I have problems with a share volumes that both nginx apline and php-fpm can write and delete folder and file.
Nginx container will create static file on var/run.
FROM nginx:alpine
RUN set -x ; \
addgroup -g 82 -S www-data ; \
adduser -u 82 -D -S -G www-data www-data && exit 0 ; exit 1
RUN chmod 777 -R /var/run
RUN mkdir -p /var/run/static-cache/
I also create a same directory on php-fpm container so it can clear all the cache when I update a page.
FROM php:7.4-fpm-alpine
RUN apk add shadow && usermod -u 1000 www-data && groupmod -g 1000 www-data
RUN chmod 777 -R /var/run
RUN mkdir -p /var/run/static-cache.
WORKDIR /var/www/html/
A mount volume will link these two directories between 2 containers.
However, when I save a page, I'm not able to clear any folder on php-fpm container due to permision denied.
Is ther any solutions to solve arround this?
Related
I'm having issues getting a mounted docker volume to use a user other than root.
Any files I create with this command:
docker run -it --rm --name my-running-script -v "$PWD":/usr/src/myapp -w /usr/src/myapp php:8.1-cli php "$#"
will always have root ownership on my host directory. Can someone clue me into how I get it to mount with my host's dir user? (Ex: /home/meisuser/mountedvolume
I've tried:
docker run -it --rm --name my-running-script --user $(id -u):$(id -g) -v "$PWD":/usr/src/myapp -w /usr/src/myapp php:8.1-cli php "$#"
but it doesn't seem to work.
I am stuck with that problem.
I have a docker compose file with volumes mapping that way :
volumes:
- ./:/var/www/html:rw
- ../epossobundle/:/var/www/epossobundle :rw;
In composer.json, there is a repo linked on a bundle which I am working on it like this :
"repositories": [
{
"type": "path",
"url": "../epossobundle"
},
But when I start my container I got the error
Warning: include(/var/www/html/vendor/composer/../epo/api-auth-sso-bundle/EpoApiAuthSsoBundle.php): failed to open stream: No such file or directory
How can I do ??
PS : It is not possible to install something in Docker image because it is intranet network
Thanks a lot
Serge
I assume that the vendor file is missing dependencies, specifically epo/api-auth-sso-bundle/EpoApiAuthSsoBundle.php so you'll need to install them.
Grab a root shell inside the container:
docker exec -it -u root <container_id_or_name> /bin/bash
Install composer (requires root):
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
Then install your dependencies (if not in production, no need for --no-dev):
composer install --no-dev
Finally, change the permissions back (ls -rvla):
# Nginx
chown -R nginx:nginx .
# Apache2
chown -R www-data:www-data .
Note: This is a "hacky-fix", if you rebuild the container you will have to do this every time. You should look to do this inside your Dockerfile as a permanent solution.
Untested example of the Dockerfile:
FROM php:7.4-fpm
WORKDIR /var/www/html
# Nginx
RUN groupadd -g 101 nginx && \
useradd -u 101 -ms /bin/bash -g nginx nginx
# Apache2
RUN groupadd -g 101 www-data && \
useradd -u 101 -ms /bin/bash -g www-data www-data
# Download and install composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
# Nginx
USER nginx
# Apache2
USER www-data
# Or add this as an entry-point (runs as user for permissions)
RUN composer install --no-dev
Motto is to run docker container with non-root user & got stuck at php-fpm error.
unable to figure out the issue...
NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
The problem is its giving same error, even though i changed configuration files with another user name.
I've already edited the www.conf config at /etc/php-fpm.d/www.conf with:
[www]
user = www-data
group = www-data
listen = /var/run/www.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
;listen.acl_users = apache,nginx
i also edited httpd.conf configuration /etc/httpd/conf/httpd.conf
Listen 8080
User www-data
Group www-data
The Dockerfile which includes all the process of installation, i used different user to execute httpd and php-fpm.
Here httpd is running with non-root i.e. www-data, however php-fpm is not running with non-root.
It is giving error as
NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
FROM amazonlinux:latest
MAINTAINER ********
RUN yum update -y
RUN amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
RUN yum install -y httpd sudo
RUN yum install -y php-mbstring php-gd php-pecl-zip php-pdo
COPY sourcecode /var/www/html/
COPY httpd.conf /etc/httpd/conf/httpd.conf
COPY www.conf /etc/php-fpm.d/www.conf
RUN groupadd www-data && useradd -g www-data www-data -s /bin/bash
RUN chown -hR www-data:www-data /run/httpd/ && chown -hR www-data:www-data /var/www/ && chown -hR www-data:www-data /etc/httpd/ && chown -hR www-data:www-data /var/log/httpd/ && chown -hR www-data:www-data /etc/php* && chown -hR www-data:www-data /run/php-fpm && chown -hR www-data:www-data /var/log/php-fpm
#setcap to bind to privileged ports as non-root
RUN setcap 'cap_net_bind_service=+ep' /usr/sbin/httpd && getcap /usr/sbin/httpd
USER 1000
CMD /usr/sbin/php-fpm -D ; /usr/sbin/httpd -D FOREGROUND
EXPOSE 8080
What might be the issue, iam unable to get the issue..!
