On Wed, May 04, 2016 at 06:25:01PM -0300, Paulo Leal wrote: Hi there,
Completely untested by me; and I've not used openshift or docker, but: > I have been playing around with the > https://github.com/nginxinc/openshift-nginx dockerfile and trying to find > a way to run run nginx as non-root with openshift/k8/docker. > I am currently getting the error: > nginx: [alert] could not open error log file: open() > "/var/log/nginx/error.log" failed (13: Permission denied) That says that the user you run as cannot open that file. ls -ld / /var /var/log /var/log/nginx ls -l /var/log/nginx/error.log You may need a "-Z" in there too, if you have some extra security enabled. Does your user have permission to write the current error.log file; or to create a new one? If not, do whatever it takes to make that possible. You do mention some "chmod" commands below, but none that refer to this directory or file. > 2016/05/04 20:51:09 [warn] 1#1: the "user" directive makes sense only if > the master process runs with super-user privileges, ignored in > /etc/nginx/nginx.conf:5 That is harmless; if you intend to run as non-root, you can remove that directive from the config file. > 2016/05/04 20:51:09 [emerg] 1#1: open() "/etc/nginx/conf.d/default.conf" > failed (13: Permission denied) in /etc/nginx/nginx.conf:33 That suggests that your user can read /etc/nginx/nginx.conf, but cannot read /etc/nginx/conf.d/default.conf "ls -ld" or "ls -ldZ" every directory from the root to that one. Perhaps there is something there that shows why you are blocked. > I have alredy added to my Dockerfile: > Run ... > && chmod 777 /etc/nginx/nginx.conf \ > && chmod 777 /var/run \ > && chmod 777 /etc/nginx/conf.d/default.conf 777 is possibly excessive; but if it works for you, it works. If you don't have "x" permissions on /etc/nginx/conf.d, though, you probably won't be able to read the default.conf file within. > I also run bash on the container and was albe to "cat" the "default.conf" > and the "nginx.conf" files. Do you do that as the same user/group that you run nginx as? Good luck with it, f -- Francis Daly [email protected] _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
