I am trying to launch my server with the SSL protocol, however I receive a big error message
"400 Bad Requests
The plain HTTP request was sent to HTTPS port
nginx/1.14.2"
I tried solutions like "ssl off" in the configuration file, but nothing changes, does anyone see a fault in my files?
server {
listen 443 ssl;
root /usr/share/nginx/html;
index index.html index.htm;
server_name example;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_certificate /etc/nginx/ssl/example.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
location / {
try_files $uri $uri/ =404;
}
}
And the Docker file :
FROM debian:buster
RUN apt-get -y update \
&& apt-get -y install nginx \
&& apt-get install openssl
RUN mkdir /etc/nginx/ssl
RUN openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes \
-keyout /etc/nginx/ssl/example.key \
-out /etc/nginx/ssl/example.crt \
-subj "/C=FR/ST=IDF/L=Paris/O=42/OU=42/CN=example/UID=example"
COPY conf/default /etc/nginx/sites-enabled/default
EXPOSE 443
CMD ["nginx", "-g", "daemon off;"]
Related
I tried to learn a (even though a bit outdated) form of linking containers. I created an NGINX and PHP container, which should get linked. Everything runs on my local machine.
Dockerfile NGINX
FROM ubuntu:16.04
MAINTAINER Sebastian Scharf
# Install NGINX
RUN apt-get update && apt-get install -y nginx \
# Clean after apt-get
&& apt-get clean \
## remove content from apt/lists and var/tmp
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
## set deamon off
&& echo "daemon off;" >> /etc/nginx/nginx.conf
ADD default /etc/nginx/sites-available/default
# forward request and error logs to docker log collector
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
CMD ["nginx"]
Dockerfile PHP
FROM ubuntu:16.04
MAINTAINER Sebastian Scharf
RUN apt-get update \
&& apt-get install -y locales \
&& locale-gen en_US.UTF-8
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
RUN apt-get update \
&& apt-get install -y curl zip unzip git software-properties-common \
&& add-apt-repository -y ppa:ondrej/php \
&& apt-get update \
&& apt-get install -y php7.0-fpm php7.0-cli php7.0-mcrypt php7.0-gd php7.0-mysql \
php7.0-pgsql php7.0-imap php-memcached php7.0-mbstring php7.0-xml php7.0-curl \
&& php -r "readfile('http://getcomposer.org/installer');" | php -- --install-dir=/usr/bin/ --filename=composer \
&& mkdir /run/php \
&& apt-get remove -y --purge software-properties-common \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
ADD php-fpm.conf /etc/php/7.0/fpm/php-fpm.conf
ADD www.conf /etc/php/7.0/fpm/pool.d/www.conf
EXPOSE 9000
CMD ["php-fpm7.0"]
NGINX CONFIG
server {
listen 8080 default_server;
root /var/www/html/public;
index index.html index.htm index.php;
server_name _;
charset utf-8;
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; }
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass php:9000;
}
error_page 404 /index.php;
location ~ /\.ht {
deny all;
}
}
When I call localhost:8080, I get the error: This page isn't working (localhost didn't send any data). I was expecting to see a test file.
This is how I started the containers and linked them:
docker run -d --name=myphp -v $(pwd)/application:/var/www/html retronexus/php:0.1.0
docker run -d --link=myphp:php -p 8080:80 -v $(pwd)/application:/var/www/html retronexus/nginx:0.2.0
Nginx in your container listens on port 8080, but you are binding port 80 from the container to 8080 on the host. Switch to binding 8080 from the container.
docker run -d \
--link=myphp:php \
-p 8080:8080 \
-v $(pwd)/application:/var/www/html \
retronexus/nginx:0.2.0
See here for more details: https://docs.docker.com/config/containers/container-networking/#published-ports
I have the following Dockerfile that i have set up to use a new user rather than using root for my nginx server. The nginx server is built upon Redhat UBI image.
The image builds fine, however when I run the container I get the following error: nginx: [nginx: [emerg] open() "/run/nginx.pid" failed (13: Permission denied)
Below is my dockerfile.
