Giter Club home page Giter Club logo

docker-baseimage-alpine-nginx's People

Contributors

aptalca avatar chbmb avatar cyber1000 avatar drizuid avatar j0nnymoe avatar jodumont avatar nemchik avatar realorangeone avatar sparklyballs avatar thelamer avatar thelovinator1 avatar thespad avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

sparklyballs rickycook catramen stealthgyro s-abhinav kingedgar thelamer qwzhou89 seriouslyharmed luisriverag cyber1000 juguerre penoaksdev universematter pancak3 jsfillman dingmingglc spunkie 4o66 nerd-king stellarpower ohthehugemanatee quietsy bennyzx isabella232 gegegogo laynezilla mzramna trapexit pagdot adamlonsdale 99linesofcode xosadmin jurikor hubertbanas strwise godiecl

docker-baseimage-alpine-nginx's Issues

resty.http and cjson packages

I am implementing some features in my environment (namely, https://github.com/cloudflare/nginx-google-oauth ) and they require some lua packages that aren't present in your letsencrypt or nginx containers.

lua5.1-resty-http
lua5.1-cjson

In an effort to avoid having to fork and build my own docker containers, if it isn't too much trouble, can you add these packages to your containers? If not, I understand and I will start reading the tutorials.

[FEAT] Symlink, rather than copy, php-local.ini

Is this a new feature request?

  • I have searched the existing issues

Wanted change

Currently the container init script copies a few files from /config into their correct locations within /etc. I am requesting these be symlinks instead of copies. The specific file I'm calling out is php-local.ini, but there are probably others that can benefit from a symlink.

Reason for change

I edited /config/php/php-local.ini and expected that change to propagate to php-cli immediately, but it did not. My options for making it work are 1) Restart the container, or 2) Shell into the container and edit the correct file in /etc/.

Turning the files in /etc into symlinks would make changes to php-local.ini immediately usable by php-cli; without restarting the container and without shelling into it.

I run several php apps out of the swag container, and they all have code that may exec php as a cli. The websites also receive a lot of traffic, so restarting the container to update a non-running config is out of the question. I was able to work around the current setup by opening a shell on the container and editing the file directly in /etc/php8/.

Proposed code change

tl;dr s/cp/ln -s

[Request] Upgrade to PHP7

PHP5 is in its final lifespan, the latest 5.6 has just moved in the "security fixes only" phase. More Info here.

linuxserver.io

In its current form the container is working fine, and PHP5.6 should remain somewhat secure for the next 2 years. I suggest moving to 7.0 or even better 7.1, due to its performance gains (may be negligible to most users of your containers). Mainly though, this baseimage is used in your awesome letsencrypt container, which should be secure, light-weight and up-to-date.

I know, alpine packages for PHP7< are rare/in their early phases, but would appreciate an update sometime in the future.

Cheers

Debug logs are not working

I took a peek at Alpine's way of building nginx and they do not seem to use --with-debug, which means debug severity in error_log does not work (reference here).

For debugging reverse proxy issues, allowing debug logs is essential. The official nginx container works around this by providing an additional binary, named nginx-debug, to allow selecting the binary with debugging enabled.

Please allow debugging in nginx in some way.

not a big deal / might be consider as a improvment aka help wanted!

ya i know;
ima freak;
anyway
So; when I'm running your container
[ of course with a docker name-spaced daemon offering no-new-privileges and under a kernel with grcsecurity ] ;P

then I want to make few read-only dirs and files like :

-v $DATA/keys:/config/keys:ro \
-v $DATA/log:/config/log \
-v $DATA/nginx:/config/nginx:ro \
-v $DATA/www:/config/www \

then I receive warning about this config

chown: changing ownership of '/config/nginx/nginx.conf': Read-only file system
chown: changing ownership of '/config/nginx/site-confs/default': Read-only file system
chown: changing ownership of '/config/nginx/site-confs': Read-only file system
chown: changing ownership of '/config/nginx': Read-only file system
chown: changing ownership of '/config/keys/cert.key': Read-only file system
chown: changing ownership of '/config/keys/cert.crt': Read-only file system
chown: changing ownership of '/config/keys': Read-only file system
chmod: changing permissions of '/config/nginx': Read-only file system
chmod: changing permissions of '/config/nginx/nginx.conf': Read-only file system
chmod: changing permissions of '/config/nginx/site-confs': Read-only file system
chmod: changing permissions of '/config/nginx/site-confs/default': Read-only file system

which is normal; and OK! but ...

would it be better make a kind of validation before running these lines ?
https://github.com/linuxserver/docker-baseimage-alpine-nginx/blob/master/root/etc/cont-init.d/20-config#L28

I tough about something like this; but I'm not convince about it.

