Hi, I added the lines to my dockerfile
Run ... && chmod 777 /var/log/nginx / && rm -rf /var/log/nginx/error.log / && rm -rf /var/log/nginx/access.log It worked for me! Thanks for your help. Paulo Leal On Thu, May 5, 2016 at 12:57 PM, Aleksandar Lazic <[email protected]> wrote: > Hi. > > Am 04-05-2016 23:50, schrieb Francis Daly: > >> On Wed, May 04, 2016 at 06:25:01PM -0300, Paulo Leal wrote: >> >> Hi there, >> >> Completely untested by me; and I've not used openshift or docker, but: >> >> I have been playing around with the >>> https://github.com/nginxinc/openshift-nginx dockerfile and trying to >>> find >>> a way to run run nginx as non-root with openshift/k8/docker. >>> >>> I am currently getting the error: >>> nginx: [alert] could not open error log file: open() >>> "/var/log/nginx/error.log" failed (13: Permission denied) >>> >> >> That says that the user you run as cannot open that file. >> >> ls -ld / /var /var/log /var/log/nginx >> ls -l /var/log/nginx/error.log >> >> You may need a "-Z" in there too, if you have some extra security enabled. >> >> Does your user have permission to write the current error.log file; >> or to create a new one? If not, do whatever it takes to make that >> possible. >> >> You do mention some "chmod" commands below, but none that refer to this >> directory or file. >> > > In openshift you normally not know with which user your run. > > > https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#scc-strategies > > I think the default is 'MustRunAsRange', this suggest this file. > > > https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_master/templates/master.yaml.v1.j2#L177 > > There is a solution to run for a dedicated user id. > > https://docs.openshift.org/latest/creating_images/guidelines.html#use-uid > > You should change the location of the pid file and you can use a syslog > server for the logs. I have created a more or less ready to use solution. > > https://github.com/git001/nginx-osev3 > > Please tell me if the solution is helpful for you. > > I can then make a pull request to the > https://github.com/nginxinc/openshift-nginx . > > I have alredy added to my Dockerfile: >>> Run ... >>> && chmod 777 /etc/nginx/nginx.conf \ >>> && chmod 777 /var/run \ >>> && chmod 777 /etc/nginx/conf.d/default.conf >>> >> >> 777 is possibly excessive; but if it works for you, it works. If you >> don't have "x" permissions on /etc/nginx/conf.d, though, you probably >> won't be able to read the default.conf file within. >> >> I also run bash on the container and was albe to "cat" the "default.conf" >>> and the "nginx.conf" files. >>> >> >> Do you do that as the same user/group that you run nginx as? >> > > To OP: > the output of ' id && ps axfu && ls -laR /etc/nginx/ ' would be > interesting. > > In general the Images in openshift are running with a random user id which > it makes difficult to set proper file permissions :-/ > You can define some service accounts to be able to run as root, this > should be used very carefully as in non PaaS environments ;-). > > Cheers > Aleks > > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
