I'm getting a directory index of "/src/" is forbidden error when setting up Docker Nginx configuration within Kubernetes. Here is the error from the Kubernetes logs.
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf is not a file or does not exist
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/03/11 02:23:24 [error] 23#23: *1 directory index of "/src/" is forbidden, client: 10.136.144.155, server: 0.0.0.0, request: "GET / HTTP/1.1", host: "10.42.3.4:80"
10.136.144.155 - - [11/Mar/2021:02:23:24 +0000] "GET / HTTP/1.1" 403 125 "-" "kube-probe/1.15"
My dockerfile to serve nginx for an Angular app is quite simple:
FROM nginx
RUN rm /etc/nginx/conf.d/default.conf
COPY ./nginx/conf.d /etc/nginx/
COPY dist /src
RUN ls /src
My nginx.conf file contains:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name 0.0.0.0;
root /src;
charset utf-8;
include h5bp/basic.conf; # eg https://github.com/h5bp/server-configs-nginx
include modules/gzip.conf;
location =/index.html {
include modules/cors.conf;
}
location / {
try_files $uri$args $uri$args/ /index.html;
}
}
}
The Kubernetes deployment is using a Quay image. Do you think my error could be in the dockerfile, the nginx.conf file, or both?
In Dockerfile copy line, you are copying conf.d to nginx folder, try to change that
FROM nginx
RUN rm /etc/nginx/conf.d/default.conf
COPY ./nginx/conf.d /etc/nginx/conf.d
COPY dist /src
RUN ls /src
I solved my error by changing my Angular build outputPath to "dist" rather than the default "dist/my-project" that was configured with the Angular installation.
"architect": {
"build": {
"builder": "#angular-devkit/build-angular:browser",
"options": {
"outputPath": "dist", // was previously "dist/my-project"
Related
I ahve a react app which I've deployed into a docker container, from the image nginx:alpine.
When I access the URL, I don't get anything when doing docker logs -f nginx for some reason. (basically, I think nginx doesn't catch any request) and the browser says "Unable to connect".
This is my first deployment so I might be doing something wrong :)
Here's the nginx entry from docker-compose
nginx:
container_name: best-nginx
build:
context: .
restart: always
image: nginx:alpine
volumes:
- ./nginx/default.conf:/etc/nginx/default.conf
- ./certs:/etc/nginx/certs
ports:
- "443:443"
default.conf
server {
root /usr/share/nginx/html;
index index.html index.htm index.nginx-debian.html;
server_name myservername.com;
location / {
try_files $uri $uri/ =404;
}
location /keycloak {
proxy_pass http://localhost:28080/;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/nginx/certs/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/nginx/certs/privkey.pem; # managed by Certbot
}
Dockerfile
# develop stage
FROM node:18-alpine as develop-stage
WORKDIR /app
COPY package*.json ./
COPY tsconfig.json ./
RUN npm install
COPY ./public ./public
COPY ./src ./src
# build stage
FROM develop-stage as build-stage
RUN npm run build
# production stage
FROM nginx:1.23.1-alpine as production-stage
COPY --from=build-stage /app/build /usr/share/nginx/html
CMD ["nginx", "-g", "daemon off;"]
docker logs -f nginx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2022/10/07 09:56:33 [notice] 1#1: using the "epoll" event method
2022/10/07 09:56:33 [notice] 1#1: nginx/1.23.1
2022/10/07 09:56:33 [notice] 1#1: built by gcc 11.2.1 20220219 (Alpine 11.2.1_git20220219)
2022/10/07 09:56:33 [notice] 1#1: OS: Linux 5.15.0-48-generic
2022/10/07 09:56:33 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/10/07 09:56:33 [notice] 1#1: start worker processes
2022/10/07 09:56:33 [notice] 1#1: start worker process 32
why does my nginx not catch any request and how can I fix it?
Thanks.
config mounted to wrong path should be under /etc/nginx/conf.d/
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
I use docker-compose and there are two containers, one for uwsgi and one for nginx. But it seems that nginx fails to connect uwsgi.
Here is the environment.
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal
$ docker --version
Docker version 20.10.3, build 48d30b5
$ docker-compose --version
docker-compose version 1.24.0, build 0aa59064
Strangely, if I login to the nginx container and try to connect to the uwsgi manually, it succeeds as follows.
$ docker-compose ps --service
python
nginx
$ docker-compose exec nginx /bin/bash
# curl python:8001
success!
However, when I try to access uwsgi via nginx, it fails.
# curl localhost:8000/s
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.3</center>
</body>
</html>
Here is my config. What is wrong with these? How can I fix this problem?
