Desperation please can I get an answer

Operating System ZimaOS
1

I love ZimaOS, and I have three small charities who’s IT I support free and they, this years are moving away from the cloud and going to a Simple NAS solution, they like zimaOS and so do I as it just works for most things.

However we have a complex docker install that’s 6 images and around 2TB installed and configured, we have tested this in ubuntu 22.04lts / Debian 12/13 and it works, along with the ZimaOS however they don’t want to work together, the installer is complex and configures, MariaDB, Elastic Search, document management, mail platform, communications and management modules all tied together however, it needs /app to work and after speaking with the software company there is no way around this as they have tried to /DATA/xyz and /media/xyz and it fails.

so I scrap a few potential clients moving to your solution unless I can find a work around

what I need to do is create a directory /app and then map it with fstab to /media/datadrive/product

then I can run the installer and the product works.

the other issue we have is the need for FileZilla to ran so we can copy data direct to the NAS folders,

we have tried this via VM and it fails as the bridge to eth x does not allow you to create a smb connection to the underlying host OS and you can’t add two NICs one bridged to allow the app to run in a VM and one NAT to create the smb to, also the other issue is the VMs don’t restart after a reboot or powerful.

I am aware why the is RO, so please I’m looking for a solution even is I make the OS RW to do this and create the mount points then install and make RO this would resolve my issue.

Thanks

Chris

2

Chris, I believe this can be solved on ZimaOS without breaking the OS.

1) Create /app using a bind mount (recommended)

Because the vendor hard-requires /app, the clean workaround is to bind-mount /app to a folder on your data drive.

Note: I’m using /media/datadrive/product as a placeholder path because each ZimaOS system mounts disks under a different name (for example /media/ZimaOS-HD/... or /media/<disk-name>/...). The solution is the same either way, you just replace the path with your real one.

sudo mkdir -p /media/datadrive/product
sudo mkdir -p /app
sudo mount --bind /media/datadrive/product /app

Confirm:

mount | grep " /app "
df -h /app

If the installer works after that, make it persistent with /etc/fstab:

sudo nano /etc/fstab

Add:

/media/datadrive/product  /app  none  bind  0  0

Then:

sudo mount -a

If ZimaOS blocks editing fstab due to read-only, I suggest doing the same bind mount via a small startup script/container at boot (no OS modifications needed).

2) FileZilla requirement

I suggest avoiding VM entirely.

Instead, run SFTP in Docker and use FileZilla from your PC/Mac to transfer data directly into the NAS folders. This avoids VM bridge/NIC limitations and reboot auto-start issues.

Good container options:

  • linuxserver/openssh-server
  • atmoz/sftp
3

mkdir: cannot create directory ‘/app’: Read-only file system

tried with sudo and as root

I need to switch the OS to RW to create the /app and fstab :frowning:

4

Chris, I believe you are hitting the expected ZimaOS behaviour. The root filesystem / is read-only by design, so you cannot create /app directly, even as root.

The ZimaOS-safe workaround

Instead of changing the OS to RW, I suggest you don’t create /app on the host at all.

Run your 6-container stack in Docker and use a container-level mount so the app still sees /app, but it actually maps to your data disk.

Example (compose style):

services:
  yourservice:
    volumes:
      - /media/<your-disk>/product:/app

This gives you the exact same result the vendor needs (path inside container is /app) without modifying ZimaOS root or fstab.

For the data transfer (FileZilla)

I suggest running SFTP as a container (instead of VM). Then you can upload 2TB using FileZilla from your PC straight into /media/<disk>/... without VM bridge limitations.

5

this doesn’t work as its and installer that needs /app to work and the software devs said it won’t work any other way due to the complexity of the software and interactions between the various objects

they has to be a way to enable RW on the OS

6

Chris, the issue is not permissions. ZimaOS mounts the root filesystem (/) as read-only by design, which is why even root gets:

mkdir: cannot create directory ‘/app’: Read-only file system

Because of that, creating /app and editing /etc/fstab on the host is not possible using normal Linux methods.

Why we cannot advise “make OS RW”

Yes, there are sometimes ways to remount a read-only OS as RW, but this is a system-level change that can easily:

  • break updates
  • break boot/recovery behaviour
  • corrupt the OS overlay
  • brick the device

For that reason, I cannot recommend or provide instructions for forcing ZimaOS into RW mode. The correct RW method (if one exists) must come from IceWhale, because it depends on how ZimaOS is built.

