linuxserver / docker-baseimage-alpine-nginx Goto Github PK
View Code? Open in Web Editor NEWLicense: GNU General Public License v3.0
License: GNU General Public License v3.0
I am implementing some features in my environment (namely, https://github.com/cloudflare/nginx-google-oauth ) and they require some lua packages that aren't present in your letsencrypt or nginx containers.
lua5.1-resty-http
lua5.1-cjson
In an effort to avoid having to fork and build my own docker containers, if it isn't too much trouble, can you add these packages to your containers? If not, I understand and I will start reading the tutorials.
Hi,
Can this please be updated to 3.13.3 as the openssl vulnerability will be affecting all SWAG users?
https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-that-allows-hackers-to-crash-servers/
https://alpinelinux.org/posts/Alpine-3.13.3-released.html
Currently the container init script copies a few files from /config
into their correct locations within /etc
. I am requesting these be symlinks instead of copies. The specific file I'm calling out is php-local.ini
, but there are probably others that can benefit from a symlink.
I edited /config/php/php-local.ini
and expected that change to propagate to php-cli immediately, but it did not. My options for making it work are 1) Restart the container, or 2) Shell into the container and edit the correct file in /etc/
.
Turning the files in /etc into symlinks would make changes to php-local.ini immediately usable by php-cli; without restarting the container and without shelling into it.
I run several php apps out of the swag container, and they all have code that may exec php
as a cli. The websites also receive a lot of traffic, so restarting the container to update a non-running config is out of the question. I was able to work around the current setup by opening a shell on the container and editing the file directly in /etc/php8/
.
tl;dr s/cp/ln -s
PHP5 is in its final lifespan, the latest 5.6 has just moved in the "security fixes only" phase. More Info here.
In its current form the container is working fine, and PHP5.6 should remain somewhat secure for the next 2 years. I suggest moving to 7.0 or even better 7.1, due to its performance gains (may be negligible to most users of your containers). Mainly though, this baseimage is used in your awesome letsencrypt container, which should be secure, light-weight and up-to-date.
I know, alpine packages for PHP7< are rare/in their early phases, but would appreciate an update sometime in the future.
Cheers
I took a peek at Alpine's way of building nginx and they do not seem to use --with-debug
, which means debug
severity in error_log
does not work (reference here).
For debugging reverse proxy issues, allowing debug logs is essential. The official nginx container works around this by providing an additional binary, named nginx-debug
, to allow selecting the binary with debugging enabled.
Please allow debugging in nginx in some way.
ya i know;
ima freak;
anyway
So; when I'm running your container
[ of course with a docker name-spaced daemon offering no-new-privileges and under a kernel with grcsecurity ] ;P
then I want to make few read-only dirs and files like :
-v $DATA/keys:/config/keys:ro \
-v $DATA/log:/config/log \
-v $DATA/nginx:/config/nginx:ro \
-v $DATA/www:/config/www \
then I receive warning about this config
chown: changing ownership of '/config/nginx/nginx.conf': Read-only file system
chown: changing ownership of '/config/nginx/site-confs/default': Read-only file system
chown: changing ownership of '/config/nginx/site-confs': Read-only file system
chown: changing ownership of '/config/nginx': Read-only file system
chown: changing ownership of '/config/keys/cert.key': Read-only file system
chown: changing ownership of '/config/keys/cert.crt': Read-only file system
chown: changing ownership of '/config/keys': Read-only file system
chmod: changing permissions of '/config/nginx': Read-only file system
chmod: changing permissions of '/config/nginx/nginx.conf': Read-only file system
chmod: changing permissions of '/config/nginx/site-confs': Read-only file system
chmod: changing permissions of '/config/nginx/site-confs/default': Read-only file system
which is normal; and OK! but ...
would it be better make a kind of validation before running these lines ?
https://github.com/linuxserver/docker-baseimage-alpine-nginx/blob/master/root/etc/cont-init.d/20-config#L28
I tough about something like this; but I'm not convince about it.
