CKB/PERMISSION-FIX-GUIDE.md

🔧 Laravel Permission Fix Guide untuk Docker

🎯 Masalah yang Diselesaikan

Error yang umum terjadi:

The stream or file "/var/www/html/storage/logs/laravel.log" could not be opened in append mode: Failed to open stream: Permission denied

Root Cause:

• Laravel tidak bisa menulis ke direktori storage/logs/
• Permission dan ownership direktori storage tidak sesuai
• Direktori storage yang diperlukan belum dibuat

🚀 Solusi Quick Fix

Option 1: Automatic Fix (Recommended)

# Fix semua permission issues otomatis
./docker-fix-permissions.sh dev

# Untuk production
./docker-fix-permissions.sh prod

Option 2: Manual Fix

# Buat direktori yang diperlukan
docker-compose exec app mkdir -p /var/www/html/storage/logs
docker-compose exec app mkdir -p /var/www/html/storage/framework/cache
docker-compose exec app mkdir -p /var/www/html/storage/framework/sessions
docker-compose exec app mkdir -p /var/www/html/storage/framework/views

# Fix ownership
docker-compose exec app chown -R www-data:www-data /var/www/html/storage
docker-compose exec app chown -R www-data:www-data /var/www/html/bootstrap/cache

# Fix permissions
docker-compose exec app chmod -R 775 /var/www/html/storage
docker-compose exec app chmod -R 775 /var/www/html/bootstrap/cache

Option 3: Rebuild Containers (Jika masalah persisten)

# Clean rebuild containers
./docker-rebuild.sh dev

🔍 Verifikasi Fix Berhasil

1. Cek Permission Direktori

# Lihat permission storage
docker-compose exec app ls -la /var/www/html/storage/

# Cek ownership logs
docker-compose exec app ls -la /var/www/html/storage/logs/

Output yang benar:

drwxrwxr-x  5 www-data www-data 4096 Jun 10 15:01 storage
drwxrwxr-x  2 www-data www-data 4096 Jun 10 15:01 logs

2. Test Laravel Logging

# Test write ke log
docker-compose exec app php -r "file_put_contents('/var/www/html/storage/logs/laravel.log', 'Test log: ' . date('Y-m-d H:i:s') . PHP_EOL, FILE_APPEND);"

# Cek isi log
docker-compose exec app tail -5 /var/www/html/storage/logs/laravel.log

3. Test Laravel Artisan

# Test cache clear
docker-compose exec app php artisan cache:clear

# Test storage link
docker-compose exec app php artisan storage:link

# Test route cache
docker-compose exec app php artisan route:cache

🛡️ Prevention - Dockerfile Updates

Dockerfile sudah diperbarui untuk mencegah masalah ini:

# Create necessary directories and set permissions
RUN mkdir -p /var/www/html/storage/logs \
    && mkdir -p /var/www/html/storage/framework/cache \
    && mkdir -p /var/www/html/storage/framework/sessions \
    && mkdir -p /var/www/html/storage/framework/views \
    && mkdir -p /var/www/html/storage/app \
    && mkdir -p /var/www/html/bootstrap/cache \
    && chown -R www-data:www-data /var/www/html \
    && chmod -R 775 /var/www/html/storage \
    && chmod -R 775 /var/www/html/bootstrap/cache

🔧 Script Features

docker-fix-permissions.sh

• ✅ Auto-detect environment (dev/prod)
• ✅ Create missing directories
• ✅ Fix ownership (www-data:www-data)
• ✅ Set proper permissions (775 untuk storage)
• ✅ Test logging functionality
• ✅ Create storage link
• ✅ Show before/after permissions

Usage Examples

# Fix development environment
./docker-fix-permissions.sh dev

# Fix production environment
./docker-fix-permissions.sh prod

# Show help
./docker-fix-permissions.sh --help

🚨 Common Issues & Solutions

1. Permission Denied setelah Fix

Cause: Volume mounting conflict Solution:

# Cek volume mounts
docker-compose config

# Restart containers
docker-compose restart app

# Re-run permission fix
./docker-fix-permissions.sh dev

2. Ownership reverted setelah restart

Cause: Volume mounting dari host Solution:

# Fix di host system juga
sudo chown -R $(id -u):$(id -g) storage/
chmod -R 775 storage/

# Atau gunakan named volumes di docker-compose

3. Log file tetap tidak bisa ditulis

Cause: Log file sudah ada dengan permission salah Solution:

# Hapus log file lama
docker-compose exec app rm -f /var/www/html/storage/logs/laravel.log

# Re-run permission fix
./docker-fix-permissions.sh dev

4. Selinux/AppArmor blocking

Cause: Security policies Solution:

# Disable selinux temporarily (CentOS/RHEL)
sudo setenforce 0

# Check AppArmor status (Ubuntu)
sudo aa-status

📁 Directory Structure yang Benar

Setelah fix, struktur direktori storage harus seperti ini:

storage/
├── app/
│   ├── public/
│   └── .gitkeep
├── framework/
│   ├── cache/
│   ├── sessions/
│   ├── testing/
│   └── views/
└── logs/
    ├── laravel.log
    └── .gitkeep

🎯 Best Practices

1. Always use scripts: Gunakan docker-fix-permissions.sh untuk consistency
2. Regular checks: Monitor permission setelah update containers
3. Volume strategy: Gunakan named volumes untuk persistent storage
4. Backup first: Backup data sebelum fix permission
5. Test thoroughly: Verify semua Laravel functionality setelah fix

📞 Troubleshooting Commands

# Debug permission issues
docker-compose exec app ls -laR /var/www/html/storage/

# Check Laravel configuration
docker-compose exec app php artisan config:show logging

# Monitor Laravel logs
docker-compose exec app tail -f /var/www/html/storage/logs/laravel.log

# Test file writing
docker-compose exec app touch /var/www/html/storage/test.txt

# Check container user
docker-compose exec app whoami
docker-compose exec app id

---

✅ Dengan mengikuti panduan ini, masalah Laravel permission di Docker container akan teratasi.