Open lbopp42 opened 3 years ago
Hi @lbopp42, can you show the full configuration you're using? All the docker-compose configs, and nginx ones.
Thanks,
Hi thanks for your time. I'm using the default conf of nginx:alpine and this is a part of docker-compose
my_service: (edit)
cap_add:
- CAP_CHOWN
- CAP_NET_BIND_SERVICE
- CAP_SETGID
- CAP_SETUID
cap_drop:
- ALL
depends_on:
- app_back (edit)
env_file:
- .env
image: myimage_name (edit)
labels:
some_labels_for_traefik (edit)
networks:
- default
- traefik
restart: always
Do this help you ?
Not really, I cant reproduce with the following docker-compose.yml
:
my_service:
cap_add:
- CAP_CHOWN
- CAP_NET_BIND_SERVICE
- CAP_SETGID
- CAP_SETUID
cap_drop:
- ALL
image: nginx:alpine
restart: always
Are there any changes you're doing to nginx:alpine
image? I notice you have myimage_name
instead.
this is my Dockerfile:
FROM nginx:alpine
COPY application /usr/share/nginx/html
COPY ./entrypoint.sh /
CMD ./entrypoint.sh
EXPOSE 80
entrypoint.sh get only some sed
(in my source) and run nginx -g 'daemon off;'
I can't reproduce it all time. That's strange and if I docker-compose up -d --force-recreate
without any change, that work.
Is that on a local Linux machine, or is that via some virtualbox or docker for mac or docker for windows, or similar setup where things are heavily virtualized and, maybe, volumes are used?
No idea otherwise, this seems like something unrelated to the image itself.
It's on an ubuntu server 16.04 and on 18.04 too. Il will let this issue open if someone have the same
Any apparmor or similar permission denied errors in dmesg or messages or other system logs?
I have the same problem on Azure AKS. In this case I don't know what to change.
P.S. There is also permission problem with nginx.pid, but I change path to /tmp/nginx.pid
@kfkawalec Are you launching the containers as a specific user? What is the setup for a container in your case?
yes, I'm run this as non root user
@kfkawalec then https://github.com/nginxinc/docker-nginx-unprivileged might be relevant to your interests :-)
I have the same problem, deploying container to Openshift4 the startup will fail with:
mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)
The docker-nginx-unprivileged works but is too big (150mb vs 58mb)
@pancudaniel7 you need to apply the same configuration fixes as in docker-nginx-unprivileged
if you'd like to use this repo images on openshift. they're not compatible as is.
Thank you @thresheek I've fixed the problem by running the container with nginx user. This also allow you to increase security by using specific permissions on that nginx user.
Openshift in my case runs with a default user that did not have rights and thats why the nginx container failed at startup.
go to https://hub.docker.com/_/nginx and find section "Running nginx as a non-root user" you need to change some paths in your config
Can you show me the output of the following command
cd /var/cache/nginx
ls
my problem was solved by creating "client_temp" directory in /var/cache/nginx.
P.S: I am not using docker.
FYI, i had the same if i run nginx with my host user id ie
nginx:
user: $UID
Is there a reason the unprivileged image cannot replace the default one (except the different port)?
hi @Majid-cloud , if I create one directory then it ask for another directory and list keep going on. I have same problem with GKE cluster. If I go with unprivileged image then I face port binding error for port 80 Did anyone have any working solution?
Hello, I'm using the image nginx:alpine and sometime for the first docker-compose up -d I got this error spammed in logs and container restarting:
mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)
If I docker-compose up -d again my container will be fixed but why ?
Best regards, Lucas BOPP