# permissions
if [[ -z $(ls -la /|cut -d' ' -f9|grep abc) ]]; then
chown -R abc:abc \
/config \
/run \
/var/lib/nginx \
/var/tmp/nginx
chmod -R g+w \
/config/{nginx,www}
chmod -R 644 /etc/logrotate.d
fi
Startup tasks should finish within 15 minutes, even with large filesystems mounted under /config/www
(for example when using Linuxserver Nextcloud which inherits from this image.
Startup script 20-permissions
uses recursive chmod
commands to check/set file/directory permissions. Chmod runs the fchmodat
system call on every file it finds, requiring a disk write for every file in your filesystem. A hundred thousand files on a spinning disk or remote filesystem can easily take > 15 minutes.
/config/www
. Consider downloading the codebase and deps for a few webapps to simulate one of the downstream projects with user content.time ./20-permissions
Downstream image docker-bookstack already solved this problem for their own startup script by converting the chown statement on their data directory to use find -exec
instead. This approach first reads file metadata from the in-memory filesystem cache, and only performs writes when necessary. It offers an order-of-magnitude speed improvement, even in the worst case scenario with an unprimed cache and slow remote filesystem.
OS: Ubuntu 22.04 (but it would be worse on Windows)
CPU architecture: x86_64/arm64
How docker service was installed: from docker official scripts, or from apt, or even with podman - doesn't affect the problem
---
version: "2.1"
volumes:
nfs:
driver: local
driver_opts:
type: nfs
o: addr=192.168.1.1,rw
device: ":/path/to/dir"
services:
baseimage:
image: lscr.io/linuxserver/docker-baseimage-alpine-nginx:latest
container_name: baseimage
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
volumes:
- /path/to/appdata:/config
- nfs:/config/www
[custom-init] No custom services found, skipping...
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service 00-legacy: starting
s6-rc: info: service 00-legacy successfully started
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/01-envfile
cont-init: info: /etc/cont-init.d/01-envfile exited 0
cont-init: info: running /etc/cont-init.d/01-migrations
[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] done
cont-init: info: /etc/cont-init.d/01-migrations exited 0
cont-init: info: running /etc/cont-init.d/10-adduser
-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/
Brought to you by linuxserver.io
-------------------------------------
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid: 1000
User gid: 1000
-------------------------------------
cont-init: info: /etc/cont-init.d/10-adduser exited 0
cont-init: info: running /etc/cont-init.d/11-folders
cont-init: info: /etc/cont-init.d/11-folders exited 0
cont-init: info: running /etc/cont-init.d/12-samples
cont-init: info: /etc/cont-init.d/12-samples exited 0
cont-init: info: running /etc/cont-init.d/13-nginx
cont-init: info: /etc/cont-init.d/13-nginx exited 0
cont-init: info: running /etc/cont-init.d/14-php
cont-init: info: /etc/cont-init.d/14-php exited 0
cont-init: info: running /etc/cont-init.d/15-keygen
using keys found in /config/keys
cont-init: info: /etc/cont-init.d/15-keygen exited 0
cont-init: info: running /etc/cont-init.d/20-permissions
Nginx stalls with the message nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
when /etc/resolv.conf
contains only ipv6 dns servers.
/config/nginx/resolver.conf
should be templated correctly with the IPv6 DNS servers enclosed in []
.
- Platform: fly.io
`/etc/resolv.conf`
e82de31f055108:/# cat /etc/resolv.conf
nameserver fdaa::3
### Docker creation
```bash
`fly deploy` with below docker file.
