docker-compose build fail with file not found - docker

I would like to ask a question regarding the docker-compose.yml and Dockerfile.
Following is the situation I have met.
I first use docker image build (docker image build -t test .) and docker run (docker run -p 8888:8080 -p 8889:8009 8883:8443 -v tomcat8:/usr/local/tomcat8 --name test test) to test whether my Dockerfile is ready to go, and it is working.
Dockerfile
FROM ubuntu:latest
ENV HOME /usr/local/tomcat8
RUN apt-get -y update && apt-get -y install unzip wget openjdk-8-jdk
COPY ./installERDDAP.sh $HOME/installERDDAP.sh
COPY . $HOME/
RUN chmod +x $HOME/installERDDAP.sh
WORKDIR $HOME
RUN ./installERDDAP.sh
EXPOSE 8080 8443 8009
CMD ["catalina.sh","run"]
So that I script the docker-compose.yml, like below
docker-compose.yml
version: '3'
services:
erddap:
build:
context: ./
dockerfile: Dockerfile
image: erddap_dev:2.02
container_name: erddap
restart: always
ports:
- "8888:8080"
- "8883:8443"
- "8889:8009"
volumes:
- ./tomcat8:/usr/local/tomcat8
However, the error message popup and said that the file catalina.sh does not exist. When I get into the container, well, that is true. There are no files existed. But if I put RUN ls -la in the Dockerfile, I do see the files are listed, like below.
Step 12/14 : RUN ls -la
---> Running in fed4870bd617
total 176
drwxr-xr-x. 1 root root 4096 Sep 11 20:08 .
drwxr-xr-x. 1 root root 21 Sep 11 20:08 ..
drwxrwxr-x. 8 root root 166 Sep 11 19:31 .git
-rw-rw-r--. 1 root root 12 Sep 11 07:50 .gitignore
-rw-r--r--. 1 root root 165 Sep 11 20:08 .wget-hsts
-rw-r-----. 1 root root 19318 Jun 30 21:53 BUILDING.txt
-rw-r-----. 1 root root 5408 Jun 30 21:53 CONTRIBUTING.md
-rw-rw-r--. 1 root root 640 Sep 11 20:03 Dockerfile
-rw-r-----. 1 root root 57011 Jun 30 21:53 LICENSE
-rw-r-----. 1 root root 1726 Jun 30 21:53 NOTICE
-rw-r-----. 1 root root 3255 Jun 30 21:53 README.md
-rw-r-----. 1 root root 7136 Jun 30 21:53 RELEASE-NOTES
-rw-r-----. 1 root root 16262 Jun 30 21:53 RUNNING.txt
drwxr-x---. 2 root root 4096 Sep 11 20:08 bin
-rwxr-x---. 2 root root 25245 Jun 30 21:50 catalina.sh
drwx------. 2 root root 238 Jun 30 21:53 conf
drwxr-xr-x. 3 root root 20 Sep 11 20:08 content
drwxr-xr-x. 2 root root 6 Sep 11 20:08 data
drwxrwxr-x. 5 root root 44 Sep 11 03:46 doc
-rw-rw-r--. 1 root root 320 Sep 11 19:49 docker-compose.yml
-rwxrwxr-x. 1 root root 1030 Sep 11 19:41 installERDDAP.sh
drwxr-x---. 2 root root 4096 Sep 11 20:08 lib
drwxr-x---. 2 root root 6 Jun 30 21:49 logs
drwxr-xr-x. 2 root root 66 Sep 11 20:08 tarz
drwxr-x---. 2 root root 30 Sep 11 20:08 temp
drwxrwxr-x. 4 root root 29 Sep 11 19:41 tomcat8
drwxr-x---. 7 root root 99 Sep 11 20:08 webapps
drwxr-x---. 2 root root 6 Jun 30 21:49 work
Removing intermediate container fed4870bd617
Interestingly, these files are not also showing up in my volume directory. Could please someone tells me where am I wrong?
Thanks
1st Updates:
According to the suggestion below, if I commended out the volumes within docker-compose.yml or if I added WORKDIR / in front of the CMD command, none of them are working.
If I modified CMD commend in Dockfile from CMD ["catalina.sh","run"] to CMD ["./catalina.sh","run"] is not working, too. But if I changed to CMD ["/usr/local/tomcat8/catalina.sh","run"], the build process is completed. But the errors than become
Attaching to erddap
erddap | Cannot find /usr/local/bin/setclasspath.sh
erddap | This file is needed to run this program
erddap | Cannot find /usr/local/bin/setclasspath.sh
erddap | This file is needed to run this program
erddap | Cannot find /usr/local/bin/setclasspath.sh
erddap | This file is needed to run this program
erddap | Cannot find /usr/local/bin/setclasspath.sh
erddap | This file is needed to run this program
erddap | Cannot find /usr/local/bin/setclasspath.sh
erddap | This file is needed to run this program
erddap | Cannot find /usr/local/bin/setclasspath.sh
erddap | This file is needed to run this program
erddap | Cannot find /usr/local/bin/setclasspath.sh
erddap | This file is needed to run this program
erddap | Cannot find /usr/local/bin/setclasspath.sh
erddap | This file is needed to run this program
erddap | Cannot find /usr/local/bin/setclasspath.sh
erddap | This file is needed to run this program
erddap | Cannot find /usr/local/bin/setclasspath.sh
erddap | This file is needed to run this program
2nd Updates:
installERDDAP.sh
#!/bin/bash
mkdir tarz
wget -q https://ftp.wayne.edu/apache/tomcat/tomcat-8/v8.5.57/bin/apache-tomcat-8.5.57.tar.gz -O ./tarz/apache-tomcat-8.5.57.tar.gz
tar -xf ./tarz/apache-tomcat-8.5.57.tar.gz -C /usr/local/tomcat8 --strip 1
mkdir data
ln ./bin/catalina.sh catalina.sh

