From 6fe1084eb98c5fa203389623e64f5e7f3d48847b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20D=C3=BCren?=
 <andreasdueren@Andreass-Mac-mini.local>
Date: Sun, 16 Mar 2025 13:02:29 +0100
Subject: [PATCH] Fix for Cloudron read-only filesystem and network binding
 issues

---
 elasticsearch-cloudron/Dockerfile | 12 +++++--
 elasticsearch-cloudron/start.sh   | 59 +++++++++++++++++++++----------
 2 files changed, 51 insertions(+), 20 deletions(-)

diff --git a/elasticsearch-cloudron/Dockerfile b/elasticsearch-cloudron/Dockerfile
index 7ea08f0..4eb1322 100644
--- a/elasticsearch-cloudron/Dockerfile
+++ b/elasticsearch-cloudron/Dockerfile
@@ -1,13 +1,17 @@
 FROM cloudron/base:4.0.0
 
-# Install Docker
+# Install Docker and diagnostic tools
 RUN apt-get update && apt-get install -y \
     apt-transport-https \
     ca-certificates \
     curl \
     gnupg-agent \
     software-properties-common \
-    unzip
+    unzip \
+    iproute2 \
+    net-tools \
+    iputils-ping \
+    dnsutils
 
 RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
 RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
@@ -24,4 +28,8 @@ RUN chmod +x /app/start.sh /app/stop.sh
 # Set up data directory
 RUN mkdir -p /app/data
 
+# Add healthcheck
+HEALTHCHECK --interval=10s --timeout=5s --start-period=30s --retries=3 \
+    CMD curl -f -u elastic:$(cat /app/data/secrets/elastic_password 2>/dev/null || echo "cloudron") http://localhost:9200 || exit 1
+
 CMD ["/app/start.sh"] 
\ No newline at end of file
diff --git a/elasticsearch-cloudron/start.sh b/elasticsearch-cloudron/start.sh
index 50193c1..484c3f1 100644
--- a/elasticsearch-cloudron/start.sh
+++ b/elasticsearch-cloudron/start.sh
@@ -9,27 +9,45 @@ generate_password() {
     cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1
 }
 
-# Generate a random password for Elasticsearch if not provided
-if [ -z "$ELASTIC_PASSWORD" ]; then
-    ELASTIC_PASSWORD=$(generate_password)
-    # Save the password to the .env file
-    sed -i "s/^ELASTIC_PASSWORD=.*/ELASTIC_PASSWORD=$ELASTIC_PASSWORD/" /app/.env
-    echo "Generated new secure password for Elasticsearch user 'elastic'"
-fi
+# Create a secrets directory in data (which is writable)
+mkdir -p /app/data/secrets
 
-# Generate a random password for Kibana if not provided
-if [ -z "$KIBANA_PASSWORD" ]; then
-    KIBANA_PASSWORD=$(generate_password)
-    # Save the password to the .env file
-    sed -i "s/^KIBANA_PASSWORD=.*/KIBANA_PASSWORD=$KIBANA_PASSWORD/" /app/.env
-    echo "Generated new secure password for Elasticsearch user 'kibana_system'"
+# Check for initialization status
+if [[ ! -f /app/data/.initialized ]]; then
+    echo "Fresh installation, initializing..."
+    
+    # Generate and store passwords
+    if [ -z "$ELASTIC_PASSWORD" ]; then
+        ELASTIC_PASSWORD=$(generate_password)
+        echo "Generated new secure password for Elasticsearch user 'elastic'"
+    fi
+    echo "$ELASTIC_PASSWORD" > /app/data/secrets/elastic_password
+    
+    if [ -z "$KIBANA_PASSWORD" ]; then
+        KIBANA_PASSWORD=$(generate_password)
+        echo "Generated new secure password for Elasticsearch user 'kibana_system'"
+    fi
+    echo "$KIBANA_PASSWORD" > /app/data/secrets/kibana_password
+    
+    # Mark as initialized
+    touch /app/data/.initialized
+    echo "Initialization complete."
+else
+    echo "Loading existing configuration..."
+    # Load existing passwords
+    if [ -f "/app/data/secrets/elastic_password" ]; then
+        ELASTIC_PASSWORD=$(cat /app/data/secrets/elastic_password)
+    fi
+    
+    if [ -f "/app/data/secrets/kibana_password" ]; then
+        KIBANA_PASSWORD=$(cat /app/data/secrets/kibana_password)
+    fi
 fi
 
 # Set default variables
 STACK_VERSION=${STACK_VERSION:-8.17.3}
 CLUSTER_NAME=${CLUSTER_NAME:-cloudron-cluster}
 LICENSE=${LICENSE:-basic}
-ES_PORT=${ES_PORT:-127.0.0.1:9200}
 
 # Ensure data directories exist
 mkdir -p /app/data/elasticsearch
@@ -55,6 +73,10 @@ if [ ! -f /app/data/certs/ca.crt ]; then
     echo "Certificates created."
 fi
 
+# Print the network interfaces for debugging
+echo "Network interfaces:"
+ip addr show
+
 # Start Elasticsearch
 echo "Starting Elasticsearch..."
 docker run \
@@ -73,14 +95,15 @@ docker run \
     -e xpack.license.self_generated.type=${LICENSE} \
     -e xpack.ml.use_auto_machine_memory_percent=true \
     -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
+    -e network.host=0.0.0.0 \
     --ulimit memlock=-1:-1 \
-    -p 127.0.0.1:9200:9200 \
-    -p 127.0.0.1:9300:9300 \
+    -p 0.0.0.0:9200:9200 \
+    -p 0.0.0.0:9300:9300 \
     docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
 
-# Wait for Elasticsearch to be up
+# Wait for Elasticsearch to be up - try both localhost and 0.0.0.0
 echo "Waiting for Elasticsearch to start..."
-until $(curl --output /dev/null --silent --head --fail http://localhost:9200); do
+until $(curl --output /dev/null --silent --head --fail http://localhost:9200 || curl --output /dev/null --silent --head --fail http://0.0.0.0:9200); do
     printf '.'
     sleep 5
 done