社区的各位大佬们好,我是一个新人,对pve、truenas、nfs、docker等都不熟悉,遇到一个问题想要请教一下。
我在物理机上新装了PVE9,用虚拟机部署了istoreos和truenas scale 25.04,我的想法是将nas仅作为nfs和smb的共享工具。
Hello, esteemed members of the community. I am a newcomer and am not familiar with PVE, TrueNAS, NFS, Docker, etc. I have encountered a problem and would like to seek your advice.
I installed PVE 9 on a physical machine and deployed istoreos and TrueNAS Scale 25.04 using virtual machines. My intention is to use NAS solely as a shared tool for NFS and SMB.
上面两张图片中的设置方式我都试过。
然后我用debian-12的ct模板创建了非特权ct;
The settings shown in the above two pictures I have already tried.
Then I created a non-privileged CT using the ct template of Debian-12;
arch: amd64
cmode: shell
cores: 10
features: nesting=1
hostname: ct
memory: 16384
mp0: /mnt/nfs/ct102,mp=/mnt/nas
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.9.1,hwaddr=BC:24:11:0F:EA:FF,ip=192.168.9.7/24,type=veth
onboot: 1
ostype: debian
rootfs: local:102/vm-102-disk-0.raw,size=64G
startup: order=3
swap: 0
unprivileged: 1
lxc.idmap: u 0 100000 3000
lxc.idmap: g 0 100000 3000
lxc.idmap: u 3000 103000 1
lxc.idmap: g 3000 103000 1
lxc.idmap: u 3001 103001 62535
lxc.idmap: g 3001 103001 62535
我在ct中按照docker官网 debian的教程部署了最新版的docker,
I deployed the latest version of Docker in CT following the tutorial on the Docker official website for Debian.
root@ct:/mnt/nas/conf/yamls# docker -v
Docker version 28.3.3, build 980b856
然后我使用docker compose -f nginx.yaml up -d运行nginx
Then I ran "docker-compose -f nginx.yaml up -d" to start the nginx service.
root@ct:/mnt/nas/conf/yamls# cat nginx.yaml
name: nginx
services:
nginx:
image: nginx
hostname: nginx
ports:
- "29521:80"
- "29522:443"
restart: unless-stopped
volumes:
- /mnt/nas/conf/cert/fullchain.crt:/etc/nginx/ssl/fullchain.crt
- /mnt/nas/conf/cert/private.key:/etc/nginx/ssl/private.key
# - /mnt/nas/data/nginx/nginx.conf:/etc/nginx/nginx.conf
- /mnt/nas/data/nginx/conf.d/:/etc/nginx/conf.d/
- /mnt/nas/data/nginx/logs/:/var/log/nginx/
root@ct:/mnt/nas/conf/yamls# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c999d65e72a2 nginx "/docker-entrypoint.…" 16 minutes ago Up 16 minutes 0.0.0.0:29521->80/tcp, [::]:29521->80/tcp, 0.0.0.0:29522->443/tcp, [::]:29522->443/tcp nginx-nginx-1
然后我测试端口,无法访问
Then I tested the port, but was unable to access it.
root@ct:/mnt/nas/conf/yamls# nc -zv 192.168.9.7 29521
ct.lan [192.168.9.7] 29521 (?) : Connection refused
root@ct:/mnt/nas/conf/yamls# nc -zv 192.168.9.7 29522
ct.lan [192.168.9.7] 29522 (?) : Connection refused
但是如果我不映射 volumes,那么可以访问29521端口(我没有将证书传入到nginx内部,因此没有测试29522端口);
我又部署了immich进行测试,但是报了另外的错误,我也贴出来:
However, if I do not map the volumes, then port 29521 can be accessed (I did not pass the certificate into the nginx system, so I did not test port 29522);
I also deployed immich for testing, but encountered another error. I have posted it as well:
root@ct:/mnt/nas/conf/yamls# cat immich.yaml
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:release
volumes:
- /mnt/nas/data/immich/library:/usr/src/app/upload
- /mnt/nas/data/immich/photos:/usr/src/app/smb/photos:rw
- /etc/localtime:/etc/localtime:ro
ports:
- '29532:2283'
depends_on:
- redis
- database
restart: always
healthcheck:
disable: false
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ghcr.io/immich-app/immich-machine-learning:release
# extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
# file: hwaccel.ml.yml
# service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- /mnt/nas/data/immich/immich-model-cache:/cache
#- immich-model-cache:/cache
restart: always
healthcheck:
disable: false
redis:
container_name: immich_redis
image: docker.io/valkey/valkey:8-bookworm@sha256:fec42f399876eb6faf9e008570597741c87ff7662a54185593e74b09ce83d177
