This only happens with docker inside minikube
operating on host using minikube docker eval (minikube docker-env)
Trying to build a basic setup with Nginx serving a single file:
conf.d/example.conf
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name localhost;
location /file.json { root /data/; }
}
data/file.json
{"a": 1}
Run using docker nginx image:
docker run -it --rm -v "$(PWD)/conf.d:/etc/nginx/conf.d":ro -v "$(PWD)/data:/data":ro -p 8085:80 nginx
curl http://localhost/file.json gives me 2017/02/01 19:07:39 [error] 6#6: *1 open() "/data/file.json" failed (13: Permission denied)...
Cannot figure out how to make this right... Help wanted!
What I've tried so far:
providing a custom command like chmod -R o+x /data && ls -la data && nginx -g "daemon off;"
-rwxrwx--- 1 root 1013 11 Feb 1 13:08 /data/file.json
chmod does not seem to work properly.
neither chown :(
$ docker run -it --rm -v "$(PWD):/etc/nginx/conf.d":ro -v "$(PWD)/data:/data" -p 8085:80 nginx bash -c 'chown -R nginx:nginx /data/ && ls -la /data/ && nginx -g daemon off;"'
total 8
drwxrwx--- 1 root 1013 102 Feb 1 13:08 .
drwxr-xr-x 1 root root 4096 Feb 1 19:50 ..
-rwxrwx--- 1 root 1013 11 Feb 1 13:08 pub_key.json
setting a docker user to nginx
chmod -R 777 data on host
$ ls -la data
drwxrwxrwx 3 antonk staff 102 Feb 1 17:08 data
$ docker run -it --rm -v "$(PWD):/etc/nginx/conf.d":ro -v "$(PWD)/data:/data" -p 8085:80 nginx bash -c 'ls -la /data/ && nginx -g "daemon off;"'
total 8
drwxrwx--- 1 root 1013 102 Feb 1 13:08 .
drwxr-xr-x 1 root root 4096 Feb 1 20:20 ..
-rwxrwx--- 1 root 1013 11 Feb 1 13:08 pub_key.json
$ docker version
Client:
Version: 1.13.1-rc1
API version: 1.23
Go version: go1.7.4
Git commit: 2527cfc
Built: Sat Jan 28 00:43:00 2017
OS/Arch: darwin/amd64
Server:
Version: 1.11.1
API version: 1.23 (minimum version )
Go version: go1.5.4
Git commit: 5604cbe
Built: Wed Apr 27 00:34:20 2016
OS/Arch: linux/amd64
Experimental: false
minikube version: v0.15.0
https://github.com/kubernetes/minikube/issues/1067
When you map directories from the host directly into your container with volume mounts like these:
docker run -it --rm \
-v "$(PWD)/conf.d:/etc/nginx/conf.d":ro -v "$(PWD)/data:/data":ro \
-p 8085:80 nginx
The files are mounted directly in with the same uid's and file permissions you have on your host. Most likely your UID/GID on your host does not match those used inside the container. So if the files are not publicly readable on your host, they will not be readable inside the container. You can work around this with the following on your host:
chmod o+rx data && chmod o+r data/file.json
Related
Recently switched from Docker Desktop to Podman, everything work smoothly except when I want to mount host volume into container. e.g.
➜ ~ podman run --name nginx -v ~/bin/nginx/nginx.conf:/etc/nginx/nginx.conf:ro -d -p 8080:80 nginx
Error: statfs /Users/rb/bin/nginx/nginx.conf: no such file or directory
➜ ~ ls -lt ~/bin/nginx/nginx.conf
-rw-r--r-- 1 rb staff 490 Apr 23 14:31 /Users/rb/bin/nginx/nginx.conf
The host file ~/bin/nginx/nginx.conf do exist, so what's the problem here?
Had the same problem on MacOs.
I fixed it when used mount point not from the host machine itself, but from podman virtual machine.
So firstly i mounted the host volume to podman vm:
podman machine init -v $HOST_VOLUME:/mnt/$PODMAN_VM_VOLUME
And after that mounted PODMAN_VM_VOLUME to CONTAINER_VOLUME:
podman run -d -it --name test -v /mnt/$PODMAN_VM_VOLUME:/$CONTAINER_VOLUME
I'm trying to change the user: root to www-data in Dockerfile to build wordpress image. Once I run the dockerfile and go inside the image: the permission is not changed.
This is my Dockerfile:
FROM wordpress:php7.1-apache
COPY . /var/www/html
WORKDIR /var/www/html
RUN chown -R www-data:www-data /var/www/html/
RUN chmod -R 777 /var/www/html
This is the result in the image by running that Dockerfie:
root#081507c3824e:/var/www/html# ls -lh
total 228K
-rw-r--r-- 1 root root 149 Jul 5 05:09 Dockerfile
-rw-r--r-- 1 root root 405 Jul 5 05:09 index.php
-rw-r--r-- 1 root root 20K Jul 5 05:09 license.txt
-rw-r--r-- 1 root root 7.2K Jul 5 05:09 readme.html
drwxr-xr-x 9 root root 4.0K Jul 5 05:15 wp-admin
-rw-r--r-- 1 root root 351 Jul 5 05:09 wp-blog-header.php
/var/www/html is marked a VOLUME in Dockerfile of wordpress. Your RUN instruction won't persist after the build.
