Docker containers in read only mode

Hi Guys,

I am still pretty new to docker and i have been struggling with an issue

I am trying to setup some docker containers precisely the redash appplication. Here is my working code:

sudo docker network create redash_default
sudo docker container run --name redis --network redash_default -d redis:4.0-alpine
sudo docker container run --name postgres --network redash_default --env-file /opt/redash/env -v /opt/redash/postgres-data -d postgres:9.5.21-alpine
sudo docker container run --rm -p 5000:5000 -e REDASH_WEB_WORKERS=4 --name server --network redash_default --env-file env redash/redash:7.0.0.b18042 create_db
sudo docker container run -d --restart always -p 5000:5000 -e REDASH_WEB_WORKERS=4 --name server --network redash_default --env-file env redash/redash:7.0.0.b18042

sudo docker container run -d --restart always -e QUEUES=celery -e WORKERS_COUNT=1 --name scheduler --network redash_default --env-file env redash/redash:7.0.0.b18042

sudo docker container run -d --restart always -e QUEUES=scheduled_queries,schemas -e WORKERS_COUNT=1 --name scheduled_worker --network redash_default --env-file env redash/redash:7.0.0.b18042

sudo docker container run -d --restart always -e QUEUES=queries -e WORKERS_COUNT=2 --name adhoc_worker --network redash_default --env-file env redash/redash:7.0.0.b18042

sudo docker container run -d --restart always -p 80:80 --link server:redash --name nginx --network redash_default redash/nginx:latest

however i am only allowed to run the containers in read-only mode which is breaking the application. Only redis seemed to like the read-only mode so i thought about mounting an external persistent disk on the instance /dockervol/ where the apps can be given RW access but i cant seem to get that work here is something i have tried for example with nginx

docker container run -p 80:80 --mount type=bind,source=/dockervol/nginx,target=/etc/nginx – read-only --link server:redash --name nginx --network redash_default redash/nginx:latest

i get an error

nginx: [emerg] open() “/etc/nginx/nginx.conf” failed (2: No such file or directory)

My question is how do i get all the containers to work in read-only mode with a persistent volume without breaking the application.

I am not quite sure if I got your problem. (Btw. next time try to use the format features to format your code. This will make it a lot easier to read :slight_smile: )

Are you only allowed to run the containers in read only mode by the company? I don’t get why you wouldn’t be allowed to write data to the containers, since containers are stateless and not ment to persist data anyways.

Anyways. Your approach with nginx is correct and should work. The problem here is that you don’t have a config for nginx in your directory /etc/nginx, which is mounted to /dockervol/nginx. If you place a valid nginx config named nginx.conf in /dockervol/nginx and restart the container everything should work fine.

@derteufelqwe

thanks for chipping and i am absolutely sorry about the code formatting. Yes, the issue here is that we are only allowed to run containers in read only mode in our company. i was just looking for ways to make all the containers work with the read-only flag. I must also say you are right about my nginx.conf file it wasn’t in the right directory. once i placed it /dockervol/nginx i got the error
open() “/var/run/nginx.pid” failed (30: Read-only file system)

Okay, that is nice.
You should tell your boss that this is kinda meh. This will break almost all images.

Take a look at this tutorial: https://medium.com/urban-massage-product/nginx-with-docker-easier-said-than-done-d1b5815d00d0.
Looks like this is not that easy.

@hifyty: actualy your requirement is not that uncommon for container in government environments.

Though, with this sort of constraint, you will be much happier with Kubernetes. A pod can have as many init containers as required to do the prepration work, before the final containers are started.

@derteufelqwe: most images on Docker Hub are designed for simple operations, which usualy introduces things that are unacceptable in professional operation environment.

@derteufelqwe @hifyty
I tried doing it the same way but im getting thie below error
ginx: [emerg] open() “/etc/nginx/mime.types” failed (2: No such file or directory) in /etc/nginx/nginx.conf:14

Are there any good options we can run this container in readonly mode, as that is a requirement for me also.