I'm using dockerfile to create an nginx image and it is created successfully but when I try to start the container I get below error
Error - exec /docker-entrypoint.sh: no such file or directory
If I use /bin/bash as an entrypoint then I can see that the /docker-entrypoint.sh is present inside the image.
FROM linux:8
ARG USER="oracle"
RUN useradd --create-home --home-dir /app --shell /bin/bash ${USER} && \
dnf update -y && \
dnf module install -y nginx:1.20 && \
dnf clean all && \
ln -sf /dev/stdout /var/log/nginx/access.log && \
ln -sf /dev/stderr /var/log/nginx/error.log && \
mkdir /var/cache/nginx && \
chown -R ${USER}:${USER} /var/cache/nginx && \
chmod -R 775 /var/cache/nginx && \
chown -R ${USER}:${USER} /var/lib/nginx && \
chown -R ${USER}:${USER} /var/log/nginx && \
chown -R ${USER}:${USER} /etc/nginx && \
chmod -R 775 /etc/nginx
COPY --chown=oracle:oracle conf.d /etc/nginx/conf.d
COPY --chown=oracle:oracle nginx.conf /etc/nginx/
COPY --chown=oracle:oracle docker-entrypoint.d /docker-entrypoint.d
COPY --chown=oracle:oracle docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]
USER ${USER}
WORKDIR /app
STOPSIGNAL SIGQUIT
EXPOSE 8000
CMD ["nginx", "-g", "daemon off;"]
Try to replace ENTRYPOINT ["/docker-entrypoint.sh"] to ENTRYPOINT ["bash", "/docker-entrypoint.sh"]
Related
I have a Wordpress instance on Azure App Service. I release it as an Azure Docker Container. I use a single DockerFile. My release process is working as expected but it's updating my wp-content folder after each release. I'm missing my new media files.
How can I secure them? Or can I download all media items via any plugins etc?
DockerFile
FROM wordpress:5.9.2-php7.3-apache
COPY html /var/www/html
# ssh
ENV SSH_PASSWD "root:Docker!"
RUN apt-get update \
&& apt-get install -y --no-install-recommends dialog \
&& apt-get update \
&& apt-get install -y --no-install-recommends openssh-server \
&& echo "$SSH_PASSWD" | chpasswd
COPY sshd_config /etc/ssh/
COPY init.sh /usr/local/bin/
RUN chmod u+x /usr/local/bin/init.sh
EXPOSE 8000 2222
ENTRYPOINT ["init.sh"]
init.sh
#!/bin/bash
set -e
echo "Starting SSH ..."
service ssh start
chown -R www-data:www-data /var/www/html/
chown -R www-data:www-data /var/www/html/wp-content/
chmod -R 775 /var/www/html/
chmod -R 775 /var/www/html/wp-content/
apache2-foreground
Thanks.
I have a Dotnet application where my repo structure is as below
FolderA
SubfolderA
-Contains DLL file
FolderB
SubfolderA
-Contains application code and Dockerfile
SubfolderB
-Contains application code and Dockerfile
SubfolderC
-Contains application code and Dockerfile
When i build the Dockerfile in subfolder A, I want the Dockerfile to call or copy the DLL from the Folder A and run the application.
I have tried adding the following in the below Dockerfile
RUN ls -l /src
RUN cp '../../FolderA/subfolderA/OPCUAServer.dll' 'FolderB/subfolderA/'
The above command i added in the first phase of the image , but seems not working
FROM mcr.microsoft.com/dotnet/core/sdk:3.1-focal AS build
# passing the root and nuget TLS certificates for the package to download
COPY ./CIdependencies/rootca.cer /etc/ssl/certs/rootca.cer
COPY ./CIdependencies/nuget.cer /etc/ssl/certs/nuget.cer
WORKDIR /etc/ssl/certs
RUN openssl x509 -inform DER -in nuget.cer -out nuget.crt \
&& openssl x509 -inform PEM -in rootca.cer -out rootca.crt \
&& update-ca-certificates \
&& echo $PWD
WORKDIR /src
EXPOSE 62501
COPY ["OPCUAServer.csproj", ""]
RUN dotnet restore "./OPCUAServer.csproj"
COPY . .
WORKDIR "/src/."