`fly.toml`
app = "snipeit-inventory"
primary_region = "ord"
[build]
[http_service]
internal_port = 80
force_https = true
auto_stop_machines = true
auto_start_machines = true
min_machines_running = 1
processes = ["app"]
[env]
# Mysql Parameters
MYSQL_PORT_3306_TCP_ADDR = "" # Set in Secrets
MYSQL_PORT_3306_TCP_PORT = 3306
MYSQL_DATABASE = "snipeit"
MYSQL_USER = "" # Set in Secrets
# MYSQL_PASSWORD = "" # Set in Secrets
DB_CONNECTION = "mysql"
DB_SSL_IS_PAAS = true
DB_SSL = true
DB_SSL_CA_PATH = "/etc/ssl/cert.pem"
# # Email Parameters
# # - the hostname/IP address of your mailserver
# MAIL_PORT_587_TCP_ADDR=smtp.whatever.com
# #the port for the mailserver (probably 587, could be another)
# MAIL_PORT_587_TCP_PORT=587
# # the default from address, and from name for emails
# [email protected]
# MAIL_ENV_FROM_NAME=Your Full Email Name
# # - pick 'tls' for SMTP-over-SSL, 'tcp' for unencrypted
# MAIL_ENV_ENCRYPTION=tcp
# # SMTP username and password
# MAIL_ENV_USERNAME=your_email_username
# MAIL_ENV_PASSWORD=your_email_password
# Snipe-IT Settings
APP_ENV = "production"
APP_DEBUG = false
APP_URL = "https://snipeit-inventory.fly.dev"
APP_TIMEZONE = "America/Chicago"
APP_LOCALE = "en"
APP_TRUSTED_PROXIES="*"
APP_ALLOW_INSECURE_HOSTS = true
# Docker-specific variables
PHP_UPLOAD_LIMIT = 100
CACHE_DRIVER="file"
SESSION_DRIVER="file"
QUEUE_DRIVER="sync"
CACHE_PREFIX="snipeit"
`Dockerfile`
```dockerfile
FROM lscr.io/linuxserver/snipe-it:latest
# workaround for no PID 1 in fly.io
RUN apk add --no-cache perl
RUN mv /init /s6-init
ENTRYPOINT [ \
"unshare", "--pid", "--fork", "--mount-proc", \
"perl", "-e", "$SIG{INT}=''; $SIG{TERM}=''; exec @ARGV;", "--", \
"/s6-init" ]
### Container logs
```bash
2023-09-04T21:40:48.560 runner[e82de31f055108] ord [info] Pulling container image registry.fly.io/rootwerk-inventory:deployment-01H9H27WDHZEJT566F5WSRXX9J
2023-09-04T21:40:50.084 runner[e82de31f055108] ord [info] Successfully prepared image registry.fly.io/rootwerk-inventory:deployment-01H9H27WDHZEJT566F5WSRXX9J (1.524273714s)
2023-09-04T21:40:50.458 runner[e82de31f055108] ord [info] Configuring firecracker
2023-09-04T21:40:50.705 app[e82de31f055108] ord [info] [ 0.041247] PCI: Fatal: No config space access function found
2023-09-04T21:40:50.931 app[e82de31f055108] ord [info] INFO Starting init (commit: 5293a085)...
2023-09-04T21:40:50.954 app[e82de31f055108] ord [info] INFO Preparing to run: `unshare --pid --fork --mount-proc perl -e $SIG{INT}=''; $SIG{TERM}=''; exec @ARGV; -- /s6-init` as root
2023-09-04T21:40:50.964 app[e82de31f055108] ord [info] INFO [fly api proxy] listening at /.fly/api
2023-09-04T21:40:50.968 app[e82de31f055108] ord [info] 2023/09/04 21:40:50 listening on [fdaa:2:f158:a7b:195:a39c:9682:2]:22 (DNS: [fdaa::3]:53)
2023-09-04T21:40:51.078 app[e82de31f055108] ord [info] [migrations] started
2023-09-04T21:40:51.089 app[e82de31f055108] ord [info] [migrations] 01-nginx-site-confs-default: executing...
2023-09-04T21:40:51.094 app[e82de31f055108] ord [info] [migrations] 01-nginx-site-confs-default: succeeded
2023-09-04T21:40:51.096 app[e82de31f055108] ord [info] [migrations] 02-default-location: executing...
