[BUG] Unable to get a working container on Asustor NAS

[shaaati]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Upon start, the container errors out with weird Java error messages (see below). After lots of debugging, I think that is merely a symptom of a weirdly non-working container. When I spawn a shell inside the container, I can't really browse the file system:

root@c845f0db4c12:/usr/lib/unifi# ls -al
total 8210891115956535296
?--x-w-r-x 2318372932 127 root       367315880568 Jan  1  1970 .
?--x-w-r-x 2318372932 127 root       367315880568 Jan  1  1970 ..
?-w--wxr-x 2318372932 127 root       367315880568 Jan  1  1970 bin
?--xrwxrwx 3837878576 127 3837878576 367315880568 Jan  1  1970 conf
?--x-w-r-x 2318372932 127 root       367315880568 Jan  1  1970 data
?--x-w-r-x 2318372932 127 root       367315880568 Jan  1  1970 dl
?--x-w-r-x 2318372932 127 root       367315880568 Jan  1  1970 lib
?--x-w-r-x 2318372932 127 root       367315880568 Jan  1  1970 logs
?--x-w-r-x 2318372932 127 root       367315880568 Jan  1  1970 readme.txt
?--x-w-r-x 2318372932 127 root       367315880568 Jan  1  1970 run
?--x-w-r-x 2318372932 127 root       367315880568 Jan  1  1970 webapps
root@c845f0db4c12:/usr/lib/unifi# touch tmp
root@c845f0db4c12:/usr/lib/unifi# ls
bin  conf  data  dl  lib  logs  readme.txt  run  tmp  webapps
root@c845f0db4c12:/usr/lib/unifi# ls -al
total 2658429815278796800
?--x-w-r-x 2950664260 127 root       367306320504 Jan  1  1970 .
?--x-w-r-x 2950664260 127 root       367306320504 Jan  1  1970 ..
d-----S-wx 2950664260 127 root       367306320504 Jan  1  1970 bin
?--xrwxrwx 3694189584 127 3694189584 367306320504 Jan  1  1970 conf
?--x-w-r-x 2950664260 127 root       367306320504 Jan  1  1970 data
?--x-w-r-x 2950664260 127 root       367306320504 Jan  1  1970 dl
?--x-w-r-x 2950664260 127 root       367306320504 Jan  1  1970 lib
?--x-w-r-x 2950664260 127 root       367306320504 Jan  1  1970 logs
?--x-w-r-x 2950664260 127 root       367306320504 Jan  1  1970 readme.txt
?--x-w-r-x 2950664260 127 root       367306320504 Jan  1  1970 run
?--x-w-r-x 2950664260 127 root       367306320504 Jan  1  1970 tmp
?--x-w-r-x 2950664260 127 root       367306320504 Jan  1  1970 webapps

Timestamps are weird, folders are not recognized as folders and overall the docker containe feels "broken".

Expected Behavior

No error upon boot, container comes up and exposes the WebUI.

Steps To Reproduce

I feel this segment is a bit redundant, but maybe I don't understand what is requested in this part of the issue description. I will gladly provide more information upon request.

Start the container with the docker compose file shown below in my environment shown below. Directly after the start, the log files shown below are reported and no working WebUI is exposed.

Environment

- Hardware: Asustor NAS AS1102T
- OS: The most recent Asustor ADM OS version (4.3.3.RC92, updated yesterday)
- How docker service was installed: From the Asustor app store, version is 27.1.1.r5
- How do I run docker compose files: Portainer CE, also installed via Asustor app store, version 2.27.1.r01

CPU architecture

arm64

Docker creation

In Portainer I created a "stack" using the following docker compose yaml:

name: unifi-network-application-manuell
services:
  unifi-db-manuell:
    image: docker.io/mongo:4.4.18
    container_name: unifi-db-manuell
    environment:
      - MONGO_INITDB_ROOT_USERNAME=root
      - MONGO_INITDB_ROOT_PASSWORD=BLA
      - MONGO_USER=unifi
      - MONGO_PASS=BLUB
      - MONGO_DBNAME=unifi
      - MONGO_AUTHSOURCE=admin
    volumes:
      - /share/Docker/unifi-db-manuell:/data/db
      - /share/Docker/unifi-db-manuell/init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh:ro
    restart: unless-stopped
    networks:
     - unifi-bridge

  unifi-network-application-manuell:
    privileged: true
    image: lscr.io/linuxserver/unifi-network-application:latest
    container_name: unifi-network-application-manuell
    environment:
      - PUID=1000
      - PGID=100
      - TZ=Etc/UTC
      - MONGO_USER=unifi
      - MONGO_PASS=BLUB
      - MONGO_HOST=unifi-db-manuell
      - MONGO_PORT=27017
      - MONGO_DBNAME=unifi
      - MONGO_AUTHSOURCE=admin
      - MEM_LIMIT=1024 #optional
      - MEM_STARTUP=1024 #optional
      - MONGO_TLS= #optional
    volumes:
      - /share/Docker/unifi-network-application-manuell/data:/config
    ports:
      - 8443:8443
      - 3478:3478/udp
      - 10001:10001/udp
      - 8080:8080
      - 1900:1900/udp #optional
      - 8843:8843 #optional
      - 8880:8880 #optional
      - 6789:6789 #optional
      - 5514:5514/udp #optional
    restart: unless-stopped
    networks:
     - unifi-bridge
networks:
  unifi-bridge:
    driver: bridge