# permissions
if [[ -z $(ls -la /|cut -d' ' -f9|grep abc) ]]; then
chown -R abc:abc \
	/config \
	/run \
	/var/lib/nginx \
	/var/tmp/nginx
chmod -R g+w \
	/config/{nginx,www}
chmod -R 644 /etc/logrotate.d
fi

Permissions check unnecessarily slow (>15 mins) and IO heavy

Expected Behavior

Startup tasks should finish within 15 minutes, even with large filesystems mounted under /config/www (for example when using Linuxserver Nextcloud which inherits from this image.

Current Behavior

Startup script 20-permissions uses recursive chmod commands to check/set file/directory permissions. Chmod runs the fchmodat system call on every file it finds, requiring a disk write for every file in your filesystem. A hundred thousand files on a spinning disk or remote filesystem can easily take > 15 minutes.

Steps to Reproduce

  1. Start this container with a remote filesystem with tens of thousands of files mounted at /config/www. Consider downloading the codebase and deps for a few webapps to simulate one of the downstream projects with user content.
  2. run time ./20-permissions

Tell us what should happen

Downstream image docker-bookstack already solved this problem for their own startup script by converting the chown statement on their data directory to use find -exec instead. This approach first reads file metadata from the in-memory filesystem cache, and only performs writes when necessary. It offers an order-of-magnitude speed improvement, even in the worst case scenario with an unprimed cache and slow remote filesystem.

Environment

OS: Ubuntu 22.04 (but it would be worse on Windows)
CPU architecture: x86_64/arm64
How docker service was installed: from docker official scripts, or from apt, or even with podman - doesn't affect the problem

Command used to create docker container (run/create/compose/screenshot)

---
version: "2.1"
volumes:
  nfs:
    driver: local
    driver_opts:
      type: nfs
      o: addr=192.168.1.1,rw
      device: ":/path/to/dir"
services:
  baseimage:
    image: lscr.io/linuxserver/docker-baseimage-alpine-nginx:latest
    container_name: baseimage
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    volumes:
      - /path/to/appdata:/config
      - nfs:/config/www

Docker logs

[custom-init] No custom services found, skipping...
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service 00-legacy: starting
s6-rc: info: service 00-legacy successfully started
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/01-envfile
cont-init: info: /etc/cont-init.d/01-envfile exited 0
cont-init: info: running /etc/cont-init.d/01-migrations
[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] done
cont-init: info: /etc/cont-init.d/01-migrations exited 0
cont-init: info: running /etc/cont-init.d/10-adduser

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/


Brought to you by linuxserver.io
-------------------------------------

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    1000
User gid:    1000
-------------------------------------

cont-init: info: /etc/cont-init.d/10-adduser exited 0
cont-init: info: running /etc/cont-init.d/11-folders
cont-init: info: /etc/cont-init.d/11-folders exited 0
cont-init: info: running /etc/cont-init.d/12-samples
cont-init: info: /etc/cont-init.d/12-samples exited 0
cont-init: info: running /etc/cont-init.d/13-nginx
cont-init: info: /etc/cont-init.d/13-nginx exited 0
cont-init: info: running /etc/cont-init.d/14-php
cont-init: info: /etc/cont-init.d/14-php exited 0
cont-init: info: running /etc/cont-init.d/15-keygen
using keys found in /config/keys
cont-init: info: /etc/cont-init.d/15-keygen exited 0
cont-init: info: running /etc/cont-init.d/20-permissions

[BUG] templating resolvers fails in ipv6 only environments

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Nginx stalls with the message nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3 when /etc/resolv.conf contains only ipv6 dns servers.

Expected Behavior

/config/nginx/resolver.conf should be templated correctly with the IPv6 DNS servers enclosed in [].

