We Keep Coding

PHP-FPM docker container got different behavior depending engine (docker-compose and swarm)

One PHP-FPM container (7.2), member of classical LAPP stack, correctly exposes port 9000 when launched with docker-compose but nothing when started by Docker Swarm. Should I mention that container is running (see output below) and I can launch a TTY bash on it.
So with docker-compose, web application is fully functionnal, but with Swarm, Apache issues a 503 Service Unavailable. Nothing is changed between tests with different engines. Do you have any clue about this behaviour ?
docker-compose.yml
version: '3.5'
services:
postgres:
env_file: ./.env
image: "postgres:9.5.24"
volumes:
- database:/var/lib/postgresql/data
networks:
- internal
adminer:
image: adminer
networks:
- internal
- traefik-public
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.adminer.rule=Host(`adminer.example.com`)"
- "traefik.http.routers.adminer.entrypoints=websecure"
- "traefik.http.routers.adminer.tls.certresolver=letsencryptresolver"
- "traefik.http.services.adminer.loadbalancer.server.port=8080"
- "traefik.port=80"
apache:
env_file: ./.env
image: visio_rdv_apache:latest
build:
context: docker/images/apache2.4
dockerfile: Dockerfile
args:
UID: ${HOST_UID}
ROOT_URL: ${ROOT_URL}
ports:
- 8000:80
environment:
FPM_HOST: php:9000
ROOT_URL: ${ROOT_URL}
volumes:
- ${LOGS_DIR}/apache/:/var/log/httpd/
- ${RELATIVE_APP_PATH}:/var/www/html
links:
- postgres
- php
networks:
- internal
- traefik-public
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.visio_rdv.rule=Host(`test.example.com`)"
- "traefik.http.routers.visio_rdv.entrypoints=websecure"
- "traefik.http.routers.visio_rdv.tls.certresolver=letsencryptresolver"
- "traefik.http.services.visio_rdv.loadbalancer.server.port=80"
- "traefik.port=80"
php:
env_file: .env
links:
- ftp
image: visio_rdv_php:latest
build:
context: docker/images/php
dockerfile: Dockerfile
args:
UID: ${HOST_UID}
TIMEZONE: ${TIMEZONE}
PROXY: ${http_proxy}
volumes:
- ftp_data:/var/www/ftp:rw
- ${RELATIVE_APP_PATH}:/var/www/html
networks:
- internal
ftp:
env_file: .env
image: "fauria/vsftpd:latest"
ports:
- "9520:20"
- "9521:21"
- "21100-21110:21100-21110"
environment:
FTP_USER: ${FTP_USER}
FTP_PASS: ${FTP_PASS}
PASV_MIN_PORT: 21100
PASV_MAX_PORT: 21100
volumes:
- ftp_data:/home/vsftpd/${AUTOMATION_CLIENT_NAME}:rw
networks:
- internal
volumes:
ftp_data:
database:
networks:
traefik-public:
external: true
internal:
external: false
With Docker Swarm
Apache logs :
[Wed Aug 04 07:35:16.382246 2021] [proxy:error] [pid 11] (111)Connection refused: AH00957: FCGI: attempt to connect to 10.0.4.93:9000 (*) failed
[Wed Aug 04 07:35:16.382314 2021] [proxy_fcgi:error] [pid 11] [client 10.0.0.2:1035] AH01079: failed to make connection to backend: php, referer: http://test.example.com/
Swarm services list :
docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
um2txtpz8534 traefik_reverse-proxy replicated 1/1 traefik:v2.4
ahf7uukapxbr my_stack_adminer replicated 1/1 adminer:latest
ue8qekmg0ff0 my_stack_apache replicated 1/1 my_stack_apache:latest my_stack*:8000->80/tcp
x9igaslhsx11 my_stack_ftp replicated 1/1 fauria/vsftpd:latest *:9520-9521->20-21/tcp, *:21100-21110->21100-21110/tcp
jpk4qzqs1tfx my_stack_php replicated 1/1 my_stack_php:latest
ih67rh82vp9e my_stack_postgres replicated 1/1 postgres:9.5.24
I tried to add net-tools to the PHP image, in order to manually test the connection with nc. Same result, php container instance IP is correctly resolved, but any TCP connection to port 9000 is refused.
I use a lot environment vars, and in order to palliate missing feature with Swarm, I use the docker-compose config command output to generate complete docker-compose.yml file.
With docker-compose
Name Command State Ports
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
my_stack_adminer_1 entrypoint.sh docker-php-e ... Up 8080/tcp
my_stack_apache_1 /bin/sh -c apachectl -D FO ... Up 0.0.0.0:8000->80/tcp
my_stack_ftp_1 /usr/sbin/run-vsftpd.sh Up 0.0.0.0:9520->20/tcp, 0.0.0.0:9521->21/tcp, 0.0.0.0:21100->21100/tcp, 0.0.0.0:21101->21101/tcp, 0.0.0.0:21102->21102/tcp,
0.0.0.0:21103->21103/tcp, 0.0.0.0:21104->21104/tcp, 0.0.0.0:21105->21105/tcp, 0.0.0.0:21106->21106/tcp, 0.0.0.0:21107->21107/tcp,
0.0.0.0:21108->21108/tcp, 0.0.0.0:21109->21109/tcp, 0.0.0.0:21110->21110/tcp
my_stack_php_1 php-fpm -R -F Up 9000/tcp
my_stack_postgres_1 docker-entrypoint.sh postgres Up 5432/tcp