What you should do next

I suggest contacting IceWhale support/community directly and asking for an official supported procedure to temporarily remount the OS RW (create /app, configure mount), and then return it to RO safely.

If IceWhale confirms a supported method, then it’s safe to follow. Without that, doing it manually is a high risk change and nobody here can be responsible if it bricks the system.

7

@gelbuilding George, I am at my wits end with this, I have the install script as I don’t understand coding at all, spent years working on backend infrastructure and vmware for years. I have just uploaded the installer file and the instructions for docker compose, and was wondering if you would be able to help me make this work. I just need it to work happly on /media/data/Onlyoffice for the persistent files or /media/nvme/Onlyoffice if it would be happier on an NVME drive.

all I can do is offer my thanks and a beer

Chris

install.txt (68.6 KB)

8

Chris, yes upload is perfect, I can help you get this working on ZimaOS.

A key point first: on ZimaOS the root filesystem is read-only, so anything that tries to create host paths like /app will fail. The correct way on ZimaOS is to adjust the installer/compose so persistent storage lives under /media/..., while the containers can still use /app internally if required.

If you want it clean and stable, I suggest we standardise your persistent paths like this:

  • NVME (best performance):
    /media/nvme/Onlyoffice
  • HDD/RAID (fine for storage):
    /media/data/Onlyoffice

Next step: please paste the install script contents (or tell me the GitHub repo link) + your current docker-compose.yml, and I’ll rewrite it into a ZimaOS-ready compose that works with your chosen path and survives reboot/updates.

9

George I have renamed the two files and uploading as txt here, the histone is the workspace install which defines how you are going to install the software the second is install.sh the installer,

I was wondering being very old school and if I understand docker container correctly that they use the underlying kernel and carry the host information like cpu / ram, if this is so would the simplest way be to pull ubuntu 24.04lts create my mapped volumes ie /app to /media/data/Onlyoffice and just run the script ??

install.sh.txt (68.6 KB)

workspace-install.sh.txt (3.5 KB)

10

Chris, I understand what you’re trying to do, but running Ubuntu 24.04 in a Docker container won’t solve the /app issue on the host. Containers share the host kernel, but they don’t change the host filesystem layout, and ZimaOS keeps / read-only.

The good news is: based on the installer you uploaded, you don’t actually need /app on the host. The script uses a configurable base folder:

BASE_DIR="/media/NVME/onlyoffice"

I suggest you simply change that BASE_DIR to your preferred persistent location, for example:

  • /media/data/Onlyoffice (HDD/RAID)
  • /media/nvme/Onlyoffice (best performance)

Once that is updated, the installer should create the required folders under that path and deploy the stack normally.

If you paste your exact /media/... mount path (as shown on ZimaOS), I can point you to the exact line to edit so it works first go.

11

that’s brilliant thanks

12

well some good and bad news, the installer has pulled one of the wrong files down, I have seen this before and is straight forward to fix, many thanks however I can’t install the mail component as I need dig to confirm domain hostname

I have a way round that for the time being

many thanks

13

just come across this

wonder if it could be modded for a quick install

14

Chris, great progress, that confirms the main storage/path issue is solved.

Mail component / dig

Yep, that makes sense. The mail module normally checks DNS (MX/A/hostname) during install, and dig is used for that validation. If dig isn’t available on ZimaOS, the clean fix is either:

  • install dnsutils inside the installer environment/container, or
  • temporarily skip/disable the mail module until DNS is confirmed (your workaround is fine for now).

“Installing all ONLYOFFICE Workspace Community components integrated”

Yes — that integrated installer can usually be modified for a quicker install, but it still needs:

  • correct persistent base path under /media/...
  • correct network/DNS tools for the mail checks
15

after all of that, after it finally finishes, once you change the install directory it installs the enterprise edition so it looks like it may have to be done with the above post and the yaml file you spoke about, but the good news is that the install location is not absolute

16

Chris, that’s actually a useful discovery.

It confirms two important things:

  1. The install location is not absolute, so ZimaOS can run this stack fine as long as everything lives under /media/...
  2. That “integrated installer” is likely pulling the wrong edition package/channel (Enterprise) once the base directory is changed or when certain flags are triggered.