Steps To Reproduce

  1. run a container based on this image in an environment with no IPv4 nameservers. (Ex. fly.io)

Environment

- Platform: fly.io

`/etc/resolv.conf`

e82de31f055108:/# cat /etc/resolv.conf

nameserver      fdaa::3


### Docker creation

```bash
`fly deploy` with below docker file.

`fly.toml`

app = "snipeit-inventory"
primary_region = "ord"

[build]

[http_service]
  internal_port = 80
  force_https = true
  auto_stop_machines = true
  auto_start_machines = true
  min_machines_running = 1
  processes = ["app"]

[env]
  # Mysql Parameters
  MYSQL_PORT_3306_TCP_ADDR = ""   # Set in Secrets
  MYSQL_PORT_3306_TCP_PORT = 3306
  MYSQL_DATABASE = "snipeit"
  MYSQL_USER = ""    # Set in Secrets
  # MYSQL_PASSWORD = ""  # Set in Secrets
  DB_CONNECTION = "mysql"
  DB_SSL_IS_PAAS = true
  DB_SSL = true
  DB_SSL_CA_PATH = "/etc/ssl/cert.pem"
  

  # # Email Parameters
  # # - the hostname/IP address of your mailserver
  # MAIL_PORT_587_TCP_ADDR=smtp.whatever.com
  # #the port for the mailserver (probably 587, could be another)
  # MAIL_PORT_587_TCP_PORT=587
  # # the default from address, and from name for emails
  # [email protected]
  # MAIL_ENV_FROM_NAME=Your Full Email Name
  # # - pick 'tls' for SMTP-over-SSL, 'tcp' for unencrypted
  # MAIL_ENV_ENCRYPTION=tcp
  # # SMTP username and password
  # MAIL_ENV_USERNAME=your_email_username
  # MAIL_ENV_PASSWORD=your_email_password

  # Snipe-IT Settings
  APP_ENV = "production"
  APP_DEBUG = false
  APP_URL = "https://snipeit-inventory.fly.dev"
  APP_TIMEZONE = "America/Chicago"
  APP_LOCALE = "en"
  APP_TRUSTED_PROXIES="*"
  APP_ALLOW_INSECURE_HOSTS = true
    
  # Docker-specific variables
  PHP_UPLOAD_LIMIT = 100

  CACHE_DRIVER="file"
  SESSION_DRIVER="file"
  QUEUE_DRIVER="sync"
  CACHE_PREFIX="snipeit"


`Dockerfile`
```dockerfile
FROM lscr.io/linuxserver/snipe-it:latest

# workaround for no PID 1 in fly.io
RUN apk add --no-cache perl 
RUN mv /init /s6-init
ENTRYPOINT [ \
    "unshare", "--pid", "--fork", "--mount-proc", \
    "perl", "-e", "$SIG{INT}=''; $SIG{TERM}=''; exec @ARGV;", "--", \
    "/s6-init" ]



