I am trying to run Nginx
on Openshift
but facing this directory permissions issues. Due to this error container is not creating.
The following permissions are set to files created manually.
drwxr-xr-x. 3 root root 79 Dec 22 02:50 /etc/nginx
drwxr-xr-x. 2 root root 26 Dec 22 02:50 /etc/nginx/conf.d
-rw-r--r--. 1 root root 5231 Dec 22 02:48 /etc/nginx/mime.types
drwxrwxr-x. 3 root root 25 Dec 22 01:23 /var/cache/nginx
drwxrwxr-x. 2 root root 6 Dec 22 01:10 /var/log/nginx
drwxrwxr-x. 47 root root 1340 Dec 21 06:51 /var/run
CodePudding user response:
Which specific container image are you trying to run? If you use this one -- https://catalog.redhat.com/software/containers/ubi8/nginx-120/6156abfac739c0a4123a86fd -- it will play nicer with OpenShift out of the box.
This sort of problem is almost always due to OpenShift running containers as non-root by default. If you change file permissions to permit write access to GROUP=0 you'll resolve nearly all of them.
CodePudding user response:
like @dbaker mentioned, RedHat being a security company makes their decisions in openshift regarding security more serious or aggressive as one might say, like for example running containers by default with running with random UID's. you can fix that by reassigning the paths for different Nginx uses.
changing the PID location:
pid /tmp/nginx.pid;
changing the client temp location (your issue):
client_body_temp_path /tmp/nginx/client_temp
and any other paths in a similar fashion.
you can also use the unprivileged nginx image from docker hub aside from the image specified in the other answer from by RedHat as a certified image, ones that should play more nicely with RedHat products oriented towards security. as the other image is due to being deprecated I'm including the other tag recommended by RedHat rhscl/nginx-120-rhel7