USER root
RUN microdnf --setopt=tsflags=nodocs install -y nginx procps shadow-utils net-tools ca-certificates dirmngr gnupg wget vim\
&& microdnf clean all \
&& rpm -q procps-ng
ENV NGINX_USER="api-gatway" \
NGINXR_UID="8987" \
NGINX_GROUP="api-gatway" \
NGINX_GID="8987"
RUN set -ex; \
groupadd -r --gid "$NGINX_GID" "$NGINX_GROUP"; \
useradd -r --uid "$NGINXR_UID" --gid "$NGINX_GID" "$NGINX_USER"
COPY nginx.conf /etc/nginx/nginx.conf
RUN mkdir -p /var/lib/nginx/tmp /var/log/nginx \
&& chown -R api-gatway:api-gatway /var/lib/nginx /var/log/nginx \
&& chmod -R 755 /var/lib/nginx /var/log/nginx
EXPOSE 1080
USER api-gatway
CMD ["nginx", "-g", "daemon off;"]
When i build the image, it builds without any errors, but when i deploy on my K8 cluster using helm, it gives me the following errors.
nginx: [emerg] open() "/run/nginx.pid" failed (13: Permission denied)
Here is my nginx.conf file that I have set up
worker_processes 1;
error_log /tmp/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
server {
listen 1080;
server_name localhost 127.0.0.1;
access_log /tmp/access.log;
client_max_body_size 0;
set $allowOriginSite *;
proxy_pass_request_headers on;
proxy_pass_header Set-Cookie;
# External settings, do not remove
#ENV_ACCESS_LOG
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_set_header X-Forwarded-Proto $scheme;
location /search/ {
proxy_pass http://*******-svc:8983/***/;
}
location /auth/ {
proxy_pass http://********:8080;
}
location /mapbox {
rewrite ^/mapbox(.*)https://****$1 break;
}
}
}
How can I fix nginx: [emerg] open() "/var/run/nginx.pid" failed (13: Permission denied) and what have i done wrong in my configurations?
UPDATE
In order to fix my "/var/run/nginx.pid" permission denied error.
I had to add nginx.pid permission errors inside my dockerfile for the new user to work.
Below are the changes i made in my dockerfile
RUN touch /run/nginx.pid \
&& chown -R api-gatway:api-gatway /run/nginx.pid /cache/nginx
I'm setting up a docker stack for a Symfony 4 application with Nginx and PHP 7. I need advice for my docker stack because i met one problem : every changes in a PHP file (a controller, a repository, an entity etc...) aren't displayed. Each time, i need to down ma docker stack and restart to see the changes, even for a simple dump().
I verified OPCache is enabled and configured like in Symfony documentation.
I think the problem is in my docker stack.
This is docker-compose.yml :
version: '2.2'
services:
# PHP
php:
build:
context: docker/php7-fpm
args:
TIMEZONE: ${TIMEZONE}
container_name: dso_php
volumes:
- ".:/var/www/myproject:rw,cached"
- "./docker/php7-fpm/www.conf:/usr/local/etc/php-fpm.d/www.conf"
- "./docker/php7-fpm/php.ini:/usr/local/etc/php/conf.d/030-custom.ini"
env_file:
- .env
working_dir: /var/www/myproject
# NGINX
nginx:
build:
context: docker/nginx
args:
NGINX_HOST: ${NGINX_HOST}
container_name: dso_nginx
ports:
- 80:80
depends_on:
- php
volumes:
- ".:/var/www/myproject:cached"
- ./logs/nginx/:/var/log/nginx
env_file:
- .env
environment:
- NGINX_HOST=${NGINX_HOST}
I build my own Dockerfile for PHP and Nginx:
First PHP, here the Dockerfile :
FROM php:7.2-fpm
MAINTAINER HamHamFonFon <balistik.fonfon#gmail.com>
USER root
# Utils
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y curl less vim libpq-dev wget gnupg libicu-dev libpng-dev zlib1g-dev sudo wget \
