• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2199
  • Last Modified:

Docker nginx permissions problem

After building...

FROM centos-7-nginx-es-export:latest

USER www-data

WORKDIR /etc/nginx

#ENTRYPOINT ["/opt/nginx-es-1.6.1-ssl1.0.1j/sbin/nginx"]
#CMD ['-c', "/etc/nginx/nginx.conf", '-g', "daemon off; client_body_temp_path /data/client_temp;"]

EXPOSE 80
EXPOSE 443


Running the following...

sudo docker run -v /var/log/nginx:/var/log/nginx:rw -v /etc/nginx/sites-enabled:/etc/nginx/sites-enabled:ro -i -t centos-7-nginx-es -c /etc/nginx/nginx.conf -g "daemon off;"

Yields...

nginx: [emerg] mkdir() "/opt/nginx-es-1.6.1-ssl1.0.1j/client_body_temp" failed (13: Permission denied)

How can I troubleshoot and correct this permissions problem?
0
bcex
Asked:
bcex
  • 3
  • 2
1 Solution
 
Jan SpringerCommented:
what do you see with:

   sudo docker info

?
0
 
bcexAuthor Commented:
:/usr/local/src/centos-7-nginx-es$ sudo docker info
Containers: 17
Images: 100
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Dirs: 134
Execution Driver: native-0.2
Kernel Version: 3.13.0-40-generic
WARNING: No swap limit support
0
 
Jan SpringerCommented:
It's not a docker issue then.

Have you seen this document?:

https://wincent.com/wiki/Fixing_nginx_client_body_temp_permission_denied_errors
0
 
bcexAuthor Commented:
Hello Jan,

I did come across this page, however, the URL near "The directive required is client_body_temp_path and it's documented here." links to a site that is no longer active.  Do you have any insight as to the specific configuration changes required in order to remedy this?

Thank you
0
 
Jan SpringerCommented:
Does this help?

http://stackoverflow.com/questions/21494979/file-upload-not-working-with-rails-4-in-development-using-pow-and-nginx

"The problem is not with Rails but with Nginx which is pretty evident from the nginx error.log. This question helped me understand what I was dealing with - Rails 3 + carrierwave + nginx = permission denied.

Nginx uses the client_body_temp_path directive to specify the location where it will temporarily store the uploaded files from the user request. Homebrew had set it by default to /usr/local/var/run/nginx. This folder also contains fastcgi_temp, proxy_temp, scgi_temp and uwsgi_temp for me. Nginx worker processes run with user nobody and they were not able to access these folders. I chowned all these folders to the nobody user, but that did not help.

Finally, I did

client_body_temp_path /tmp/nginx/; inside the HTTP module of my nginx.conf to make it work.

Doing a ls -l shows

drwx------  2 nobody       wheel   68 Feb  1 14:44 nginx

I am not sure why this worked inside /tmp and not inside the original /var/run/nginx. I belive I will face similar issue when I use other temp folders or in production. Will update this thread if and when that happens.

I recommend symlinking the other relevant logs like the nginx access and error log, pow access and app log to the /log directory of your Rails app. It helps in looking up errors in one of these when you face a tricky bug."
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now