0

I am facing behaviour differences between docker run and docker-compose when running my own docker image which runs Laravel with php-fpm and Nginx.

When deployed with docker run I am able to reach the connection page and the whole website is working.

When deployed with docker-compose I can access the page and a white page is returned (I guess no return except a 200 code, something like that).

docker run command

docker run -i \
-v /etc/letsencrypt/archive/FOLDER_XXX:/etc/letsencrypt/live/FOLDER_XXX \
--env-file ./env \
-p 443:443 \
-p 80:80 \
-t DOCKER_IMAGE_XXX

docker-compose.yaml

version: '3.1'
services:
  tata:
    image: DOCKER_IMAGE_XXX
    restart: always
    ports:
      - 443:443
      - 80:80
    volumes:
      - /etc/letsencrypt/archive/FOLDER_XXX:/etc/letsencrypt/live/FOLDER_XXX
    env_file:
      - ./env

The environment file is the same as I am running the docker run command from the same directory.

Nginx access logs from docker run, which redirects you to /login when you reach /:

IP_XXXX - - [14/Dec/2021:14:44:37 +0000] "GET / HTTP/1.1" 302 490 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36"
IP_XXXX - - [14/Dec/2021:14:44:37 +0000] "GET /login HTTP/1.1" 200 13118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36"

Nginx access logs from docker-compose up:

IP_XXXX - - [14/Dec/2021:14:10:25 +0000] "GET / HTTP/1.1" 200 31 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36"

My docker image has an entrypoint script that looks like:

#!/bin/bash
cat $1 | DOLLAR='$' envsubst > /etc/nginx/sites-available/SOME_CONF.conf
cd /etc/nginx/sites-enabled/
ln -s ../sites-available/SOME_CONF.conf .
cd /opt/customer-website/
service php7.4-fpm restart
env > /opt/customer-website/.env
nginx -g "daemon off;"

nginx.conf

server {
    listen 80;
    server_name *.${URL_PREFIX}.SOME_URL_XXX.com;
    return 301 https://${DOLLAR}host${DOLLAR}request_uri;
}

server {
    listen 443 ssl;
    server_name *.${URL_PREFIX}.SOME_URL_XXX.com;
    root /opt/customer-website/public;


    ssl_certificate ${SSL_CERTIFICATE};
    ssl_certificate_key ${SSL_CERTIFICATE_KEY};
    ssl_session_cache shared:le_nginx_SSL:10m;
    ssl_session_timeout 1440m;
    ssl_session_tickets off;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;

    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

    fastcgi_read_timeout 300;
    proxy_read_timeout 300;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.php;

    charset utf-8;

    location / {
        try_files ${DOLLAR}uri ${DOLLAR}uri/ /index.php?${DOLLAR}query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php${DOLLAR} {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME ${DOLLAR}realpath_root${DOLLAR}fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}
Khinza
  • 31
  • 4
  • 1
    You said your solution is based on php-fpm and Nginx; should there be two separate containers there? There's a couple of small differences between the two setups (the `docker run` command has `-it` options, the Compose setup in effect has `--network somename_default`) but I wouldn't expect those to matter. What does the Nginx configuration look like? – David Maze Dec 14 '21 at 15:50
  • Yes there might be a design issue, but I don't think it is related with the problem I'm facing right now ? I could try to run 2 distinguished containers (one with nginx and one with php-fpm) as you said. I just edited the post with the nginx config file – Khinza Dec 14 '21 at 16:02
  • I tried to remove `-it` options but as you said, it's not related... – Khinza Dec 15 '21 at 10:06

1 Answers1

1

The main difference between docker-compose and docker run is that docker-compose uses YAML. And YAML does interpret quotes and double quotes, which is something that isn't done with docker run.

I needed to escape few quotes in my env file, now I have the same behaviour on both.

Khinza
  • 31
  • 4
  • The `docker run` subcommand has problems with environment variables with quotes and double quotes, as it does not accept *env files* formatted as valid BASH ("Shell") scripts. If this is your case, this answer may interest you https://stackoverflow.com/a/75237297/3223785 . – Eduardo Lucio Jan 25 '23 at 16:57