Permission issues in nexus3 docker container

Question

When I start nexus3 in a docker container I get the following error messages.

$ docker run --rm sonatype/nexus3:3.8.0
Warning:  Cannot open log file: ../sonatype-work/nexus3/log/jvm.log
Warning:  Forcing option -XX:LogFile=/tmp/jvm.log
Java HotSpot(TM) 64-Bit Server VM warning: Cannot open file ../sonatype-work/nexus3/log/jvm.log due to Permission denied

Unable to update instance pid: Unable to create directory /nexus-data/instances
/nexus-data/log/karaf.log (Permission denied)
Unable to update instance pid: Unable to create directory /nexus-data/instances

It indicates that there is a file permission issue. I am using Red Hat Enterprise Linux 7.5 as host machine and the most recent docker version.

On another machine (ubuntu) it works fine.

The issue occurs in the persistent volume (/nexus-data). However, I do not mount a specific volume and let docker use a anonymous one.

If I compare the volumes on both machines I can see the following permissions:

For Red Hat, where it is not working is belongs to root.

$ docker run --rm sonatype/nexus3:3.8.0 ls -l /nexus-data              
total 0
drwxr-xr-x. 2 root root 6 Mar  1 00:07 etc
drwxr-xr-x. 2 root root 6 Mar  1 00:07 log
drwxr-xr-x. 2 root root 6 Mar  1 00:07 tmp

On ubuntu, where it is working it belongs to nexus. Nexus is also the default user in the container.

$ docker run --rm sonatype/nexus3:3.8.0 ls -l /nexus-data
total 12
drwxr-xr-x 2 nexus nexus 4096 Mar  1 00:07 etc
drwxr-xr-x 2 nexus nexus 4096 Mar  1 00:07 log
drwxr-xr-x 2 nexus nexus 4096 Mar  1 00:07 tmp

Changing the user with the options -u is not an option.

Answer 1

I could solve it by deleting all local docker images: docker image prune -a

Afterwards it downloaded the image again and it worked. This is strange because I also compared the fingerprints of the images and they were identical.

Answer 2

An example of docker-compose for Nexus :

version: "3"

services:

#Nexus
  nexus:
    image: sonatype/nexus3:3.39.0
    expose:
    - "8081"
    - "8082"
    - "8083"
    ports:
      # UI
      - "8081:8081"
      # repositories http
      - "8082:8082"
      - "8083:8083"
      # repositories https
      #- "8182:8182"
      #- "8183:8183"
    environment:
      - VIRTUAL_PORT=8081
    volumes:
      - "./nexus/data/nexus-data:/nexus-data"

Setup the volume :

mkdir -p ./nexus/data/nexus-data
sudo chown -R 200 nexus/    # 200 because it's the UID of the nexus user inside the container

Start Nexus

sudo docker-compose up -d

hf