I was trying to deploy a website using docker compose. The nginx default page works properly but every time I attempt to use a volumes to display a different page I get 403 Forbidden. All the all the permissions are the same s the default nginx page 644.
[error] 22#22: *8 “/usr/share/nginx/html/index.html” is forbidden (13: Permission denied), client: 167.248.133.34, server: MyDomain.com , request: “GET / HTTP/1.1”, host: “107.22.69.233:80”
version: ‘3’
services:
webserver:
image: nginx:latest
restart: always
ports:
- 80:80
volumes:
- ./websites:/usr/share/nginx/html/
Any and all help is appreciated.
meyay
(Metin Y.)
April 12, 2023, 6:04am
2
https://hub.docker.com/_/nginx:
User and group id
Since 1.17.0, both alpine- and debian-based images variants use the same user and group ids to drop the privileges for worker processes:
$ id
uid=101(nginx) gid=101(nginx) groups=101(nginx)
Make sure the ./websites
folder is owned by UID101 and GID101.
Thanks for the reply. Unfortunately it appears that everything is checking out.
ls -l websites/
total 2
-rw-r–r-- 1 systemd-resolve systemd-journal 488 Apr 11 21:06 50x.html
-rw-r–r-- 1 systemd-resolve systemd-journal 766 Apr 11 21:06 favicon.ico
-rw-r–r-- 1 systemd-resolve systemd-journal 300 Apr 11 21:06 index.html
root@ip-10-0-0-126:/configs# ls -ln websites/
total 2
-rw-r–r-- 1 101 101 488 Apr 11 21:06 50x.html
-rw-r–r-- 1 101 101 766 Apr 11 21:06 favicon.ico
-rw-r–r-- 1 101 101 300 Apr 11 21:06 index.html
docker exec -it 09b30d63a834 bash
cat /etc/debian_version
11.6
cat /etc/passwd
.
.
nginx:x:101:101:nginx user,:/nonexistent:/bin/false
ls -ln /usr/share/nginx/html/
total 2
-rw-r–r-- 1 101 101 488 Apr 11 21:06 50x.html
-rw-r–r-- 1 101 101 766 Apr 11 21:06 favicon.ico
-rw-r–r-- 1 101 101 300 Apr 11 21:06 index.html
ls -ln
.
.
.
drw-r–r-- 1 101 101 0 Apr 11 21:22 websites
drw-r–r-- 1 33 33 0 Apr 10 00:04 wordpress
meyay
(Metin Y.)
April 12, 2023, 4:38pm
4
I am not sure where the last ls
was used in, but the wordpress
doesn’t look right.
Please share your compose file, so we can see how the container is actually configured.
Thanks for the reply. the wordpress is a hangover from the beginning when I was attempting to build a word press site and noticed I had a problem. I then made my docker compose file as simple as possible. The docker compose file I am using is as shown above.
meyay
(Metin Y.)
April 12, 2023, 8:16pm
6
It would help a great deal if you format your posts according: How to format your forum posts - #2 by zavertis
I scrolled up and didn’t notice/remember that you already pasted the compose file content. I was looking for a code block. I forgot that I saw it earlier.
Well if the owner is 101:101 for the folder and files in websites, then it should have worked. Unless of course there is another oddity at work like a special ACL implementation (e.g. on a Synology NAS).
Are you by any chance running your containers on a Synology NAS?
version: '3'
services:
webserver:
image: nginx:latest
restart: always
ports:
- "80:80"
volumes:
- ./websites:/usr/share/nginx/html/
I am running AWS instances and the files are in a S3 bucket mounted to the instance.
Working files
These files were either the default nginx files
index2.html was custom made in the same directory as the working files.
# ls -l
total 12
-rw-r--r-- 1 root root 497 Mar 28 15:01 50x.html
-rw-r--r-- 1 root root 615 Mar 28 15:01 index.html
-rw-r--r-- 1 root root 301 Apr 12 22:37 index2.html
# stat *
File: 50x.html
Size: 497 Blocks: 8 IO Block: 4096 regular file
Device: 2bh/43d Inode: 305524 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2023-03-28 15:01:54.000000000 +0000
Modify: 2023-03-28 15:01:54.000000000 +0000
Change: 2023-04-12 22:31:18.700064131 +0000
Birth: 2023-04-12 22:31:18.700064131 +0000
File: index.html
Size: 615 Blocks: 8 IO Block: 4096 regular file
Device: 2bh/43d Inode: 305525 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2023-03-28 15:01:54.000000000 +0000
Modify: 2023-03-28 15:01:54.000000000 +0000
Change: 2023-04-12 22:31:18.700064131 +0000
Birth: 2023-04-12 22:31:18.700064131 +0000
File: index2.html
Size: 301 Blocks: 8 IO Block: 4096 regular file
Device: 2bh/43d Inode: 305928 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2023-04-12 22:38:14.648620406 +0000
Modify: 2023-04-12 22:37:53.632390174 +0000
Change: 2023-04-12 22:37:53.632390174 +0000
Birth: 2023-04-12 22:35:38.194897345 +0000
Files that DO NOT WORK
# ls -l
total 3
-rwxr-xr-x 1 nginx nginx 488 Apr 12 15:30 50x.html
-rwxr-xr-x 1 nginx nginx 766 Apr 12 15:30 favicon.ico
-rwxr-xr-x 1 nginx nginx 615 Apr 12 22:55 index.html
-rwxr-xr-x 1 root root 301 Apr 12 22:50 index2.html
# stat *
File: 50x.html
Size: 488 Blocks: 1 IO Block: 4096 regular file
Device: 28h/40d Inode: 18 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 101/ nginx) Gid: ( 101/ nginx)
Access: 2023-04-12 15:30:35.000000000 +0000
Modify: 2023-04-12 15:30:35.000000000 +0000
Change: 2023-04-12 15:30:34.000000000 +0000
Birth: -
File: favicon.ico
Size: 766 Blocks: 2 IO Block: 4096 regular file
Device: 28h/40d Inode: 19 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 101/ nginx) Gid: ( 101/ nginx)
Access: 2023-04-12 15:30:35.000000000 +0000
Modify: 2023-04-12 15:30:35.000000000 +0000
Change: 2023-04-12 15:30:34.000000000 +0000
Birth: -
File: index.html
Size: 615 Blocks: 2 IO Block: 4096 regular file
Device: 28h/40d Inode: 20 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 101/ nginx) Gid: ( 101/ nginx)
Access: 2023-04-12 22:55:23.000000000 +0000
Modify: 2023-04-12 22:55:22.000000000 +0000
Change: 2023-04-12 22:55:22.000000000 +0000
Birth: -
File: index2.html
Size: 301 Blocks: 1 IO Block: 4096 regular file
Device: 28h/40d Inode: 21 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2023-04-12 22:50:39.000000000 +0000
Modify: 2023-04-12 22:50:39.000000000 +0000
Change: 2023-04-12 22:57:08.000000000 +0000
Birth: -
Docker compose is officially FUBAR
melvinpao
(Melvin Pao)
December 6, 2024, 6:25am
15
I had the same problem.
Basically I had to change the owner of the /usr/share/nginx/html directory and files within the container to be user “nginx” and group “nginx”.
system
(system)
Closed
December 16, 2024, 6:26am
16
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.