You can try any of the following approaches if you want to change the permisions of /var/www/html/ directory.
You can mount a directory with modified permissions from host machine into the container.
You can create an entrypoint script which changes the permission of the directory before starting the main process.
I try to install OpenResty 1.13.6.1 under CentOS 7. When I try to run openresty I get this error:
[root#flo ~]# openresty -s reload
nginx: [error] open() "/usr/local/openresty/nginx/logs/nginx.pid" failed (2: No such file or directory)
When I look at my logs, I only have 2 files:
[root#flo ~]# ll /usr/local/openresty/nginx/logs/
total 8
-rw-r--r--. 1 root root 0 1 mars 12:24 access.log
-rw-r--r--. 1 root root 4875 1 mars 16:03 error.log
I do not see how to find a solution.
///////////////////UPDATE//////////////////
I try to do this to folow the instructions of this page : https://openresty.org/en/getting-started.html
[root#flo ~]# PATH=/usr/local/openresty/nginx/sbin:$PATH
[root#flo ~]# export PATH
[root#flo ~]# nginx -p pwd/ -c conf/nginx.conf
And I have this error :
nginx: [alert] could not open error log file: open() "/root/logs/error.log" failed (2: No such file or directory)
2018/03/02 09:02:55 [emerg] 30824#0: open() "/root/conf/nginx.conf" failed (2: No such file or directory)
/////////////////UPDATE2//////////////:
[root#nexus-chat1 ~]# cd /root/
[root#nexus-chat1 ~]# ll
total 4
-rw-------. 1 root root 1512 1 mars 11:05 anaconda-ks.cfg
drwxr-xr-x. 3 root root 65 1 mars 11:36 openresty_compilation
Where do I need to create these folders ?
mkdir ~/work
cd ~/work
mkdir logs/ conf/
In /usr/local/openresty/ ?
Very likely nginx cannot open a log file because folder doesn't exists or permission issue.
You can see the reason within error.log file
openresty -s reload is used to tell nginx to reload the currently running instance. That's why it's complaining about the missing pid file.
Anyway, that's not the correct way to start openresty. Have a look at https://openresty.org/en/getting-started.html for instructions on how to get started.
If I do :
docker run --name nginx -d nginx:alpine /bin/sh -c 'echo "Hello stdout" > /dev/stdout'
I can see "Hello stdout" when I do :
docker logs nginx
But when the container is running (docker run --name nginx -d nginx:alpine) and I do :
docker exec nginx /bin/sh -c 'echo "Hello stdout" > /dev/stdout'
or when I attach the container with :
docker exec -it nginx /bin/sh
and then :
echo "Hello stdout" > /dev/stdout
I can't see anything in docker logs. And since my Nginx access logs are redirected to /dev/stdout, I can't see them as well.
What is happening here with this stdout ?
When you docker exec you can see you have several process
/ # ps -ef
PID USER TIME COMMAND
1 root 0:00 nginx: master process nginx -g daemon off;
6 nginx 0:00 nginx: worker process
7 root 0:00 /bin/sh
17 root 0:00 ps -ef
/ #
and in Linux, each process has its own stdin, stdout, stderr (and other file descriptors), in /proc/pid/fd
and so, with your docker exec (pid 7) you display something in
/proc/7/fd/1
If you do ls -ltr /proc/7/fd/1, it displays something like
/proc/4608/fd/1 -> /dev/pts/2 which means output is being sent to terminal
while your nginx process (pid 1) displays his output in
/proc/1/fd/1
If you do ls -ltr /proc/1/fd/1, it displays something like /proc/1/fd/1 -> pipe:[184442508] which means output is being sent to docker logging driver
So Nginx is started in daemon mode, but root, as confirms this command:
root#test:/home/vagrant# ps -edf | grep nginx
root 7331 1 0 13:42 ? 00:00:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 7333 7331 0 13:42 ? 00:00:00 nginx: worker process
But if I:
root#test:/home/vagrant# /etc/init.d/nginx restart
* Restarting nginx nginx [fail]
But when I run:
root#test:/home/vagrant# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
It's only when I go back to user vagrant that I get:
[13:46:58] vagrant#test:/home/vagrant $ nginx -t
2016/04/21 13:47:01 [emerg] 7390#7390: open() "/run/nginx.pid" failed (13: Permission denied)
And if I:
root#test:/home/vagrant# ls -l /run/nginx.pid
-rw-r--r-- 1 root root 5 Apr 21 13:45 /run/nginx.pid
So why won't nginx restart? What am I doing wrong? I mean, root not having enough permission doesn't make sense, does it?
And how come sudo nginx -t doesn't display any error message?
Have you this directive in your configuration file user www www; ?
If yes, does the user www (or whom you set) have access to the pid file and to the site directories ?
extra: if you need you can move the pif file using the pid path; directive.