From what I can tell your bind mount may be "overriding/hiding" your container files. If your "./tomcat8" directory is not empty it will basically "override/hide" the files in your container. I would remove the volume declaration to validate if this is the case, if so then you would need to clear out your "./tomcat8" directory and when you run the container again it should populate it with the files in the container, from then forward your local directory will again "override/hide" your container files.

In your docker file before the line CMD ["catalina.sh","run"] put WORKDIR / And change "catalina.sh" to "./catalina.sh"

Related

docker ADD with symlinks

When I do sudo docker build -t test -f 7.1/Dockerfile . docker fails on step 8/10:
Step 8/10 : ADD etc/php /usr/local/etc/php
ADD failed: file not found in build context or excluded by .dockerignore: stat etc/php: file does not exist
I don't understand. etc/php is symlinked to another directory. Shouldn't that work?
If I do ls -latr etc/php I get this:
lrwxrwxrwx 1 scbn scbn 43 Sep 11 17:48 etc/php -> /home/neubert/devops/containers/common/etc/php
If I do cd etc/php && ls -latr I get this:
total 84
drwxr-xr-x 2 scbn scbn 4096 Jan 3 2021 conf.d
drwxr-xr-x 5 scbn scbn 4096 Jan 3 2021 ..
-rw-r--r-- 1 scbn scbn 70125 Jan 26 2021 php.ini
drwxr-xr-x 3 scbn scbn 4096 Jan 26 2021 .
$ docker build --help
Usage: docker build [OPTIONS] PATH | URL | -
Here, PATH | URL | - is so called build context, you usually use ., but it could be other path. When docker build, it will tar all the contents in build context, then pass it to docker engine. So, the COPY in Dockerfile could just reference the item in build context.
For your scenario:
lrwxrwxrwx 1 scbn scbn 43 Sep 11 17:48 etc/php -> /home/neubert/devops/containers/common/etc/php
Above I guess the symbol link etc/php is in your build context, while the real folder /home/neubert/devops/containers/common/etc/php not, so build fail, you have to in some way assure the real targe also in build context.