RUN dotnet build "OPCUAServer.csproj" -c Release -o /app/build \
&& dotnet publish "OPCUAServer.csproj" -c Release -o /app/publish
FROM ubuntu:20.04
ARG GIT_COMMIT
ARG DS_VERSION=0.0.0.0
# passing the root certificates for the package to download
COPY ./CIdependencies/zscaler-rootca.cer /etc/ssl/certs/rootca.cer
LABEL Name=OPCUAServer Version=$DS_VERSION git_commit=$GIT_COMMIT
#runtime-deps and runtime
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
&& rm -rf /var/lib/apt/lists/*
ENV \
# Configure web servers to bind to port 80 when present
ASPNETCORE_URLS=http://+:8079 \
# Enable detection of running in a container
DOTNET_RUNNING_IN_CONTAINER=true
# Install .NET Core and ASPdotnet.3.1. focal
RUN dotnet_version=3.1.18 \
# passing the root certificates for the package to download
&& curl -fsl --cacert /etc/ssl/certs/rootca.cer --output dotnet.tar.gz https://dotnetcli.azureedge.net/dotnet/Runtime/$dotnet_version/dotnet-runtime-$dotnet_version-linux-x64.tar.gz \
&& dotnet_sha512='6f06dbc4625fa8a0e64ffb9269b5f657e369fd28e7f27bfd05d4f422c6aa95847b5089d70760024bdf1100990dbbffce220a' \
&& echo "$dotnet_sha512 dotnet.tar.gz" | sha512sum -c - \
&& mkdir -p /usr/share/dotnet \
&& tar -ozxf dotnet.tar.gz -C /usr/share/dotnet \
&& rm dotnet.tar.gz \
&& ln -s /usr/share/dotnet/dotnet /usr/bin/dotnet \
&& aspnetcore_version=3.1.18 \
&& curl -fsl --cacert /etc/ssl/certs/zscaler-rootca.cer --output aspnetcore.tar.gz https://dotnetcli.azureedge.net/dotnet/aspnetcore/Runtime/$aspnetcore_version/aspnetcore-runtime-$aspnetcore_version-linux-x64.tar.gz \
&& aspnetcore_sha512='be29a7611941d9b20d5d3ece64d3ce3c2342ba24bf0382eed3625713ce89957fa15671403af16ccb588397fc0b27e7f028952213e08db6' \
&& echo "$aspnetcore_sha512 aspnetcore.tar.gz" | sha512sum -c - \
&& tar -ozxf aspnetcore.tar.gz -C /usr/share/dotnet ./shared/Microsoft.AspNetCore.App \
&& rm aspnetcore.tar.gz
# Create a user, group and providing permission to access the built files
WORKDIR /app
RUN groupadd -r opc && useradd --no-log-init -r -g opc opc
USER opc
COPY --from=build --chown=opc:opc /app/publish .
ENTRYPOINT ["dotnet", "OPCUAServer.dll"]
I'm trying to create a Dockerfile which runs as non-root user.
When i building this all works fine, but nginx cannot write the log file because it dosen't have enough permissions. Can I, when building a Docker, give root permissions only for nginx?
I'm trying chmod, chown for blocked directories. Doesn't work
FROM php:7.1-fpm-alpine
RUN apk add --no-cache shadow
RUN apk add --no-cache --virtual .ext-deps \
openssl \
unzip \
libjpeg-turbo-dev \
libwebp-dev \
libpng-dev \
freetype-dev \
libmcrypt-dev \
imagemagick-dev \
nodejs-npm \
nginx \
git \
inkscape
# imagick
RUN apk add --update --no-cache autoconf g++ imagemagick-dev libtool make pcre-dev \
&& pecl install imagick \
&& docker-php-ext-enable imagick \
&& apk del autoconf g++ libtool make pcre-dev
# Install Blackfire
RUN version=$(php -r "echo PHP_MAJOR_VERSION.PHP_MINOR_VERSION;") \
&& curl -A "Docker" -o /tmp/blackfire-probe.tar.gz -D - -L -s https://blackfire.io/api/v1/releases/probe/php/linux/amd64/$version \
&& tar zxpf /tmp/blackfire-probe.tar.gz -C /tmp \
&& mv /tmp/blackfire-*.so $(php -r "echo ini_get('extension_dir');")/blackfire.so \
&& printf "extension=blackfire.so\nblackfire.agent_socket=tcp://blackfire:8707\n" > $PHP_INI_DIR/conf.d/blackfire.ini
RUN apk add -y icu-dev \
&& docker-php-ext-configure intl \
&& docker-php-ext-install intl
RUN docker-php-ext-configure pdo_mysql && \
docker-php-ext-configure opcache && \
docker-php-ext-configure exif && \
docker-php-ext-configure pdo && \
docker-php-ext-configure zip && \
docker-php-ext-configure gd \
--with-jpeg-dir=/usr/include --with-png-dir=/usr/include --with-webp-dir=/usr/include --with-freetype-dir=/usr/include && \
docker-php-ext-configure sockets && \
docker-php-ext-configure mcrypt
RUN docker-php-ext-install pdo zip pdo_mysql opcache exif gd sockets mcrypt && \
docker-php-source delete
RUN ln -s /usr/bin/php7 /usr/bin/php && \
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer && \
