S6-overlay USER 指令
我正在尝试使用 s6-overlay 构建一个新的基础镜像,其中包括 PHP-FPM 和 Nginx。总体而言,图像运行良好,两个进程都在运行。然而,当我登录到容器时,我是 root,这是我总体上不想要的。此时,容器正在以 nginx 身份运行 nginx,并且 php-fpm 池以用户 app 身份运行,该用户在 1000:1000 上拥有自己的用户/组。
但是,当我将 USER app 添加到我的 Dockerfile 时,显示以下错误:
app_1 | s6-rc: info: service nginx: starting
app_1 | s6-rc: info: service s6rc-oneshot-runner: starting
app_1 | s6-rc: info: service nginx successfully started
app_1 | nginx: [alert] could not open error log file: open() "/var/lib/nginx/logs/error.log" failed (13: Permission denied)
app_1 | s6-rc: info: service s6rc-oneshot-runner successfully started
app_1 | s6-rc: info: service fix-attrs: starting
app_1 | 2022/03/14 11:20:50 [warn] 37#37: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
app_1 | 2022/03/14 11:20:50 [emerg] 37#37: mkdir() "/var/lib/nginx/tmp/client_body" failed (13: Permission denied)
app_1 | SERVICE ENDED: nginx-service
app_1 | s6-rc: info: service fix-attrs successfully started
app_1 | s6-rc: info: service legacy-cont-init: starting
app_1 | s6-rc: info: service legacy-cont-init successfully started
app_1 | s6-rc: info: service legacy-services: starting
app_1 | s6-rc: info: service legacy-services successfully started
app_1 | nginx: [alert] could not open error log file: open() "/var/lib/nginx/logs/error.log" failed (13: Permission denied)
app_1 | 2022/03/14 11:20:51 [warn] 65#65: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
app_1 | 2022/03/14 11:20:51 [emerg] 65#65: mkdir() "/var/lib/nginx/tmp/client_body" failed (13: Permission denied)
app_1 | SERVICE ENDED: nginx-service
有办法解决此问题吗?
这是我目前的 Dockerfile:
FROM php:8.1-fpm-alpine
# Install root packages
RUN apk -U upgrade && apk add --no-cache \
curl \
nginx \
tzdata \
&& addgroup -g 1000 -S app \
&& adduser -u 1000 -G app -S app \
&& rm -rf /var/cache/apk/* /etc/nginx/conf.d/* /usr/local/etc/php-fpm.d/*
# Add S6 Overlay
COPY files/s6-overlay files/general /
# # Add composer
COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
# Add extension installer
COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
RUN install-php-extensions opcache
# Set the correct permissions for /app
RUN chown -R app:app /app
# Set default paths and startup
WORKDIR /app
ENTRYPOINT ["/init"]
EXPOSE 80
HEALTHCHECK --interval=5s --timeout=5s CMD curl -f http://127.0.0.1/php-fpm-ping || exit 1
实际的 S6 覆盖是从 files 文件夹复制的。
皮姆
Im trying to build a new base image with s6-overlay that includes PHP-FPM and Nginx. Overall the image is running fine and both processes are running. However when i log into the container i am root which is something that i overall do not want. At this point the container is running nginx as nginx and the php-fpm pool is running as user app which has its own user/group on 1000:1000.
However when i add USER app to my Dockerfile below error is showing:
app_1 | s6-rc: info: service nginx: starting
app_1 | s6-rc: info: service s6rc-oneshot-runner: starting
app_1 | s6-rc: info: service nginx successfully started
app_1 | nginx: [alert] could not open error log file: open() "/var/lib/nginx/logs/error.log" failed (13: Permission denied)
app_1 | s6-rc: info: service s6rc-oneshot-runner successfully started
app_1 | s6-rc: info: service fix-attrs: starting
app_1 | 2022/03/14 11:20:50 [warn] 37#37: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
app_1 | 2022/03/14 11:20:50 [emerg] 37#37: mkdir() "/var/lib/nginx/tmp/client_body" failed (13: Permission denied)
app_1 | SERVICE ENDED: nginx-service
app_1 | s6-rc: info: service fix-attrs successfully started
app_1 | s6-rc: info: service legacy-cont-init: starting
app_1 | s6-rc: info: service legacy-cont-init successfully started
app_1 | s6-rc: info: service legacy-services: starting
app_1 | s6-rc: info: service legacy-services successfully started
app_1 | nginx: [alert] could not open error log file: open() "/var/lib/nginx/logs/error.log" failed (13: Permission denied)
app_1 | 2022/03/14 11:20:51 [warn] 65#65: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
app_1 | 2022/03/14 11:20:51 [emerg] 65#65: mkdir() "/var/lib/nginx/tmp/client_body" failed (13: Permission denied)
app_1 | SERVICE ENDED: nginx-service
Is there a way to resolve this?
This is my Dockerfile at the moment:
FROM php:8.1-fpm-alpine
# Install root packages
RUN apk -U upgrade && apk add --no-cache \
curl \
nginx \
tzdata \
&& addgroup -g 1000 -S app \
&& adduser -u 1000 -G app -S app \
&& rm -rf /var/cache/apk/* /etc/nginx/conf.d/* /usr/local/etc/php-fpm.d/*
# Add S6 Overlay
COPY files/s6-overlay files/general /
# # Add composer
COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
# Add extension installer
COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
RUN install-php-extensions opcache
# Set the correct permissions for /app
RUN chown -R app:app /app
# Set default paths and startup
WORKDIR /app
ENTRYPOINT ["/init"]
EXPOSE 80
HEALTHCHECK --interval=5s --timeout=5s CMD curl -f http://127.0.0.1/php-fpm-ping || exit 1
The actual S6 overlay is copied from the files folder.
Pim
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论