDB: Buffer pool(s) load completed at 200507  3:29:39,
2020-05-07  3:29:39 8 [Warning] Aborted connection 8 to db: 'unconnected' user: 'unauthenticated' host: '172.18.0.42' (This connection closed normally without authentication),

And the App reports

app_1       | 2020/05/07 03:43:40 Waiting for: tcp://database:3306
app_1       | 2020/05/07 03:43:40 Problem with dial: dial tcp 172.18.0.8:3306: connect: connection refused. Sleeping 1s
app_1       | 2020/05/07 03:43:41 Connected to tcp://database:3306
app_1       |
app_1       | Sequelize CLI [Node: 12.16.2, CLI: 5.5.1, ORM: 5.21.4]
app_1       |
app_1       | Parsed url mariadb://hackmd:*****@database:3306/hackmd
app_1       | warning: please use IANA standard timezone format ('Etc/GMT0')
app_1       |
app_1       | ERROR: connect ECONNREFUSED 172.18.0.8:3306
app_1       |
app_1       | 2020-05-07T03:43:46.107Z warn: 	Neither 'domain' nor 'CMD_DOMAIN' is configured. This can cause issues with various components.
app_1       | Hint: Make sure 'protocolUseSSL' and 'urlAddPort' or 'CMD_PROTOCOL_USESSL' and 'CMD_URL_ADDPORT' are configured properly.
app_1       | 2020-05-07T03:43:46.111Z warn: 	PDF export was disabled for this release to mitigate a critical security issue. This feature will hopefully become available again in future releases.
app_1       | Thu, 07 May 2020 03:43:46 GMT hsts deprecated The "includeSubdomains" parameter is deprecated. Use "includeSubDomains" (with a capital D) instead. at app.js:85:18
app_1       | warning: please use IANA standard timezone format ('Etc/GMT0')
app_1       | warning: please use IANA standard timezone format ('Etc/GMT0')
app_1       | 2020-05-07T03:43:47.366Z info: 	HTTP Server listening at 0.0.0.0:3000

I'm scratching my head here, but it feels like there's something wrong at the sequelize level?

Using urlpath behind virtual nginx proxy

I want to setup codimd-container behind a virtual nginx host with a suburl in the same manner I configured Wekan and Nextcloud. But opening server.mydomain.de/codimd shows only the top bar and for the rest I get "404 not found oops" warning.

I added CMD_DOMAIN and CMD_URL_PATH to the docker_compose.yml as shown below.

docker_compose.yml:

 Using version 3 to provide play-with-docker badge
 version: '3'
 app:
 image: hackmdio/hackmd:1.2.1
 environment:
  - CMD_DB_URL=postgres://hackmd:hackmdpass@database:5432/hackmd
  - CMD_DOMAIN=server.mydomain.de
  - CMD_URL_PATH=server.mydomain.de/codimd

nginx virtual host:

upstreao_nodes {
     ip_hash;
    server 127.0.0.1:3000;
}

location /codimd {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_http_version 1.1;
    proxy_pass http://127.0.0.1:3000;
    proxy_cache_bypass $http_upgrade;
    proxy_redirect off;
    }

ERROR: manifest for quay.io/codimd/server:1.3.1 not found

When pulling new docker after git-pull to update to 1.3.1 I receive the following error message

Pulling app (quay.io/codimd/server:1.3.1)...
ERROR: manifest for quay.io/codimd/server:1.3.1 not found

POSTGRES_PASSWORD concerns

Hi, I am wondering if I have to be concerned on leaving POSTGRES_PASSWORD env with the default password (hackmdpass), because everytime I change the passwords in docker-compose.yml the container doesn't work. Is it secure to leave it like that?

Image fails to build with alpine/Dockfile

I'm trying to build the codimd image with alpine/Dockfile, but the build fails.

I'm getting some node-related errors (see below), which is way above my paygrade. Does anybody know how to fix this?

$ npm run-script build && node release
npm WARN lifecycle The node binary used for scripts is /tmp/yarn--1549117944179-0.35038082300109297/node but npm is using /usr/local/bin/node itself. Use the `--scripts-prepend-node-path` option to include the path for the node binary npm was executed with.