Is there anyother way to run container with non-root?
I would like to add my mysql database to my Dockefile running ubuntu with installed mysql and php. The folder is structured in this way:
folder
|_ Dockerfile
|_ start.sh
|_ index.php
|_ init.sql
the problem is that start.sh don't exec all of my code, so the init.sql is not imported in mysql. I have looked some solution on StackOverflow but no one of them worked.
this is the Dockerfile
FROM ubuntu:latest
RUN apt-get update && apt-get upgrade -y
RUN DEBIAN_FRONTEND=noninteractive apt-get install apache2 php libapache2-mod-php php-mysql mysql-server -y
VOLUME ["/var/lib/mysql"]
ADD init.sql /tmp/init.sql
COPY index.php /var/www/html/
COPY start.sh /bin/
RUN chmod +x /bin/start.sh
EXPOSE 80 3306
CMD "/bin/start.sh"
This is the start.sh
#!/bin/bash
/usr/sbin/apache2ctl -D FOREGROUND
/usr/bin/mysqld_safe
mysql -u root -e "CREATE DATABASE mydb"
mysql -u root mydb < /tmp/init.sql
I'm not sure the problem is exactly start.sh, anyway every docker-compose solution will be useless for me since i need everything in a Dockerfile
first you must reorder sequence in you start.sh , because apache in foreground will prevent you to run mysql .
#!/bin/bash
chown -R mysql:mysql /var/lib/mysql /var/run/mysqld && /etc/init.d/mysql start
while [ ! -e /var/run/mysqld/mysqld.sock ]
do
sleep 2
done
mysqladmin ping
mysql -u root -e "CREATE DATABASE mydb"
mysql -u root mydb < /tmp/init.sql
/usr/sbin/apache2ctl -D FOREGROUND
and you must modify your Dockerfile to add :
RUN mkdir /var/run/mysqld ; chown mysql.mysql /var/run/mysqld
I have this multi-stage build in a Dockerfile:
## Stage 1
FROM node:9 as builder
RUN apt-get update && apt-get -y install sudo
RUN echo "newuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
RUN useradd -ms /bin/bash newuser
USER newuser
RUN mkdir -p /home/newuser/app
WORKDIR /home/newuser/app
RUN sudo chown -R $(whoami) $(npm config get prefix)/lib
RUN npm set progress=false
RUN npm config set depth 0
RUN npm cache clean --force
COPY dist .
## Stage 2
FROM php:5.6.30
RUN apt-get update && apt-get -y install sudo
RUN echo "newuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
RUN useradd -ms /bin/bash newuser
USER newuser
RUN mkdir -p /home/newuser/app
WORKDIR /home/newuser/app
COPY --from=builder /home/newuser/app /home/newuser/app
RUN ls -a /home/newuser/app
CMD ["php", "-S", "localhost:3000"]
the image build successfully, using:
docker build -t x .
Then I run it with:
docker run -p 3000:3000 x
but when I go to localhost:3000 on the host machine, I don't get a response. The webpage is blank.
Does anyone know why that might happen?
I also tried:
CMD ["sudo", "php", "-S", "localhost:80"]
and
docker run -p 3000:80 x
and a few other variations, still nothing.
Not sure why the PHP static server wasn't working, but I got it working with Node.js static server package:
FROM node:9 as builder
RUN apt-get update && \
apt-get -y install sudo
RUN echo "newuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
RUN useradd -ms /bin/bash newuser
USER newuser
RUN mkdir -p /home/newuser/app
WORKDIR /home/newuser/app
RUN sudo chown -R $(whoami) $(npm config get prefix)/lib
RUN sudo chown -R $(whoami) $(npm config get prefix)/lib/node_modules
RUN sudo chown -R $(whoami) $(npm config get prefix)/bin
RUN sudo chown -R $(whoami) $(npm config get prefix)/share
RUN sudo chown -R $(whoami) /usr/local/lib
RUN npm set progress=false
RUN npm config set depth 0
RUN npm cache clean --force
COPY dist .
RUN npm install -g http-server
ENTRYPOINT ["http-server", "."]
you build it like so:
docker build -t x .
and then run it like so:
docker run -p 3000:8080 x