Docker: Installation Wizard not accepting username and password

I'm also seeing this behavior when trying to connect to a postgres instance.

root@D2SP3:/home/r2/docker# docker-compose up nextcloud
docker_postgres_1_4b526486f7ce is up-to-date
Creating docker_nextcloud_1_21d381008fc1 ... done
Attaching to docker_nextcloud_1_a56357f7c235
nextcloud_1_a56357f7c235 | Initializing nextcloud 14.0.4.2 ...
nextcloud_1_a56357f7c235 | Initializing finished
nextcloud_1_a56357f7c235 | New nextcloud instance
nextcloud_1_a56357f7c235 | Installing with PostgreSQL database
nextcloud_1_a56357f7c235 | starting nextcloud installation
nextcloud_1_a56357f7c235 | Error while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[08006] [7] FATAL:  permission denied for database "nc"
nextcloud_1_a56357f7c235 | DETAIL:  User does not have CONNECT privilege.
nextcloud_1_a56357f7c235 |  -> 
nextcloud_1_a56357f7c235 | retrying install...
nextcloud_1_a56357f7c235 | Error while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[08006] [7] FATAL:  permission denied for database "nc"
nextcloud_1_a56357f7c235 | DETAIL:  User does not have CONNECT privilege.
nextcloud_1_a56357f7c235 |  -> 
nextcloud_1_a56357f7c235 | retrying install...

Relevant portions of the docker-compose.yml file:

version: '3.7'

services:
  traefik:
    image: traefik:1.7
    command: --api --docker
    ports:
    - "80:80"
    - "8080:8080" # webui
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
  postgres:
    image: postgres:10
    ports:
    - "5432:5432"
    environment:
    - POSTGRES_PASSWORD=xxx
    - POSTGRES_DB=nc
    - POSTGRES_USER=nc_user
    volumes:
    - /home/r2/docker/pg:/var/lib/postgresql/data:Z
  nextcloud:
    image: nextcloud:14-apache
    depends_on:
    - postgres
    environment:
    - POSTGRES_HOST=postgres
    - POSTGRES_DB=nc
    - POSTGRES_USER=nc_user
    - POSTGRES_PASSWORD=xxx
    - NEXTCLOUD_ADMIN_USER=ncadmin
    - NEXTCLOUD_ADMIN_PASSWORD=xxx
    volumes:
    - /home/r2/docker/nc/config:/var/www/html/config:Z
    labels:
    - "traefik.frontend.rule=PathPrefixStrip:/cloud"

It is clearing dbport (nowhere does nextcloud/docker allow me to configure this in envvars?) and setting dbuser and dbpassword to oc_*, not at all what I'm configuring. The resulting config/config.php file after this "hiccup":

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'passwordsalt' => '9QepuB7yen9mfq7fI68YtEH/Xxnfh1',
  'secret' => 'EUUKboZz+TazUhAoqo8qViG9qHbAdSQqd3B1JN1n87Cxqd9L',
  'trusted_domains' => 
  array (
    0 => 'localhost',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'pgsql',
  'version' => '14.0.4.2',
  'overwrite.cli.url' => 'http://localhost',
  'dbname' => 'nc',
  'dbhost' => 'postgres',
  'dbport' => '',
  'dbtableprefix' => '',
  'dbuser' => 'oc_ncadmin60',
  'dbpassword' => '77bzrlaciblcpn32msqh579vogykit',
);

On a whim (suggested by https://github.com/nextcloud/server/issues/1793), I also checked with postgres:9.5. Still fails.

Further: I can connect to the database with nc_user and my password, and I can create tables, so it is not a first-pass permissions problem. It appears that nextcloud/server is sabotaging the connection. (Perhaps this does not belong under nextcloud/docker.)

@umardraz I think I found the culprit: https://github.com/nextcloud/docker/issues/345#issuecomment-398037012

This worked for me (on postgres):

1. drop database nc (the database I told nextcloud to use is nc, and since no tables had been created, this was instantaneous and no loss of anything).
2. Make sure the user/pass I set in POSTGRES_* had CREATE DATABASE and CREATE ROLE permissions in the database as a whole. I highly recommend this not be the final configuration (nextcloud should not be able to create or even see other databases!).

Since I'm on an easy test system, I didn't mind the security lapse. I have not (yet) tested with a production database, though my next step is to clone the real database and attempt an upgrade using this image. Wish me luck.

For the record, I updated my docker-compose.yml:

version: '3.7'

services:
  traefik:
    image: traefik:1.7
    command: --api --docker
    ports:
    - "80:80"
    - "8080:8080" # webui
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
  postgres:
    image: postgres:9.5
    ports:
    - "5432:5432"
    environment:
    - POSTGRES_PASSWORD=xxx
    - POSTGRES_DB=nc
    - POSTGRES_USER=nc_user
    volumes:
    - /home/r2/docker/pg:/var/lib/postgresql/data:Z
  nextcloud:
    image: nextcloud:14-apache
    depends_on:
    - postgres
    environment:
    - POSTGRES_HOST=postgres
    - POSTGRES_DB=nc
    - POSTGRES_USER=nc_user
    - POSTGRES_PASSWORD=xxx
    - NEXTCLOUD_ADMIN_USER=ncadmin
    - NEXTCLOUD_ADMIN_PASSWORD=xxx
    - NEXTCLOUD_DATA_DIR=/var/lib/nextclouddata
    volumes:
    - /home/r2/docker/nc/config:/var/www/html/config:Z
    - /home/r2/docker/nc/data:/var/lib/nextclouddata:Z
    labels:
    - "traefik.frontend.rule=PathPrefixStrip:/cloud"

and config/config.php:

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'passwordsalt' => 'k9DL+pteWJB6AaSpHiCskeb0+8CUds',
  'secret' => 'YvBvUcScMOS+3pzy9m9yzs64mPb4QYrJgwXLyWQThEtMTh/F',
  'trusted_domains' => 
  array (
    0 => 'localhost',
  ),
  'datadirectory' => '/var/lib/nextclouddata',
  'dbtype' => 'pgsql',
  'version' => '14.0.4.2',
  'overwrite.cli.url' => 'http://localhost/cloud',
  'dbname' => 'nc',
  'dbhost' => 'postgres',
  'dbport' => '',
  'dbtableprefix' => '',
  'dbuser' => 'oc_ncadmin7',
  'dbpassword' => 'NC-created-xxx',
  'installed' => true,
  'instanceid' => 'ocx15d26bvrw',
  'overwritewebroot' => '/cloud',
);

Notice that NC still over-rode my dbuser and dbpassword. After pasting here, I did change them back to what I had set in the docker-compose.yml file and they stuck this time. (I think a bit of work needs to go into streamlining this docker image ... having to juggle db-superusers and databases like that is worrisome.)

I have the same problem as @r2evans. This problem is only there if you choose postgresql, with MariaDB all is fine. The problem is in the occ maintenance:install because all other looks ok.

Am also having the same issue as @r2evans . Am using postgresql, docker-compose. I appear to be unable to set a custom dbuser or dbpassword with environmental variables. Are the Environmental labels POSTGRES_USER and POSTGRES_PASSWORD as listed in the README incorrect?

now is version 18 and no fix :-(

maybe problem is that in /entrypoint.sh script on line 156 is

 until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]

and

root@6d2cd9785196:/var/www/html# su -p www-data -s /bin/sh -c "php /var/www/html/occ maintenance:install"


  Command "maintenance:install" is not defined.  

  Did you mean one of these?                     
      app:install                                
      maintenance:data-fingerprint               
      maintenance:mimetype:update-db             
      maintenance:mimetype:update-js             
      maintenance:mode                           
      maintenance:repair                         
      maintenance:theme:update                   
      maintenance:update:htaccess               

Update:
maybe not: https://help.nextcloud.com/t/command-maintenance-install-is-not-defined/60799

If I specifically tell Nextcloud to use certain database credentials, why does it create a completely separate user behind my back and uses it instead? What is the logic behind this?

Here is what happened as a result of it:

1. I used pg_dump to move my database elsewhere.
2. My Nextcloud install suddenly stopped working.
3. After much digging, I find this thread and realize Nextcloud created its own postgres user.
4. Since I expected Nextcloud to use the user I specifically told it to use, I didn't copy that unexpected user to the new database, so now the credentials are invalid.
5. Even worse, since the Nextcloud tables were created by a user whose existence I was not aware of, the Nextcloud tables were not part of the database dump. In other words, that data is gone.

This is the last straw for me. Nextcloud bricked itself twice in a week. It's simply too fragile for me, and I can't sink more evenings into getting it to work again.

@nicbou note that you may also want to go back and remove the auto-created user.

FWIW, to prevent you from having to install a text editor, with some practice you can do it with sed:

sed -i -e "s/.*'dbuser'.*/'dbuser' => 'newuser',/g; s/.*'dbpassword'.*/'dbpassword' => 'newpass',/g" config/config.php

This capitalizes on the assumption that each key/value pair is isolated on a line, and assumes (safely, I believe) that no other field contains the literals 'dbuser' or 'dbpassword'. If you want to test this ...

# docker exec -it mynextcloud bash

root@ffc242067596:/var/www/html# diff -u config/config.php <(sed -e "s/.*'dbuser'.*/'dbuser' => 'newuser',/g; s/.*'dbpassword'.*/'dbpassword' => 'newpass',/g" config/config.php)
--- config/config.php   2020-12-14 01:51:52.534286458 +0000
+++ /dev/fd/63  2020-12-14 18:07:27.032281130 +0000
@@ -40,8 +40,8 @@
   'dbhost' => 'postgres',
   'dbport' => '',
   'dbtableprefix' => 'oc_',
-  'dbuser' => 'olduser',
-  'dbpassword' => 'oldpassword',
+'dbuser' => 'newuser',
+'dbpassword' => 'newpass',
   'installed' => true,
   'overwritehost' => 'oc.activedecisionsupport.com',
   'overwritewebroot' => '/cloud',

@r2evans , I updated my comment with a longer description of the catastrophe this led to. Editing the config indeed fixes the credentials, but it won't bring the data back.

Nonetheless, thank you for your quick reply and assistance.

Oooof, that's a frustrating sequence of events. I agree that NC installation seems to be a bit fragile, and I'm a bit frustrated that there has been no discussion or attention from NC on this in a couple of years, focusing instead on adding third-party integration (that will be lost when nextcloud needs to be re-instantiated).

This seems not only related to the Docker setup but generally regarding the server – we should transfer the issue to the server repo? cc @rullzer @MorrisJobke