> [email protected] build /usr/local/share/.cache/yarn/v4/.tmp/494d4cd821398a8aa6f314056acc7b33.490cdc903e06895354691e7a06b84203b3be4a6e.prepare
> rollup -c


src/codemirror.js → lib/codemirror.js...
(!) Circular dependency: src/display/highlight_worker.js -> src/display/operations.js -> src/display/scrollbars.js -> src/display/scrolling.js -> src/display/highlight_worker.js
(!) Circular dependency: src/display/update_display.js -> src/display/highlight_worker.js -> src/display/operations.js -> src/display/scrollbars.js -> src/display/scrolling.js -> src/display/line_numbers.js -> src/display/update_display.js
(!) Circular dependency: src/display/update_display.js -> src/display/highlight_worker.js -> src/display/operations.js -> src/display/scrollbars.js -> src/display/scrolling.js -> src/display/update_display.js
(!) Circular dependency: src/display/update_display.js -> src/display/highlight_worker.js -> src/display/operations.js -> src/display/update_display.js
(!) Circular dependency: src/edit/CodeMirror.js -> src/model/Doc.js -> src/edit/CodeMirror.js
created lib/codemirror.js in 1.3s
WARN: Non-strict equality against boolean: == false [lib/codemirror.js:1210,61]
WARN: Non-strict equality against boolean: != false [addon/comment/comment.js:107,55]
WARN: Non-strict equality against boolean: != false [addon/comment/comment.js:120,10]
WARN: Non-strict equality against boolean: == false [mode/javascript/javascript.js:443,13]
WARN: Non-strict equality against boolean: == false [mode/javascript/javascript.js:444,15]
WARN: Non-strict equality against boolean: != false [mode/javascript/javascript.js:860,55]
info [email protected]: The platform "linux" is incompatible with this module.
info "[email protected]" is an optional dependency and failed compatibility check. Excluding it from installation.
[4/5] Linking dependencies...
warning "js-url > [email protected]" has unmet peer dependency "grunt@>=0.4.0".
[5/5] Building fresh packages...
error /codimd/node_modules/@mlink/scrypt: Command failed.
Exit code: 1
Command: node-gyp rebuild
Arguments: 
Directory: /codimd/node_modules/@mlink/scrypt
Output:
gyp info it worked if it ends with ok
gyp info using [email protected]
gyp info using [email protected] | linux | x64
gyp info spawn /usr/bin/python2
gyp info spawn args [ '/usr/local/lib/node_modules/npm/node_modules/node-gyp/gyp/gyp_main.py',
gyp info spawn args   'binding.gyp',
gyp info spawn args   '-f',
gyp info spawn args   'make',
gyp info spawn args   '-I',
gyp info spawn args   '/codimd/node_modules/@mlink/scrypt/build/config.gypi',
gyp info spawn args   '-I',
gyp info spawn args   '/usr/local/lib/node_modules/npm/node_modules/node-gyp/addon.gypi',
gyp info spawn args   '-I',
gyp info spawn args   '/root/.node-gyp/8.15.0/include/node/common.gypi',
gyp info spawn args   '-Dlibrary=shared_library',
gyp info spawn args   '-Dvisibility=default',
gyp info spawn args   '-Dnode_root_dir=/root/.node-gyp/8.15.0',
gyp info spawn args   '-Dnode_gyp_dir=/usr/local/lib/node_modules/npm/node_modules/node-gyp',
gyp info spawn args   '-Dnode_lib_file=/root/.node-gyp/8.15.0/<(target_arch)/node.lib',
