updating .env file not refelected

Question

updating .env file not refelected

Closed this issue 3 years ago · 12 comments

Hi,
I have updated the .env file (LDAP_BASE_DN) within the installation folder but after restarting the frontend and backend (DB) with docker-compose up -d or docker-compose up --force-recreate -d the modification is not reflected. What can I do? Best regards, Martin

Answer 1 · 2022-11-30T15:41:47.000Z

@mmarkert Do you also have a AUTH_METHOD=ldap option set? That's required to tell BookStack to use LDAP.

Answer 2 · 2022-11-30T15:50:10.000Z

Yes. LDAP authentication is working but I have to change the current BASE_DN because some users are in a different OU.

Answer 3 · 2022-11-30T15:56:35.000Z

@mmarkert Okay, BookStack only works with a single LDAP system at a time.

What exactly are you expecting to occur? And exactly what do you mean when you say "the modification is not reflected" in your original message?

Answer 4 · 2022-11-30T16:11:06.000Z

I have to shorten the LDAP_BASE_DN path to allow other users accessing Bookstack. And that's not working after the modification: .env:

#LDAP_BASE_DN=OU=TUE,OU=User,OU=ARRI,DC=arri,DC=de
LDAP_BASE_DN=OU=ARRI,DC=arri,DC=de

Answer 5 · 2022-11-30T16:51:03.000Z

Okay, kind of hard to determine if this is the option change not taking place, or if this is just your LDAP configuration not working as you'd expect. Have not seem anything yet to assure either stance.
A few things to try:

Are you also defining LDAP_BASE_DN as an environment variable at all? Or is this only within the .env file (That I presume you have mounted through as a volume).
If you temporarily change the AUTH_METHOD option back to standard, does that change take place (And once again show an Email input on the login view)?
If you temporarily change the LDAP_BASE_DN to something completely different & invalid (OU=ldap,DC=example,DC=com) does that stop login for users where login is currently working?

Answer 6 · 2022-12-01T09:02:04.000Z

Thank you for your support! I am not yet very familiar with the configuration, since I have taken over this from a colleague. These are the main configuration files, maybe there is the problem:

docker-compose.yml

version: '3.2'
services:
mysql:
image: localhost:5000/lib/bookstack_mysql:5.7.21-dump
container_name: bookstack_db
environment:
- MYSQL_ROOT_PASSWORD=XXX
- MYSQL_DATABASE=bookstack
- MYSQL_USER=bookstack
- MYSQL_PASSWORD=XXX
volumes:
- type: bind
source: /var/lib/bookstack/mysql-data
target: /var/lib/mysql
restart: always
bookstack:
image: localhost:5000/lib/bookstack:0.24.1-ssl
container_name: bookstack_frontend
depends_on:
- mysql
environment:
- DB_HOST=mysql:3306
- DB_DATABASE=bookstack
- DB_USERNAME=bookstack
- DB_PASSWORD=xxx
- VIRTUAL_HOST=XXX.arri.de
volumes:
- type: bind
source: /var/lib/bookstack/public/uploads
target: /var/www/bookstack/public/uploads
- type: bind
source: /var/lib/bookstack/storage
target: /var/www/bookstack/storage
- type: bind
source: /root/arri-certs
target: /etc/apache2/ssl
restart: always
expose:
- "443"

.env

APP_ENV=production
APP_DEBUG=false
APP_KEY=XXX
APP_URL=null
DB_HOST=mysql:3306
DB_DATABASE=bookstack
DB_USERNAME=bookstack
DB_PASSWORD=XXX
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync
MEMCACHED_SERVERS=127.0.0.1:11211:100
STORAGE_TYPE=local
STORAGE_S3_KEY=false
STORAGE_S3_SECRET=false
STORAGE_S3_REGION=false
STORAGE_S3_BUCKET=false
STORAGE_URL=false
AUTH_METHOD=ldap
GITHUB_APP_ID=false
GITHUB_APP_SECRET=false
GOOGLE_APP_ID=false
GOOGLE_APP_SECRET=false
DISABLE_EXTERNAL_SERVICES=false
LDAP_SERVER=ldap://XXX.arri.de:389
#LDAP_BASE_DN=OU=TUE,OU=User,OU=ARRI,DC=arri,DC=de
LDAP_BASE_DN=OU=ARRI,DC=arri,DC=de
LDAP_DN=XXX@arri.de
LDAP_PASS=XXX
LDAP_USER_FILTER=(&(samaccountname=${user}))
LDAP_VERSION=3
MAIL_DRIVER=smtp
MAIL_HOST=10.110.0.110
MAIL_PORT=25
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null

Answer 7 · 2022-12-01T12:11:41.000Z

So that answers my first point with a no, since you don't also have env options passed as docker env options, which is good, but you'd need to test the other options.

No major red flags in the provided config, the LDAP_DN being an email is a bit suspect, and could maybe be affected by the base DN. Might be worth providing a full DN for the LDAP_DN option since that's what's expected.

Answer 8 · 2022-12-02T10:00:21.000Z

Hi! I've changed AUTH_METHOD and LDAP_BASE_DN and LDAP_DN. This has no impact at all. Is there a way to debug the docker-compose while starting the process?

Answer 9 · 2022-12-02T12:21:31.000Z

Is there a way to debug the docker-compose while starting the process?

You could enter bash within the container to have a look around if needed.

This has no impact at all.

Okay. So looking back at your docker-compose file, I can't see where/how the .env file is being passed to the container, since I presume you're editing this out side the container?

The readme of this container specifies a volume mount for passing the env. Might be needed here. Ensure everything is backed up first before changing up volume mounts.

Answer 10 · 2022-12-06T16:43:59.000Z

Hi Dan!
I solved the problem by adding env_file: .env to docker-compose.yml! Thank you very much for your support!

Answer 11 · 2022-12-06T17:53:33.000Z

Good to hear, will therefore close this off.

Answer 12 · 2022-12-06T17:54:14.000Z

Oh wait, lol, I can't, this isn't my project 🤦
Thought this was in the BookStack project issue list.