Cannot start Synapse through docker-compose: Permission denied: '/data/homeserver.yaml'

[hankster112]

Description

Every time I attempt to start a new synapse server from docker-compose I receive the below error.

Steps to reproduce

1. Create docker-compose with parameters (volume and network is defined earlier as synapse):

  synapse-server:
    image: matrixdotorg/synapse:latest
    container_name: synapse
    environment:
      - SYNAPSE_SERVER_NAME=my.domain.com
      - SYNAPSE_REPORT_STATS=no
    restart: unless-stopped
    networks:
      - synapse
    volumes:
      - synapse:/data
    ports:
      - "8008:8008"

2. Attempt to start the server through sudo docker-compose up
3. Receive error in logs below

Homeserver

Custom hostserver

Synapse Version

Latest from matrixdotorg/synapse

Installation Method

Docker (matrixdotorg/synapse)

Database

SQLite

Workers

Single process

Platform

Debian 11 Bullseye
Docker (docker-compose)

Configuration

Stock/vanilla config

Relevant log output

synapse             | Traceback (most recent call last):
synapse             |   File "<frozen runpy>", line 198, in _run_module_as_main
synapse             |   File "<frozen runpy>", line 88, in _run_code
synapse             |   File "/usr/local/lib/python3.11/site-packages/synapse/app/homeserver.py", line 389, in <module>
synapse             |     main()
synapse             |   File "/usr/local/lib/python3.11/site-packages/synapse/app/homeserver.py", line 379, in main
synapse             |     hs = setup(sys.argv[1:])
synapse             |          ^^^^^^^^^^^^^^^^^^^
synapse             |   File "/usr/local/lib/python3.11/site-packages/synapse/app/homeserver.py", line 287, in setup
synapse             |     config = HomeServerConfig.load_or_generate_config(
synapse             |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
synapse             |   File "/usr/local/lib/python3.11/site-packages/synapse/config/_base.py", line 792, in load_or_generate_config
synapse             |     config_dict = read_config_files(config_files)
synapse             |                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
synapse             |   File "/usr/local/lib/python3.11/site-packages/synapse/config/_base.py", line 874, in read_config_files
synapse             |     with open(config_file) as file_stream:
synapse             |          ^^^^^^^^^^^^^^^^^
synapse             | PermissionError: [Errno 13] Permission denied: '/data/homeserver.yaml'

Anything else that would be useful to know?

I have created the volume from scratch multiple times, manually set permissions on the directory in the volume as suggested by ma-fl in #6303, and generated a new config by manually running the docker container with generate or migrate_config commands.

[DMRobertson]

I have edited your post to try and correct the formatting of your docker-compose file.

(volume and network is defined earlier as synapse):

It's really useful for us if you can try to produce a self-contained example compose file.

This one seems to do the trick:

version: '3'

services:
  synapse-server:
    image: matrixdotorg/synapse:latest
    container_name: synapse
    environment:
       - SYNAPSE_SERVER_NAME=my.domain.com
       - SYNAPSE_REPORT_STATS=no
    restart: unless-stopped
    networks:
      - synapse
    volumes:
      - synapse:/data
    ports:
      - 8008:8008

volumes:
  synapse:

networks:
  synapse:

[DMRobertson]

have created the volume from scratch multiple times, manually set permissions on the directory in the volume as suggested by ma-fl in #6303, and generated a new config by manually running the docker container with generate or migrate_config commands.

I think you should probably mark the volume as external so that docker-compose doesn't try to create one for you.

volumes:
  synapse:
    external: true

Let us know if that solves your problem (or at least gets your further).

Also, if you find any of our instructions or examples are out of date, do let us know.

