Menu
I'm using Docker Hub's official nginx image: https://hub.docker.com/_/nginx/
The user of nginx (as defined in /etc/nginx/nginx.conf) is nginx. Is there a way to make nginx run as www-data without having to extend the docker image? The reason for this is, I have a shared volume, that is used by multiple containers - php-fpm that I'm running as www-data and nginx. The owner of the files/directories in the shared volume is www-data:www-data and nginx has trouble accessing that - errors similar to *1 stat() "/app/frontend/web/" failed (13: Permission denied)
I have a docker-compose.yml and run all my containers, including the nginx one with docker-compose up.
...
nginx:
image: nginx:latest
ports:
- "80:80"
volumes:
- ./:/app
- ./vhost.conf:/etc/nginx/conf.d/vhost.conf
links:
- fpm
...
641
Per default, nginx runs as root user. Why? Only root processes can listen to ports below 1024. The default port for web applications is usually 80 or 443.
Maintaining Content and Configuration Files on the Docker Host. Any change made to the files in the local directories /var/www and /var/nginx/conf on the Docker host are reflected in the directories /usr/share/nginx/html and /etc/nginx in the container.
nginx-proxy sets up a container running nginx and docker-gen. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped. See Automated Nginx Reverse Proxy for Docker for why you might want to use this.
Nginx and Docker reverse proxy configuration A reverse proxy handles client requests, and then forwards those requests to another server that runs in the backend. This backend origin server processes the request and provides a response back to Nginx, which then sends the response back to the client.
Fix your php-fpm container and don't break good nginx container.
Here is mine post with solution for docker-compose (nginx + php-fpm(alpine)): https://stackoverflow.com/a/36130772/1032085
Here is mine post with solution for php-fpm(debian) container: https://stackoverflow.com/a/36642679/1032085
Solution for Official php-fpm image. Create Dockerfile:
FROM php:5.6-fpm
RUN usermod -u 1000 www-data
I know the OP asked for a solution that doesn't extend the nginx image, but I've landed here without that constraint. So I've made this Dockerfile to run nginx as www-data:www-data (33:33) :
FROM nginx:1.17
# Customization of the nginx user and group ids in the image. It's 101:101 in
# the base image. Here we use 33 which is the user id and group id for www-data
# on Ubuntu, Debian, etc.
ARG nginx_uid=33
ARG nginx_gid=33
# The worker processes in the nginx image run as the user nginx with group
# nginx. This is where we override their respective uid and guid to something
# else that lines up better with file permissions.
# The -o switch allows reusing an existing user id
RUN usermod -u $nginx_uid -o nginx && groupmod -g $nginx_gid -o nginx
It accepts a uid and gid on the command line during image build. To make an nginx image that runs as your current user id and group id for example:
docker build --build-arg nginx_uid=$(id -u) nginx_uid=$(id -g) .
The nginx user and group ids are currently hardcoded to 101:101 in the image.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