gyp info spawn args   '-Dmodule_root_dir=/codimd/node_modules/@mlink/scrypt',
gyp info spawn args   '-Dnode_engine=v8',
gyp info spawn args   '--depth=.',
gyp info spawn args   '--no-parallel',
gyp info spawn args   '--generator-output',
gyp info spawn args   'build',
gyp info spawn args   '-Goutput_dir=.' ]
gyp info spawn make
gyp info spawn args [ 'BUILDTYPE=Release', '-C', 'build' ]
make: Entering directory '/codimd/node_modules/@mlink/scrypt/build'
  SOLINK_MODULE(target) Release/obj.target/copied_files.node
  COPY Release/copied_files.node
  CC(target) Release/obj.target/scrypt_wrapper/src/util/memlimit.o
  CC(target) Release/obj.target/scrypt_wrapper/src/scryptwrapper/keyderivation.o
  CC(target) Release/obj.target/scrypt_wrapper/src/scryptwrapper/pickparams.o
  CC(target) Release/obj.target/scrypt_wrapper/src/scryptwrapper/hash.o
  AR(target) Release/obj.target/scrypt_wrapper.a
  COPY Release/scrypt_wrapper.a
  CC(target) Release/obj.target/scrypt_lib/scrypt/scrypt-1.2.1/lib/crypto/crypto_scrypt.o
In file included from ../scrypt/scrypt-1.2.1/lib/crypto/crypto_scrypt.c:29:0:
../scrypt/scrypt-1.2.1/scrypt_platform.h:7:20: fatal error: config.h: No such file or directory
 #include "config.h"
                    ^
compilation terminated.
make: *** [scrypt_lib.target.mk:119: Release/obj.target/scrypt_lib/scrypt/scrypt-1.2.1/lib/crypto/crypto_scrypt.o] Error 1
make: Leaving directory '/codimd/node_modules/@mlink/scrypt/build'
gyp ERR! build error 
gyp ERR! stack Error: `make` failed with exit code: 2
gyp ERR! stack     at ChildProcess.onExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:262:23)
gyp ERR! stack     at emitTwo (events.js:126:13)
gyp ERR! stack     at ChildProcess.emit (events.js:214:7)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:198:12)
gyp ERR! System Linux 3.10.0-957.1.3.el7.x86_64
gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /codimd/node_modules/@mlink/scrypt
gyp ERR! node -v v8.15.0
gyp ERR! node-gyp -v v3.8.0
gyp ERR! not ok
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
ERROR: Service 'app' failed to build: The command '/bin/sh -c apk add --no-cache --virtual .dep build-base python git jq bash &&     git clone --depth 1 --branch "$VERSION" "$CODIMD_REPOSITORY" /codimd &&     cd /codimd &&     git log --pretty=format:'%ad %h %d' --abbrev-commit --date=short -1 && echo &&     git rev-parse HEAD > /tmp/gitref &&     rm -rf /codimd/.git &&     mkdir /codimd/.git &&     mv /tmp/gitref /codimd/.git/HEAD &&     jq ".repository.url = \"${CODIMD_REPOSITORY}\"" /codimd/package.json > /codimd/package.new.json &&     mv /codimd/package.new.json /codimd/package.json &&     rm -f /codimd/config.json && ln -s /files/config.json /codimd/config.json &&     rm -f /codimd/.sequelizerc && ln -s /files/.sequelizerc /codimd/.sequelizerc &&     yarn install --pure-lockfile &&     yarn install --production=false --pure-lockfile &&     npm run build &&     yarn install &&     yarn cache clean &&     apk del .dep &&     adduser -u 10000 -h /codimd/ -D -S codimd &&     chown -R codimd /codimd/' returned a non-zero code: 1