Here are a few things I'd try:
Use docker service inspect to see if the configuration matches what you expect it to be.
Jump into the php container and see what port it's actually listening on.
Did you intend to expose the apache server directly? I would imagine you'd use traefik in front of that since you already have in the mix.

laravel fails to load videos from directory mapped as a volume in a docker container

I'm building a laravel app packaged as a docker container. Our home and product pages play HD videos and I want to avoid storing these videos in source control as they might change a bit frequently.
The idea is to put updated videos in a directory, add updated video names as a config property which can be picked up by blade when rendering the webpage. Adding hardcoded video file names in the code shared the but the intro-xxxxxxxx would come from a variable read from the .env file later on
<div class="background-holder overlay overlay-2 parallax d-none d-sm-block">
<video autoplay="autoplay" loop="loop" muted="muted">
<source src="{{ asset('videos/intro-72126f2acfb477064fe31fcfaea14e79.webm') }}" type="video/webm" />
<source src="{{ asset('videos/intro-01be5dedca0a6a6259c107e69d61af8d.mp4') }}" type="video/mp4" />
<source src="{{ asset('videos/intro-213e0ed58dcc68f1089d0fc13408e586.ogv') }}" type="video/ogv" />
</video>
</div>
now I'm mapping the directory with all these videos as a docker volume like so; in the Dockerfile I define a working directory
# Set working directory
WORKDIR /var/www
and then in Docker compose I mount volumes
version: "3.8"
services:
app:
build:
args:
user: www
uid: 1000
context: ./
dockerfile: Dockerfile
container_name: onex-webapp
restart: unless-stopped
tty: true
environment:
SERVICE_NAME: app
SERVICE_TAGS: dev
working_dir: /var/www
volumes:
- ./:/var/www
- /Users/anadi/Movies/OneX/:/var/www/public/videos
networks:
- onexweb
nginx:
image: nginx:alpine
container_name: onex-webserver
restart: unless-stopped
tty: true
ports:
- 8000:80
volumes:
- ./:/var/www
- ./nginx/dev/conf.d/:/etc/nginx/conf.d/
networks:
- onexweb
networks:
onexweb:
driver: bridge
when I check contents of the container I see this directory and the videos
❯ docker exec onex-webapp ls -l /var/www/public/videos
total 987168
-rw-r--r-- 1 www www 64285377 Apr 23 08:18 fr-intro.mp4
-rw-r--r-- 1 www www 78065607 Apr 27 07:27 fr-intro.ogv
-rw-r--r-- 1 www www 4212950 Apr 27 07:16 fr-intro.webm
-rw-rw-r-- 1 www www 11110738 Oct 23 2018 fr3-intro.mp4
-rw-r--r-- 1 www www 22746906 Jun 23 07:43 isc-intro.mp4
-rw-r--r-- 1 www www 30409396 Jun 23 07:43 intro-01be5dedca0a6a6259c107e69d61af8d.mp4
-rw-r--r-- 1 www www 36319165 Jun 23 07:43 intro-213e0ed58dcc68f1089d0fc13408e586.ogv
-rw-r--r-- 1 www www 22733111 Jun 23 07:43 intro-72126f2acfb477064fe31fcfaea14e79.webm
-rw-r--r-- 1 www www 29432716 Apr 27 15:00 ta-intro.mov
-rw-r--r-- 1 www www 18688528 Jul 17 2018 ta-intro.mp4
-rw-r--r-- 1 www www 21402515 Apr 29 05:30 ta-intro.ogv
-rw-r--r-- 1 www www 9233096 Apr 29 05:38 ta-intro.webm
But when I access the pages I get a 404 error for these video URLs
GET http://localhost:8000/videos/intro-72126f2acfb477064fe31fcfaea14e79.webm net::ERR_ABORTED 404 (Not Found)
If I give up the volumes way and add a symlink to these videos' directory under public/videos then I do not get a 404 error; curious what's causing this, and possible solutions. In production I will be packaging contents into docker container layers instead of mounting volumes hence the need to solve this.

