nginx error when updated to 3.4.0+

[PGostek]

What is your set up?

Self Hosted Server - Synology DSM + Docker

Version

3.4.0

Describe the issue

The docker container does not work any more after upgrading Leantime to 3.4.0 or higher. Downgrading to 3.3.3 solves the problem.
Logs from container attached.

Reproduction steps

1.Install leantime 3.4.0+ on the docker @ synology DSM
2.
3.
...

Error Logs (LEANTIMEFOLDER/storage/logs)

`

date	stream	content
2025/02/19 10:02:49	stdout	2025-02-19 10:02:49,694 INFO gave up: nginx entered FATAL state, too many start retries too quickly
2025/02/19 10:02:49	stdout	2025-02-19 10:02:49,694 INFO gave up: nginx entered FATAL state, too many start retries too quickly
2025/02/19 10:02:48	stdout	2025-02-19 10:02:48,693 WARN exited: nginx (exit status 1; not expected)
2025/02/19 10:02:48	stdout	2025-02-19 10:02:48,693 WARN exited: nginx (exit status 1; not expected)
2025/02/19 10:02:48	stdout	2025-02-19 10:02:48,680 INFO spawned: 'nginx' with pid 19
2025/02/19 10:02:48	stdout	2025-02-19 10:02:48,680 INFO spawned: 'nginx' with pid 19
2025/02/19 10:02:45	stdout	2025-02-19 10:02:45,675 WARN exited: nginx (exit status 1; not expected)
2025/02/19 10:02:45	stdout	2025-02-19 10:02:45,675 WARN exited: nginx (exit status 1; not expected)
2025/02/19 10:02:45	stdout	2025-02-19 10:02:45,663 INFO spawned: 'nginx' with pid 18
2025/02/19 10:02:45	stdout	2025-02-19 10:02:45,663 INFO spawned: 'nginx' with pid 18
2025/02/19 10:02:43	stdout	2025-02-19 10:02:43,659 WARN exited: nginx (exit status 1; not expected)
2025/02/19 10:02:43	stdout	2025-02-19 10:02:43,659 WARN exited: nginx (exit status 1; not expected)
2025/02/19 10:02:43	stdout	2025-02-19 10:02:43,647 INFO spawned: 'nginx' with pid 17
2025/02/19 10:02:43	stdout	2025-02-19 10:02:43,647 INFO spawned: 'nginx' with pid 17
2025/02/19 10:02:43	stdout	2025-02-19 10:02:43,645 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025/02/19 10:02:43	stdout	2025-02-19 10:02:43,645 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025/02/19 10:02:42	stderr	[19-Feb-2025 10:02:42] NOTICE: ready to handle connections
2025/02/19 10:02:42	stderr	[19-Feb-2025 10:02:42] NOTICE: fpm is running, pid 10
2025/02/19 10:02:42	stderr	[19-Feb-2025 10:02:42] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
2025/02/19 10:02:42	stderr	[19-Feb-2025 10:02:42] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
2025/02/19 10:02:42	stdout	2025-02-19 10:02:42,488 WARN exited: nginx (exit status 1; not expected)
2025/02/19 10:02:42	stdout	2025-02-19 10:02:42,488 WARN exited: nginx (exit status 1; not expected)
2025/02/19 10:02:42	stdout	2025-02-19 10:02:42,383 INFO spawned: 'nginx' with pid 11
2025/02/19 10:02:42	stdout	2025-02-19 10:02:42,383 INFO spawned: 'nginx' with pid 11
2025/02/19 10:02:42	stdout	2025-02-19 10:02:42,381 INFO spawned: 'php-fpm' with pid 10
2025/02/19 10:02:42	stdout	2025-02-19 10:02:42,381 INFO spawned: 'php-fpm' with pid 10
2025/02/19 10:02:41	stdout	2025-02-19 10:02:41,378 INFO supervisord started with pid 9
2025/02/19 10:02:41	stdout	2025-02-19 10:02:41,378 INFO supervisord started with pid 9

`

[marcelfolaron]

Hey,
thanks for reaching out. For security reasons we updated our docker image to allow running Leantime as non-root. More than likely the issue is about nginx not being able to bind to port 80 (or anything less than 1000). You have several options in that case:

1. Modify port mapping in docker-compose.yml (Recommended)

ports:
     - "${LEAN_PORT}:8080"  # Change from 80 to 8080 if that is the case

And update the nginx.conf server block to:

server {
       listen 8080;
       # rest of your config...
   }

2. Add required capabilities to your docker-compose.yml:

services:
     leantime:
       cap_add:
         - CAP_NET_BIND_SERVICE
         - CAP_CHOWN
         - CAP_SETGID
         - CAP_SETUID

3. Alternatively it could be related to docker volume permissions. For that, before starting the container, ensure the mounted volumes have correct permissions:

chmod -R 775 userfiles public_userfiles plugins logs
   chown -R 1000:1000 userfiles public_userfiles plugins logs

4. As a last resort, you can run the container as root by adding to docker-compose.yml:

services:
     leantime:
       user: "0:0"  # Run as root (not recommended for production)

The first option (using port 8080) is generally recommended as it's more secure. If none of these work could you share your docker-compose file?