PlantUML not working

I have "started" CodiMD using the distributed docker-compose.yml. In general, it works. However, PlantUML source is not processed. The plantuml source is simply handled as a code block with some words highlighted in red.

Am I doing something wrong or is this a (configuration) bug?

upload images to s3

how can we switch to save images in s3 instead of imgur?

Uncaught exception with phantomjs when exporting PDF

Hi, I've been having this issue with CodiMD 1.3.0 and I thought it would be fixed in 1.3.1 by seeing Fix broken PDF export in the changelog but it appears it is still present.

The following error shows up in my logs whenever I try to use the Export to PDF feature.

CodiMD Version: 1.3.1
Docker image: 1.3.1-alpine with CMD_ALLOW_PDF_EXPORT=true
Docker version: 18.09.3

2019-03-26T11:43:22.386Z error:         uncaughtException: spawn /codimd/node_modules/phantomjs-prebuilt/lib/phantom/bin/phantomjs ENOENT
Error: spawn /codimd/node_modules/phantomjs-prebuilt/lib/phantom/bin/phantomjs ENOENT
    at Process.ChildProcess._handle.onexit (internal/child_process.js:190:19)
    at onErrorNT (internal/child_process.js:362:16)
    at _combinedTickCallback (internal/process/next_tick.js:139:11)
    at process._tickCallback (internal/process/next_tick.js:181:9)
2019-03-26T11:43:22.387Z error:         An uncaught exception has occured.
2019-03-26T11:43:22.387Z error:         spawn /codimd/node_modules/phantomjs-prebuilt/lib/phantom/bin/phantomjs ENOENT
2019-03-26T11:43:22.387Z error:         Process will exit now.

Thank you for you help.

CodiMD on raspberry pi

I love codimd and I am trying to run it on a raspberry pi but it fails because apparently one of the dependencies (PhantomJS) doesn't have binaries for the ARM architecture. Is there a way of bypassing this? I am not really a nodejs guy and this is running on a container refuses to build unless this is solved, so I am kind of stuck.

Here are the logs:

Cloning into '/codimd'...
2018-12-21 f9cc2ff  (grafted, HEAD -> master, origin/master, origin/HEAD)
yarn install v1.9.4
[1/5] Validating package.json...
[2/5] Resolving packages...
[3/5] Fetching packages...
info No lockfile found.
[1/4] Resolving packages...
warning blint > [email protected]: Package no longer supported. Contact [email protected] for more info.
[2/4] Fetching packages...
info [email protected]: The platform "linux" is incompatible with this module.
info "[email protected]" is an optional dependency and failed compatibility check. Excluding it from installation.
[3/4] Linking dependencies...
[4/4] Building fresh packages...
error /usr/local/share/.cache/yarn/v2/.tmp/494d4cd821398a8aa6f314056acc7b33.490cdc903e06895354691e7a06b84203b3be4a6e.prepare/node_modules/phantomjs-prebuilt: Command failed.
Exit code: 1
Command: node install.js
Arguments:
Directory: /usr/local/share/.cache/yarn/v2/.tmp/494d4cd821398a8aa6f314056acc7b33.490cdc903e06895354691e7a06b84203b3be4a6e.prepare/node_modules/phantomjs-prebuilt
Output:
PhantomJS not found on PATH
Unexpected platform or architecture: linux/arm
It seems there is no binary available for your platform/architecture
Try to install PhantomJS globally

I tried replacing yarn for npm installs to get more debugging information, here's that log:

npm ERR! prepareGitDep > [email protected] install /root/.npm/_cacache/tmp/git-clone-41676eda/node_modules/phantomjs-prebuilt
npm ERR! prepareGitDep > node install.js
npm ERR! prepareGitDep
npm ERR! prepareGitDep PhantomJS not found on PATH
npm ERR! prepareGitDep
npm ERR! prepareGitDep 2> npm WARN install Usage of the `--dev` option is deprecated. Use `--only=dev` instead.
npm ERR! prepareGitDep npm WARN deprecated [email protected]: Package no longer supported. Contact [email protected] for more info.
npm ERR! prepareGitDep Unexpected platform or architecture: linux/arm
npm ERR! prepareGitDep It seems there is no binary available for your platform/architecture
npm ERR! prepareGitDep Try to install PhantomJS globally
npm ERR! prepareGitDep npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/fsevents):
npm ERR! prepareGitDep npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"arm"})

Failed to load resource: the server responded with a status of 413 (Request Entity Too Large)

Uploading an 1.1MB image file to imgur results in Failed to load resource: the server responded with a status of 413 (Request Entity Too Large).

This is probably related to the server's maximum upload size. Is there a way to increase it?

Many thanks in advance.

changing permissions for upload dir on container start

https://github.com/hackmdio/codimd-container/blob/393466f5ca6f1d4ae3f6103f6887b011900b51b4/resources/docker-entrypoint.sh#L43-L47

I would like to request to change the chmod from 700 to u+rwx instead.

Right now, The former also takes away group and other permissions while the latter more precisely does what it says in the comment above. I am not sure if this is by design, but it has a side effect for me: I'm using a reverse proxy to deliver the uploaded assets. Right now, I have to manually reset the directory's permission after each start of the container. Otherwise the proxy process wouldn't have read permissions in that directory.