&& docker-php-ext-install mysqli \
&& docker-php-ext-install pdo_mysql \
&& docker-php-ext-install intl \
&& docker-php-ext-install opcache \
&& docker-php-ext-install zip \
&& docker-php-ext-install gd
RUN apt-get install -y zip unzip
# Install Composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
&& composer --version
# npm & node
RUN curl -sL https://deb.nodesource.com/setup_9.x | bash
RUN apt-get install -y nodejs npm \
&& update-alternatives --install /usr/bin/node node /usr/bin/nodejs 10
# build tools
RUN apt-get install -y build-essential
# yarn package manager
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
&& echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
# Git
RUN apt-get install -y git
# bugfix: remove cmdtest to install yarn correctly.
RUN apt-get remove -y cmdtest
RUN apt-get update
RUN apt-get install -y yarn
# Clear archives in apt cache folder
RUN apt-get clean && rm -rf /var/lib/apt/lists/*
COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint
RUN chmod +x /usr/local/bin/docker-entrypoint
ENTRYPOINT ["docker-entrypoint"]
php.ini :
; General settings
date.timezone = Europe/Paris
xdebug.max_nesting_level=500
short_open_tag = Off
memory_limit="512M"
; Error reporting optimized for production (http://www.phptherightway.com/#error_reporting)
display_errors = Off
display_startup_errors = Off
error_reporting = E_ALL
log_errors = On
error_log = /var/log/php-app/error.log
apc.enable_cli = 1
# http://symfony.com/doc/current/performance.html
opcache.interned_strings_buffer = 16
opcache.memory_consumption = 256
opcache.max_accelerated_files = 20000
opcache.validate_timestamps=0
; maximum memory allocated to store the results
realpath_cache_size=4096K
; save the results for 10 minutes (600 seconds)
realpath_cache_ttl=600
And www.conf (i have removed in this exemple all commented lines) :
[www]
user = site
listen = [::]:9000
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
php_admin_value[upload_max_filesize] = 50M
php_admin_value[post_max_size] = 50M
Now, for nginx :
First, Dockerfile :
FROM debian:jessie
ARG NGINX_HOST
MAINTAINER HamHamFonFon <balistik.fonfon#gmail.com>
# Install nginx
RUN apt-get update && apt-get install -y nginx
# Configure Nginx
ADD nginx.conf /etc/nginx/
ADD symfony.conf /etc/nginx/conf.d/
RUN sed "/server_name nginx_host;/c\ server_name ${NGINX_HOST};" -i /etc/nginx/conf.d/symfony.conf
RUN echo "upstream php-upstream { server php:9000; }" > /etc/nginx/conf.d/upstream.conf
RUN usermod -u 1000 www-data
# Run Nginx
CMD ["nginx"]
# Expose ports
EXPOSE 80
nginx.conf :
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 2048;
multi_accept on;
use epoll;
}
http {
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 15;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log off;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
open_file_cache max=100;
client_body_temp_path /tmp 1 2;
client_body_buffer_size 256k;
client_body_in_file_only off;
}
daemon off;
And finally, symfony.conf :
server {
listen 80;
listen [::]:80;
server_name nginx_host;
client_max_body_size 20M;
root /var/www/deep-space-objects/public;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ ^/(index)\.php(/|$) {
fastcgi_pass php-upstream;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
location ~ \.php$ {
return 404;
}
error_log /var/log/nginx/symfony_error.log;
access_log /var/log/nginx/symfony_access.log;
}
In Dockerfile, the command "sed" replace "nginx_host" by the server name i declare in .env file.
My problem looks like this one : Docker with Symfony 4 - Unable to see the file changes but i have verified the OPCache configuration.
How can i check if nginx and php communicate ? Are there some badthings in my stack i can improve ?
Thank you, i don't know how to looking for.
I am trying to get the SMW running in a Docker container. I get the
main page up, but it will not let me log in. It says:
Login error
Knowledgebase uses cookies to log in users. You have cookies disabled.
Please enable them and try again.
My browser does have cookies enabled.
Anyone here run SMW in Docker and/or have a clue on how I can fix this issue?
