500 Error upon trying to get /index.php

[Macr0Nerd]

I am probably running a bit of an unusual setup, so this might be my fault. I currently have Davis running as Podman Quadlets. Each one is connected to davis.network and I mainly based the containers off of the docker-compose.yaml example. I have MariaDB and the Davis container talking to each other and I was able to run /var/www/davis/bin/console doctrine:migrations:migrate without issue. All the persistent volumes are on an NFS share mounted to the system which then bind mounts to the container. I have setup the infrastructure to make sure this stays authenticated and accessible securely. Using the example nginx.conf, I modified it to point to the Davis container with the proper hostname. The actual web files are one a named volume that both the nginx and Davis containers have access to. This is not on the NFS share.

Now, when I try to access /index.php, I get a 500 server error. I am not entirely sure what I am doing wrong here, so some guidance would be much obliged. Here are my configuration files.

davis-database.container

[Unit]
Description=Davis MySQL container
After=krb-renew-davis_svc.timer
Wants=krb-renew-davis_svc.timer
After=network-online.target

[Container]
Image=docker.io/library/mariadb:10.6.10
EnvironmentFile=/etc/davis.env
Volume=/shared/data/davis/database/:/var/lib/mysql/
Volume=/etc/davisdata.keytab:/etc/krb5.keytab:ro,bind
User=1238400020
Network=davis.network

[Install]
WantedBy=default.target

davis-core.container

[Unit]
Description=Davis Core container
Requires=davis-database.service
After=davis-database.service
After=krb-renew-davis_svc.timer
Wants=krb-renew-davis_svc.timer
After=network-online.target

[Container]
Image=ghcr.io/tchapi/davis:4.4.3
Entrypoint=docker-php-entrypoint
Exec=php-fpm
EnvironmentFile=/etc/davis.env
Volume=/shared/data/davis/webdav:/webdav
Volume=davis_www:/var/www/davis
Volume=/etc/davisdata.keytab:/etc/krb5.keytab:ro,bind
User=1238400020
Network=davis.network
PublishPort=9000:9000

[Install]
WantedBy=default.target

davis-web.container

[Unit]
Description=Davis Web container
Requires=davis-core.service
After=davis-core.service
After=krb-renew-davisdata.timer
Wants=krb-renew-davisdata.timer
After=network-online.target

[Container]
Image=docker.io/nginxinc/nginx-unprivileged:1.25-alpine
Exec=/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'
EnvironmentFile=/etc/davis.env
Volume=davis_www:/var/www/davis
Volume=/shared/data/davis/nginx.conf:/etc/nginx/conf.d/default.conf:bind
Volume=/etc/davisdata.keytab:/etc/krb5.keytab:ro,bind
User=1238400020
PublishPort=8180:8180
Network=davis.network

[Install]
WantedBy=default.target

nginx.conf

upstream docker-davis {
    server systemd-davis-core:9000;
}

server {
    listen 8180;
    access_log off;

    root /var/www/davis/public/;
    index index.php;

    rewrite ^/.well-known/caldav /dav/ redirect;
    rewrite ^/.well-known/carddav /dav/ redirect;

    charset utf-8;

    location ~ /(\.ht) {
        deny all;
        return 404;
    }

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ ^(.+\.php)(.*)$ {
        try_files       $fastcgi_script_name =404;
        include         fastcgi_params;
        fastcgi_pass    docker-davis;
        fastcgi_param   SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param   PATH_INFO        $fastcgi_path_info;
        fastcgi_split_path_info  ^(.+\.php)(.*)$;
    }
}

davis.env

KRB5CCNAME=FILE:/tmp/krb5cc_davisdata

APP_ENV=prod
DATABASE_DRIVER=mysql
DATABASE_URL=mysql://davisdata:********@systemd-davis-database:3306/davis_db?serverVersion=mariadb-10.6.10&charset=utf8mb4
MAILER_DSN=smtp://[email protected]:********@mail.groncyber.com
ADMIN_LOGIN=admin
ADMIN_PASSWORD=********
AUTH_REALM=SabreDAV
AUTH_METHOD=IMAP
CALDAV_ENABLED=true
CARDDAV_ENABLED=true
WEBDAV_ENABLED=true
WEBDAV_TMP_DIR='/tmp'
WEBDAV_PUBLIC_DIR='/webdav/public'
WEBDAV_HOMES_DIR=
[email protected]
#APP_TIMEZONE="America/Chicago"

MYSQL_DATABASE=davis_db
MYSQL_ROOT_PASSWORD=********
MYSQL_USER=davisdata
MYSQL_PASSWORD=********

IMAP_AUTH_URL="mail.groncyber.com:993/imap/ssl/validate-cert"
IMAP_AUTH_USER_AUTOCREATE=true # false by default

[tchapi]

Hi @Macr0Nerd

Thanks for the details. I'm not familiar with podman quadlets, but let's try to dig. Can you have a look in /var/www/davis/var/log on the PHP container to see the application logs in there (path may differ in your installation though)? This folder should be writable by the app to write the logs, by the way (not sure if it's the case for you)

[Macr0Nerd]

Weirdly enough I don't get logs in that directory. When I tried the standalone application I did, but with the regular Davis image I don't. Maybe it's that the container is running rootless and so it can't write to the log as the UID it is. I'm going to try changing the permissions on the log directory.

~ $ cd /var/www/davis/var/log/
~/var/log $ ls -la
total 0
drwxr-xr-x    2 www-data www-data         6 Nov 26  2022 .
drwxr-xr-x    4 www-data www-data        30 Nov 26  2022 ..

[tchapi]

Can you try to see if you can modify the permissions so that the logs can be written ? It might be the source of the problem indeed. Otherwise there might be logs in /var/log for php-fpm maybe that could help?

[Macr0Nerd]

I attempted to chmod the directory but was unable to. There is also nothing in /var/log. I'm guessing the logging issue is because I'm running rootless, but I need to do that in order to have proper permissions for the NFS shares.

[tchapi]

Hey there, sorry for the late response.

Could you try, in the running container, to:

• change APP_ENV to dev instead of prod
• run a composer install in the davis folder to install dev deps
• retry to load the page to see if the error is more verbose (it should be)?

[Macr0Nerd]

The composer install wasn't able to run properly, that may have been my fault, but the page did change when I changed it from prod to dev. I'm still not getting any logs but I now have this error page instead of nothing.

[tchapi]

Yeah that's only because composer install did not run properly actually. What error did you encounter?

[tchapi]

👋🏼 Haven't heard from you on this matter — could you resolve it in the end?