healthcheck:
test: redis-cli ping || exit 1
restart: always
database:
container_name: immich_postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
environment:
POSTGRES_PASSWORD: postgres
POSTGRES_USER: postgres
POSTGRES_DB: immich
POSTGRES_INITDB_ARGS: '--data-checksums'
# Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
# DB_STORAGE_TYPE: 'HDD'
volumes:
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
- /mnt/nas/data/immich/postgres:/var/lib/postgresql/data
restart: always
root@ct:/mnt/nas/conf/yamls# docker compose -f immich.yaml up -d
[+] Running 4/4
✔ Container immich_postgres Started 0.2s
✔ Container immich_machine_learning Started 0.2s
✔ Container immich_redis Started 0.2s
✔ Container immich_server Started 0.3s
root@ct:/mnt/nas/conf/yamls# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b5106d42e80a ghcr.io/immich-app/immich-server:release "tini -- /bin/bash -…" 3 seconds ago Up 2 seconds (health: starting) 0.0.0.0:29532->2283/tcp, [::]:29532->2283/tcp immich_server
91f79ac8042c ghcr.io/immich-app/immich-machine-learning:release "tini -- python -m i…" 3 seconds ago Up 2 seconds (health: starting) immich_machine_learning
f4dd6040471c ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0 "/usr/local/bin/immi…" 3 seconds ago Restarting (1) Less than a second ago immich_postgres
ba4134cdcc9b valkey/valkey:8-bookworm "docker-entrypoint.s…" 3 seconds ago Up 2 seconds (health: starting) 6379/tcp immich_redis
c999d65e72a2 nginx "/docker-entrypoint.…" 28 minutes ago Up 28 minutes 0.0.0.0:29521->80/tcp, [::]:29521->80/tcp, 0.0.0.0:29522->443/tcp, [::]:29522->443/tcp nginx-nginx-1
root@ct:/mnt/nas/conf/yamls# docker logs f4d
Using SSD storage
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
Using SSD storage
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
Using SSD storage
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
Using SSD storage
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
Using SSD storage
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
Using SSD storage
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
Using SSD storage
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
麻烦各位大佬们帮忙看看,谢谢
Could everyone please take a moment to have a look at this? Thank you.
我在物理机上新装了PVE9,用虚拟机部署了istoreos和truenas scale 25.04,我的想法是将nas仅作为nfs和smb的共享工具。
Hello, esteemed members of the community. I am a newcomer and am not familiar with PVE, TrueNAS, NFS, Docker, etc. I have encountered a problem and would like to seek your advice.
I installed PVE 9 on a physical machine and deployed istoreos and TrueNAS Scale 25.04 using virtual machines. My intention is to use NAS solely as a shared tool for NFS and SMB.
上面两张图片中的设置方式我都试过。
然后我用debian-12的ct模板创建了非特权ct;
The settings shown in the above two pictures I have already tried.
Then I created a non-privileged CT using the ct template of Debian-12;
arch: amd64
cmode: shell
cores: 10
features: nesting=1
hostname: ct
memory: 16384
mp0: /mnt/nfs/ct102,mp=/mnt/nas
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.9.1,hwaddr=BC:24:11:0F:EA:FF,ip=192.168.9.7/24,type=veth
onboot: 1
ostype: debian
rootfs: local:102/vm-102-disk-0.raw,size=64G
startup: order=3
swap: 0
unprivileged: 1
lxc.idmap: u 0 100000 3000
lxc.idmap: g 0 100000 3000
lxc.idmap: u 3000 103000 1
lxc.idmap: g 3000 103000 1
lxc.idmap: u 3001 103001 62535
lxc.idmap: g 3001 103001 62535
我在ct中按照docker官网 debian的教程部署了最新版的docker,
I deployed the latest version of Docker in CT following the tutorial on the Docker official website for Debian.
root@ct:/mnt/nas/conf/yamls# docker -v
Docker version 28.3.3, build 980b856
然后我使用docker compose -f nginx.yaml up -d运行nginx
Then I ran "docker-compose -f nginx.yaml up -d" to start the nginx service.