Moved /videos as a directory config to nginx and mounted directory with videos as volume to nginx container, it works now.

Docker is not running my php project via docker-compose

I have my php project. In this project, is a public folder which contains the index.php as a starting point.
The docker-compose.yml file is in the root directory.
So
[Project root directory]
----docker-compose.yml
----public
----------index.php
----other project files and folders
Now I have my docker-compose.yml file, which contains a mysql, phpmyadmin, apache image and a link to the project itself.
It was working before, some weeks ago. I don't remember that I have changed something up, but it does not work anymore.
here is my docker-compose.yml file:
version: '3'
services:
php:
image: docker.team23.de/docker/php:7.2
volumes:
- ./:/app
web:
image: docker.team23.de/docker/apache:2.4-php
environment:
APACHE_DOCUMENT_ROOT: /app/public
volumes:
- ./:/app
ports:
- "3039:80"
db:
image: mysql:5.7
volumes:
- ./mysql-dump:/docker-entrypoint-initdb.d
restart: always
environment:
MYSQL_ROOT_PASSWORD: password
MYSQL_DATABASE: project_name
MYSQL_USER: admin
MYSQL_PASSWORD: admin
phpmyadmin:
depends_on:
- db
image: phpmyadmin/phpmyadmin
restart: always
ports:
- '8080:80'
environment:
PMA_HOST: db
MYSQL_ROOT_PASSWORD: password
volumes:
db:
docker-compose up -d -V
docker-compose
docker ps
docker ps
the phpmyadmin works fine. I can login to mysql, so this is working too.
But if I open localhost:3039, which should run my project, I get :
The website is unavailable localhost has refused the connection.
logs of web image
Attaching to xxxx_web_1
web_1 | [Sun Jul 21 10:10:57.740369 2019] [so:warn] [pid 1:tid 140066424941416] AH01574: module setenvif_module is already loaded, skipping
web_1 | [Sun Jul 21 10:10:57.740410 2019] [so:warn] [pid 1:tid 140066424941416] AH01574: module headers_module is already loaded, skipping
web_1 | [Sun Jul 21 10:10:57.740417 2019] [so:warn] [pid 1:tid 140066424941416] AH01574: module alias_module is already loaded, skipping
web_1 | AH00526: Syntax error on line 14 of /usr/local/apache2/conf/httpd-extra-basics.conf:
web_1 | DocumentRoot '/app/public' is not a directory, or is not readable

docker-compose mounted directory does not rename folders

So I have gotten a folder to rename in a directory. Every other folder I put in that mounted directory says:
Warning:
rename(/app/public/CoverImages/S3-Uploaded/subfolder-for-depth/2019-01-15-Uploaded,/app/public/CoverImages/S3-Uploaded/subfolder-for-depth/2019-01-15-Uploaded-AWS):
Permission denied in /app/src/S3CoverImages.php on line 260
My php code is the following:
if(is_dir($dirPath)) {
$success = rename(rtrim($dirPath, " -/"), rtrim($dirPath, " -/") . "-AWS");
My dockerfile code for permissions is as follows:
RUN chown www-data:www-data /usr/local/etc/php-fpm.conf && \
chown -R www-data:www-data /app && \
chmod -R 755 /app && \
chown -R www-data:www-data /var/www && \
chmod +x /usr/local/bin/start.sh; sync
In docker-compose.yml we have it mounting the directory we need:
version: '3.4'
services:
nginx:
image: americanreading/someproject:dev
restart: on-failure:3
ports:
- 8001:8080
php:
image: americanreading/bisapi-php:dev
environment:
#lots of server details here.
volumes:
- /mnt/coverimages/S3-Uploaded/subfolder-for-depth:/app/public/CoverImages/S3-Uploaded/subfolder-for-depth/
Is there something else I need to make sure any folder put into this mounted directory will have php permission to rename the folder? Is there anything evident that I am not doing at the moment?
Almost forgot, here are the current permissions we looked up in bash:
arcit#arcvm13:~/arcbis-dev$ docker-compose run --rm php bash
www-data#9a78e9799427:/app$ ls -la /app/public/CoverImages/S3-Uploaded/subfolder-for-depth/
total 16
drwxrwxrwx 2 root root 4096 Feb 25 14:31 .
drwxr-xr-x 3 root root 4096 Feb 25 14:38 ..
-rwxrwxrwx 1 root root 6148 Feb 25 14:32 .DS_Store
drwxrwxrwx 2 root root 0 Oct 20 2015 2010-02-15
drwxrwxrwx 2 root root 0 Feb 25 14:30 2019-01-15-Uploaded
drwxrwxrwx 2 root root 0 Feb 25 14:31 2019-02-07-Uploaded-AWS
drwxrwxrwx 2 root root 0 Feb 22 16:24 2019-02-18
Here is the ls -la on the subfolder-for-depth itself:
drwx------# 1 toddcoulson staff 16384 Oct 20 2015 2010-02-15
drwx------# 1 toddcoulson staff 16384 Feb 25 09:30 2019-01-15-Uploaded
drwx------ 1 toddcoulson staff 16384 Feb 25 09:31 2019-02-07-Uploaded-AWS
drwx------# 1 toddcoulson staff 16384 Feb 22 11:24 2019-02-18