[marcelfolaron]

With that said, let me do a quick rebuild of the docker image to set port 8080 as default. That way this should be working out of the box. You are the 2nd reaching out today :D

[marcelfolaron]

Port 8080 is now the default port and the permissions should work without any issues

[dawstudiocenter]

Hi,
I have exactly the same issue when upgrading to 3.4.1 version using docker 27.3.1 on Linux Debian 5.10.0-32-amd64 host.
None of the proposed options has fixed it.
The only way to get it back running was to downgrade to 3.3.3 version.

[marcelfolaron]

Do you have any other logs in storage/logs?
Did you try updating the permissions on the volumes and can you share your docker compose file?

[dawstudiocenter]

I have quite the same log as @PGostek
Others logs (nginx) are empty.
I have updated the file permissions (chown -R, chmod -R) on the volumes.

Here is my docker-compose file :

`
version: '3.3'

networks:
leantime_network:

volumes:
db_data:
userfiles:
public_userfiles:
config:
sessions:

services:
leantime_db:
container_name: leantime_db
image: linuxserver/mariadb:latest
environment:
- PUID=1001
- PGID=1001
- MYSQL_ROOT_PASSWORD=[HIDDEN]
- MYSQL_DATABASE=leantime
- MYSQL_USER=[HIDDEN]
- MYSQL_PASSWORD=[HIDDEN]
networks:
- leantime_network
deploy:
mode: global
placement:
constraints:
- node.hostname == Debian2
volumes:
- db_data:/var/lib/mysql
- config:/config
restart: unless-stopped
#command: --character-set-server=utf8 --collation-server=utf8_unicode_ci

leantime:
image: leantime/leantime:3.3.3 #latest does not work
container_name: leantime
restart: unless-stopped
#user: "0:0" # Run as root (not recommended for production)
#cap_add:
# - CAP_NET_BIND_SERVICE
# - CAP_CHOWN
# - CAP_SETGID
# - CAP_SETUID
environment:
- PUID=1001
- PGID=1001
- LEAN_APP_URL=https://[HIDDEN] # Only needed for subdirectory setup; protocol (http or https) and base URL
- LEAN_SITENAME=Leantime # Name of your site, can be changed later
- LEAN_DB_HOST='leantime_db' # Database host, derived from container_name in leantime_db
- LEAN_DB_USER='[HIDDEN]'
- LEAN_DB_PASSWORD='[HIDDEN]'
- LEAN_DB_DATABASE='leantime'
- LEAN_DEFAULT_TIMEZONE=Europe/Paris # Set default server timezone
- LEAN_SESSION_PASSWORD=[HIDDEN] # Salting sessions. Replace with a strong password
- LEAN_SESSION_EXPIRATION=28800 # How many seconds after inactivity should we logout?

volumes:
  - public_userfiles:/var/www/html/public/userfiles
  - userfiles:/var/www/html/userfiles
  - sessions:/sessions
  - /mnt/shared/leantime/php.ini:/usr/local/etc/php/conf.d/custom.ini:ro
networks:
   - leantime_network
ports:
  - "3007:80"          # The port to expose and access Leantime        # Don't start Leantime unles leantime_db is running
deploy:
  mode: global
  placement:
    constraints:
      - node.hostname == Debian2
depends_on:
  - leantime_db  

`

[marcelfolaron]

Thanks. Can you update the ports: section to be

ports:
  - "3007:8080" 

We updated the default port inside the docker container to 8080 to avoid permission issues when not running as root.

[dawstudiocenter]

Hi,
I still have the issue after changing port mapping.
I have tried your different options but it does not fix the issue with 3.4.1 version.

[marcelfolaron]

Try updating to 3.4.2 and see if that changes anything. Can you also share nginx logs as well as leantime logs (var/www/html/storage/logs)

[marcelfolaron]

Not sure if that is the issue but we also don't have a sessions folder the way it is defined in your docker-compose file.
the session folder is in /var/www/html/storage/framework/sessions

[marcelfolaron]

Could you try once more with the latest version 3.4.3 / latest ?

[dawstudiocenter]

Yes, it works now with 3.4.3. I just have to use 8080 port as expected. Thanks.

[marcelfolaron]

Great, thanks for the update!