Docker: file permissions with --volume bind mount

I'm following the guidelines from: https://denibertovic.com/posts/handling-permissions-with-docker-volumes/ to setup a --volume bind mount in my container and creating a user in the guest container with the same UID as my host user - the theory being that my container user should be able to access the mount. It's not working for me and I'm looking for some pointers to try next.
More background details:
My Dockerfile starts from an alpine base and adds python dev packages. It copies across an entrypoint.sh script per guidelines from denibertovic. It then jumps to the entrpoint.sh script.
FROM alpine
RUN apk update
RUN apk add bash
RUN apk add python3
RUN apk add python3-dev
RUN apk add su-exec
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
The entrpoint.sh script adds a user to the container with the UID passed in as an environment variable.
#!/bin/bash
# Add local user
# Either use the LOCAL_USER_ID if passed in at runtime or
# fallback
USER_ID=${LOCAL_USER_ID:-9001}
echo "Starting with UID : $USER_ID"
adduser -s /bin/bash -u $USER_ID -H -D user
export HOME=/home/user
su-exec user "$#"
The container builds no problem.
I then run it with the following command line:
sudo docker run -it -e LOCAL_USER_ID=`id -u` -v `realpath ../..`:/ws django-runtime /bin/bash
You'll see that I'm passing in my host UID to be mapped to the container user's UID and I'm asking for a volume bind mount from my local working directory to the /ws mountpoint in the container.
From the bash shell inside the container I can see that /ws is owned by the 'user' UID matching my own 'id'. However, when I go to list the contents of /ws I get a Permission Denied error as follows:
[dleclair#localhost runtime]$ sudo docker run -it -e LOCAL_USER_ID=`id -u` -v `realpath ../..`:/ws django-runtime /bin/bash
[sudo] password for dleclair:
Starting with UID : 1000
bash-5.0$ id
uid=1000(user) gid=1000(user) groups=1000(user)
bash-5.0$ ls -la .
total 0
drwxr-xr-x 1 root root 27 Feb 8 09:15 .
drwxr-xr-x 1 root root 27 Feb 8 09:15 ..
-rwxr-xr-x 1 root root 0 Feb 8 09:15 .dockerenv
drwxr-xr-x 1 root root 18 Feb 8 07:44 bin
drwxr-xr-x 5 root root 360 Feb 8 09:15 dev
drwxr-xr-x 1 root root 91 Feb 8 09:15 etc
drwxr-xr-x 2 root root 6 Jan 16 21:52 home
drwxr-xr-x 1 root root 17 Jan 16 21:52 lib
drwxr-xr-x 5 root root 44 Jan 16 21:52 media
drwxr-xr-x 2 root root 6 Jan 16 21:52 mnt
drwxr-xr-x 2 root root 6 Jan 16 21:52 opt
dr-xr-xr-x 119 root root 0 Feb 8 09:15 proc
drwx------ 2 root root 6 Jan 16 21:52 root
drwxr-xr-x 1 root root 21 Feb 8 07:44 run
drwxr-xr-x 1 root root 21 Feb 8 08:22 sbin
drwxr-xr-x 2 root root 6 Jan 16 21:52 srv
dr-xr-xr-x 13 root root 0 Feb 8 01:58 sys
drwxrwxrwt 2 root root 6 Jan 16 21:52 tmp
drwxr-xr-x 1 root root 19 Feb 8 07:44 usr
drwxr-xr-x 1 root root 19 Jan 16 21:52 var
drwxrwxr-x 5 user user 111 Feb 8 02:15 ws
bash-5.0$
bash-5.0$
bash-5.0$ cd /ws
bash-5.0$ ls -la
ls: can't open '.': Permission denied
total 0
bash-5.0$
Appreciate any pointers anyone can offer. Thanks!
After more searching I found the answer to my problem here: Permission denied on accessing host directory in Docker and here: http://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/.
In short, the problem was with the SELinux default labels for the volume mount blocking access to the mounted files. The solution was to add a ':Z' trailer to the -v command line argument to force docker to set the appropriate flags against the mounted files to allow access.
The command line therefore became:
sudo docker run -it -e LOCAL_USER_ID=`id -u` -v `realpath ../..`:/ws:Z django-runtime /bin/bash
Worked like a charm.

