So my Dockerfile runs via docker-compose using:
Dockerfile
FROM nginx
#COPY conf
COPY myapp/ /usr/share/nginx/html
RUN chmod -R 664 /usr/share/nginx/html
RUN chown -R nginx /usr/share/nginx/html
RUN chcon -R -t httpd_sys_content_t /usr/share/nginx/html
This is on RHEL 6.x, Docker is old 1.7 or something as well.
I don't even need "run chmod/chown/chcon" for most environments!! The dockerfile works just fine on windows.
However, I still get 403 Forbidden errors whenever nginx tries to access ANY file in /usr/share/nginx/html.
What is the correct way to setup nginx in a docker container and avoid these SElinux problems? (SElinux is on "Enforcing")
In fact, if you do
RUN/CMD ls -l
we can see nginx is the user who owns that folder and it has the right permissions! So what the heck is going on?
Special circumstances related to old Docker 1.7.1 and RHEL6, means you gotta install RHEL7. SELinux does not work well with it. There are some core RHEL6 library issues (shared library permission errors) making it nearly impossible to use with Docker 1.7.1.
The labels are all wrong. the processes inside the image are init_rc_t type labels which are incorrect. The files can be changed to httpd_sys_content_t but it doesn't work.
I think also there may be some nginx:nginx (UID GID mismatching) issues.
But really, it's give up time. Not worth investing time in resolving it and my host provider wouldn't call RHEL6 to ask about it.
We are using Nginx as a reverse proxy for docker-cloud services. A script is implemented to update the config file of Nginx whenever new service deploys on docker cloud or if service gets new url on docker-cloud.
The Nginx and the script have been run in a docker container separately.
The Nginx config file is mounted in Host(ECS). After updating the config file using script, it needs to reload the Nginx in order to apply the changes.
First, I would like to know if this is the best way of updating Nginx config file and also what is the best way to reload the Nginx without any downtime?
Shall I recreate the Nginx container after each update? if so, how?
or it's fine to reload the Nginx from Host by monitoring the changes in the config file(using a script) and reload it with below command?
docker exec NginxcontainerID | nginx -s reload
Shall I recreate the Nginx container after each update? if so, how?
No, You just need to reload nginx service most of the time.
You can use:
docker exec nginxcontainername/id nginx -s reload
or
docker kill -s HUP nginxcontainername/id
Another option would be using a custom image and check nginx config checksum and reload nginx when ever it changes. Example script:
nginx "$#"
oldcksum=`cksum /etc/nginx/conf.d/default.conf`
inotifywait -e modify,move,create,delete -mr --timefmt '%d/%m/%y %H:%M' --format '%T' \
/etc/nginx/conf.d/ | while read date time; do
newcksum=`cksum /etc/nginx/conf.d/default.conf`
if [ "$newcksum" != "$oldcksum" ]; then
echo "At ${time} on ${date}, config file update detected."
oldcksum=$newcksum
nginx -s reload
fi
done
You need to install inotifywait package.
I'm configuring an nginx server to stream using rtmp.
As I just found out I have different nginx installations.
One is located on /etc/nginx (the old one, and the one that is running by default), and other one it's on /usr/local/nginx.
I want to make a symbolic link somewhere so I can define that the server executes the one located at /usr/local
Doing some more reading, I realized that I had 2 nginx was because I installed one with apt-get and a newer version from source. I uninstalled with apt-get purge. Now what I need to find out is how to set the nginx installed from source as default system.
The nginx installed from source is up and running, but I can't do a restart by any means.
/usr/local/nginx/sbin$ sudo ./nginx -s stop
/usr/local/nginx/sbin$ sudo ./nginx
Did the trick.
I created a symlinked folder like this using SSH on a Ubuntu 14.04 server named webserver.
ln -s /var/virtual/original /var/virtual/symlink
Inside the /var/virtual/original, there is a abc.php that has content in it.
I triggered my Jenkins which will connect remotely to the same server using SSH as well.
It will execute this command on the webserver.
mkdir /var/virtual/new-folder
cd /var/virtual/new-folder && touch abc.php
rm /var/virtual/symlink
ln -s /var/virtual/new-folder /var/virtual/symlink
I notice that if I open a SSH shell and am currently at /var/virtual/symlink and then I trigger the Jenkins, the command while executed, does actually replace the abc.php.
However, when I visit the website via a browser, there is no change detected.
When I am NOT at the /var/virtual/symlink and I trigger Jenkins, the change is properly done.
I am using nginx and php5-fpm and I did set the disable symlinks off; as well as sendfile off;
What could explain this?
I issued a nginx -s stop and after that I got this error when trying to reload it.
[error]: invalid PID number "" in "/var/run/nginx.pid"
That /var/run/nginx/pid file is empty atm.
What do I need to do to fix it?
nginx -s reload is only used to tell a running nginx process to reload its config. After a stop, you don't have a running nginx process to send a signal to. Just run nginx (possibly with a -c /path/to/config/file)
in my case I solved this by starting the service.
sudo /etc/init.d/nginx start
The command above will start the service in Debian/Ubuntu. It will issue an error if there is any problem (like Apache listening in the same port)
After that nginx -s reload will work like a charm
This will clear out the issue on ubuntu 16.04 and above
sudo service nginx stop
you may need to remove the pid file nginx.pid whose location may be defined in file /etc/nginx/nginx.conf look for line like
cat /etc/nginx/nginx.conf | grep pid # see if pid file is defined
this line may live in file /etc/nginx/nginx.conf
pid /run/nginx.pid; # in file /etc/nginx/nginx.conf
if pid file does exist then remove it now
ls -la /var/run/nginx/pid # this file may live elsewhere
ls -la /run/nginx.pid # on Ubuntu 16.04+
after the pid file has been removed lets launch nginx
sudo service nginx start
ps -eaf|grep nginx # confirm its running
sudo nginx -t && sudo nginx -s reload # confirm config is OK
# typical output
# nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
# nginx: configuration file /etc/nginx/nginx.conf test is successful
sudo service nginx stop # issue stop
ps -eaf|grep nginx # confirm it actually stopped
now sanity has been restored and you are free to launch at will
In the latest version(1.2.0) that I downloaded there is no "-s start" option, it will say
nginx: invalid option: "-s start"
You can start nginx by
sudo /etc/nginx/sbin/nginx
The server will be started and then there wont be any Invalid pid number errors.
To avoid downtime with restarting nginx,
ps aux | grep nginx
PID of nginx master process
echo PID > /var/run/nginx.pid
nginx -s reload
In my case nginx was stopped (crashed I assume). Solved the issue by:
service nginx status
nginx stop/waiting
service nginx start
nginx start/running, process 3535
Then nginx -s reload worked like a charm.
I am using nginx/1.8.0 on trusty.
This happens if the nginx process was stopped manually or was killed.
Check if the process is still running:
sudo lsof -nP -iTCP:<port> | grep LISTEN
I am on mac, and I reinstall the nginx with:
brew reinstall nginx
Then start the service using brew:
brew services start nginx
On CentOS 7 I done it with this:
sudo systemctl start nginx
#Then check all things are OK
sudo systemctl status -l nginx
For anyone who still has issues, in my case, there was an apache2 server that was running.
You can try debugging what went wrong in your nginx machine by executing this command -
systemctl status nginx
This gave me an insight that the port was already in us by apache2 server.
so you can do sudo service apache2 stop and then do sudo service nginx start.
Docker Alpine users should use
nginx
by using that nginx will be start there is no error by
nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
then reload it by
nginx -s reload