Search code examples
dockercontainersnfs

Permission denied to Docker container accessing NFS share - Docker Compose

I have a problem mounting a WD MyCloud EX2 NAS as an NFS share for a Nextcloud and MariaDB container combination, using Docker Compose. When I run docker-compose up -d, here's the error I get:

Creating nextcloud_app_1 ... error

ERROR: for nextcloud_app_1  Cannot create container for service app: b"error while mounting volume with options: type='nfs' device=':/mnt/HD/HD_a/nextcloud' o='addr=192.168.1.73,rw': permission denied"

ERROR: for app  Cannot create container for service app: b"error while mounting volume with options: type='nfs' device=':/mnt/HD/HD_a/nextcloud' o='addr=192.168.1.73,rw': permission denied"
ERROR: Encountered errors while bringing up the project.

Here's docker-compose.yml (all sensitive info replaced with <brackets>:

Version: '2'

volumes:
  nextcloud:
    driver: local
    driver_opts:
      type: nfs
      o: addr=192.168.1.73,rw
      device: ":/mnt/HD/HD_a/nextcloud"
  db:

services:
  db:
    image: mariadb
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=<****>
      - MYSQL_PASSWORD=<****>
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - NEXTCLOUD_ADMIN_USER=<****>
      - NEXTCLOUD_ADMIN_PASSWORD=<****>

  app:
    image: nextcloud
    ports:
      - 8080:80
    links:
      - db
    volumes:
      - nextcloud:/var/www/html
    restart: always

I SSHd into the NAS box to check /etc/exports and sure enough, it was using all_squash, so I changed that.

Here's the /etc/exports file on the NAS box:

    "/nfs/nextcloud" 192.168.1.73(rw,no_root_squash,sync,no_wdelay,insecure_locks,insecure,no_subtree_check,anonuid=501,anongid=1000)
    "/nfs/Public" 192.168.1.73(rw,no_root_squash,sync,no_wdelay,insecure_locks,insecure,no_subtree_check,anonuid=501,anongid=1000)

Then, I refreshed the service with exportfs -a

Nothing changed - docker-compose throws the same error. And I'm deleting all containers and images and redownloading the image every time I attempt the build.

I've read similar questions and done everything I can think of. I also know this is a container issue because I can access the NFS share quite happily from the command line thanks to my settings in /etc/fstabs.

What else should I be doing here?

Solution

  • I fixed it by removing the anonuid=501,anongid=1000 entries in the NAS box's /etc/exports file, and I also managed to enter the wrong IP - the NAS box wasn't granting access to the Ubuntu computer that was trying to connect with it.