Docker run, no response

I'm implementing docker: docker build -t from the following docker file.
**FROM centos:7**
RUN yum -y update
RUN yum -y install wget
RUN wget http://stedolan.github.io/jq/download/linux64/jq && chmod 755 jq && mv jq /bin
RUN yum -y install openssh-clients
RUN yum -y install cronie
RUN yum -y install java-1.8.0-openjdk
RUN yum -y install nmap-ncat
RUN yum -y install ntpdate
ENTRYPOINT tail -f /dev/null
After executing the build, even if docker run -it is executed, there is no response and I cannot login to the container.
However, when you run docker ps, the container is running.
Why is not the response coming back? I am wondering if it is a description of ENTRYPOINT.
Try starting container in detached mode.
-d, --detach Run container in background and print container ID
#>docker build -t myimg .
#>docker run -d --name mycontainer myimg
#>docker exec -it mycontainer bash
[root#mycontainer/]# ls -l
total 12
-rw-r--r-- 1 root root 11976 Apr 2 18:39 anaconda-post.log
lrwxrwxrwx 1 root root 7 May 25 06:51 bin -> usr/bin
dr-xr-xr-x 2 root root 6 Apr 11 04:59 boot
drwxr-xr-x 5 root root 340 May 25 06:53 dev
drwxr-xr-x 1 root root 66 May 25 06:53 etc
drwxr-xr-x 1 root root 6 Apr 11 04:59 home
lrwxrwxrwx 1 root root 7 May 25 06:51 lib -> usr/lib
lrwxrwxrwx 1 root root 9 May 25 06:51 lib64 -> usr/lib64
drwxr-xr-x 1 root root 6 Apr 11 04:59 media
drwxr-xr-x 1 root root 6 Apr 11 04:59 mnt
drwxr-xr-x 1 root root 6 Apr 11 04:59 opt
dr-xr-xr-x 985 root root 0 May 25 06:53 proc
dr-xr-x--- 1 root root 6 Apr 11 04:59 root
drwxr-xr-x 1 root root 6 May 25 06:52 run
lrwxrwxrwx 1 root root 8 May 25 06:51 sbin -> usr/sbin
drwxr-xr-x 1 root root 6 Apr 11 04:59 srv
dr-xr-xr-x 13 root root 0 May 2 14:37 sys
drwxrwxrwt 1 root root 6 May 25 06:52 tmp
drwxr-xr-x 1 root root 44 May 25 06:51 usr
drwxr-xr-x 1 root root 52 May 25 06:51 var
[root#mycontainer/]#
ENTRYPOINT is used to set default init process in container, which can be overwritten by command line.
docker run container_image will use ENTRYPOINT as init.
docker run container_image prog will ignore ENTRYPOINT and use prog as init.

Error on docker run

i'm having a problem when i do docker run on a image that i created using this dockerfile:
FROM node
WORKDIR /Saiph
EXPOSE 3000
ENTRYPOINT ["npm", "start"]
COPY . /Saiph
RUN npm install
The error is this:
PS D:\saiph> docker run 1ba8ca0d9b3b
npm info it worked if it ends with ok
npm info using npm#5.3.0
npm info using node#v8.4.0
npm info lifecycle saiph#1.0.0~prestart: saiph#1.
npm info lifecycle saiph#1.0.0~start: saiph#1.0.0
> saiph#1.0.0 start /Saiph
> cd server && node server
sh: 1: cd: can't cd to server
npm info lifecycle saiph#1.0.0~start: Failed to e
npm ERR! code ELIFECYCLE
npm ERR! errno 2
npm ERR! saiph#1.0.0 start: `cd server && node server`
npm ERR! Exit status 2
npm ERR!
npm ERR! Failed at the saiph#1.0.0 start script.
I've tried to understand the error but i didn't understand it,
Sorry about my bad english,
Thanks
You issue is the difference between Windows and Linux file system. In windows if a folder named Server exists then you can use cd server or cd Server and it would work.
Linux is case sensitive. So either change your script to use the specific case or rename the folder from Server to server. You will need to do the same thing in code also to rename requires and other file related things to exact case
#TarunLalwani
PS D:\seith> docker run 15027498053c ls -al
total 72
drwxr-xr-x 1 root root 4096 Sep 9 19:15 .
drwxr-xr-x 1 root root 4096 Sep 9 19:16 ..
drwxr-xr-x 7 root root 4096 Sep 9 00:41 .git
-rwxr-xr-x 1 root root 6222 Sep 9 00:40 .gitignore
drwxr-xr-x 4 root root 4096 Sep 9 16:29 .vs
drwxr-xr-x 2 root root 4096 Sep 8 22:55 Client
drwxr-xr-x 3 root root 4096 Sep 9 00:38 Database
-rwxr-xr-x 1 root root 92 Sep 9 19:15 Dockerfile
-rwxr-xr-x 1 root root 1089 Sep 9 00:37 LICENSE
drwxr-xr-x 3 root root 4096 Sep 9 00:38 Server
drwxr-xr-x 76 root root 4096 Sep 9 16:29 node_modules
-rwxr-xr-x 1 root root 18807 Sep 9 19:15 package-lock.json
-rwxr-xr-x 1 root root 368 Sep 9 16:29 package.json

