When starting the bayanat stack for the first time via docker compose, I get errors with Nginx:
nginx 10:21:52.11 WARN ==> The NGINX configuration file '/opt/bitnami/nginx/conf/nginx.conf' is not writable by current user. Configurations based on environment variables will not be applied.
genrsa: Can't open "/opt/bitnami/nginx/conf/bitnami/certs/server.key" for writing, Read-only file system
Issue
nginx.conf is currently mounted at runtime, with the file permissions from the host file system.
The nginx service in docker-compose.yml has read_only: true set.
Solution
To avoid file permission issues, nginx.conf could be included in an Nginx image build.
The filesystem should be kept as read_only: true (for security), but the certificate generation directory could be added to tmpfs.
Error
When starting the bayanat stack for the first time via docker compose, I get errors with Nginx:
Issue
nginx.conf
is currently mounted at runtime, with the file permissions from the host file system.read_only: true
set.Solution
nginx.conf
could be included in an Nginx image build.read_only: true
(for security), but the certificate generation directory could be added to tmpfs.Additional considerations