Nginx container filesystem issues - Githubissues

sjacorg / bayanat

Open source data management solution for human rights documentation.

https://bayanat.org/

GNU Affero General Public License v3.0

21 stars 13 forks source link

Nginx container filesystem issues #21

Closed spwoodcock closed 1 year ago

spwoodcock commented 1 year ago

Error

When starting the bayanat stack for the first time via docker compose, I get errors with Nginx:

nginx 10:21:52.11 WARN  ==> The NGINX configuration file '/opt/bitnami/nginx/conf/nginx.conf' is not writable by current user. Configurations based on environment variables will not be applied.

genrsa: Can't open "/opt/bitnami/nginx/conf/bitnami/certs/server.key" for writing, Read-only file system

Issue

nginx.conf is currently mounted at runtime, with the file permissions from the host file system.
The nginx service in docker-compose.yml has read_only: true set.

Solution

To avoid file permission issues, nginx.conf could be included in an Nginx image build.
The filesystem should be kept as read_only: true (for security), but the certificate generation directory could be added to tmpfs.

    tmpfs:
      - /opt/bitnami/nginx/tmp/
      - /opt/bitnami/nginx/conf/bitnami/certs/

Additional considerations

I have started the stack and access bayanat directly on port 5000.
For development I assume access to nginx is not required.
The current configuration precludes us from injecting environment variables into the nginx config at runtime.