"AH01071: Got error 'Unable to open primary script": Container permissions or Symfony3 issue?

I am trying to run a Symfony 3 "base" application (meaning non complexity at all and just a few bundles installed but not even enabled) in a "LAMP" stack using Docker and Docker Compose (I've removed MySQL from the post because it's not relevant). This is my docker-compose.yml file:
version: '2'
services:
php-fpm:
build: docker/php-fpm
ports:
- "80:80"
volumes:
- ./sources:/data/www
- ./data/logs/symfony:/data/www/var/logs
db:
image: mysql
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_DATABASE: ${MYSQL_DATABASE}
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
volumes:
- sql-data:/var/lib/mysql
And this is the Dockerfile for the php-fpm container:
FROM reynierpm/docker-centos7-supervisord:latest
ENV TERM=xterm \
PATH="/root/.composer/vendor/bin:${PATH}" \
COMPOSER_ALLOW_SUPERUSER=1
RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
https://rpms.remirepo.net/enterprise/remi-release-7.rpm
RUN yum install -y \
yum-utils \
git \
zip \
unzip \
nano \
httpd \
php71-php-fpm \
php71-php-cli \
php71-php-common \
php71-php-gd \
php71-php-intl \
php71-php-json \
php71-php-mbstring \
php71-php-mcrypt \
php71-php-mysqlnd \
php71-php-pdo \
php71-php-pear \
php71-php-xml \
php71-pecl-apcu \
php71-php-pecl-apfd \
php71-php-pecl-memcache \
php71-php-pecl-memcached \
php71-php-pecl-mongodb \
php71-php-pecl-redis \
php71-php-pecl-request \
php71-php-pecl-uploadprogress \
php71-php-pecl-xattr \
php71-php-pecl-zip && \
yum clean all && rm -rf /tmp/yum*
RUN rm -f /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/* /etc/httpd/conf.modules.d/* && \
ln -sfF /opt/remi/php71/enable /etc/profile.d/php71-paths.sh && \
ln -sfF /opt/remi/php71/root/usr/bin/{pear,pecl,phar,php,php-cgi,phpize} /usr/local/bin/. && \
mv -f /etc/opt/remi/php71/php.ini /etc/php.ini && \
ln -s /etc/php.ini /etc/opt/remi/php71/php.ini && \
rm -rf /etc/php.d && \
mv /etc/opt/remi/php71/php.d /etc/. && \
ln -s /etc/php.d /etc/opt/remi/php71/php.d
RUN curl -LsS https://symfony.com/installer -o /usr/local/bin/symfony && \
chmod a+x /usr/local/bin/symfony
COPY container-files /
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer && \
composer global install --no-dev
RUN yum install -y php71-php-pecl-xdebug && \
yum clean all && rm -rf /tmp/yum* && \
php --version
RUN chmod +x /config/bootstrap.sh
RUN echo 'alias sf="php bin/console"' >> ~/.bashrc
WORKDIR /data/www
EXPOSE 80 9001
The thing is I am getting this error all the time if I try to access the dev environment using http://symfonyapp.local/app_dev.php:
php-fpm | [Sat Jan 14 15:09:27.655609 2017] [proxy_fcgi:error] [pid 13:tid 140600250660608] [client 172.18.0.1:43960] AH01071: Got error 'Unable to open primary script: /data/www/web/_wdt/210673 (No such file or directory)\n', referer: http://symfonyapp.local/app_dev.php
Having the error above I can think in:
Ownership|permissions issue at /data/www/web in the container which is odd since that folder is owned by root and well .... is root I don't need to explain
Something is failing with Symfony3 and I'm not aware of it also I couldn't find it so far
Apache|PHP-FPM can't write on such folder which leads to the first item on this list
Apache config is blocking the directory /web to be written. (mod_scurity is not running so I can't blame it)
