0

I need to extend a base image (jwilder/nginx-proxy) because I need to add some additional configuration to that image.

Some of these configuration changes need to be done during the container's runtime, before the logic of the base image starts.

The way that I have implemented that runtime configuration is by creating a custom ENTRYPOINT file that first does all my custom work and then starts the base image's entrypoint.

My entrypoint looks like this:

#!/bin/bash

# my custom logic here

echo "Executed custom logic."

# default jwilder/nginx entrypoint
/app/docker-entrypoint.sh "$@"

Currently, this does not work because "$@" resolves to nothing. My custom Dockerfile does not set a custom CMD, only the ENTRYPOINT.

Is there a reason why this does not work? I would have hoped that the base images's CMD remains set and is passed to my ENTRYPOINT. Otherwise I need to copy the base image's CMD which is prone to errors if that CMD ever changes.

Lehks
  • 2,582
  • 4
  • 19
  • 50

2 Answers2

3

From the docs

If CMD is defined from the base image, setting ENTRYPOINT will reset CMD to an empty value. In this scenario, CMD must be defined in the current image to have a value.

This goes for CMD as well. CMD and ENTRYPOINT resets any CMD or ENTRYPOINT values from the base image.

You have to set it yourself again.

If you're concerned about the value changing - and the base image is under your control - you could set an environment variable instead and use that.

Hans Kilian
  • 18,948
  • 1
  • 26
  • 35
  • That is quite unfortunate. I do not have control over the base image. – Lehks Apr 29 '22 at 09:23
  • OTOH, it would also be a shaky assumption that if the CMD in the base image changes, that the ENTRYPOINT wouldn't need to be changed/updated at the same time. – Hans Kilian Apr 29 '22 at 09:27
  • That is true. However, I have not copied the entrypoint file. I have simply created my own that calls the base image's entrypoint file. So problems only arise if and when the location of that entrypoint file changes. – Lehks Apr 29 '22 at 15:17
0

Given that the CMD from the base would be removed as noted in the builder reference. The CMD could be included in your Dockerfile along with your new ENTRYPOINT.

https://hub.docker.com/layers/jwilder/nginx-proxy/latest/images/sha256-876a1df7bf88bb801cef813b276e4ee8c1861fca4c47cfaaeb2e7d3a087c4360?context=explore indicates that the CMD would be CMD ["forego" "start" "-r"].

Example Dockerfile:

FROM jwilder/nginx-proxy:latest

COPY /new-entrypoint.sh /app

ENTRYPOINT ["/app/new-entrypoint.sh"]
CMD ["forego", "start", "-r"]

should produce:

docker build -t test -f Dockerfile .
docker run -v /var/run/docker.sock:/tmp/docker.sock:ro test | head

Executed custom logic.
Info: running nginx-proxy version 1.3.1-34-gc430825
Setting up DH Parameters..
Warning: TRUST_DOWNSTREAM_PROXY is not set; defaulting to "true". For security, you should explicitly set TRUST_DOWNSTREAM_PROXY to "false" if there is not a trusted reverse proxy in front of this proxy.
Warning: The default value of TRUST_DOWNSTREAM_PROXY might change to "false" in a future version of nginx-proxy. If you require TRUST_DOWNSTREAM_PROXY to be enabled, explicitly set it to "true".
forego      | starting dockergen.1 on port 5000
forego      | starting nginx.1 on port 5100
nginx.1     | 2023/07/20 23:50:39 [notice] 21#21: using the "epoll" event method
nginx.1     | 2023/07/20 23:50:39 [warn] 21#21: 10240 worker_connections exceed open file resource limit: 1024
nginx.1     | nginx: [warn] 10240 worker_connections exceed open file resource limit: 1024
nginx.1     | 2023/07/20 23:50:39 [notice] 21#21: nginx/1.25.1
nginx.1     | 2023/07/20 23:50:39 [notice] 21#21: built by gcc 12.2.0 (Debian 12.2.0-14)

Also, as per https://docs.docker.com/engine/reference/commandline/run/ we can use --entrypoint with the docker run command to override the default ENTRYPOINT in the Dockerfile and then provide the CMD at the end of the docker run command.

Example: Dockerfile

FROM jwilder/nginx-proxy:latest

COPY /new-entrypoint.sh /app

should produce:

docker run --entrypoint /app/new-entrypoint.sh -v /var/run/docker.sock:/tmp/docker.sock:ro test forego start -r | head
Executed custom logic.
Info: running nginx-proxy version 1.3.1-34-gc430825
Setting up DH Parameters..
Warning: TRUST_DOWNSTREAM_PROXY is not set; defaulting to "true". For security, you should explicitly set TRUST_DOWNSTREAM_PROXY to "false" if there is not a trusted reverse proxy in front of this proxy.
Warning: The default value of TRUST_DOWNSTREAM_PROXY might change to "false" in a future version of nginx-proxy. If you require TRUST_DOWNSTREAM_PROXY to be enabled, explicitly set it to "true".
forego      | starting dockergen.1 on port 5000
forego      | starting nginx.1 on port 5100
nginx.1     | 2023/07/20 23:53:55 [notice] 22#22: using the "epoll" event method
nginx.1     | 2023/07/20 23:53:55 [warn] 22#22: 10240 worker_connections exceed open file resource limit: 1024
nginx.1     | nginx: [warn] 10240 worker_connections exceed open file resource limit: 1024
nginx.1     | 2023/07/20 23:53:55 [notice] 22#22: nginx/1.25.1
nginx.1     | 2023/07/20 23:53:55 [notice] 22#22: built by gcc 12.2.0 (Debian 12.2.0-14)
treedust
  • 137
  • 2
  • 13