The rootless WebUI container reads its bind-mount sources (configs/webui/*) through the container-owner GROUP since a2376e2 switched those files from world-readable to 0640 group=container-owner. But the WebUI credential randomizer rewrites webui_logins via `sed -i` as the non-root manager, which recreates the file with the manager's own group — dropping the container-owner group. The installer then started the container immediately, so node hit EACCES on /app/webui_logins at require-time (parseConfigFile) and exited 1; nothing listened on the WebUI port. `libreportal webui login reset` had the same latent bug (rewrite → restart). Under the old world-readable model a post-sed file stayed o+r so the container could still read it, which is why this only surfaced on fresh rootless installs after a2376e2. Fix: make reconcileWebuiDirOwnership the single "ready the WebUI for its container" pass — it now also restores the configs/webui bind access (new `webui-bind` ownership action) on top of the container-dir chown. Reorder the installer so the credential randomizer runs BEFORE the before-start permission pass, making that pass the last ownership touch before the container starts; and call reconcileWebuiDirOwnership before the restart in login reset. Live box recovered via `libreportal-ownership reconcile`; WebUI 200. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
138 lines
3.8 KiB
Bash
138 lines
3.8 KiB
Bash
#!/bin/bash
|
|
|
|
# Category : Miscellaneous
|
|
# Description : LibrePortal - WebUI Dashboard (c/t/u/s/r/i):
|
|
|
|
installLibrePortal()
|
|
{
|
|
local config_variables="$1"
|
|
|
|
if [[ "$libreportal" == *[cCtTuUsSrRiI]* ]]; then
|
|
dockerConfigSetupToContainer silent libreportal;
|
|
local app_name=$CFG_LIBREPORTAL_APP_NAME
|
|
initializeAppVariables $app_name;
|
|
fi
|
|
|
|
if [[ "$libreportal" == *[cC]* ]]; then
|
|
editAppConfig $app_name;
|
|
fi
|
|
|
|
if [[ "$libreportal" == *[uU]* ]]; then
|
|
dockerUninstallApp $app_name;
|
|
fi
|
|
|
|
if [[ "$libreportal" == *[sS]* ]]; then
|
|
dockerComposeDown $app_name;
|
|
fi
|
|
|
|
if [[ "$libreportal" == *[rR]* ]]; then
|
|
dockerComposeRestart $app_name;
|
|
fi
|
|
|
|
if [[ "$libreportal" == *[iI]* ]]; then
|
|
isHeader "Install $app_name"
|
|
|
|
((menu_number++))
|
|
echo "---- $menu_number. Copying LibrePortal source and building the image."
|
|
echo ""
|
|
|
|
installLibrePortalImageWebUI;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Setting up install folder and config file for $app_name."
|
|
echo ""
|
|
|
|
dockerConfigSetupToContainer "loud" "$app_name" "install" "$config_variables";
|
|
isSuccessful "Install folders and Config files have been setup for $app_name."
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Setting up the $app_name docker-compose.yml file."
|
|
echo ""
|
|
|
|
dockerComposeSetupFile $app_name;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Randomizing WebUI login credentials."
|
|
echo ""
|
|
|
|
local webui_logins_file="$configs_dir/webui/webui_logins"
|
|
scanFileForRandomPasswordKeysUsers "$webui_logins_file"
|
|
sourceScanFiles "libreportal_configs"
|
|
isSuccessful "WebUI login credentials have been set."
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Updating file permissions before starting."
|
|
echo ""
|
|
|
|
# Must run AFTER the credential rewrite above: that rewrite (as the non-root
|
|
# manager) resets webui_logins' group, dropping the container-owner group the
|
|
# rootless WebUI reads it through. This pass restores it, so it has to be the
|
|
# last ownership touch before the container starts — else the container can't
|
|
# read its own login file and exits on boot.
|
|
fixPermissionsBeforeStart $app_name;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Running the docker-compose.yml to install and start $app_name"
|
|
echo ""
|
|
|
|
dockerComposeUpdateAndStartApp $app_name install;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Running Application specific updates (if required)"
|
|
echo ""
|
|
|
|
appUpdateSpecifics $app_name;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Running Headscale setup (if required)"
|
|
echo ""
|
|
|
|
setupHeadscale $app_name;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Adding $app_name to the Apps Database table."
|
|
echo ""
|
|
|
|
databaseInstallApp $app_name;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Updating WebUI config file."
|
|
echo ""
|
|
|
|
webuiContainerSetup $app_name install;
|
|
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. Generating all WebUI data files."
|
|
echo ""
|
|
|
|
webuiLibrePortalUpdate;
|
|
|
|
if [[ "$libreportal_bootstrap_install" != "true" ]]; then
|
|
((menu_number++))
|
|
echo ""
|
|
echo "---- $menu_number. You can find $app_name files at $containers_dir$app_name"
|
|
echo ""
|
|
echo " You can now navigate to your new service using one of the options below : "
|
|
echo ""
|
|
|
|
menuShowFinalMessages $app_name;
|
|
webuiDisplayLogins;
|
|
fi
|
|
|
|
menu_number=0
|
|
#sleep 3s
|
|
cd
|
|
fi
|
|
libreportal=n
|
|
}
|