Docker Secret File not working with end of line character

[Griffin-III]

Bug

Bookstack reads docker secret files with the end of line character instead of removing it. This results in an error that makes it seem like FILE__ is broken for mail password. I found the real cause by testing it with the username instead and seeing the extra space in the error popup.

Fixed by removing the EOL character, ex. by launching nano with -L. I confirmed with both username and password as files that this fix works.

Authelia works fine with EOL, I haven't tested other services yet, or tested to see if removing it causes issues with others. Maybe this is the norm and Authelia is weird? But most popular editors automatically add one.

---

Expected Behavior

Bookstack should remove the EOL character from docker secret file when adding to env variable. Mail server accepts credentials.

Current Behavior

Bookstack adds EOL character from secret file to env variable. Get errors back from mail server.

Steps to Reproduce

1. Setup docker secret file with mail username
2. Setup compose file with secret for mail username (FILE__MAIL_NAME=/run/secrets/mail_username_file)
3. Launch compose and send test email from maintenance page.
4. Get error.

Environment

OS: Fedora Server
CPU architecture: x86_64
How docker service was installed: Docker Compose

Command used to create docker container

Compose File

networks:
  bookstackproxy:
    external:
      name: bookstackproxy
  default:
    driver: bridge

secrets:
  mail_username_file:
    file: $DOCKERDIR/secrets/mail_username_file

services:
  bookstack:
    image: lscr.io/linuxserver/bookstack
    container_name: bookstack
    networks:
      - bookstackproxy
    security_opt:
      - no-new-privileges:true
    secrets:
      - mail_username_file
    environment:
      - PUID=1000
      - PGID=1000
      - APP_URL=
      - DB_HOST=
      - DB_USER=
      - DB_PASS=
      - DB_DATABASE=bookstackapp
      - LOG_FAILED_LOGIN_MESSAGE="Failed login for %u"
      - SESSION_SECURE_COOKIE=true
      - SESSION_LIFETIME=10080

      - MAIL_DRIVER=smtp
      - MAIL_HOST=
      - MAIL_PORT=
      - MAIL_ENCRYPTION=tls

      - FILE__MAIL_USERNAME=/run/secrets/mail_username_file
      - MAIL_PASSWORD=[actualmailpassword]

      - MAIL_FROM=domain@domain.com
      - MAIL_FROM_NAME="domain"
    volumes:
      - /path/Bookstack:/config
    restart: unless-stopped
    depends_on:
      - bookstack_db
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.bookstack-rtr.entrypoints=https"
      - "traefik.http.routers.bookstack-rtr.rule=Host()"
      - "traefik.http.routers.bookstack-rtr.tls=true"
      ## Middlewares
      - "traefik.http.routers.bookstack-rtr.middlewares=chain-authelia@file"

  bookstack_db:
    image: lscr.io/linuxserver/mariadb
    container_name: bookstack_db
    networks:
      - bookstackproxy
    environment:
      - PUID=1000
      - PGID=1000
      - MYSQL_ROOT_PASSWORD=
      - TZ=$TZ
      - MYSQL_DATABASE=bookstackapp
      - MYSQL_USER=
      - MYSQL_PASSWORD=
    volumes:
      - /path/Bookstack:/config
    restart: unless-stopped

Docker logs

The mail error shows up on the webpage but not in the container log, so it must be somewhere in the volume/config logs.

[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[env-init] MAIL_USERNAME set from FILE__MAIL_USERNAME
[cont-init.d] 01-envfile: exited 0.

[github-actions]

Thanks for opening your first issue here! Be sure to follow the bug or feature issue templates!

[aptalca]

Secrets should not have trailing newlines. Docker docs tell you how to correctly create them without a trailing newline.

[Griffin-III]

I guess that's my bad, I learned about docker secrets from a guide which didn't mention it.

As a suggestion then, could you add that to this section of the readme?

[aptalca]

It already references docker secrets. Docker docs show how to create it correctly. No need for us to repeat it in every image's readme. They are already too long as it is.