### Container logs

```bash
2023-09-04T21:40:48.560 runner[e82de31f055108] ord [info] Pulling container image registry.fly.io/rootwerk-inventory:deployment-01H9H27WDHZEJT566F5WSRXX9J

2023-09-04T21:40:50.084 runner[e82de31f055108] ord [info] Successfully prepared image registry.fly.io/rootwerk-inventory:deployment-01H9H27WDHZEJT566F5WSRXX9J (1.524273714s)

2023-09-04T21:40:50.458 runner[e82de31f055108] ord [info] Configuring firecracker

2023-09-04T21:40:50.705 app[e82de31f055108] ord [info] [ 0.041247] PCI: Fatal: No config space access function found

2023-09-04T21:40:50.931 app[e82de31f055108] ord [info] INFO Starting init (commit: 5293a085)...

2023-09-04T21:40:50.954 app[e82de31f055108] ord [info] INFO Preparing to run: `unshare --pid --fork --mount-proc perl -e $SIG{INT}=''; $SIG{TERM}=''; exec @ARGV; -- /s6-init` as root

2023-09-04T21:40:50.964 app[e82de31f055108] ord [info] INFO [fly api proxy] listening at /.fly/api

2023-09-04T21:40:50.968 app[e82de31f055108] ord [info] 2023/09/04 21:40:50 listening on [fdaa:2:f158:a7b:195:a39c:9682:2]:22 (DNS: [fdaa::3]:53)

2023-09-04T21:40:51.078 app[e82de31f055108] ord [info] [migrations] started

2023-09-04T21:40:51.089 app[e82de31f055108] ord [info] [migrations] 01-nginx-site-confs-default: executing...

2023-09-04T21:40:51.094 app[e82de31f055108] ord [info] [migrations] 01-nginx-site-confs-default: succeeded

2023-09-04T21:40:51.096 app[e82de31f055108] ord [info] [migrations] 02-default-location: executing...

2023-09-04T21:40:51.100 app[e82de31f055108] ord [info] grep: /config/nginx/site-confs/default.conf: No such file or directory

2023-09-04T21:40:51.100 app[e82de31f055108] ord [info] [migrations] 02-default-location: succeeded

2023-09-04T21:40:51.100 app[e82de31f055108] ord [info] [migrations] done

2023-09-04T21:40:51.108 app[e82de31f055108] ord [info] usermod: no changes

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ───────────────────────────────────────

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ██╗ ███████╗██╗ ██████╗

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ██║ ██╔════╝██║██╔═══██╗

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ██║ ███████╗██║██║ ██║

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ██║ ╚════██║██║██║ ██║

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ███████╗███████║██║╚██████╔╝

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ╚══════╝╚══════╝╚═╝ ╚═════╝

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] Brought to you by linuxserver.io

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ───────────────────────────────────────

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] To support the app dev(s) visit:

2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] Snipe-IT: https://snipeitapp.com/donate

2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] To support LSIO projects visit:

2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] https://www.linuxserver.io/donate/

2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] ───────────────────────────────────────

2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] GID/UID

2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] ───────────────────────────────────────

2023-09-04T21:40:51.112 app[e82de31f055108] ord [info] User UID: 911

2023-09-04T21:40:51.112 app[e82de31f055108] ord [info] User GID: 911

2023-09-04T21:40:51.112 app[e82de31f055108] ord [info] ───────────────────────────────────────

2023-09-04T21:40:51.141 app[e82de31f055108] ord [info] Setting resolver to fdaa::3

2023-09-04T21:40:51.143 app[e82de31f055108] ord [info] Setting worker_processes to 1

2023-09-04T21:40:51.151 app[e82de31f055108] ord [info] generating self-signed keys in /config/keys, you can replace these with your own keys if required

2023-09-04T21:40:51.294 app[e82de31f055108] ord [info] .....+..+.......+.....+.+..+......+............+....+...+...............+..+......+.............+...........+...+.+..+...+....+......+.........+...+..+.............+..+.+..............+......+.+...........+.......+..+......+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+............+.+..+............+.+..+....+...+............+.....+....+.....+.......+...+.....+......+.........+......+......+.......+..+..................+...+...+..........+..+....+......+........+.+...........+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2023-09-04T21:40:51.547 app[e82de31f055108] ord [info] ........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.........+..........+...+...+.....+......+...+..........+...............+...+..+.+............+...+.....+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+......+................+..............+.+............+..+.+..+..........+......+......+...........+..........+..+......+.........+.+..+.........+......+...+.+.....+.........+....+........+.........+...+.+.................+....+.....+.+..+.......+.........+......+...+............+...+..+.+........+....+..+......+....+...+.....+..........+...+...+..+...+.+......+...+.....+.........+..........+...+..+......+.+...+...+..............+......+.......+........+...+.........+...+....+......+..+.+...........+......+.......+...+..+...+....+.........+...........+....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2023-09-04T21:40:51.551 app[e82de31f055108] ord [info] -----