So I agree with you, the correct approach now is to avoid the “all-in-one integrated installer” and instead deploy using the docker-compose YAML method (from the earlier post). That gives full control over:

  • which images/tags are pulled (Community vs Enterprise)
  • persistent volume locations
  • upgrade behaviour

If you paste the YAML/compose (or the section where it chooses enterprise/community tags), I can try to help you pin it to Workspace Community and map it cleanly to /media/data/Onlyoffice or /media/nvme/Onlyoffice so it stays stable.

Lastly, I suggest using ZimaOS Compose Toolbox, mainly because it helps ensure the compose YAML is valid and formatted correctly before deploying.

17

hi @gelbuilding after a lot of digging and looking between files I have come up with this

onlyoffice
onlyoffice550×512 19.8 KB

the icon

sudo mkdir -p /media/Main-Storage/.App/onlyoffice/{mysql/{conf.d,data,initdb},CommunityServer/{data,logs,letsencrypt},DocumentServer/{data,logs,fonts,forgotten},MailServer/{data/certs,logs},ControlPanel/{data,logs}}

/media/Main-Storage/.App/onlyoffice/mysql/conf.d/onlyoffice.cnf

[mysqld]
sql_mode = NO_ENGINE_SUBSTITUTION
max_connections = 1000
max_allowed_packet = 1048576000
group_concat_max_len = 2048

/media/Main-Storage/.App/onlyoffice/mysql/initdb/setup.sql

ALTER USER ‘root’@‘%’ IDENTIFIED WITH mysql_native_password BY ‘my-secret-pw’;

CREATE USER IF NOT EXISTS ‘onlyoffice_user’@‘%’ IDENTIFIED WITH mysql_native_password BY ‘onlyoffice_pass’;
CREATE USER IF NOT EXISTS ‘mail_admin’@‘%’ IDENTIFIED WITH mysql_native_password BY ‘Isadmin123’;

GRANT ALL PRIVILEGES ON . TO ‘root’@‘%’;
GRANT ALL PRIVILEGES ON . TO ‘onlyoffice_user’@‘%’;
GRANT ALL PRIVILEGES ON . TO ‘mail_admin’@‘%’;

FLUSH PRIVILEGES;

docker-compose.yaml

/media/Main-Storage/.App/onlyoffice/docker-compose.yaml

version: “3.9”

networks:
onlyoffice:
driver: bridge

services:
mysql:
image: mysql:8.0.29
container_name: onlyoffice-mysql-server
restart: always
networks: [onlyoffice]
environment:
MYSQL_ROOT_PASSWORD: my-secret-pw
MYSQL_DATABASE: onlyoffice
volumes:

  • /media/Main-Storage/.App/onlyoffice/mysql/conf.d:/etc/mysql/conf.d
  • /media/Main-Storage/.App/onlyoffice/mysql/data:/var/lib/mysql
  • /media/Main-Storage/.App/onlyoffice/mysql/initdb:/docker-entrypoint-initdb.d

documentserver:
image: onlyoffice/documentserver
container_name: onlyoffice-document-server
restart: always
networks: [onlyoffice]
environment:
JWT_ENABLED: “true”
JWT_SECRET: “REPLACE_WITH_RANDOM_32_CHAR_SECRET”
JWT_HEADER: AuthorizationJwt
volumes:

  • /media/Main-Storage/.App/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data
  • /media/Main-Storage/.App/onlyoffice/DocumentServer/logs:/var/log/onlyoffice
  • /media/Main-Storage/.App/onlyoffice/DocumentServer/fonts:/usr/share/fonts/truetype/custom
  • /media/Main-Storage/.App/onlyoffice/DocumentServer/forgotten:/var/lib/onlyoffice/documentserver/App_Data/cache/files/forgotten

mailserver:
image: onlyoffice/mailserver
container_name: onlyoffice-mail-server
restart: always
privileged: true
hostname: office.brimstonecottage.uk
networks: [onlyoffice]
ports:

  • “25:25”
  • “143:143”
  • “587:587”
  • “993:993”
  • “465:465”
  • “995:995”
    environment:
    MYSQL_SERVER: mysql
    MYSQL_SERVER_PORT: 3306
    MYSQL_ROOT_USER: root
    MYSQL_ROOT_PASSWD: my-secret-pw
    MYSQL_SERVER_DB_NAME: onlyoffice_mailserver
    volumes:
  • /media/Main-Storage/.App/onlyoffice/MailServer/data:/var/vmail
  • /media/Main-Storage/.App/onlyoffice/MailServer/data/certs:/etc/pki/tls/mailserver
  • /media/Main-Storage/.App/onlyoffice/MailServer/logs:/var/log

controlpanel:
image: onlyoffice/controlpanel
container_name: onlyoffice-control-panel
restart: always
networks: [onlyoffice]
volumes:

