Openshift Nginx permission problem [nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)]
Solution 1
To resolve this. I think the Problem in this Dockerfile was that I used the COPY command to move my build and that did not exist. So here is my working
Dockerfile
FROM nginx:alpine
LABEL maintainer="ReliefMelone"
WORKDIR /app
COPY . .
# Install node.js
RUN apk update && \
apk add nodejs npm python make curl g++
# Build Application
RUN npm install
RUN ./node_modules/@angular/cli/bin/ng build --configuration=${BUILD_CONFIG}
RUN cp -r ./dist/. /usr/share/nginx/html
# Configure NGINX
COPY ./openshift/nginx/nginx.conf /etc/nginx/nginx.conf
COPY ./openshift/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf
RUN chgrp -R root /var/cache/nginx /var/run /var/log/nginx && \
chmod -R 770 /var/cache/nginx /var/run /var/log/nginx
EXPOSE 8080
CMD ["nginx", "-g", "daemon off;"]
Note that under the Build Application section I now do
RUN cp -r ./dist/. /usr/share/nginx/html
instead of
COPY ./dist/my-app /usr/share/nginx/html
The copy will not work as I previously ran the ng build inside of the container the dist will only exist in the container as well, so I need to execute the copy command inside of that container
Solution 2
I was using openshift, with limited permissions, so I fixed this problem by using the following nginx image (rather than nginx:latest
)
FROM nginxinc/nginx-unprivileged
Solution 3
Had the same error on my nginx:alpine
Dockerfile
There is already a user called nginx
in the nginx:alpine
image. My guess is that it's cleaner to use it to run nginx.
Here is how I resolved it:
- Set the owner of
/var/cache/nginx
tonginx
(user 101, group 101) - Create a
/var/run/nginx.pid
and set the owner tonginx
as well - Copy all the files to the image using
--chown=nginx:nginx
FROM nginx:alpine
RUN touch /var/run/nginx.pid && \
chown -R nginx:nginx /var/cache/nginx /var/run/nginx.pid
USER nginx
COPY --chown=nginx:nginx my/html/files /usr/share/nginx/html
COPY --chown=nginx:nginx config/myapp/default.conf /etc/nginx/conf.d/default.conf
...
Solution 4
If you're here because you failed to deploy an example helm chart (e.g: helm create mychart), do just like @quasipolynomial suggested but instead change your deployment file pull the right image.
i.e
containters:
- image: nginxinc/nginx-unprivileged
more info on the official unprivileged image: https://github.com/nginxinc/docker-nginx-unprivileged
Related videos on Youtube
relief.melone
Updated on July 09, 2022Comments
-
relief.melone almost 2 years
I am currently running into a problem trying to set up nginx:alpine in Openshift.
My build runs just fine but I am not able to deploy with permission being denied with the following error
2019/01/25 06:30:54 [emerg] 1#1: mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)
nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)
Now I know Openshift is a bit tricky when it comes to permissions as the container is running without root privilidges and the UID is gerenated on runetime which means it's not available in /etc/passwd. But the user is part of the group root. Now how this is supposed to be handled is being described here
I even went further and made the whole /var completely accessible (777) for testing purposes but I still get the error. This is what my Dockerfile looks like
Dockerfile
FROM nginx:alpine #Configure proxy settings ENV HTTP_PROXY=http://my.proxy:port ENV HTTPS_PROXY=http://my.proxy:port ENV HTTP_PROXY_AUTH=basic:*:username:password WORKDIR /app COPY . . # Install node.js RUN apk update && \ apk add nodejs npm python make curl g++ # Build Application RUN npm install RUN ./node_modules/@angular/cli/bin/ng build COPY ./dist/my-app /usr/share/nginx/html # Configure NGINX COPY ./openshift/nginx/nginx.conf /etc/nginx/nginx.conf COPY ./openshift/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf RUN chgrp -R root /var/cache/nginx /var/run /var/log/nginx && \ chmod -R 777 /var RUN sed -i.bak 's/^user/#user/' /etc/nginx/nginx.conf EXPOSE 8080
It's funny that this approach just seems to effekt the alpine version of nginx. nginx:latest (based on debian I think) has no issues and the way to set it up described here
https://torstenwalter.de/openshift/nginx/2017/08/04/nginx-on-openshift.html
works. (but i am having some other issues with that build so I switched to alpine)
Any ideas why this is still not working?
-
thexpand about 5 yearsI guess that you have set up a
user
in yourdocker-compose.yml
file somewhere and that is what's causing the problem, because the user is a non-root user. The nginx service needs to bind ports and has to be root for that. -
garg10may almost 5 yearswere you able to solve the issue, all errors removed after following
torstenwalter.de
link but stillnginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)
remains. Though usnignginx:latest
instead ofnginx:alpine
fixed the issue
-
-
SamwellTarly almost 2 yearsFor anyone who are running a secure nginx in Openshift without root or the ability to edit the build, an option would be to follow stackoverflow.com/questions/70446840/… to set required parameters in the nginx configuration