Update to 0.17.0 breaks image

[smueller18]

After the complete Dockerfile was refactored in 090a545, the container does not start because of missing privileges of folder /var/cache/nginx/. The owner must be user nginx.

2019/06/11 21:19:52 [emerg] 1#1: mkdir() "/var/cache/nginx/proxy_temp" failed (13: Permission denied)
nginx: [emerg] mkdir() "/var/cache/nginx/proxy_temp" failed (13: Permission denied)

This is the new image:

» docker run --rm -it nginxinc/nginx-unprivileged:1.17.0-alpine sh
/ $ id
uid=101(nginx) gid=101(nginx) groups=101(nginx)
/ $ ls -lha /var/cache/nginx/
total 8
drwxr-xr-x    2 root     root        4.0K Jun  7 11:54 .
drwxr-xr-x    1 root     root        4.0K Jun  7 11:54 ..

Here is the same view for a cached and working container:

» docker run --rm -it nginxinc/nginx-unprivileged sh              
$ id
uid=1001(nginx) gid=101(nginx) groups=101(nginx)
$ ls -lha /var/cache/nginx/
total 8.0K
drwxrwxr-x 1 nginx root 4.0K Apr 16 13:08 .
drwxr-xr-x 1 root  root 4.0K May  5 20:15 ..

[alessfg]

Hi @smueller18!

Can you give me some more details about how and where are you trying to run the image? I tested it locally and on OpenShift and I didn't run into any issues. /var/cache/nginx is no longer in use either (switched the default location for NGINX files to /tmp/ too).

Cheers,
Alessandro.

[smueller18]

I just saw https://github.com/nginxinc/docker-nginx-unprivileged/blob/master/mainline/alpine/Dockerfile#L115 . There are 2 reasons why this new image fails for my setup:

1. The user changed from 1001 to 101
2. /var/cache/nginx/ is now moved to /tmp

I did not use the earlier provided nginx.conf so I have to manually adjust the changes in all my configs. I guess there are other people that are facing the same issue.
But after changing my custom nginx.conf to the new paths and switching the user to 101 it works again now.

[smueller18]

Last weekend, I opened a PR (nextcloud/docker#772) for the nextcloud docker project.
There is a config that also fails now until it is adjusted: https://github.com/nextcloud/docker/blob/2e00c8cb18ac6d94b756612f5f9223470c4a44d9/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf .

[alessfg]

Ah yeah I'm sorry about that. I didn't make any notes anywhere mentioning the two breaking changes and forgot to update the README too while at it (that's been already fixed).

The main NGINX Docker image introduced some changes to make it easier to run the image as a non root user and in the process of porting those changes the uid and temp folder locations changed. However, on a more positive note, I expect few breaking changes moving forward.

[smueller18]

I am fine with that, it was just a bit unexpected 😄