I have an image for running a django app. If I mount the dir containing the django app when I create the container it works fine. But I want to make the image self-contained and not dependent on the local file system. So I changed the Docker file to copy the dir containing the django app from the host machine into the image. But then, when I create the container (without mounting the dir) I get permission denied on the socket. I do remove the socket in the run file so nginx can create a new one, and it’s 666.
I have this in my Dockerfile:
ENV HOME /opt/django/app/
ADD . /tmp/django
RUN cp -rp /tmp/django/* $HOME
And this in my run file:
rm /opt/django/app/app.sock
That is before I start nginx and uwsgi.
And I get this nginx error:
2016/07/05 15:37:48 [crit] 430#0: *1 connect() to unix:/opt/django/app/app.sock failed (13: Permission denied) while connecting to upstream, client: xx.xx.xx.xx, server: , request: “GET / HTTP/1.1”, upstream: “uwsgi://unix:/opt/django/app/app.sock:”, host: “foo.bar.com:8004”
Is there something I am missing that I have to do to get this to work?
I think a Unix socket would work, but it needs to live in a shared volume. (If both containers are trying to access /opt/django/app/app.sock but that file isn’t on a shared volume, then they have two separate filesystem spaces and aren’t actually using the same socket; the “permission denied” error is probably that the app.sock file isn’t actually a socket.)
There is only 1 container - it contains everything - nginx, uwsgi, mysql, and my django app. It is a socket, and I delete it in the run script and nginx creates it anew:
Well, I spoke to soon. I don’t get the permission denied error on the socket anymore, but the app cannot access any of its files from the django project - it gets permission denied on all of them. So the issue is why it cannot access the copied in dir, but it can access the same dir when it’s mounted.
I ended up fixing it. Turned out one of the dirs in the path was not readable. That is, the django app was in /foo/bar/baz and although /foo and /foo/bar/baz were readable, /foo/bar was not. Once I chmod-ed that all was well.