  • /var/run/docker.sock:/var/run/docker.sock
  • /media/Main-Storage/.App/onlyoffice/CommunityServer/data:/app/onlyoffice/CommunityServer/data
  • /media/Main-Storage/.App/onlyoffice/ControlPanel/data:/var/www/onlyoffice/Data
  • /media/Main-Storage/.App/onlyoffice/ControlPanel/logs:/var/log/onlyoffice

communityserver:
image: onlyoffice/communityserver
container_name: onlyoffice-community-server
restart: always
privileged: true
cgroupns: host
networks: [onlyoffice]
ports:

  • “80:80”
  • “443:443”
  • “5222:5222”
    environment:
    MYSQL_SERVER_ROOT_PASSWORD: my-secret-pw
    MYSQL_SERVER_DB_NAME: onlyoffice
    MYSQL_SERVER_HOST: mysql
    MYSQL_SERVER_USER: onlyoffice_user
    MYSQL_SERVER_PASS: onlyoffice_pass
  DOCUMENT_SERVER_PORT_80_TCP_ADDR: documentserver
  DOCUMENT_SERVER_JWT_ENABLED: "true"
  DOCUMENT_SERVER_JWT_SECRET: "REPLACE_WITH_RANDOM_32_CHAR_SECRET"
  DOCUMENT_SERVER_JWT_HEADER: AuthorizationJwt

  MAIL_SERVER_DB_HOST: mysql
  MAIL_SERVER_DB_NAME: onlyoffice_mailserver
  MAIL_SERVER_DB_PORT: 3306
  MAIL_SERVER_DB_USER: root
  MAIL_SERVER_DB_PASS: my-secret-pw

  CONTROL_PANEL_PORT_80_TCP_ADDR: controlpanel
volumes:
  - /media/Main-Storage/.App/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data
  - /media/Main-Storage/.App/onlyoffice/CommunityServer/logs:/var/log/onlyoffice
  - /media/Main-Storage/.App/onlyoffice/CommunityServer/letsencrypt:/etc/letsencrypt
  - /sys/fs/cgroup:/sys/fs/cgroup:rw
18

Chris, this is excellent work, you’re very close. The folder structure and volume layout look correct, and this approach completely avoids the ZimaOS /app read-only limitation.

A few important fixes before deploying:

1) Replace smart quotes with normal quotes (critical)

In your compose you have smart quotes like:

version: “3.9” and ports “25:25”

These will break YAML parsing. Replace all “ ” with normal quotes ".

Same for your SQL snippet — I can see smart quotes like:

ALTER USER ‘root’@‘%’ ...

Those must be normal quotes:

ALTER USER 'root'@'%' ...

or MySQL will reject the init script.

2) YAML indentation (very important)

Some environment: entries (DOCUMENT_SERVER_, MAIL_SERVER_, CONTROL_PANEL_*) look mis-indented. YAML is strict — if indentation is off, variables will be ignored or the file won’t load.

3) MySQL GRANT syntax

You currently have:

GRANT ALL PRIVILEGES ON . TO ...

That should be:

GRANT ALL PRIVILEGES ON *.* TO ...

1 Like
19

@gelbuilding many thanks we have a definitive solution from the supplier that works

  1. Download the Docker installation script: this is the correct one for ZimaOS and CasaOS
    wget http://download.onlyoffice.com/install/install.sh

  2. Edit the downloaded script by changing the BASE_DIR variable. For example:
    BASE_DIR=“/media/data/$PRODUCT”; instead of BASE_DIR=“/app/$PRODUCT”;

  3. To install the Community Edition, execute the following command:
    sudo bash install.sh -it WORKSPACE

    1. sudo bash install.sh -it -cp portnumber WORKSPACE

turns out as well their was a error in the script :slight_smile: that thanks to your help and my constant badgering has been higlighted that if you changed the base dir it defaulted to enterprise. so at least we have to answers that work as with the corrections to the yaml file you sugested it works that way as well.

so thanks for your help

1 Like