2023-09-04T21:40:51.100 app[e82de31f055108] ord [info] grep: /config/nginx/site-confs/default.conf: No such file or directory
2023-09-04T21:40:51.100 app[e82de31f055108] ord [info] [migrations] 02-default-location: succeeded
2023-09-04T21:40:51.100 app[e82de31f055108] ord [info] [migrations] done
2023-09-04T21:40:51.108 app[e82de31f055108] ord [info] usermod: no changes
2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ───────────────────────────────────────
2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ██╗ ███████╗██╗ ██████╗
2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ██║ ██╔════╝██║██╔═══██╗
2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ██║ ███████╗██║██║ ██║
2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ██║ ╚════██║██║██║ ██║
2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ███████╗███████║██║╚██████╔╝
2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ╚══════╝╚══════╝╚═╝ ╚═════╝
2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] Brought to you by linuxserver.io
2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ───────────────────────────────────────
2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] To support the app dev(s) visit:
2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] Snipe-IT: https://snipeitapp.com/donate
2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] To support LSIO projects visit:
2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] https://www.linuxserver.io/donate/
2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] ───────────────────────────────────────
2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] GID/UID
2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] ───────────────────────────────────────
2023-09-04T21:40:51.112 app[e82de31f055108] ord [info] User UID: 911
2023-09-04T21:40:51.112 app[e82de31f055108] ord [info] User GID: 911
2023-09-04T21:40:51.112 app[e82de31f055108] ord [info] ───────────────────────────────────────
2023-09-04T21:40:51.141 app[e82de31f055108] ord [info] Setting resolver to fdaa::3
2023-09-04T21:40:51.143 app[e82de31f055108] ord [info] Setting worker_processes to 1
2023-09-04T21:40:51.151 app[e82de31f055108] ord [info] generating self-signed keys in /config/keys, you can replace these with your own keys if required
2023-09-04T21:40:51.294 app[e82de31f055108] ord [info] .....+..+.......+.....+.+..+......+............+....+...+...............+..+......+.............+...........+...+.+..+...+....+......+.........+...+..+.............+..+.+..............+......+.+...........+.......+..+......+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+............+.+..+............+.+..+....+...+............+.....+....+.....+.......+...+.....+......+.........+......+......+.......+..+..................+...+...+..........+..+....+......+........+.+...........+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2023-09-04T21:40:51.547 app[e82de31f055108] ord [info] ........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.........+..........+...+...+.....+......+...+..........+...............+...+..+.+............+...+.....+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+......+................+..............+.+............+..+.+..+..........+......+......+...........+..........+..+......+.........+.+..+.........+......+...+.+.....+.........+....+........+.........+...+.+.................+....+.....+.+..+.......+.........+......+...+............+...+..+.+........+....+..+......+....+...+.....+..........+...+...+..+...+.+......+...+.....+.........+..........+...+..+......+.+...+...+..............+......+.......+........+...+.........+...+....+......+..+.+...........+......+.......+...+..+...+....+.........+...........+....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2023-09-04T21:40:51.551 app[e82de31f055108] ord [info] -----
2023-09-04T21:40:51.592 app[e82de31f055108] ord [info] Generating SnipeIT app key for first run
2023-09-04T21:40:52.180 app[e82de31f055108] ord [info] App Key set to base64:fN7eOiPl40DbemzYW1nwsJdsBCrdq7xOZQQDwa6SkXc= you can modify the file to update /config/SNIPE_IT_APP_KEY.txt
2023-09-04T21:40:52.204 app[e82de31f055108] ord [info] [custom-init] No custom files found, skipping...
2023-09-04T21:40:52.215 app[e82de31f055108] ord [info] crond[265]: crond (busybox 1.35.0) started, log level 5
2023-09-04T21:40:52.225 app[e82de31f055108] ord [info] [ls.io-init] done.
2023-09-04T21:40:52.249 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:40:53.258 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:40:54.266 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:40:55.275 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:40:56.286 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:40:57.295 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:40:58.304 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:40:59.312 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:41:00.218 app[e82de31f055108] ord [info] crond[265]: USER abc pid 325 cmd php /app/www/artisan schedule:run >> /dev/null 2>&1
2023-09-04T21:41:00.324 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:41:01.338 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:41:01.441 runner[7811004c515d08] ord [info] Pulling container image registry.fly.io/rootwerk-inventory:deployment-01H9H27WDHZEJT566F5WSRXX9J
2023-09-04T21:41:02.346 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:41:02.873 runner[7811004c515d08] ord [info] Successfully prepared image registry.fly.io/rootwerk-inventory:deployment-01H9H27WDHZEJT566F5WSRXX9J (1.431601465s)
2023-09-04T21:41:03.212 runner[7811004c515d08] ord [info] Configuring firecracker
2023-09-04T21:41:03.356 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:41:03.447 app[7811004c515d08] ord [info] [ 0.040560] PCI: Fatal: No config space access function found
2023-09-04T21:41:03.691 app[7811004c515d08] ord [info] INFO Starting init (commit: 5293a085)...