This is what I've tried so far without success because I am still getting the same error all the time.
Change ownership/permissions in the container (this lead into an error in Linux since permissions in volumes are changed in host as well, the same doesn't happen in Windows). Below is an explanation in how do I achieve such thing.
Brief explanation in how do I change ownership/permissions:
The php-fpm Dockerfile is inherit from docker-centos7-supervisord which has this script as ENTRYPOINT. So I have created a file /container-files/config/init/20-permissions.sh with the following content:
#!/usr/bin/env bash
chown -R apache:root /data/www && \
find /data/www -type d -print0 | xargs -0 chmod 775 && \
find /data/www -type f -print0 | xargs -0 chmod 664
echo "Set up permissions finished"
exec "$#"
The file above gets executed after container starts and volumes are mounted. I did know the file is executed because I am seeing Set up permissions finished in the php-fpm container logs. It's weird though because checking ownership/permissions after show me the following:
> docker exec -it php-fpm ls -la /data/www/web
total 57
drwxr-xr-x 2 root root 4096 Jan 14 03:45 .
drwxr-xr-x 2 root root 4096 Jan 14 00:40 ..
-rwxr-xr-x 1 root root 3319 Jan 13 23:54 .htaccess
-rwxr-xr-x 1 root root 635 Jan 14 03:45 app.php
-rwxr-xr-x 1 root root 1184 Jan 14 03:45 app_dev.php
-rwxr-xr-x 1 root root 2092 Jan 13 23:54 apple-touch-icon.png
drwxr-xr-x 2 root root 0 Dec 13 13:36 bundles
-rwxr-xr-x 1 root root 21244 Jan 14 00:04 config.php
-rwxr-xr-x 1 root root 6518 Jan 13 23:54 favicon.ico
-rwxr-xr-x 1 root root 116 Jan 13 23:54 robots.txt
So in this case I am not sure if this is going well or if it's possible even. I have created a repository with two branches with all the necessary to gives this a try: master having httpd and php-fpm both in one container and httpd having them in separated containers. Although the result in both is the same.
To get everything up and running you should:
Run docker-compose up -d --build --force-recreate (the --force-recreate and --build are not necessary but is just in case)
Run docker exec -it php-fpm composer update so you download the libraries needed by the project.
Add symfonyapp.local to your hosts files
Currently I am using Docker in Windows, this is the info about it:
Version: 1.13.0-rc6-beta36 (9696)
Channel: Beta
Sha1: 64a715b54327a0ec8f28076d1a343f4c811856fb
Started on: 2017/01/13 18:34:34.519
Resources: C:\Program Files\Docker\Docker\Resources
OS: Windows 10 Pro
Edition: Professional
Id: 1607
Build: 14393
BuildLabName: 14393.693.amd64fre.rs1_release.161220-1747
But I have tested this in Linux as well and I have the same behavior meaning the error still there.
What is happening here? Can you give me some ideas or solution? At this point I am out of them and don't know what else to do.
TL;DR: The permission problem is being introduced during composer update. Possibly during one of the scripts (a list of which can be found in composer.json).
I started from scratch on a VM with your repository and followed your startup instructions.
git clone https://github.com/reypm/symfony3app
cd symfony3app
docker-compose up -d --build --force-recreate
At this point, the chown from 20-permissions.sh should have been run. To verify that, I looked inside the container. The error I have seen related to /data/www/var/cache/dev, so I looked at the permissions on every directory in that path.