root@ct:/mnt/nas/conf/yamls# cat nginx.yaml
name: nginx
services:
nginx:
image: nginx
hostname: nginx
ports:
- "29521:80"
- "29522:443"
restart: unless-stopped
volumes:
- /mnt/nas/conf/cert/fullchain.crt:/etc/nginx/ssl/fullchain.crt
- /mnt/nas/conf/cert/private.key:/etc/nginx/ssl/private.key
# - /mnt/nas/data/nginx/nginx.conf:/etc/nginx/nginx.conf
- /mnt/nas/data/nginx/conf.d/:/etc/nginx/conf.d/
- /mnt/nas/data/nginx/logs/:/var/log/nginx/
root@ct:/mnt/nas/conf/yamls# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c999d65e72a2 nginx "/docker-entrypoint.…" 16 minutes ago Up 16 minutes 0.0.0.0:29521->80/tcp, [::]:29521->80/tcp, 0.0.0.0:29522->443/tcp, [::]:29522->443/tcp nginx-nginx-1
然后我测试端口,无法访问
Then I tested the port, but was unable to access it.
root@ct:/mnt/nas/conf/yamls# nc -zv 192.168.9.7 29521
ct.lan [192.168.9.7] 29521 (?) : Connection refused
root@ct:/mnt/nas/conf/yamls# nc -zv 192.168.9.7 29522
ct.lan [192.168.9.7] 29522 (?) : Connection refused
但是如果我不映射 volumes,那么可以访问29521端口(我没有将证书传入到nginx内部,因此没有测试29522端口);
我又部署了immich进行测试,但是报了另外的错误,我也贴出来:
However, if I do not map the volumes, then port 29521 can be accessed (I did not pass the certificate into the nginx system, so I did not test port 29522);
I also deployed immich for testing, but encountered another error. I have posted it as well:
root@ct:/mnt/nas/conf/yamls# cat immich.yaml
services:
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:release
volumes:
- /mnt/nas/data/immich/library:/usr/src/app/upload
- /mnt/nas/data/immich/photos:/usr/src/app/smb/photos:rw
- /etc/localtime:/etc/localtime:ro
ports:
- '29532:2283'
depends_on:
- redis
- database
restart: always
healthcheck:
disable: false
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ghcr.io/immich-app/immich-machine-learning:release
# extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
# file: hwaccel.ml.yml
# service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- /mnt/nas/data/immich/immich-model-cache:/cache
#- immich-model-cache:/cache
restart: always
healthcheck:
disable: false
redis:
container_name: immich_redis
image: docker.io/valkey/valkey:8-bookworm@sha256:fec42f399876eb6faf9e008570597741c87ff7662a54185593e74b09ce83d177
healthcheck:
test: redis-cli ping || exit 1
restart: always
database:
container_name: immich_postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
environment:
POSTGRES_PASSWORD: postgres
POSTGRES_USER: postgres
POSTGRES_DB: immich
POSTGRES_INITDB_ARGS: '--data-checksums'
# Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
# DB_STORAGE_TYPE: 'HDD'
volumes:
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
- /mnt/nas/data/immich/postgres:/var/lib/postgresql/data
restart: always
root@ct:/mnt/nas/conf/yamls# docker compose -f immich.yaml up -d
[+] Running 4/4
✔ Container immich_postgres Started 0.2s
✔ Container immich_machine_learning Started 0.2s
✔ Container immich_redis Started 0.2s
✔ Container immich_server Started 0.3s
root@ct:/mnt/nas/conf/yamls# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b5106d42e80a ghcr.io/immich-app/immich-server:release "tini -- /bin/bash -…" 3 seconds ago Up 2 seconds (health: starting) 0.0.0.0:29532->2283/tcp, [::]:29532->2283/tcp immich_server
91f79ac8042c ghcr.io/immich-app/immich-machine-learning:release "tini -- python -m i…" 3 seconds ago Up 2 seconds (health: starting) immich_machine_learning
f4dd6040471c ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0 "/usr/local/bin/immi…" 3 seconds ago Restarting (1) Less than a second ago immich_postgres
ba4134cdcc9b valkey/valkey:8-bookworm "docker-entrypoint.s…" 3 seconds ago Up 2 seconds (health: starting) 6379/tcp immich_redis
c999d65e72a2 nginx "/docker-entrypoint.…" 28 minutes ago Up 28 minutes 0.0.0.0:29521->80/tcp, [::]:29521->80/tcp, 0.0.0.0:29522->443/tcp, [::]:29522->443/tcp nginx-nginx-1
root@ct:/mnt/nas/conf/yamls# docker logs f4d
Using SSD storage
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
Using SSD storage
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
Using SSD storage
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
Using SSD storage
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
Using SSD storage
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
Using SSD storage
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
Using SSD storage
chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted
麻烦各位大佬们帮忙看看,谢谢
Could everyone please take a moment to have a look at this? Thank you.