2023-09-04T21:41:03.720 app[7811004c515d08] ord [info] INFO Preparing to run: `unshare --pid --fork --mount-proc perl -e $SIG{INT}=''; $SIG{TERM}=''; exec @ARGV; -- /s6-init` as root
2023-09-04T21:41:03.730 app[7811004c515d08] ord [info] INFO [fly api proxy] listening at /.fly/api
2023-09-04T21:41:03.735 app[7811004c515d08] ord [info] 2023/09/04 21:41:03 listening on [fdaa:2:f158:a7b:17a:f909:57f:2]:22 (DNS: [fdaa::3]:53)
2023-09-04T21:41:03.847 app[7811004c515d08] ord [info] [migrations] started
2023-09-04T21:41:03.854 app[7811004c515d08] ord [info] [migrations] 01-nginx-site-confs-default: executing...
2023-09-04T21:41:03.860 app[7811004c515d08] ord [info] [migrations] 01-nginx-site-confs-default: succeeded
2023-09-04T21:41:03.863 app[7811004c515d08] ord [info] [migrations] 02-default-location: executing...
2023-09-04T21:41:03.867 app[7811004c515d08] ord [info] grep: /config/nginx/site-confs/default.conf: No such file or directory
2023-09-04T21:41:03.867 app[7811004c515d08] ord [info] [migrations] 02-default-location: succeeded
2023-09-04T21:41:03.867 app[7811004c515d08] ord [info] [migrations] done
2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] usermod: no changes
2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ───────────────────────────────────────
2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ██╗ ███████╗██╗ ██████╗
2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ██║ ██╔════╝██║██╔═══██╗
2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ██║ ███████╗██║██║ ██║
2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ██║ ╚════██║██║██║ ██║
2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ███████╗███████║██║╚██████╔╝
2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ╚══════╝╚══════╝╚═╝ ╚═════╝
2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] Brought to you by linuxserver.io
2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ───────────────────────────────────────
2023-09-04T21:41:03.877 app[7811004c515d08] ord [info] To support the app dev(s) visit:
2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] Snipe-IT: https://snipeitapp.com/donate
2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] To support LSIO projects visit:
2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] https://www.linuxserver.io/donate/
2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] ───────────────────────────────────────
2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] GID/UID
2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] ───────────────────────────────────────
2023-09-04T21:41:03.879 app[7811004c515d08] ord [info] User UID: 911
2023-09-04T21:41:03.879 app[7811004c515d08] ord [info] User GID: 911
2023-09-04T21:41:03.879 app[7811004c515d08] ord [info] ───────────────────────────────────────
2023-09-04T21:41:03.912 app[7811004c515d08] ord [info] Setting resolver to fdaa::3
2023-09-04T21:41:03.914 app[7811004c515d08] ord [info] Setting worker_processes to 1
2023-09-04T21:41:03.923 app[7811004c515d08] ord [info] generating self-signed keys in /config/keys, you can replace these with your own keys if required
2023-09-04T21:41:04.031 app[7811004c515d08] ord [info] ...+......+.....+.+..+...+...+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+..+.........................+.....+.+..............+......+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+............+....+..+...................+...+..+....+..+.........+.+..+..........+......+......+...+...+........+.+...+...........+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2023-09-04T21:41:04.220 app[7811004c515d08] ord [info] ..........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+...............+......+..+.+..+.......+..+.........+......+......+...+....+...+........+......+.........+.........+...+.......+..+.............+......+......+......+..+............+.+.....+.......+...+........+....+...+...+..+...+..........+......+.........+..+.......+..................+........+..........+..............+.......+...+..+....+...........+...+.+..+.........+......+....+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2023-09-04T21:41:04.224 app[7811004c515d08] ord [info] -----
2023-09-04T21:41:04.264 app[7811004c515d08] ord [info] Generating SnipeIT app key for first run
2023-09-04T21:41:04.365 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:41:04.848 app[7811004c515d08] ord [info] App Key set to base64:NJ4B0oa2+//A5Pc8SbidKQeJmBy9Ir6I8Q9pYav2r10= you can modify the file to update /config/SNIPE_IT_APP_KEY.txt
2023-09-04T21:41:04.872 app[7811004c515d08] ord [info] [custom-init] No custom files found, skipping...
