On Wed, May 04, 2016 at 06:25:01PM -0300, Paulo Leal wrote:
Hi there,
Completely untested by me; and I've not used openshift or docker, but:
> I have been playing around with the
> https://github.com/nginxinc/openshift-nginx dockerfile and trying to find
> a way to run run nginx as non-root with openshift/k8/docker.
> I am currently getting the error:
> nginx: [alert] could not open error log file: open()
> "/var/log/nginx/error.log" failed (13: Permission denied)
That says that the user you run as cannot open that file.
ls -ld / /var /var/log /var/log/nginx
ls -l /var/log/nginx/error.log
You may need a "-Z" in there too, if you have some extra security enabled.
Does your user have permission to write the current error.log file;
or to create a new one? If not, do whatever it takes to make that possible.
You do mention some "chmod" commands below, but none that refer to this
directory or file.
> 2016/05/04 20:51:09 [warn] 1#1: the "user" directive makes sense only if
> the master process runs with super-user privileges, ignored in
> /etc/nginx/nginx.conf:5
That is harmless; if you intend to run as non-root, you can remove that
directive from the config file.
> 2016/05/04 20:51:09 [emerg] 1#1: open() "/etc/nginx/conf.d/default.conf"
> failed (13: Permission denied) in /etc/nginx/nginx.conf:33
That suggests that your user can read /etc/nginx/nginx.conf, but cannot
read /etc/nginx/conf.d/default.conf
"ls -ld" or "ls -ldZ" every directory from the root to that one.
Perhaps there is something there that shows why you are blocked.
> I have alredy added to my Dockerfile:
> Run ...
> && chmod 777 /etc/nginx/nginx.conf \
> && chmod 777 /var/run \
> && chmod 777 /etc/nginx/conf.d/default.conf
777 is possibly excessive; but if it works for you, it works. If you
don't have "x" permissions on /etc/nginx/conf.d, though, you probably
won't be able to read the default.conf file within.
> I also run bash on the container and was albe to "cat" the "default.conf"
> and the "nginx.conf" files.
Do you do that as the same user/group that you run nginx as?
Good luck with it,
f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx