Docker compose volumes website 403 Forbidden

I was trying to deploy a website using docker compose. The nginx default page works properly but every time I attempt to use a volumes to display a different page I get 403 Forbidden. All the all the permissions are the same s the default nginx page 644.

[error] 22#22: *8 “/usr/share/nginx/html/index.html” is forbidden (13: Permission denied), client: 167.248.133.34, server: MyDomain.com, request: “GET / HTTP/1.1”, host: “107.22.69.233:80”

version: ‘3’
services:
webserver:
image: nginx:latest
restart: always
ports:
- 80:80
volumes:
- ./websites:/usr/share/nginx/html/

Any and all help is appreciated.

Make sure the ./websites folder is owned by UID101 and GID101.

Thanks for the reply. Unfortunately it appears that everything is checking out.

ls -l websites/
total 2
-rw-r–r-- 1 systemd-resolve systemd-journal 488 Apr 11 21:06 50x.html
-rw-r–r-- 1 systemd-resolve systemd-journal 766 Apr 11 21:06 favicon.ico
-rw-r–r-- 1 systemd-resolve systemd-journal 300 Apr 11 21:06 index.html
root@ip-10-0-0-126:/configs# ls -ln websites/
total 2
-rw-r–r-- 1 101 101 488 Apr 11 21:06 50x.html
-rw-r–r-- 1 101 101 766 Apr 11 21:06 favicon.ico
-rw-r–r-- 1 101 101 300 Apr 11 21:06 index.html

docker exec -it 09b30d63a834 bash

cat /etc/debian_version

11.6

cat /etc/passwd

.
.
nginx:x:101:101:nginx user,:/nonexistent:/bin/false

ls -ln /usr/share/nginx/html/

total 2
-rw-r–r-- 1 101 101 488 Apr 11 21:06 50x.html
-rw-r–r-- 1 101 101 766 Apr 11 21:06 favicon.ico
-rw-r–r-- 1 101 101 300 Apr 11 21:06 index.html

ls -ln

.
.
.
drw-r–r-- 1 101 101 0 Apr 11 21:22 websites
drw-r–r-- 1 33 33 0 Apr 10 00:04 wordpress

I am not sure where the last ls was used in, but the wordpress doesn’t look right.
Please share your compose file, so we can see how the container is actually configured.

Thanks for the reply. the wordpress is a hangover from the beginning when I was attempting to build a word press site and noticed I had a problem. I then made my docker compose file as simple as possible. The docker compose file I am using is as shown above.

It would help a great deal if you format your posts according: How to format your forum posts - #2 by zavertis

I scrolled up and didn’t notice/remember that you already pasted the compose file content. I was looking for a code block. I forgot that I saw it earlier.

Well if the owner is 101:101 for the folder and files in websites, then it should have worked. Unless of course there is another oddity at work like a special ACL implementation (e.g. on a Synology NAS).

Are you by any chance running your containers on a Synology NAS?

version: '3'
services:
  webserver:
    image: nginx:latest
    restart: always
    ports:
      - "80:80"
    volumes: 
      - ./websites:/usr/share/nginx/html/

I am running AWS instances and the files are in a S3 bucket mounted to the instance.

Working files
These files were either the default nginx files
index2.html was custom made in the same directory as the working files.

# ls -l
total 12
-rw-r--r-- 1 root root 497 Mar 28 15:01 50x.html
-rw-r--r-- 1 root root 615 Mar 28 15:01 index.html
-rw-r--r-- 1 root root 301 Apr 12 22:37 index2.html
 
# stat *
  File: 50x.html
  Size: 497             Blocks: 8          IO Block: 4096   regular file
Device: 2bh/43d Inode: 305524      Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-03-28 15:01:54.000000000 +0000
Modify: 2023-03-28 15:01:54.000000000 +0000
Change: 2023-04-12 22:31:18.700064131 +0000
 Birth: 2023-04-12 22:31:18.700064131 +0000
 
  File: index.html
  Size: 615             Blocks: 8          IO Block: 4096   regular file
Device: 2bh/43d Inode: 305525      Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-03-28 15:01:54.000000000 +0000
Modify: 2023-03-28 15:01:54.000000000 +0000
Change: 2023-04-12 22:31:18.700064131 +0000
 Birth: 2023-04-12 22:31:18.700064131 +0000
 
  File: index2.html
  Size: 301             Blocks: 8          IO Block: 4096   regular file
Device: 2bh/43d Inode: 305928      Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-04-12 22:38:14.648620406 +0000
Modify: 2023-04-12 22:37:53.632390174 +0000
Change: 2023-04-12 22:37:53.632390174 +0000
 Birth: 2023-04-12 22:35:38.194897345 +0000

Files that DO NOT WORK

# ls -l
total 3
-rwxr-xr-x 1 nginx nginx 488 Apr 12 15:30 50x.html
-rwxr-xr-x 1 nginx nginx 766 Apr 12 15:30 favicon.ico
-rwxr-xr-x 1 nginx nginx 615 Apr 12 22:55 index.html
-rwxr-xr-x 1 root  root  301 Apr 12 22:50 index2.html

# stat *
  File: 50x.html
  Size: 488             Blocks: 1          IO Block: 4096   regular file
Device: 28h/40d Inode: 18          Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (  101/   nginx)   Gid: (  101/   nginx)
Access: 2023-04-12 15:30:35.000000000 +0000
Modify: 2023-04-12 15:30:35.000000000 +0000
Change: 2023-04-12 15:30:34.000000000 +0000
 Birth: -
 
  File: favicon.ico
  Size: 766             Blocks: 2          IO Block: 4096   regular file
Device: 28h/40d Inode: 19          Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (  101/   nginx)   Gid: (  101/   nginx)
Access: 2023-04-12 15:30:35.000000000 +0000
Modify: 2023-04-12 15:30:35.000000000 +0000
Change: 2023-04-12 15:30:34.000000000 +0000
 Birth: -
 
  File: index.html
  Size: 615             Blocks: 2          IO Block: 4096   regular file
Device: 28h/40d Inode: 20          Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (  101/   nginx)   Gid: (  101/   nginx)
Access: 2023-04-12 22:55:23.000000000 +0000
Modify: 2023-04-12 22:55:22.000000000 +0000
Change: 2023-04-12 22:55:22.000000000 +0000
 Birth: -
 
  File: index2.html
  Size: 301             Blocks: 1          IO Block: 4096   regular file
Device: 28h/40d Inode: 21          Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-04-12 22:50:39.000000000 +0000
Modify: 2023-04-12 22:50:39.000000000 +0000
Change: 2023-04-12 22:57:08.000000000 +0000
 Birth: -
 

Good Morning,

Not at all.
Thank you.

Docker compose is officially FUBAR

I had the same problem.
Basically I had to change the owner of the /usr/share/nginx/html directory and files within the container to be user “nginx” and group “nginx”.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.