restic/rest-server

PASSWORD_FILE Env variable not working with a bind mounted directory

miguelarios opened this issue · 4 comments

miguelarios commented

Output of rest-server --version

How did you run rest-server exactly?

Docker

What backend/server/service did you use to store the repository?

Rest-server

Expected behavior

Change the htpasswd location

I have bind mounted a directory and then passed the env variable of PASSWORD_FILE with a path to the htpasswd

Actual behavior

Getting error in log where it is still looking for htpasswd in the data directory

Steps to reproduce the behavior

Add another bind mounted directory and change htpasswd directory

Do you have any idea what may have caused this?

No

Do you have an idea how to solve the issue?

Did rest-server help you today? Did it make you happy in any way?

MichaelEischer commented

There is not enough information to reproduce this issue. Please provide the exact command you use to create the bind mount, how you run the rest-server and its output. Which rest-server version do you use?

EkilDeew commented

From my testings, using this kind of docker compose,

  restic:
    image: restic/rest-server:latest
    environment:
      - PASSWORD_FILE=/srv/.htpasswd
    volumes:
      - xxx:/data
      - ./.htpasswd:/srv/.htpasswd
    user: xxx:xxx

will result with this error error: cannot load .htpasswd (use --no-auth to disable): open /data/.htpasswd: permission denied.
The server wont search in the right place.

However by removing the bind mount for .htpasswd and only specifying the environment variable PASSWORD_FILE, the error will be: touch: /srv/.htpasswd: Permission denied. So the environment variable is indeed read.

I'm specifying that i'm running the container in user mode because in root wether there is a bind mount of not the server will still look for the .htpasswd in /data

miguelarios commented

The only way I was able to fix this was creating a blank htpasswd file in the /data folder and that made it work. Doing this will surprisingly not mean that the htpasswd file you designated on your custom folder will be ignored as you can run echo $PASSWORD_FILE and it should show you the directory where the password file being actively used is located and this should confirm you are using the custom location instead of the default.

What is weird is that there is no mention of this in the documentation hence why I had to post this bug.

MichaelEischer commented

The --password-file option isn't available in rest-server 0.11.0 (aka. the latest official docker container). It was only added afterwards https://github.com/restic/rest-server/pull/188/files .