Unable to start container with mounted /etc/nginx/nginx.conf

[dosera]

Hi,

after pulling the most recent image starting the container is no longer possible due to an error with sed:

sed: cannot rename /etc/nginx/nginx.conf: Device or resource busy

This seems to have been introduced with https://github.com/coreruleset/modsecurity-docker/pull/105. In my setup I mount the nginx.conf from my host into the container - which is incompatible with the sed renaming (cf. https://github.com/coreruleset/modsecurity-docker/blob/master/v3-nginx/docker-entrypoint.d/91-update-resolver.sh @ line 12)

Minimal compose:

version: "3"
services:
  nginx:
    image: owasp/modsecurity:nginx
    restart: always
    volumes:
      - /host/nginx/nginx.conf:/etc/nginx/nginx.conf
    ports:
      - 80:80

I am actually unsure on whether this should be used differently - yet at least on the nginx dockerhub there are many references wrt. mounting the nginx.conf from the host (see https://hub.docker.com/_/nginx) into the container.

In https://github.com/nginxinc/docker-nginx/blob/master/entrypoint/30-tune-worker-processes.sh I found the following line

touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; }

which they seem to have for this very reason.

[fzipi]

You should do the same, but with the nginx.conf.template.

[fzipi]

And probably needs better documentation.

[dosera]

You should do the same, but with the nginx.conf.template.

Ah that I was indeed missing. Tried it - with mounting my nginx.conf as /etc/nginx/nginx.conf.template into the container - and it works fine (yet for my usecase I don't want the whole templating mechanism - I'll just overwrite the entrypoint for now).

And probably needs better documentation.

Unfortunately yes - didn't find this.

A big thanks for the quick help!