Docker Community Forums

Share and learn in the Docker community.

Nginx php-fpm failed to open stream permission denied

docker

(Codinglimo) #1

I use the following Dochkerfile and config files to create my nginx and php-fpm container.

Dockerfile:

FROM richarvey/nginx-php-fpm
RUN php5enmod mcrypt

RUN rm -f /etc/nginx/sites-available/default.conf
RUN rm -f /etc/nginx/sites-enabled/*

COPY config/default.conf /etc/nginx/sites-available/default.conf

RUN apt-get update && apt-get install -y php5-dev nano

ENV TERM xterm

COPY config/nginx.conf /etc/nginx/

nginx.conf

user www-data;
worker_processes 1;
pid /run/nginx.pid;

events {
    worker_connections 1024;
    # multi_accept on;
}

http {

    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request "'
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    autoindex off;
    map $scheme $fastcgi_https { ## Detect when HTTPS is used
        default off;
        https on;
    }

    keepalive_timeout  10;

    gzip  on;
    gzip_comp_level 2;
    gzip_proxied any;
    gzip_types      text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-available/*;
}

default.conf

server {
    listen   80; ## listen for ipv4; this line is default and implied
    listen   [::]:80 default ipv6only=on; ## listen for ipv6

    #server_name  172.17.0.15;
    root /usr/share/nginx/html/magento;

    # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
    sendfile off;

    location / {
        index index.html index.php; ## Allow a static html file to be shown first
        try_files $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler
        expires 30d; ## Assume all files are cachable
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
            root /usr/share/nginx/html;
    }

    ## These locations would be hidden by .htaccess normally
    location ^~ /app/                { deny all; }
    location ^~ /includes/           { deny all; }
    location ^~ /lib/                { deny all; }
    location ^~ /media/downloadable/ { deny all; }
    location ^~ /pkginfo/            { deny all; }
    location ^~ /report/config.xml   { deny all; }
    location ^~ /var/                { deny all; }


    location /var/export/ { ## Allow admins only to view export folder
        auth_basic           "Restricted"; ## Message shown in login window
        auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
        autoindex            on;
    }

    location  /. { ## Disable .htaccess and other hidden files
        return 404;
    }

    location @handler { ## Magento uses a common front handler
        rewrite / /index.php;
    }

    location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
        rewrite ^(.*.php)/ $1 last;
    }

    location ~ .php$ { ## Execute PHP scripts
        if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss

        expires        off; ## Do not cache dynamic content
        fastcgi_pass   unix:/var/run/php5-fpm.sock;
        #fastcgi_pass 127.0.0.1:9000;
        #fastcgi_param  HTTPS $fastcgi_https;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
        fastcgi_param  MAGE_RUN_TYPE store;
        include        fastcgi_params; ## See /etc/nginx/fastcgi_params
    }

    location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
            expires           5d;
    }

    # deny access to . files, for security
    #
    location ~ /\. {
            log_not_found off;
            deny all;
    }

}

After I start my container with the following docker run everything works fine (my files in mycontainerfiles show correctly in my browser):

docker run --name mycontainer -p 32770:80 -v /Users/sja/Sites/mycontainerfiles:/usr/share/nginx/html --link=mycontainer_db:db nginx-php-fpm-magento

Now I edit some crontab on my container and restart it with docker stop and docker start.

After that my browser show me “ERR_CONNECTION_REFUSED” Error when I call http://192.168.99.100:32770/

With “docker logs mycontainer” I become the following error lines:

sed: -e expression #1, char 18: unknown option to `s'
sed: -e expression #1, char 18: unknown option to `s'
sed: -e expression #1, char 18: unknown option to `s'
sed: -e expression #1, char 18: unknown option to `s'
sed: can't read /usr/share/nginx/html/magento/app/code/core/Mage/XmlConnect/Block/Catalog/Product/sedwFWhs9: Permission denied
sed: can't read /usr/share/nginx/html/magento/lib/Varien/Io/sedBAAtQM: Permission denied

Also my vbox task is very busy

enter image description here

I suspect that this is not a docker problem but rather some misconfiguration with my nginx and php-fpm? Some other container with apache2 and php runs without any abnormality.

Update: After a long time of waiting my container is suddenly available and my vbox process is sleeping

enter image description here
enter image description here