[hankster112]

Still not working. This is my full docker-compose file. It includes Postgres DBs and a Gitea instance which also isn't working. This is my first time really trying to use Docker for something so all of this is probably wrong.

version: "3"

networks:
  synapse:
    external: false
  gitea:
    external: false

volumes:
  synapse:
    external: true
  synapse-postgres:
    external: true
  gitea:
    driver: local
  gitea-postgres:
    driver: local

services:
  synapse:
    image: matrixdotorg/synapse:latest
    container_name: synapse
    environment:
      - SYNAPSE_SERVER_NAME=my.domain.com
      - SYNAPSE_REPORT_STATS=no
    restart: unless-stopped
    networks:
      - synapse
    volumes:
      - synapse:/data
    ports:
      - "8008:8008"

  synapse-postgres:
    image: postgres:latest
    restart: always
    environment:
      - POSTGRES_USER=synapse
      - POSTGRES_PASSWORD=synapse
      - POSTGRES_DB=psycopg2
    networks:
      - synapse
    volumes:
      - synapse:/var/lib/postgresql/data

  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=db:5432
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=gitea
    restart: always
    networks:
      - gitea
    volumes:
      - gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "222:22"
    depends_on:
      - gitea-postgres

  gitea-postgres:
    image: postgres:14
    restart: always
    environment:
      - POSTGRES_USER=gitea
      - POSTGRES_PASSWORD=gitea
      - POSTGRES_DB=gitea
    networks:
      - gitea
    volumes:
      - gitea-postgres:/var/lib/postgresql/data

[H-Shay]

Just to be clear, when you say it's still not working are you receiving the same PermissionError: [Errno 13] Permission denied: '/data/homeserver.yaml' referenced above or has a new error arisen?

[hankster112]

Just to be clear, when you say it's still not working are you receiving the same PermissionError: [Errno 13] Permission denied: '/data/homeserver.yaml' referenced above or has a new error arisen?

Yes, it is the same error verbatim as in the OP.

[MadLittleMods]

Related/duplicate of:

• Data/config file errors when using Docker volumes (and fly.io) #14122
• Permission issues with Docker volumes #14961

[andybalaam]

A couple of things for you to try, based on the setup we use in the Element Web automated tests.

If you're using actual Docker, try adding this to the synapse section:

user: "1001:1000"

(Assuming your user ID is 1000.)

If you're using podman, try:

user: 0:0

and inside environment inside synapse:

- UID=0
- GID=0

These are just guesses based on what I got working here, but might be worth a try.

[hankster112]

Added those and now I'm running into an issue I had previously, where it doesn't see the homeserver.yaml in the Docker volume, even though I can browse to it and see it there. Tried running separate Docker instances with both generate and migrate_config, neither are working. There was a fix for this but it's been a while since I've worked on this so I can't remember what it was.

synapse                     | Config file '/data/homeserver.yaml' does not exist.
synapse                     | 
synapse                     | The synapse docker image no longer supports generating a config file on-the-fly
synapse                     | based on environment variables. You can migrate to a static config file by
synapse                     | running with 'migrate_config'. See the README for more details.
synapse                     | 

Current docker-compose.yaml:

version: "3"

networks:
  synapse:
    external: false
  gitea:
    external: false

volumes:
  synapse:
    external: true
  synapse-postgres:
    external: true
  gitea:
    driver: local
  gitea-postgres:
    driver: local

services:
  synapse:
    image: matrixdotorg/synapse:latest
    container_name: synapse
    environment:
      - SYNAPSE_SERVER_NAME=my.domain.com
      - SYNAPSE_REPORT_STATS=no
      - UID=0
      - GID=0
    restart: unless-stopped
    user: "1001:1000"
    networks:
      - synapse
    volumes:
      - synapse:/data
    ports:
      - "8008:8008"

  synapse-postgres:
    image: postgres:latest
    restart: always
    environment:
      - POSTGRES_USER=synapse
      - POSTGRES_PASSWORD=synapse
      - POSTGRES_DB=psycopg2
    networks:
      - synapse
    volumes:
      - synapse:/data
    ports:
      - "8008:8008"

  synapse-postgres:
    image: postgres:latest
    restart: always
    environment:
      - POSTGRES_USER=synapse
      - POSTGRES_PASSWORD=synapse
      - POSTGRES_DB=psycopg2
    networks:
      - synapse
    volumes:
      - synapse:/var/lib/postgresql/data

  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=db:5432
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=gitea
    restart: always
    networks:
      - gitea
    volumes:
      - gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "222:22"
    depends_on:
      - gitea-postgres

  gitea-postgres:
    image: postgres:14
    restart: always
    environment:
      - POSTGRES_USER=gitea
      - POSTGRES_PASSWORD=gitea
      - POSTGRES_DB=gitea
    networks:
      - gitea
    volumes:
      - gitea-postgres:/var/lib/postgresql/data