How to deal with permissions using docker - nginx / php-fpm

Question

I'm trying to deploy a very simple Symfony application using nginx & php-fpm via Docker.

Two docker services :
1. web : running nginx
2. php : running php-fpm; containing application source.

I want to build images that can be deployed without any external dependency. That's why I'm copying source code within the php container.
On development process; i'm overriding /var/www/html volume with local path.

# file: php-fpm/Dockerfile
FROM php:7.1-fpm-alpine

COPY ./vendor /var/www/html
COPY . /var/www/html

VOLUME /var/www/html

Now the docker-compose configuration file.

# file : docker-compose-prod.yml
version: '2'
services:
  web:
    image: "private/web"
    ports:
      - 80:80
    volumes_from:
      - php
  php:
    image: "private/php"
    ports:
      - 9000:9000

The problem is about permissions.
When accessing localhost, Symfony is botting up, but cache / logs / sessions folders are not writable.

1. nginx is using /var/www/html to serve static files.
2. php-fpm is using /var/www/html to execute php files.

I'm not sure about the problem. But how can I be sure about the following:

1. /var/www/html have to be readable for nginx ?
2. /var/www/html have to be writable for php-fpm ?

Note: I'm building images from MacbookPro; cache / logs / sessions are 777.

Answer 1

docker-compose.yml supports a user directive under services. The docs only mention it in the run command, but it works the same.

I have a similar setup and this is how I do it:

# file : docker-compose-prod.yml
version: '2'
services:
  web:
    image: "private/web"
    ports:
      - 80:80
    volumes_from:
      - php
  php:
    image: "private/php"
    ports:
      - 9000:9000
    user: "$UID"

I have to run export UID before running docker-compose and then that sets the default user to my current user. This allows logging / caching etc. to work as expected.