Add uploads dir to volumes in example docker-compose.yml

Would be nice to have the volume for image uploads exposed in the docker-compose.yml file, had to dig through a bit of code to figure out exactly which path to mount on our setup.

How to use FILESYSTEM as IMAGE_UPLOAD_TYPE with docker

How can I create persistent storage for the codimd-container to allow filesystem as CMD_IMAGE_UPLOAD_TYPE? For example setting up a volume. And is there any downside with this? What needs to be considered when to update?

Any way to add new user as enviroment variable?

Right now I can just momentarily allow registeration for creating first user then take it off.

Is there possibility to add a user only by a enviromental variable?

The commented out lines in docker-compose.yml use the old dir name

They use /hackmd instead of /codimd.

configuration about passing CMD_DB_URL via secret

if i want to fill the CMD_DB_URL with docker secrets instead of plain text 'protocol://username:password@database/port'
i need to fill it like this:

hedgedoc:
    environment:
        CMD_DB_URL=/run/secrets/dbURL 
    secrets:
       - dbURL
secrets:
    dbURL;
         file: ./dbURL.txt

because the code in resources/docker-entrypoint.sh defined 'dbURL'

DOCKER_SECRET_DB_URL_FILE_PATH="/run/secrets/dbURL"

if [ -f "$DOCKER_SECRET_DB_URL_FILE_PATH" ]; then
    CMD_DB_URL="$(cat $DOCKER_SECRET_DB_URL_FILE_PATH)"
fi

if [ "$CMD_DB_URL" = "" ]; then
    CMD_DB_URL="postgres://hedgedoc:password@database:5432/hedgedoc"
fi

export CMD_DB_URL

i am thinking whether it is appropriate, because i can not use the secret file whose name is not 'dbURL'

Cannot connect to MariaDB

With image quay.io/codimd/server:1-alpine SHA ecfcb600b37c :

2019-09-03T21:15:32.037Z error:         uncaughtException: Please install mariadb package manually
Error: Please install mariadb package manually
    at ConnectionManager._loadDialectModule (/codimd/node_modules/sequelize/lib/dialects/abstract/connection-manager.js:81:15)
    at new ConnectionManager (/codimd/node_modules/sequelize/lib/dialects/mariadb/connection-manager.js:28:21)
    at new MariadbDialect (/codimd/node_modules/sequelize/lib/dialects/mariadb/index.js:14:30)
    at new Sequelize (/codimd/node_modules/sequelize/lib/sequelize.js:320:20)
    at Object.<anonymous> (/codimd/lib/models/index.js:21:15)
    at Module._compile (module.js:653:30)
    at Object.Module._extensions..js (module.js:664:10)
    at Module.load (module.js:566:32)
    at tryModuleLoad (module.js:506:12)
    at Function.Module._load (module.js:498:3)
    at Module.require (module.js:597:17)
    at require (internal/module.js:11:18)
    at Object.<anonymous> (/codimd/lib/response.js:15:14)
    at Module._compile (module.js:653:30)
    at Object.Module._extensions..js (module.js:664:10)
    at Module.load (module.js:566:32)
    at tryModuleLoad (module.js:506:12)
    at Function.Module._load (module.js:498:3)
    at Module.require (module.js:597:17)
    at require (internal/module.js:11:18)
    at Object.<anonymous> (/codimd/app.js:25:16)
    at Module._compile (module.js:653:30)

Same config, starts successfully with image quay.io/codimd/server:1-alpine SHA a87bfa019597.

Relevant config (docker-compose.yaml):

CMD_DB_URL: mariadb://user:pass@db:3306/codimd

Backup and Restore CodiMD Container(s)

I can't find a documentation how to backup and restore respectively migrate a working (dockerized) codimd installation to a new server. There should be a short documentation about that toppic.

If anyone have Ideas how to do that I'm willing to try oud and do that documentation for all. I have the need to migrate to another server.

