I set it to debug at somepoint and forgot maybe? Idk, but why the heck does the default config of the official Docker is to keep all logs, forever, in a single file woth no rotation?
Feels like 101 of log files. Anyway, this explains why my storage recipt grew slowly but unexpectedly.
You should always setup logrotate. Yes the good old Linux logrotate…
We should each not have to configure log rotation for every individual service. That would require identify what and how it logs data in the first place, then implementing a logrotate config. Services should include a reasonable default in logrotate.d as part of their install package.
Docker services should let docker handle it, and the user could then manage it through Docker or forward to some other logging service (syslog, systemd, etc). Processes in containers shouldn’t touch rotation or anything, just log levels and maybe which types of logs go to stdout vs stderr.
Ideally yes, but I’ve had to do this regularly for many services developed both in-house and out of house.
Solve problems, and maybe share your work if you like, I think we all appreciate it.
Agreed, but going container route those nice basic practices are dead.
And also, being mextcloud a php service, of can’t by definition ship with a logrotate config too, because its never packaged by your repo.
The fact (IMHO) is that the logs shouldn’t be there, in a persistent volume.
Probably, but still, if they are, just rotate them.
I don’t disagree that logrotate is a sensible answer here, but making that the responsibility of the user is silly.
Are you crazy? I understand that we are used to dumbed down stuff, but come on…
Rotating logs is in the ABC of any sysadmin, even before backups.
First, secure your ssh logins, then secure your logs, then your fail2ban then your backups…
To me, that’s in the basic stuff you must always ensure.
I would argue that logrotate was the ABC of any sysadmin in 2005, but today that should be a solved problem, whether in docker or bare metal.
Logration is the abc of the developer.
Why should I need 3rd party tools to fix the work of the developer??Why is that? Really? The Dev should replace a system function? And implement over and over again the same errors when logrotate exist?
Yes, that’s exactly what we’re arguing here. The developer also should replace autotools/cmake, git, … Don’t be daft! Packaging sane defaults for logrotate is now replacing a system function?
Docker is supposed to run a single process Logrotate is a separate process. So unless the application handles rotating logs, the container shouldn’t handle it.
Is it default on every distro? If not, then it’s the responsibility of the dev.
This is a docker! If your docker is marketed as ready to go and all-in-one, it should have basic things like that.
If I were running this as a full system with a user base then of course I would go over everything and make sure it all makes sebse for my needs. But since my needs were just a running nc instance, it would make sense to run a simple docker with mostly default config. If your docker by default has terrible config, then you are missing the point a bit.
Containers don’t do log rotation by default and the container itself has no say in the matter. You have to configure it in your container runtime config.
Dockers images are often incoherent and just different from one a other so much that you should never give something as expected and doublecheck the basics.
Docker was never meant do deploy services, and I shows.
It’s absolutely meant to deploy services, that’s its entire purpose…
What? Like, yeah you are responsible to do your own checks, sure. but the fuq you said about docker?
Those should also all be secure by default. What is this, Windows?
Just basic checks I prefer to ensure, not leave to distribution good faith. If all is set, good to go. Otherwise, fix and move on.
Specially with self hosted stuff that is a bit more custom than the usual.
Imho it’s because docker does away with (abstracts?) many years of sane system administration principles (like managing logfile rotations) that you are used to when you deploy bare metal on a Debian box. It’s a brave new world.
Or you can use Podman, which integrates nicely with Systemd and also utilizes all the regular system means to deal with log files and so on.
Good suggestion, although I do feel it always comes back to this “many ways to do kind of the same thing” that surrounds the Linux ecosystem. Docker, podman, … some claim it’s better, I hear others say it’s not 100% compatible all the time. My point being more fragmentation.
100 ways to configure a static ip.
Why does it need that? At least one per distro controlled by the distro-maintainers.There’s basically three types of networking config:
- direct with the kernel - don’t do this
- some distro-specific abstraction - e.g. /etc/network/interfaces for Debian
- networking manager - wicked, network manager, etc
I do the last one because it’s distro-agnostic. I use Network Manager and it works fine.
I notice that you replied to me once again in connection to me mentioning static IP and linux.
Can I summon you this way? ^^Apparently. I was wondering if you were the same person.
I’m just a happy Linux user trying to help when other people run into problems.
Totally okay. Hope it helps somone trying to search for solutions on th web :)
Does podman do the Docker networking thing where I can link containers together without exposing ports to the rest of the system? I like my docker compose setup where I only expose caddy (TLS trunking) and Jellyfin (because my TV fails connecting w/ TLS).
I think it also has that, but normally it uses an even easier concept of pods that basically wrap multiple containers into a meta container with it’s own internal networking and name space, and that does exactly what you want.
Nice! I’ve been having permissions conflicts between Samba (installed system-wide) and Jellyfin (docker), so it’s probably as good a time as any to try out podman since I need to mess with things anyway.
I disagree with this, container runtimes are a software like all others where logging needs to be configured. You can do so in the config of the container runtime environment.
Containers actually make this significantly easier because you only need to configure it once and it will be applied to all containers.
Or you can forward to your system logger, like syslog or systemd.
But then projects like NextCloud do it all wrong by using a file. Just log to stdout and I’ll manage the rest.
You are right and as others have pointed out correctly it’s Nextcloud not handling logging correctly in a containerized environment. I was ranting more about my dislike of containers in general, even though I use the technology (correctly) myself. It’s because I am already old on the scale of technology timelines.
Everything I hear about Nextcloud scares me away from messing with it.
If you only use it for files, the only thing it’s good for imho. it’s awesome! :)
Yes. And then I read press announcements like this https://nextcloud.com/blog/press_releases/nextcloud-procolix-partner-netherlands/
I’m considering switching to Seafile. I just need documents to sync and Collabora integration, and it seems to do both without dealing with PHP nonsense.
Just use the official Docker AIO and it is very, very little trouble. It’s by far the easiest way to use Nextcloud and the related services like Collabora and Talk.
The
price rboemproblem is that the log file is inside the container in the www folder.Edit: typo
You can move it.
Right, I should probably map the file directly to the system log folder. I’ll try that.
for some helpful config, the below is the logging config I have and logs have never been an issue.
You can even add
'logfile' => '/some/location/nextcloud.log',to get the logs in a different place'logtimezone' => 'UTC', 'logdateformat' => 'Y-m-d H:i:s', 'loglevel' => 2, 'log_rotate_size' => 52428800,Reminds me of when my Jellyfin container kept growing its log because of something watchtower related. Think it ended up at 100GB before I noticed. Not even debug, just failed updates I think. It’s been a couple of months.
Well that’s not jellyfins faults but rather watchtower…
101 of log files
is to configure it yourself
Look, defaults are a thing and if your defaults suck then you’ve made a mistake and if your default is to save a 100GB of log file in one file then something is wrong. The default in Dockers should just be not to save any log files on the persistent volumes.
Exactly. It should just write to stdout and let whatever is running it manage it.
Feels like blaming others for not paying attention.