The volume is created when you run the container, not when you build it. By default the permissions on that directory will be root.
An other issue here is that you are binding your volume to a host path "/mnt/coverimages/S3-Uploaded/subfolder-for-depth".
So that directory is going to have the permissions of your host (for example user 1000).
A solution is to add that user the the www-data group, in your Dockerfile.

TravisCI Docker Permissions

I use Docker to run my PHP app. Now I want Travis CI to test my app. But all my builds fail, because containers can not open files in /temp directory of my app.
I have data container:
FROM ubuntu
COPY ./ /project
VOLUME /project
CMD ["true"]
I use my own PHP fpm container based on php:7.0-fpm - only with some extensions installed. Same for nginx.
My docker compose looks like this
version: '2'
services:
data:
build: ./
volumes:
- .:/project
command: "true"
nginx:
image: myNginx
ports:
- "80:80"
- "443:443"
volumes_from:
- data
links:
- php
php:
image: myPhp
ports:
- "9000:9000"
volumes_from:
- data
You can see that I use shared volume with host. Everything works on my local machine (windows) but not on travis.
And finaly my travis.yml
sudo: required
language: php
services:
- docker
before_script:
- docker-compose up --build -d
# Run firefox
- docker run -d -p 4444:4444 -p 5900:5900 --name firefox --link my_nginx:nginx --net myapp_default selenium/standalone-firefox-debug:2.53.0
script:
# Run Codeception
- docker run --rm --volumes-from my_data --link firefox --net myapp_default --name codeception codeception/codeception run accept
All codeception tests fails because app can not write to /log and can not open files in /temp. It is interesting because it writes some files but later it can not open it.
I ls -la with result:
# ./temp
drwxrwxr-x 3 travis travis 4096 Nov 4 15:55 .
drwxrwxr-x 14 travis travis 4096 Nov 4 15:56 ..
drwxr-xr-x 4 root root 4096 Nov 4 15:55 cache
-rw-rw-r-- 1 travis travis 14 Nov 4 15:49 .gitignore
# ./temp/cache
drwxr-xr-x 4 root root 4096 Nov 4 15:55 .
drwxrwxr-x 3 travis travis 4096 Nov 4 15:55 ..
drwxr-xr-x 2 root root 4096 Nov 4 15:55 Nette.Configurator
drwxr-xr-x 2 root root 4096 Nov 4 15:55 _Nette.RobotLoader
# ./temp/cache/Nette.Configurator
drwxr-xr-x 2 root root 4096 Nov 4 15:55 .
drwxr-xr-x 4 root root 4096 Nov 4 15:55 ..
-rw-r--r-- 1 root root 116093 Nov 4 15:55 Container_70d15d6361.php
-rw-r--r-- 1 root root 0 Nov 4 15:55 Container_70d15d6361.php.lock
-rw-r--r-- 1 root root 52913 Nov 4 15:55 Container_70d15d6361.php.meta
I ma pretty sure that I have bad permissions set in travis or in container, but I don`t know how to fix it.

The files that Travis pulls will be owned by the travis user and group, while the processes running inside the container expect the active user to be the owner. I had this issue with a docker-compose file that was running fine on my Mac, but failed on Travis.
For me, this was fixed by adding this to the install step in my .travis.yaml (edit: you'll probably want it in your before_script section instead):
install
- docker-compose run --user='root' --entrypoint chown worker_test -R myuser:myuser .
This writeup on UID/GID bits was helpful: Understanding user file ownership in docker: how to avoid changing permissions of linked volumes