2023-09-04T21:40:51.592 app[e82de31f055108] ord [info] Generating SnipeIT app key for first run

2023-09-04T21:40:52.180 app[e82de31f055108] ord [info] App Key set to base64:fN7eOiPl40DbemzYW1nwsJdsBCrdq7xOZQQDwa6SkXc= you can modify the file to update /config/SNIPE_IT_APP_KEY.txt

2023-09-04T21:40:52.204 app[e82de31f055108] ord [info] [custom-init] No custom files found, skipping...

2023-09-04T21:40:52.215 app[e82de31f055108] ord [info] crond[265]: crond (busybox 1.35.0) started, log level 5

2023-09-04T21:40:52.225 app[e82de31f055108] ord [info] [ls.io-init] done.

2023-09-04T21:40:52.249 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:40:53.258 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:40:54.266 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:40:55.275 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:40:56.286 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:40:57.295 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:40:58.304 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:40:59.312 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:00.218 app[e82de31f055108] ord [info] crond[265]: USER abc pid 325 cmd php /app/www/artisan schedule:run >> /dev/null 2>&1

2023-09-04T21:41:00.324 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:01.338 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:01.441 runner[7811004c515d08] ord [info] Pulling container image registry.fly.io/rootwerk-inventory:deployment-01H9H27WDHZEJT566F5WSRXX9J

2023-09-04T21:41:02.346 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:02.873 runner[7811004c515d08] ord [info] Successfully prepared image registry.fly.io/rootwerk-inventory:deployment-01H9H27WDHZEJT566F5WSRXX9J (1.431601465s)

2023-09-04T21:41:03.212 runner[7811004c515d08] ord [info] Configuring firecracker

2023-09-04T21:41:03.356 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:03.447 app[7811004c515d08] ord [info] [ 0.040560] PCI: Fatal: No config space access function found

2023-09-04T21:41:03.691 app[7811004c515d08] ord [info] INFO Starting init (commit: 5293a085)...

2023-09-04T21:41:03.720 app[7811004c515d08] ord [info] INFO Preparing to run: `unshare --pid --fork --mount-proc perl -e $SIG{INT}=''; $SIG{TERM}=''; exec @ARGV; -- /s6-init` as root

2023-09-04T21:41:03.730 app[7811004c515d08] ord [info] INFO [fly api proxy] listening at /.fly/api

2023-09-04T21:41:03.735 app[7811004c515d08] ord [info] 2023/09/04 21:41:03 listening on [fdaa:2:f158:a7b:17a:f909:57f:2]:22 (DNS: [fdaa::3]:53)

2023-09-04T21:41:03.847 app[7811004c515d08] ord [info] [migrations] started

2023-09-04T21:41:03.854 app[7811004c515d08] ord [info] [migrations] 01-nginx-site-confs-default: executing...

2023-09-04T21:41:03.860 app[7811004c515d08] ord [info] [migrations] 01-nginx-site-confs-default: succeeded

2023-09-04T21:41:03.863 app[7811004c515d08] ord [info] [migrations] 02-default-location: executing...

2023-09-04T21:41:03.867 app[7811004c515d08] ord [info] grep: /config/nginx/site-confs/default.conf: No such file or directory

2023-09-04T21:41:03.867 app[7811004c515d08] ord [info] [migrations] 02-default-location: succeeded

2023-09-04T21:41:03.867 app[7811004c515d08] ord [info] [migrations] done

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] usermod: no changes

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ───────────────────────────────────────

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ██╗ ███████╗██╗ ██████╗

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ██║ ██╔════╝██║██╔═══██╗

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ██║ ███████╗██║██║ ██║

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ██║ ╚════██║██║██║ ██║

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ███████╗███████║██║╚██████╔╝

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ╚══════╝╚══════╝╚═╝ ╚═════╝

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] Brought to you by linuxserver.io

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ───────────────────────────────────────

2023-09-04T21:41:03.877 app[7811004c515d08] ord [info] To support the app dev(s) visit:

2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] Snipe-IT: https://snipeitapp.com/donate

2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] To support LSIO projects visit:

2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] https://www.linuxserver.io/donate/

2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] ───────────────────────────────────────

2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] GID/UID

2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] ───────────────────────────────────────

2023-09-04T21:41:03.879 app[7811004c515d08] ord [info] User UID: 911

2023-09-04T21:41:03.879 app[7811004c515d08] ord [info] User GID: 911

2023-09-04T21:41:03.879 app[7811004c515d08] ord [info] ───────────────────────────────────────

2023-09-04T21:41:03.912 app[7811004c515d08] ord [info] Setting resolver to fdaa::3

2023-09-04T21:41:03.914 app[7811004c515d08] ord [info] Setting worker_processes to 1

2023-09-04T21:41:03.923 app[7811004c515d08] ord [info] generating self-signed keys in /config/keys, you can replace these with your own keys if required