After starting out with some community approach that I found via web search (https://github.com/GiuseppeGalilei/Unifi-Network-Application), this time I have made sure to stick to the README of this container and adapted settings as I understood them.

- The mongo version is the most recent one that is supported by my NAS CPU
- PUID and PGID are set according to the ownership permissions of the NAS folders:

user@nas:/share/Docker $ ls -aln
[...]
drwxrwxrwx    4 999      100           4096 Apr 19 13:29 unifi-db-manuell/
[...]
drwxr-xr-x    3 1000     100           4096 Apr 19 03:35 unifi-network-application-manuell/


Side note: The MongoDB container comes up as expected and is looking fine when spawning a shell.

Container logs

[migrations] started

[migrations] no migrations found

───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗

      ██║     ██╔════╝██║██╔═══██╗

      ██║     ███████╗██║██║   ██║

      ██║     ╚════██║██║██║   ██║

      ███████╗███████║██║╚██████╔╝

      ╚══════╝╚══════╝╚═╝ ╚═════╝

   Brought to you by linuxserver.io

───────────────────────────────────────

To support LSIO projects visit:

https://www.linuxserver.io/donate/

───────────────────────────────────────

GID/UID

───────────────────────────────────────

User UID:    1000

User GID:    100

───────────────────────────────────────

Linuxserver.io version: 9.0.114-ls86

Build-date: 2025-04-15T17:36:23+00:00

───────────────────────────────────────

    

Generating 4,096 bit RSA key pair and self-signed certificate (SHA384withRSA) with a validity of 3,650 days

	for: CN=unifi

Exception in thread "main" java.lang.ExceptionInInitializerError

	at java.base/javax.crypto.Cipher.getInstance(Cipher.java:546)

	at java.base/sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:934)

	at java.base/sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:631)

	at java.base/sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:589)

	at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:112)

	at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1167)

	at java.base/sun.security.tools.keytool.Main.doGenKeyPair(Main.java:2053)

	at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1186)

	at java.base/sun.security.tools.keytool.Main.run(Main.java:423)

	at java.base/sun.security.tools.keytool.Main.main(Main.java:416)

Caused by: java.lang.SecurityException: Can not initialize cryptographic mechanism

	at java.base/javax.crypto.JceSecurity.<clinit>(JceSecurity.java:125)


The Java error will repeat indefinitely. As I said, I think this is because the filesystem is looking weird, which leads to some errors with Java not being able to access a certain config file. That is what I found when looking for this issue and that ultimately lead me to having an interactive look at the container file system.

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[thespad]

What is the output of uname -a? I suspect this is an issue with a lack of kernel support for Noble syscalls.

[shaaati]

Sounds like a good idea, even though I don't like the implications :/.

uname -a says Linux 4.9.119 #1 SMP PREEMPT Mon Dec 9 03:18:02 CST 2024 aarch64 GNU/Linux.

The same behaviour also happens with container version 8.2.93, which is still based on Jammy. the mongo 4.4.18 container runs on a Focal base image.

I'm a bit disappointed that a NAS system that has been released in 2021 uses a Kernel from 2016, but I guess that's how these systems are and I suppose I wouldn't want to run such old software anyway, even if I could get it to work somehow.

[thespad]

Not seen a lot of arm64 systems with a 4.x kernel so hard to say. x86_64 hosts with a 4.x kernel don't have big issues with the unifi image but it's quite possible arm is different.

Can you try running with

security_opt:
    - seccomp=unconfined

And see if it makes any difference?

[shaaati]

Can you try running with

security_opt:
- seccomp=unconfined

And see if it makes any difference?

Doesn't make any difference.

In the meantime I spun up two different minimal containers. The one based on Focal runs fine, the one based on Jammy shows the same behaviour as described. So it really seems to be the Ubuntu version causing the issues.

[thespad]

That doesn't surprise me, we had a ton of issues when Jammy first released due to it using syscalls that older platforms didn't support (and people running ancient versions of Docker that also didn't support them). Noble has further changes but not on the same scale that we saw with Jammy.

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.