I
Immich6mo ago
alexbstl

Issues with Portainer-LXC container after reboot

Hi- I run Immich on Portainer which is itself running in an LXC container on a Proxmox Host. I use the storage from another VM on the Proxmox Host running Truenas, shared over SMB. I recently had to reboot the Proxmox Host. After doing so, I received the following error: 
[Nest] 7  - 11/21/2024, 5:47:04 PM   ERROR [Microservices:StorageService] Failed to write upload/encoded-video/.immich: Error: EACCES: permission denied, open 'upload/encoded-video/.immich'
[Nest] 7  - 11/21/2024, 5:47:04 PM   ERROR [Microservices:StorageService] Failed to write upload/encoded-video/.immich: Error: EACCES: permission denied, open 'upload/encoded-video/.immich'
This seems like a permissions error on the file in question, but the console in the lxc container says the permissions on the folder and file are open, and owner is nobody/nogroup. Does anyone have any ideas for how to solve this?
19 Replies
Immich
Immich6mo ago
:wave: Hey @alexbstl, Thanks for reaching out to us. Please follow the recommended actions below; this will help us be more effective in our support effort and leave more time for building Immich :immich:. References - Container Logs: docker compose logs docs - Container Status: docker compose ps docs - Reverse Proxy: https://immich.app/docs/administration/reverse-proxy Checklist 1. :ballot_box_with_check: I have verified I'm on the latest release(note that mobile app releases may take some time). 2. :ballot_box_with_check: I have read applicable release notes. 3. :ballot_box_with_check: I have reviewed the FAQs for known issues. 4. :ballot_box_with_check: I have reviewed Github for known issues. 5. :ballot_box_with_check: I have tried accessing Immich via local ip (without a custom reverse proxy). 6. :ballot_box_with_check: I have uploaded the relevant logs, docker compose, and .env files, making sure to use code formatting. 7. :ballot_box_with_check: I have tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable (an item can be marked as "complete" by reacting with the appropriate number) If this ticket can be closed you can use the /close command, and re-open it later if needed.
alexbstl
alexbstlOP6mo ago
Here is docker ps from within the lxc container: 
8dfaddc309c0   ghcr.io/immich-app/immich-server:release             "tini -- /bin/bash s…"   33 minutes ago   Restarting (1) 1 second ago                                                                                                    immich_server
8dfaddc309c0   ghcr.io/immich-app/immich-server:release             "tini -- /bin/bash s…"   33 minutes ago   Restarting (1) 1 second ago                                                                                                    immich_server
alexbstl
alexbstlOP6mo ago
here is the relevant log from portainer:

immich_server_logs1....

Immich
Immich6mo ago
Successfully submitted, a tag has been added to inform contributors. :white_check_mark:
Zeus
Zeus6mo ago
Hello, this is indeed a permissions / mapping issue of some kind on the encoded video mount to the LXC container/docker FYI, docker in LXC is not supported by proxmox, while some people here do use it there can be lots of weird errors like this at times
alexbstl
alexbstlOP6mo ago
thanks for the feedback. I was afraid of that. I am considering migrating my entire docker setup to a VM instead but I just wanted to avoid the hassle if I could do you have any ideas that I could try before I do that?
Zeus
Zeus6mo ago
you should post the compose and env but broadly speaking immich has no control over this type of error
alexbstl
alexbstlOP6mo ago
ah ok the compose is taken basically from the portainer compose on the immich getting started. just a minute and I'll post that
Zeus
Zeus6mo ago
is this a privileged LXC?
alexbstl
alexbstlOP6mo ago
it... might not be. I'm a bit new to this, I assume I can check that (and change it) within proxmox?
Zeus
Zeus6mo ago
tbh if you're new to all this just use a VM lol I think you will have a much better experience. the performance hit is minimal I'm pretty sure you can change it but the whole docker+lxc thing is really "here be dragons" territory unless you have a really compelling reason for it IMO some people will be nicer about it lol
alexbstl
alexbstlOP6mo ago
ok- thanks for the feedback. Just need to prepare myself for a fair bit of work
Zeus
Zeus6mo ago
to make a VM? if you're new it shouldn't be that much work to move it over..
alexbstl
alexbstlOP6mo ago
i have other containers also running
Zeus
Zeus6mo ago
so I will say the fact that you are using a SMB in truenas VM may make this more doable than a proxmox pass through mount point so it's possible the issue is on the SMB side and not related to LXC you can look at the mount options, make sure nothing has changed re: user, root_squash etc
alexbstl
alexbstlOP6mo ago
actually- that might be the issue. I was flying blind so I mounted the smb share onto the proxmox host and passed it through to the lxc yea my setup is kind of insane now that I think about it lol I got the idea from someone's jellyfin setup on the proxmox forums
Zeus
Zeus6mo ago
the reason it's good for jellyfin is because you can do GPU accel without losing the GPU access from the host because VMs are much harder to share a GPU passthrough (yes Immich does support HW accel as well but since it's all background tasks it's less critical IMO(
alexbstl
alexbstlOP6mo ago
let me... try to just mount the smb directly into the lxc and see if that fixes things yep- that worked. Ok, to detail my solution: I backed up and restored to a privileged LXC container to ensure I had permissions, then, within the container, I mounted the smb share to the same place it was being passed through to my server is now live again this server doesn't even have a gpu so any sort of passthrough is pointless Thanks for the help!
Zeus
Zeus6mo ago
great!

Did you find this page helpful?