Fix for Cloudron read-only filesystem and network binding issues

2025-03-16 13:02:29 +01:00 · 2025-03-16 13:02:29 +01:00 · 6fe1084eb9
commit 6fe1084eb9
parent 1e47298dc0
2 changed files with 51 additions and 20 deletions
--- a/elasticsearch-cloudron/Dockerfile
+++ b/elasticsearch-cloudron/Dockerfile
@ -1,13 +1,17 @@
 FROM cloudron/base:4.0.0

-# Install Docker
+# Install Docker and diagnostic tools
 RUN apt-get update && apt-get install -y \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common \
-    unzip
+    unzip \
+    iproute2 \
+    net-tools \
+    iputils-ping \
+    dnsutils

 RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
 RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
@ -24,4 +28,8 @@ RUN chmod +x /app/start.sh /app/stop.sh
 # Set up data directory
 RUN mkdir -p /app/data

+# Add healthcheck
+HEALTHCHECK --interval=10s --timeout=5s --start-period=30s --retries=3 \
+    CMD curl -f -u elastic:$(cat /app/data/secrets/elastic_password 2>/dev/null || echo "cloudron") http://localhost:9200 || exit 1
+
 CMD ["/app/start.sh"] 
--- a/elasticsearch-cloudron/start.sh
+++ b/elasticsearch-cloudron/start.sh
@ -9,27 +9,45 @@ generate_password() {
    cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1
 }

-# Generate a random password for Elasticsearch if not provided
-if [ -z "$ELASTIC_PASSWORD" ]; then
-    ELASTIC_PASSWORD=$(generate_password)
-    # Save the password to the .env file
-    sed -i "s/^ELASTIC_PASSWORD=.*/ELASTIC_PASSWORD=$ELASTIC_PASSWORD/" /app/.env
-    echo "Generated new secure password for Elasticsearch user 'elastic'"
-fi
+# Create a secrets directory in data (which is writable)
+mkdir -p /app/data/secrets

-# Generate a random password for Kibana if not provided
-if [ -z "$KIBANA_PASSWORD" ]; then
-    KIBANA_PASSWORD=$(generate_password)
-    # Save the password to the .env file
-    sed -i "s/^KIBANA_PASSWORD=.*/KIBANA_PASSWORD=$KIBANA_PASSWORD/" /app/.env
-    echo "Generated new secure password for Elasticsearch user 'kibana_system'"
+# Check for initialization status
+if [[ ! -f /app/data/.initialized ]]; then
+    echo "Fresh installation, initializing..."
+    
+    # Generate and store passwords
+    if [ -z "$ELASTIC_PASSWORD" ]; then
+        ELASTIC_PASSWORD=$(generate_password)
+        echo "Generated new secure password for Elasticsearch user 'elastic'"
+    fi
+    echo "$ELASTIC_PASSWORD" > /app/data/secrets/elastic_password
+    
+    if [ -z "$KIBANA_PASSWORD" ]; then
+        KIBANA_PASSWORD=$(generate_password)
+        echo "Generated new secure password for Elasticsearch user 'kibana_system'"
+    fi
+    echo "$KIBANA_PASSWORD" > /app/data/secrets/kibana_password
+    
+    # Mark as initialized
+    touch /app/data/.initialized
+    echo "Initialization complete."
+else
+    echo "Loading existing configuration..."
+    # Load existing passwords
+    if [ -f "/app/data/secrets/elastic_password" ]; then
+        ELASTIC_PASSWORD=$(cat /app/data/secrets/elastic_password)
+    fi
+    
+    if [ -f "/app/data/secrets/kibana_password" ]; then
+        KIBANA_PASSWORD=$(cat /app/data/secrets/kibana_password)
+    fi
 fi

 # Set default variables
 STACK_VERSION=${STACK_VERSION:-8.17.3}
 CLUSTER_NAME=${CLUSTER_NAME:-cloudron-cluster}
 LICENSE=${LICENSE:-basic}
-ES_PORT=${ES_PORT:-127.0.0.1:9200}

 # Ensure data directories exist
 mkdir -p /app/data/elasticsearch
@ -55,6 +73,10 @@ if [ ! -f /app/data/certs/ca.crt ]; then
    echo "Certificates created."
 fi

+# Print the network interfaces for debugging
+echo "Network interfaces:"
+ip addr show
+
 # Start Elasticsearch
 echo "Starting Elasticsearch..."
 docker run \
@ -73,14 +95,15 @@ docker run \
    -e xpack.license.self_generated.type=${LICENSE} \
    -e xpack.ml.use_auto_machine_memory_percent=true \
    -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
+    -e network.host=0.0.0.0 \
    --ulimit memlock=-1:-1 \
-    -p 127.0.0.1:9200:9200 \
-    -p 127.0.0.1:9300:9300 \
+    -p 0.0.0.0:9200:9200 \
+    -p 0.0.0.0:9300:9300 \
    docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}

-# Wait for Elasticsearch to be up
+# Wait for Elasticsearch to be up - try both localhost and 0.0.0.0
 echo "Waiting for Elasticsearch to start..."
-until $(curl --output /dev/null --silent --head --fail http://localhost:9200); do
+until $(curl --output /dev/null --silent --head --fail http://localhost:9200 || curl --output /dev/null --silent --head --fail http://0.0.0.0:9200); do
    printf '.'
    sleep 5
 done