docker-compose.yml
version: '3'
services:
nginx:
image: nginx:1.15.3
ports:
- "80:8000"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./python/uwsgi_params:/etc/nginx/uwsgi_params
- .:/code
depends_on:
- python
python:
build: ./python
ports:
- "8001:8001"
volumes:
- ./proj:/code/proj
command: bash -c "ls -l && cd proj && pwd && uwsgi --http :8001 --module fargate.wsgi --logto uwsgilog.txt"
nginx/nginx.conf
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
upstream django {
server python:8001;
}
server {
listen 8000;
server_name localhost;
root /code/nginx/html;
charset utf-8;
include /etc/nginx/default.d/*.conf;
client_max_body_size 100M;
location /static {
alias /code/proj/static;
}
location ~ ^/s/(.*)$ {
uwsgi_pass django;
include /code/python/uwsgi_params;
uwsgi_param SCRIPT_NAME /s;
uwsgi_param PATH_INFO /$1;
}
}
}
python/Dockerfile
FROM python:3.6
ENV PYTHONUNBUFFERED 1
RUN mkdir /code
RUN mkdir /code/python
WORKDIR /code
ADD . /code/python/
RUN pip install -r python/requirements.txt
This is the docker-compose for nginx
nginx:
container_name: nginx
image: nginx
build:
context: ./dockerfile
dockerfile: nginx
volumes:
- type: bind
source: ./config/nginx/nginx.conf
target: /etc/nginx/nginx.conf
- type: bind
source: ./config/nginx/credentials.list
target: /etc/nginx/.credentials.list
- type: bind
source: /mnt/raid
target: /webdav
dockerfile
FROM nginx:latest
RUN apt-get update && apt-get install -y nginx-extras libnginx-mod-http-dav-ext
nginx.conf
worker_processes auto;
include /etc/nginx/modules-enabled/*.conf;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.0.0.0/8;
set_real_ip_from 192.168.0.0/16;
real_ip_header X-Real-IP;
gzip on;
server{
server_name _;
root /webdav;
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
dav_access user:rw group:r all:r;
client_body_temp_path /tmp;
client_max_body_size 0;
create_full_put_path on;
auth_basic realm_name;
auth_basic_user_file /etc/nginx/.credentials.list;
}
docker exec nginx ls -la / it shows drwxrwxr-x 12 nginx nginx 20 Jan 4 03:01 webdav
docker exec nginx id -u nginx shows 1000
1000 is the UID of host system user y2kbug. /mnt/raid is owned by 1000:1000.
drwxrwxr-x 12 y2kbug y2kbug 20 Jan 4 11:01 raid/
Going into the docker container, since it is root user by default, the mounted directory is writable. However, connecting with WebDav, the directory is readable, but not writable. Nginx log shows these
2021/01/04 03:20:32 [error] 29#29: *6 mkdir() "/webdav/test" failed (13: Permission denied), client: 10.0.0.7, server: _, request: "MKCOL /test/ HTTP/1.1", host: "10.0.0.10"
10.0.0.7 - y2kbug [04/Jan/2021:03:20:32 +0000] "MKCOL /test/ HTTP/1.1" 403 143 "-" "gvfs/1.46.1" "-"
10.0.0.7 - y2kbug [04/Jan/2021:03:20:32 +0000] "PROPFIND /test HTTP/1.1" 404 143 "-" "gvfs/1.46.1" "-"
May I know what I am doing wrong?
Thanks.
adding user nginx; onto nginx.conf solved the problem.
Trying to set up an HTTPS server using NGINX and DOCKER. Keep getting the same error while checking nginx configuration file nginx -t:
2020/11/13 13:37:52 [emerg] 6#6: cannot load certificate "/etc/nginx/certs/cert.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/cert.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: [emerg] cannot load certificate "/etc/nginx/certs/cert.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/cert.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file) nginx: configuration file /etc/nginx/nginx.conf test failed
Tried copying certs dir into etc/nginx in Dockerfile and it didn't work:
Dockerfile
FROM node:latest as build-stage
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY ./ .
RUN npm run build
FROM nginx as production-stage
RUN mkdir /app
COPY --from=build-stage /app/dist /app
COPY certs /etc/nginx
COPY nginx.conf /etc/nginx/nginx.conf
RUN nginx -t
Tried setting up docker volumes as well and still the same error.
nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
server {
listen 80 default_server;
server_name test;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name test;
ssl_certificate certs/cert.crt;
ssl_certificate_key certs/cert.key;
location / {
root /app;
index index.html;
try_files $uri $uri/ /index.html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
}
P.S. Permissions of the certs are set to 444
chmod -R 444 certs
I have a web project that I want to deploy using docker-compose and nginx.
Locally, I:
docker-compose build
docker-compose push
If I docker-compose up, I can access localhost/ and get redirected to my index.html.
Now on my ec2 instance (a regular ec2 instance where I installed docker and docker-compose) I docker-compose pull, then docker-compose up.
All the containers launch correctly and I can exec sh into my nginx container and see there's a /facebook/index.html file.
If I go to [instance_ip]/index.html, everything works as expected.
If I go to [instance_ip]/, I get a 404 response.
nginx receives the request (I see it in the access logs) but does not redirect to index.html.
Why is the index directive not able to redirect to my index.html file?
I tried to:
Reproduce locally by remove all local images and pulling from my registry.
Kill my ec2 instance and launch a new one.
But I got the same result.
I'm using docker-compose 1.11.1 and docker 17.05.0. On the ec2 instance it's docker 17.03.1 and I tried both docker-compose 1.11.1 and 1.14.1 (Sign that I'm a bit desperate ;)).
An extract from my docker-compose file:
nginx:
image: [image from registry]
build:
context: ./
dockerfile: deploy/nginx.dockerfile
ports:
- "80:80"
depends_on:
- web
My nginx image starts from alpine, installs nginx, adds the index.html file and copies my conf file in /etc/nginx/nginx.conf.
Here's my nginx config. I checked that it is present on the running containers (both locally and on ec2).
# prevent from exiting when using `run` to launch container
daemon off;
worker_processes auto;
#
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
sendfile off;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
server {
error_log /var/log/nginx/file.log debug;
listen 80 default_server;
# root /home/domain.com;
# Bad developers use underscore in headers.
underscores_in_headers on;
# root should be out of location block
root /facebook;
location / {
index index.html;
# autoindex on;
try_files $uri #app;
}
location #app {
include uwsgi_params;
# Using docker-compose linking, the nginx docker-compose service depends on a 'web' service.
uwsgi_pass web:3033;
}
}
}
I have no idea why the container is behaving differently on the ec2 instance.
Any pointers appreciated!