Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to change the nginx process user of the official docker image nginx?

Tags:

docker

nginx

I'm using Docker Hub's official nginx image: https://hub.docker.com/_/nginx/

The user of nginx (as defined in /etc/nginx/nginx.conf) is nginx. Is there a way to make nginx run as www-data without having to extend the docker image? The reason for this is, I have a shared volume, that is used by multiple containers - php-fpm that I'm running as www-data and nginx. The owner of the files/directories in the shared volume is www-data:www-data and nginx has trouble accessing that - errors similar to *1 stat() "/app/frontend/web/" failed (13: Permission denied)

I have a docker-compose.yml and run all my containers, including the nginx one with docker-compose up.

  ...
  nginx:
    image: nginx:latest
    ports:
      - "80:80"
    volumes:
      - ./:/app
      - ./vhost.conf:/etc/nginx/conf.d/vhost.conf
    links:
      - fpm

  ...
like image 641
ddinchev Avatar asked Apr 24 '16 14:04

ddinchev


People also ask

What user does nginx run as Docker?

Per default, nginx runs as root user. Why? Only root processes can listen to ports below 1024. The default port for web applications is usually 80 or 443.

Where is nginx config in Docker container?

Maintaining Content and Configuration Files on the Docker Host. Any change made to the files in the local directories /var/www and /var/nginx/conf on the Docker host are reflected in the directories /usr/share/nginx/html and /etc/nginx in the container.

What is Docker nginx proxy?

nginx-proxy sets up a container running nginx and docker-gen. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped. See Automated Nginx Reverse Proxy for Docker for why you might want to use this.

What is reverse proxy Docker?

Nginx and Docker reverse proxy configuration A reverse proxy handles client requests, and then forwards those requests to another server that runs in the backend. This backend origin server processes the request and provides a response back to Nginx, which then sends the response back to the client.


2 Answers

FYI

  1. It is problem of php-fpm image
  2. It is not about usernames, it is about www-data user ID

What to do

Fix your php-fpm container and don't break good nginx container.

Solutions

  • Here is mine post with solution for docker-compose (nginx + php-fpm(alpine)): https://stackoverflow.com/a/36130772/1032085

  • Here is mine post with solution for php-fpm(debian) container: https://stackoverflow.com/a/36642679/1032085

  • Solution for Official php-fpm image. Create Dockerfile:

    FROM php:5.6-fpm
    RUN usermod -u 1000 www-data
    
like image 105
ashatrov Avatar answered Sep 18 '22 23:09

ashatrov


I know the OP asked for a solution that doesn't extend the nginx image, but I've landed here without that constraint. So I've made this Dockerfile to run nginx as www-data:www-data (33:33) :

FROM nginx:1.17

# Customization of the nginx user and group ids in the image. It's 101:101 in
# the base image. Here we use 33 which is the user id and group id for www-data
# on Ubuntu, Debian, etc.
ARG nginx_uid=33
ARG nginx_gid=33

# The worker processes in the nginx image run as the user nginx with group
# nginx. This is where we override their respective uid and guid to something
# else that lines up better with file permissions.
# The -o switch allows reusing an existing user id
RUN usermod -u $nginx_uid -o nginx && groupmod -g $nginx_gid -o nginx

It accepts a uid and gid on the command line during image build. To make an nginx image that runs as your current user id and group id for example:

docker build --build-arg nginx_uid=$(id -u) nginx_uid=$(id -g) .

The nginx user and group ids are currently hardcoded to 101:101 in the image.

like image 25
bernie Avatar answered Sep 20 '22 23:09

bernie