Dockerfile:
FROM centos:centos7
ENV HOME /opt/smw
ADD . $HOME
RUN chmod 777 $HOME
# Add the ngix and PHP dependent repository
ADD nginx.repo /etc/yum.repos.d/nginx.repo
# Installing packages
RUN yum -y install nginx
# Installing PHP
RUN yum -y --enablerepo=remi,remi-php56 install nginx php-fpm php-common php-mysql php-xml
# Installing MySQL
RUN yum -y install wget && \
wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && \
rpm -ivh mysql-community-release-el7-5.noarch.rpm && \
yum -y update && \
yum -y install mysql-server
# Installing supervisor
RUN yum install -y python-setuptools
RUN easy_install pip
RUN pip install supervisor
# Adding the configuration file of the nginx
ADD nginx.conf /etc/nginx/nginx.conf
ADD default.conf /etc/nginx/conf.d/default.conf
# Adding the configuration file of the Supervisor
ADD supervisord.conf /etc/
# Config MySQL
RUN chmod 755 $HOME/config_mysql.sh
RUN $HOME/config_mysql.sh
VOLUME ["/opt/smw"]
VOLUME ["/var/lib/mysql"]
EXPOSE 80
CMD ["/opt/smw/run.sh"]
supervisord.conf:
[supervisord]
;logfile=/var/log/supervisor/supervisord-nobody.log ; (main log file;default $CWD/supervisord.log)
;logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB)
;logfile_backups=10 ; (num of main logfile rotation backups;default 10)
;loglevel=info ; (log level;default info; others: debug,warn,trace)
;pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
nodaemon=true ; (start in foreground if true;default false)
;user=nobody
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[program:php5-fpm]
command=/usr/sbin/php-fpm -c /etc/php-fpm.d
numprocs=1
autostart=true
autorestart=true
[program:php5-fpm-log]
command=tail -f /var/log/php5-fpm.log
stdout_events_enabled=true
stderr_events_enabled=true
[program:nginx]
command=/usr/sbin/nginx
numprocs=1
autostart=true
autorestart=true
nginx config:
server {
listen 80;
root /opt/smw;
index index.html index.htm index.php;
# Make site accessible from http://set-ip-address.xip.io
server_name localhost;
access_log /var/log/nginx/localhost.com-access.log;
error_log /var/log/nginx/localhost.com-error.log error;
charset utf-8;
location / {
try_files $uri $uri/ /index.html /index.php?$query_string;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Deny .htaccess file access
location ~ /\.ht {
deny all;
}
Instead of installing remi-php56 I installed just plain php and then I did not have the issue.
I'm having trouble enabling https in my application. I managed to make it work without ssl, but after trying out other tutorials, none seem to have worked for me. I'll try keep the code short and share the most important parts.
Dockerfile
FROM phusion/passenger-customizable
RUN apt-get update && apt-get install -y \
dialog \
net-tools \
build-essential \
wget \
libpq-dev \
git \
nginx nginx-extras\
rsync \
bzip2 \
&& apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
RUN rm -f /etc/service/nginx/down
RUN rm /etc/nginx/sites-enabled/default
ADD config/nginx/nginx.conf /etc/nginx/sites-enabled/nginx.conf
ADD config/nginx/fullchain.pem /etc/nginx/ssl/fullchain.pem
ADD config/nginx/privkey.pem /etc/nginx/ssl/privkey.pem
ADD config/nginx/rails-env.conf /etc/nginx/main.d/rails-env.conf
ADD config/nginx/postgres-env.conf /etc/nginx/main.d/postgres-env.conf
docker-compose.yml
web-production: &web-production
<<: *web
ports:
- '80:80'
- '443:443'
expose:
- '80'
- '443'
command: passenger start -p 443 -b '0.0.0.0'
environment:
RACK_ENV: production
RAILS_ENV: production
nginx.conf
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 ssl;
passenger_app_env production;
passenger_enabled on;
passenger_user app;
passenger_ruby /usr/bin/ruby2.3;
ssl_certificate "/etc/nginx/ssl/fullchain.pem";
ssl_certificate_key "/etc/nginx/ssl/privkey.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
ssl_prefer_server_ciphers on;
}
application.rb
config.middleware.use Rack::SslEnforcer, :only_environments => ['production', /^QA/]
I generated my certificates using certbot.
My current stack:
Docker/Compose
Rails 4.2
Ruby 2.3
Nginx