Im trying to build a new base image with s6-overlay that includes PHP-FPM and Nginx. Overall the image is running fine and both processes are running. However when i log into the container i am root which is something that i overall do not want. At this point the container is running nginx as nginx and the php-fpm pool is running as user app which has its own user/group on 1000:1000.
However when i add USER app to my Dockerfile below error is showing:
app_1 | s6-rc: info: service nginx: starting
app_1 | s6-rc: info: service s6rc-oneshot-runner: starting
app_1 | s6-rc: info: service nginx successfully started
app_1 | nginx: [alert] could not open error log file: open() "/var/lib/nginx/logs/error.log" failed (13: Permission denied)
app_1 | s6-rc: info: service s6rc-oneshot-runner successfully started
app_1 | s6-rc: info: service fix-attrs: starting
app_1 | 2022/03/14 11:20:50 [warn] 37#37: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
app_1 | 2022/03/14 11:20:50 [emerg] 37#37: mkdir() "/var/lib/nginx/tmp/client_body" failed (13: Permission denied)
app_1 | SERVICE ENDED: nginx-service
app_1 | s6-rc: info: service fix-attrs successfully started
app_1 | s6-rc: info: service legacy-cont-init: starting
app_1 | s6-rc: info: service legacy-cont-init successfully started
app_1 | s6-rc: info: service legacy-services: starting
app_1 | s6-rc: info: service legacy-services successfully started
app_1 | nginx: [alert] could not open error log file: open() "/var/lib/nginx/logs/error.log" failed (13: Permission denied)
app_1 | 2022/03/14 11:20:51 [warn] 65#65: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
app_1 | 2022/03/14 11:20:51 [emerg] 65#65: mkdir() "/var/lib/nginx/tmp/client_body" failed (13: Permission denied)
app_1 | SERVICE ENDED: nginx-service
Is there a way to resolve this?
This is my Dockerfile at the moment:
FROM php:8.1-fpm-alpine
# Install root packages
RUN apk -U upgrade && apk add --no-cache \
curl \
nginx \
tzdata \
&& addgroup -g 1000 -S app \
&& adduser -u 1000 -G app -S app \
&& rm -rf /var/cache/apk/* /etc/nginx/conf.d/* /usr/local/etc/php-fpm.d/*
# Add S6 Overlay
COPY files/s6-overlay files/general /
# # Add composer
COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
# Add extension installer
COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
RUN install-php-extensions opcache
# Set the correct permissions for /app
RUN chown -R app:app /app
# Set default paths and startup
WORKDIR /app
ENTRYPOINT ["/init"]
EXPOSE 80
HEALTHCHECK --interval=5s --timeout=5s CMD curl -f http://127.0.0.1/php-fpm-ping || exit 1
The actual S6 overlay is copied from the files folder.
Pim