[my-vm]# docker-compose exec php-fpm bash
[container]# ls -la /data/www{,/var{,/cache{,/dev}}}
ls: cannot access /data/www/var/cache/dev: No such file or directory
/data/www:
total 168
drwxrwsr-x 8 apache root 4096 Jan 15 19:26 .
drwxr-xr-x 8 root root 4096 Jan 15 19:27 ..
-rw-rw-r-- 1 apache root 248 Jan 15 19:26 .gitignore
-rw-rw-r-- 1 apache root 74 Jan 15 19:26 README.md
drwxrwsr-x 5 apache root 4096 Jan 15 19:27 app
drwxrwsr-x 2 apache root 4096 Jan 15 19:26 bin
-rw-rw-r-- 1 apache root 2387 Jan 15 19:26 composer.json
-rw-rw-r-- 1 apache root 119533 Jan 15 19:26 composer.lock
-rw-rw-r-- 1 apache root 978 Jan 15 19:26 phpunit.xml.dist
drwxrwsr-x 3 apache root 4096 Jan 15 19:26 src
drwxrwsr-x 3 apache root 4096 Jan 15 19:26 tests
drwxrwsr-x 4 apache root 4096 Jan 15 19:26 var
drwxrwsr-x 2 apache root 4096 Jan 15 19:26 web
/data/www/var:
total 52
drwxrwsr-x 4 apache root 4096 Jan 15 19:26 .
drwxrwsr-x 8 apache root 4096 Jan 15 19:26 ..
-rw-rw-r-- 1 apache root 34272 Jan 15 19:26 SymfonyRequirements.php
drwxrwsr-x 2 apache root 4096 Jan 15 19:26 cache
drwxrwsr-x 2 apache root 4096 Jan 15 19:26 sessions
/data/www/var/cache:
total 8
drwxrwsr-x 2 apache root 4096 Jan 15 19:26 .
drwxrwsr-x 4 apache root 4096 Jan 15 19:26 ..
-rw-rw-r-- 1 apache root 0 Jan 15 19:26 .gitkeep
So far, so good. The chown has set everything to apache:root and using the modes specified in the script.
Next, I exited the container and ran the composer update.
docker-compose exec php-fpm composer update
When prompted, I used the database parameters I found in the git repo, and everything installed fine. Next, I went back into the container to see if the permissions had changed.
[my-vm]# docker-compose exec php-fpm bash
[container]# ls -la /data/www{,/var{,/cache{,/dev}}}
/data/www:
total 164
drwxrwsr-x 9 apache root 4096 Jan 15 19:20 .
drwxr-xr-x 8 root root 4096 Jan 15 19:18 ..
-rw-rw-r-- 1 apache root 248 Jan 15 19:17 .gitignore
-rw-rw-r-- 1 apache root 74 Jan 15 19:17 README.md
drwxrwsr-x 5 apache root 4096 Jan 15 19:18 app
drwxrwsr-x 2 apache root 4096 Jan 15 19:21 bin
-rw-rw-r-- 1 apache root 2387 Jan 15 19:17 composer.json
-rw-rw-r-- 1 apache root 114331 Jan 15 19:20 composer.lock
-rw-rw-r-- 1 apache root 978 Jan 15 19:17 phpunit.xml.dist
drwxrwsr-x 3 apache root 4096 Jan 15 19:17 src
drwxrwsr-x 3 apache root 4096 Jan 15 19:17 tests
drwxrwsr-x 5 apache root 4096 Jan 15 19:21 var
drwxr-sr-x 25 root root 4096 Jan 15 19:21 vendor
drwxrwsr-x 3 apache root 4096 Jan 15 19:21 web
/data/www/var:
total 96
drwxrwsr-x 5 apache root 4096 Jan 15 19:21 .
drwxrwsr-x 9 apache root 4096 Jan 15 19:20 ..
-rw-rw-r-- 1 apache root 34272 Jan 15 19:21 SymfonyRequirements.php
-rw-r--r-- 1 root root 39637 Jan 15 19:21 bootstrap.php.cache
drwxrwsr-x 3 apache root 4096 Jan 15 19:21 cache
drwxr-sr-x 2 root root 4096 Jan 15 19:21 logs
drwxrwsr-x 2 apache root 4096 Jan 15 19:17 sessions
/data/www/var/cache:
total 12
drwxrwsr-x 3 apache root 4096 Jan 15 19:21 .
drwxrwsr-x 5 apache root 4096 Jan 15 19:21 ..
-rw-rw-r-- 1 apache root 0 Jan 15 19:17 .gitkeep
drwxr-sr-x 4 root root 4096 Jan 15 19:21 dev
/data/www/var/cache/dev:
total 636
drwxr-sr-x 4 root root 4096 Jan 15 19:21 .
drwxrwsr-x 3 apache root 4096 Jan 15 19:21 ..
-rw-r--r-- 1 root root 90 Jan 15 19:21 annotations.map