2023-09-04T21:41:04.031 app[7811004c515d08] ord [info] ...+......+.....+.+..+...+...+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+..+.........................+.....+.+..............+......+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+............+....+..+...................+...+..+....+..+.........+.+..+..........+......+......+...+...+........+.+...+...........+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2023-09-04T21:41:04.220 app[7811004c515d08] ord [info] ..........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+...............+......+..+.+..+.......+..+.........+......+......+...+....+...+........+......+.........+.........+...+.......+..+.............+......+......+......+..+............+.+.....+.......+...+........+....+...+...+..+...+..........+......+.........+..+.......+..................+........+..........+..............+.......+...+..+....+...........+...+.+..+.........+......+....+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2023-09-04T21:41:04.224 app[7811004c515d08] ord [info] -----

2023-09-04T21:41:04.264 app[7811004c515d08] ord [info] Generating SnipeIT app key for first run

2023-09-04T21:41:04.365 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:04.848 app[7811004c515d08] ord [info] App Key set to base64:NJ4B0oa2+//A5Pc8SbidKQeJmBy9Ir6I8Q9pYav2r10= you can modify the file to update /config/SNIPE_IT_APP_KEY.txt

2023-09-04T21:41:04.872 app[7811004c515d08] ord [info] [custom-init] No custom files found, skipping...

2023-09-04T21:41:04.884 app[7811004c515d08] ord [info] crond[266]: crond (busybox 1.35.0) started, log level 5

2023-09-04T21:41:04.895 app[7811004c515d08] ord [info] [ls.io-init] done.

2023-09-04T21:41:04.918 app[7811004c515d08] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:05.374 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:05.928 app[7811004c515d08] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

features SQL

hello Guys, I've been using this wonderful container " image: lscr.io/linuxserver/nginx:latest" but I needed it to have a sql:server driver and odbc sql server. I used the article below to try to install directly in the container but without success.
"https://learn.microsoft.com/en-us/sql/connect/php/installation-tutorial-linux-mac?view=sql-server-ver16"
could you add this feature?
[linuxserverurl]: https://linuxserver.io
[linuxserver.io][linuxserverurl]

Desired Behavior

Current Behavior

Alternatives Considered

[BUG] Logrotate is unable to rotate logs due to incorrect file permissions

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Seeing the following permission denied during daily cron execution:

11/05/2023 02:00:00 AM error: failed to rename /config/log/nginx/access.log to /config/log/nginx/access.log.1: Permission denied
11/05/2023 02:00:00 AM error: failed to rename /config/log/php/error.log to /config/log/php/error.log.1: Permission denied

The default file ownership and permissions on these files are as follow:

$ tree -fugCip config/log/

[drwxr-xr-x 1000     1000    ]  config/log
[-rw-r----- root     root    ]  config/log/logrotate.status
[drwxr-xr-x root     root    ]  config/log/nginx
[-rw-r--r-- root     root    ]  config/log/nginx/access.log
[-rw-r--r-- root     root    ]  config/log/nginx/error.log
[drwxr-xr-x root     root    ]  config/log/php
[-rw------- root     root    ]  config/log/php/error.log

The permission denied is observed due to logotate being executed as abc user

Here are the logrotate configuration files (notice su abc abc)

docker-baseimage-alpine-nginx: /root/etc/logrotate.d/nginx

/config/log/nginx/*.log {
        weekly
        rotate 14
        compress
        delaycompress
        nodateext
        notifempty
        missingok
        sharedscripts
        postrotate
                s6-svc -1 /run/service/svc-nginx
        endscript
        su abc abc
}

docker-baseimage-alpine-nginx: /root/etc/logrotate.d/php-fpm

/config/log/php/*.log {
        rotate 7
        weekly
        missingok
        notifempty
        delaycompress
        compress
        nodateext
        sharedscripts
        postrotate
                s6-svc -t /run/service/svc-php-fpm
        endscript
        su abc abc
}

Two approaches of fixing it that come to mind:

  • (1) running logrotate as root instead of abc
  • (2) changing log files ownership to abc user

Expected Behavior

Logrotate should be able to do its job during daily cronjob execution.

Steps To Reproduce

  1. Run default configuration
  2. Wait until 2 am for the cronjob execution
  3. Logs will show the following:
error: failed to rename /config/log/nginx/access.log to /config/log/nginx/access.log.1: Permission denied
error: failed to rename /config/log/php/error.log to /config/log/php/error.log.1: Permission denied

Environment

- OS: Debian 12
- How docker service was installed: via upstream provided at https://download.docker.com/linux/debian

Docker creation

---
version: "2.1"
services:
  nginx:
    image: lscr.io/linuxserver/nginx:latest
    container_name: nginx
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - /volume/nginx/config:/config
    ports:
      - 80:80
      - 443:443
    restart: unless-stopped

Container logs

11/05/2023 02:00:00 AM error: failed to rename /config/log/nginx/access.log to /config/log/nginx/access.log.1: Permission denied
11/05/2023 02:00:00 AM error: failed to rename /config/log/php/error.log to /config/log/php/error.log.1: Permission denied

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.