mkdir -p /run/nginx
COPY ./init.sh /
COPY ./default.conf /etc/nginx/conf.d/default.conf
COPY ./.env /
RUN chmod +x /init.sh
EXPOSE 80
RUN addgroup -g 1001 node \
&& adduser -u 1001 -G node -s /bin/sh -D node
ARG UID=1001
ARG GID=1001
ENV UID=${UID}
ENV GID=${GID}
RUN usermod -u $UID node \
&& groupmod -g $GID node
RUN chown 1001:1001 /var/lib/nginx -R
RUN mkdir -p /var/tmp/nginx
RUN chown 1001:1001 /var/tmp/nginx -R
USER node
ENTRYPOINT [ "/init.sh" ]
There are quite a few unknowns in your question, for example, the contents of your default.conf file. By default the nginx logs are stored in /var/log/nginx, but I'll assume you're overriding that in the configuration.
The next thing is that the master process of nginx needs to be run as root if you wan't it to be able to bind to system ports (0 - 1023) so in case you are using nginx as a web server and intend to use ports 80 and 443 you should stick with running the nginx process as root.
In case you plan to use other ports and are set on the idea of running the master process as non-root, then you can check this answer for suggestions on how to do that - https://stackoverflow.com/a/42329561/5359953
I am using the term master process a lot here, because nginx spawns worker processes to handle the actual requests and those can be run as a different user (Defined in the nginx configuration file)
I found the solution. I just changed RUN chown 1001:1001 /var/lib/nginx -R to RUN chown -R 1001:1001 /var/. Thats works fine
RUN chown -R 1001:1001 /var/
sometimes it's will be actually bad decision.
u can try add permissions like this
RUN chown -R 1001:1001 /var/tmp/nginx
RUN chown -R 1001:1001 /var/lib/nginx
RUN chown -R 1001:1001 /var/log/nginx
RUN chown -R 1001:1001 /run/nginx
I guess RUN chown 1001:1001 /var/lib/nginx -R work wrong because I set the flag -R too late
my project structure is:
/docker-test
/app
/static
....
/templates
....
-__init__.py
....
-nginx.conf
-supervisord.conf
-uwsgi.ini
-Dockerfile
-app.py
-requirements.txt
I normally run the app by going into /docker-test>python app.py
Dockerfile:
FROM python:2.7
# Install uWSGI
RUN pip install uwsgi
# Standard set up Nginx
ENV NGINX_VERSION 1.9.11-1~jessie
RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \
&& echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \
&& apt-get update \
&& apt-get install -y ca-certificates nginx=${NGINX_VERSION} gettext-base \
&& rm -rf /var/lib/apt/lists/*
# forward request and error logs to docker log collector
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 80 443
# Finished setting up Nginx
# Make NGINX run on the foreground
RUN echo "daemon off;" >> /etc/nginx/nginx.conf
# Remove default configuration from Nginx
RUN rm /etc/nginx/conf.d/default.conf
# Copy the modified Nginx conf
COPY nginx.conf /etc/nginx/conf.d/
# Copy the base uWSGI ini file to enable default dynamic uwsgi process number
COPY uwsgi.ini /etc/uwsgi/
# Install Supervisord
RUN apt-get update && apt-get install -y supervisor \
&& rm -rf /var/lib/apt/lists/*
# Custom Supervisord config
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY . /deploy
WORKDIR /deploy
RUN pip install -r /deploy/requirements.txt
CMD ["/usr/bin/supervisord"]
app.py:
#!flask/bin/python
from app import app
from flask import url_for
if __name__ == '__main__':
app.run(host='0.0.0.0', debug=True, port=80)
app.add_url_rule('/favicon.ico', edirect_to=url_for('static', filename='favicon.ico'))
supervidord.conf:
[supervisord]
nodaemon=true
[program:uwsgi]
command=/usr/local/bin/uwsgi --ini /etc/uwsgi/uwsgi.ini --ini /deploy/uwsgi.ini
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
[program:nginx]
command=/usr/sbin/nginx
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
nginx.conf:
server {
location / {
include uwsgi_params;
uwsgi_pass unix:///tmp/uwsgi.sock;
}
}
uwsgi.ini:
[uwsgi]
wsgi-file=/app.py
socket = /tmp/uwsgi.sock
chown-socket = nginx:nginx
chmod-socket = 664
cheaper = 2
processes = 16
I am able to docker build and run without issue.