2023-09-04T21:41:04.884 app[7811004c515d08] ord [info] crond[266]: crond (busybox 1.35.0) started, log level 5
2023-09-04T21:41:04.895 app[7811004c515d08] ord [info] [ls.io-init] done.
2023-09-04T21:41:04.918 app[7811004c515d08] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:41:05.374 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
2023-09-04T21:41:05.928 app[7811004c515d08] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
hello Guys, I've been using this wonderful container " image: lscr.io/linuxserver/nginx:latest" but I needed it to have a sql:server driver and odbc sql server. I used the article below to try to install directly in the container but without success.
"https://learn.microsoft.com/en-us/sql/connect/php/installation-tutorial-linux-mac?view=sql-server-ver16"
could you add this feature?
[linuxserverurl]: https://linuxserver.io
[][linuxserverurl]
Seeing the following permission denied
during daily cron execution:
11/05/2023 02:00:00 AM error: failed to rename /config/log/nginx/access.log to /config/log/nginx/access.log.1: Permission denied
11/05/2023 02:00:00 AM error: failed to rename /config/log/php/error.log to /config/log/php/error.log.1: Permission denied
The default file ownership and permissions on these files are as follow:
$ tree -fugCip config/log/
[drwxr-xr-x 1000 1000 ] config/log
[-rw-r----- root root ] config/log/logrotate.status
[drwxr-xr-x root root ] config/log/nginx
[-rw-r--r-- root root ] config/log/nginx/access.log
[-rw-r--r-- root root ] config/log/nginx/error.log
[drwxr-xr-x root root ] config/log/php
[-rw------- root root ] config/log/php/error.log
The permission denied is observed due to logotate being executed as abc
user
Here are the logrotate configuration files (notice su abc abc
)
docker-baseimage-alpine-nginx: /root/etc/logrotate.d/nginx
/config/log/nginx/*.log {
weekly
rotate 14
compress
delaycompress
nodateext
notifempty
missingok
sharedscripts
postrotate
s6-svc -1 /run/service/svc-nginx
endscript
su abc abc
}
docker-baseimage-alpine-nginx: /root/etc/logrotate.d/php-fpm
/config/log/php/*.log {
rotate 7
weekly
missingok
notifempty
delaycompress
compress
nodateext
sharedscripts
postrotate
s6-svc -t /run/service/svc-php-fpm
endscript
su abc abc
}
Two approaches of fixing it that come to mind:
root
instead of abc
abc
userLogrotate should be able to do its job during daily cronjob execution.
error: failed to rename /config/log/nginx/access.log to /config/log/nginx/access.log.1: Permission denied
error: failed to rename /config/log/php/error.log to /config/log/php/error.log.1: Permission denied
- OS: Debian 12
- How docker service was installed: via upstream provided at https://download.docker.com/linux/debian
---
version: "2.1"
services:
nginx:
image: lscr.io/linuxserver/nginx:latest
container_name: nginx
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
volumes:
- /volume/nginx/config:/config
ports:
- 80:80
- 443:443
restart: unless-stopped
11/05/2023 02:00:00 AM error: failed to rename /config/log/nginx/access.log to /config/log/nginx/access.log.1: Permission denied
11/05/2023 02:00:00 AM error: failed to rename /config/log/php/error.log to /config/log/php/error.log.1: Permission denied
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.