-rw-r--r-- 1 root root 277718 Jan 15 19:21 appDevDebugProjectContainer.php
-rw-r--r-- 1 root root 38062 Jan 15 19:21 appDevDebugProjectContainer.php.meta
-rw-r--r-- 1 root root 213247 Jan 15 19:21 appDevDebugProjectContainer.xml
-rw-r--r-- 1 root root 84170 Jan 15 19:21 appDevDebugProjectContainerCompiler.log
-rw-r--r-- 1 root root 4790 Jan 15 19:21 classes.map
drwxr-sr-x 3 root root 4096 Jan 15 19:21 doctrine
drwxr-sr-x 4 root root 4096 Jan 15 19:21 pools
As you can see, some things are now owned by root:root. As far as I can tell, this is simply because the container itself runs things as root. So when you exec a job inside, that job is run as root. Therefore, anything it creates is, by default, owned by root.
Meanwhile, Apache runs as the user "apache", because that is what supervisord is configured to do.
There are probably more elegant fixes for this problem, but this one was the simplest one I came up with:
docker-compose exec php-fpm chown -R apache:root /data/www/var/cache
docker-compose restart php-fpm
After that, the app returns
Welcome to
Symfony 3.2.2
Your application is now ready. You can start working on it at: /data/www/
I haven't tried to fix things any better than this. But my suggestion would be to try to have the startup run composer update for you and do the chown job after that. You probably don't need to chown all of /data/www, as Apache probably doesn't need write privs to everything in there. My guess was that the cache directory is one place it needs to write, so I chown'd that path.
After spent days and hours trying to get this working I finally got it thanks to Symfony #support channel in Slack and to the following channels on the IRC #symfony, #httpd, #php, #docker and last but not least to #DanLowe who takes the time to find a solution and help me out with the issue.
The facts|thoughts:
Is a Symfony 3.2.2 issue ... is not
Is a Docker running on Windows ... is not
Is a permission issue on the directory /web ... is not
Is a PHP-FPM problem ... is not
Is a Apache (httpd) problem ... is not
The problem: A miss configuration in PHP (.ini file) due to a copy & paste from Nginx setup to be used with Apache (previously I was using Nginx and then I moved to Apache leaving the PHP setup as it was).
// this work in Nginx but does not work in Apache
// cgi.fix_pathinfo is required to get PHP to adhere to the CGI spec
; Fix the cgi.fix_pathinfo directive
cgi.fix_pathinfo = 0
By default that line is commented in the php.ini file. But waits this could be an issue when PHP is using FastCGI and ProxyPass and so on .... well yes (I read it somewhere before) and no (if you research and set up your server as it should be). The solution to the problem above is comment out the line as it's by default:
; Fix the cgi.fix_pathinfo directive
; cgi.fix_pathinfo = 0
The solution to the "security" breach introduced above is and I've quoted from here:
If you have a recent version of PHP-FPM (~5.3.9+?), then you need to
do nothing, as the safe behaviour below is already the default.
Otherwise, find php-fpm's www.conf file (maybe
/etc/php-fpm.d/www.conf, depends on your system). Make sure you have
this:
security.limit_extensions = .php
Again, that's default in many places these days.
In my case I am using PHP 7.1 but even though I've secured my server by adding such line at my /etc/php-fpm.d/www.conf.

Resources