CDN requests blocked by CORS

I'm running hackmd in a k8 cluster with custom domain (via nginx ingress). Since today I started getting these errors whenever trying to view any note:

Access to script at 'https://cdnjs.cloudflare.com/ajax/libs/1000hz-bootstrap-validator/0.11.8/validator.min.js' from origin '<redacted>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

It's currently impossible to view any notes. I'm running hackmdio/hackmd:1.2.1-alpine (latest helm config)

How can I hardcode new passwords in the DB somehow

Sorry , I think it is a stupid problem. But how can I hardcode new passwords in the DB somehow for user?

According to the answer to this question, I can change the DB. But I have no idea where the db is... I can't find any db in /var/lib/docker/volumes/codimd-container_database...

Deploy on own domain and reverse proxy. Weird frontend behavior.

When deploying hedgedoc on my domain with my own nginx proxy, I get a weird behavior on the frontend, buttons are not working and even guest notes are not working properly.
For example the login button does not open the popup.
Opening a guest note looks like this:

When deploying on my local machine everything works as expected compared to the demo server at demo.hedgedoc.org.

I am deploying using the instruction in the readme

git clone https://github.com/hedgedoc/container.git hedgedoc-container
cd hedgedoc-contaienr
docker-compose up

$ docker -v
Docker version 20.10.2, build 2291f61
$ docker-compose -v
docker-compose version 1.27.3, build 4092ae5d

My local nginx configuration looks like this:

server {
    listen 443 ssl;

    ssl_certificate /etc/nginx/keys/origin.pem;
    ssl_certificate_key /etc/nginx/keys/private.key;

    server_name docs.zaanposni.com note.zaanposni.com notes.zaanposni.com;

    location / {
        proxy_set_header Host $http_host;
        proxy_pass http://localhost:3000;
    }
}

Am I missing something?
Is there a more detailed instruction on how to deploy hedgedoc on a domain?

Revisit container repository

Currently there are various PRs and issues piling up in the repository. The README has aged quite a lot in the past few years and could take a rewrite from scratch. Also we should check the assumptions the containers were build with compared to the state of the art.

Various steps have already took place thanks to @hugopeixoto, but we still have some work to do. I would be open to suggestions and people willing to take the challenge :)

Topics I would like to put on the table:

Rewriting README, remove boilerplate content, maybe add a screenshot, link to the new docs and web page.
Dropping the alpine image (it doesn't provide much advantage over the debian image, but is unnecessarily inconvenient to work with due to musl-lib and potentially undisclosed security issues)
Rework local uploads. Various people voiced concerns over the default image upload location and the current way of handling local upload, is not great.
Adding a healthcheck
Maybe add sqlite support

There are two things that are probably solved better upstream, but are relevant in the container, mostly:

Database configuration by env-var without CMD_DB_URL #114
Rework database migrations to prevent them from failing #157 -> probably backporting the umzug PR would solve this

Debian version fails to build with docker-compose due to $UID issue

Step 34 of the build fails with the following error:

Step 34/46 : COPY --chown=$UID --from=builder /hedgedoc /hedgedoc
ERROR: Service 'hedgedoc' failed to build: unable to convert uid/gid chown string to host mapping: can't find uid for user $UID: no such user: $UID

It's a bit strange as the UID argument is specified in the Dockerfile.
I have worked around this by hardcoding the line, but I'm sure there's a good reason for why this is failing

COPY --chown=10000 --from=builder /hedgedoc /hedgedoc

Action Required: Fix Renovate Configuration

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

DB migration does not work with MariaDB on debian stable

The DB migration on first install does not work with MariaDB which is provided with Debian Stable. The error i get is:
Unhandled rejection SequelizeDatabaseError: ER_INDEX_COLUMN_TOO_LONG: Index column size too large. The maximum column size is 767 bytes.

This is a common issue with MariaDB <10.3 and can be fixed with some initial SQL statements:

SET GLOBAL innodb_file_format=Barracuda;
SET GLOBAL innodb_file_per_table=ON;
innodb_large_prefix=1

after that, the row size needs to be set to dynamic, this is ideally done with ROW_FORMAT=DYNAMIC. In MariaDB <10.3 this cannot be done globally but needs to be set on each CREATE TABLE statement individually.