I get 500 error when trying to access the app in chrome:
no python application found
What is your current working directory? This just sounds like wsgi-file=/app.py should be wsgi-file=./app.py or you need to reference the correct absolute location such as wsgi-file=/deploy/app/app.py.
Working on WordPress, We put a project on docker.
I had a 502 proxy error. I was able to fix it restarting docker. However, the problem is still here on coworkers installation.
I try to fix it. However, I can not recreate the bug, so I have no log for this error.
Here is the dockerfile:
FROM debian:8
MAINTAINER xxxxxxxxxxxxx
LABEL version="1.0"
LABEL description="Debian 8 / Apache 2 / PHP 5"
ARG DEBIAN_FRONTEND=noninteractive
ENV DOCKER_CONTAINER_APP=/var/www
RUN apt-get -y update && apt-get install -y \
apache2 \
php5 \
libapache2-mod-php5 \
mysql-server \
php5-mysql \
supervisor \
phpmyadmin
RUN sed -i -e"s/^bind-address\s*=\s*127.0.0.1/bind-address = 0.0.0.0/" /etc/mysql/my.cnf
RUN /usr/sbin/mysqld & \
sleep 10s &&\
echo "GRANT ALL ON *.* TO admin#'%' IDENTIFIED BY 'heliopsis' WITH GRANT OPTION; FLUSH PRIVILEGES" | mysql
EXPOSE 3306
CMD ["/usr/bin/mysqld_safe"]
COPY ressources/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY ressources/my.cnf /etc/mysql/my.cnf
COPY ressources/init.sql /tmp/init.sql
RUN /etc/init.d/mysql start && mysql -uroot < /tmp/init.sql && /etc/init.d/mysql stop
COPY sql-dumps /tmp/sql-dumps
RUN /etc/init.d/mysql start && gunzip < /tmp/sql-dumps/dump.sql.gz | mysql -uroot -D nalian-local && /etc/init.d/mysql stop
RUN /etc/init.d/mysql start && mysql -uroot -e "SET PASSWORD = PASSWORD('heliopsis');" && /etc/init.d/mysql stop
# Dev env : show errors
RUN sed -i -e 's/^error_reporting\s*=.*/error_reporting = E_ALL/' /etc/php5/apache2/php.ini
RUN sed -i -e 's/^display_errors\s*=.*/display_errors = On/' /etc/php5/apache2/php.ini
RUN a2enmod rewrite
RUN mkdir /etc/apache2/ssl
COPY ressources/vhost /etc/apache2/sites-available/000-default.conf
RUN a2ensite 000-default
# add our local files in docker instance
ADD . $DOCKER_CONTAINER_APP
# add the docker instance as a volume
VOLUME $DOCKER_CONTAINER_APP
# define the workspace of the container
WORKDIR $DOCKER_CONTAINER_APP
# launching apache # startup
CMD cd wp-content; tar xzf $DOCKER_CONTAINER_APP/ressources/uploads.tar.gz; cd ..; ln -s wp-config-dev.php wp-config.php; ln -s htaccess_dev .htaccess;/usr/bin/supervisord
The install-vhost.sh :
#!/usr/bin/env bash
if [ -z "$1" ]
then
echo "dev name required"
exit
fi
if [ -z "$2" ]
then
echo "HTTP port required"
exit
fi
VHOST_TEMPLATE=`find . -name "*.DEV.rocks.conf"`
VHOST=`echo $VHOST_TEMPLATE | sed 's/.*\///' | sed "s/DEV/$1/"`
sudo cat $VHOST_TEMPLATE | replace "DEV" "$1" | replace "PORT" "$2" > /etc/apache2/sites-available/$VHOST
sudo a2ensite $VHOST
sudo service apache2 restart
And the vhost :
############## www.nalian.coralie.rocks
<VirtualHost *:80>
ServerName www.nalian.coralie.rocks
<Proxy *>
Allow from localhost
</Proxy>
ProxyPass / http://localhost:1250/
ProxyPassReverse / http://localhost:1250/
ProxyPreserveHost On
</VirtualHost>
Do you have any idea to help me?