如何让docker以root权限读取文件
所以我尝试在 Docker 容器中运行我的 FastAPI python 应用程序。我选择 python:3.9 作为基础映像,一切似乎都正常,直到我决定将 SSL 证书文件集成到容器中。
Dockerfile:
FROM python:3.9
WORKDIR /app
COPY requirements.txt requirements.txt
RUN pip3 install -r requirements.txt
RUN mkdir -p /app/SSL
VOLUME /etc/letsencrypt/live/soulforger.net/:/app/SSL/
COPY . .
CMD [ "uvicorn", "core:app", "--host", "0.0.0.0", "--port", "8000", "--ssl-keyfile", "/app/SSL/privkey.pem", "--ssl-certfile", "/app/SSL/cert.pem" ]
EXPOSE 8000
Docker运行命令:sudo docker run -p 33665:8000 -v /etc/letsencrypt/live/soulforger.net/:/app/SSL - -name Soulforger_api -d 24aea28ce756
现在的问题是目录 im 映射只能以 root 用户身份访问。当我执行到容器中时,文件就在那里,但我无法cat /app/SSL/cert.pem。由于我可以毫无问题地捕获其他所有内容,因此我假设将目录映射到容器时存在某种权限问题。有人知道什么会导致这个问题吗?
解决方案: 经过大量挖掘,我发现了问题所在,对于任何看到这篇文章并且也使用 Let's Encrypt 的人来说,/etc/letsencrypt/live/some.domain/ 中的文件 仅链接到另一个目录中的文件。如果要将服务器的 SSL 证书挂载到容器,则必须挂载整个 /etc/letsencrypt/ 目录才能访问链接引用的文件。所有道具都转到此答案。
So I'm trying to run my FastAPI python app in a Docker container. I choose python:3.9 as a base image and everything seemed to work until I decided to integrate my SSL Cert-Files into the container.
Dockerfile:
FROM python:3.9
WORKDIR /app
COPY requirements.txt requirements.txt
RUN pip3 install -r requirements.txt
RUN mkdir -p /app/SSL
VOLUME /etc/letsencrypt/live/soulforger.net/:/app/SSL/
COPY . .
CMD [ "uvicorn", "core:app", "--host", "0.0.0.0", "--port", "8000", "--ssl-keyfile", "/app/SSL/privkey.pem", "--ssl-certfile", "/app/SSL/cert.pem" ]
EXPOSE 8000
Docker run command:sudo docker run -p 33665:8000 -v /etc/letsencrypt/live/soulforger.net/:/app/SSL --name soulforger_api -d 24aea28ce756
Now the problem is that the directory im mapping is only accessible as a root user. When I exec into the Container, the files are there but I can't cat /app/SSL/cert.pem. Due to the fact that I can cat everything else without problem I assume its some sort of permissions problem when mapping the dir into the container. Does anybody have an idea of what can cause this issue?
Solution:
After a lot of digging I found out what the problem is, for anyone that happens upon this post and also uses Let's Encrypt, the files within /etc/letsencrypt/live/some.domain/ are only links to files in another directory. If you want to mount the SSL certificates of your server to your containers, you have to mount the entire /etc/letsencrypt/ dir in order to have access to the files referenced by the links. All props go to this answer.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以更改 Dockerfile 中的用户。尝试在您的 dockerfile 中添加
USER root。希望它会有所帮助。
You can change the user in the Dockerfile. Try to add
USER rootin your dockerfile.Hopefully it will be helpful.