set up php-fpm for a centos 8 container - docker

FROM centos:8
RUN yum -y update && \
yum -y install php-fpm httpd
COPY . /var/www/html
CMD ["httpd", "-D", "FOREGROUND"]
I successfully created a simple container image based on centos:7 and it just works fine serving php files from document root. But, when I change the base to centos:8, php files are not served. The 503 Apache page is shown saying "The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later."
When I look into /etc/httpd/logs/error_log inside the running container, I see:
[Wed Jun 10 10:57:33.236099 2020] [proxy:error] [pid 7:tid 139731249620736] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php-fpm/www.sock (*) failed
[Wed Jun 10 10:57:33.237322 2020] [proxy_fcgi:error] [pid 7:tid 139731249620736] [client 172.17.0.1:46224] AH01079: failed to make connection to backend: httpd-UDS
[Wed Jun 10 10:57:34.183056 2020] [proxy:error] [pid 7:tid 139731224442624] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php-fpm/www.sock (*) failed
[Wed Jun 10 10:57:34.183132 2020] [proxy_fcgi:error] [pid 7:tid 139731224442624] [client 172.17.0.1:46228] AH01079: failed to make connection to backend: httpd-UDS
Tried to make a difference by creating /run/php-fpm directory inside the container for testing purposes, but the error still persists.
I really wish this would be solvable without seding something into php-fpm or httpd configuration files of the container.

Related

[Docker x ColdFusion][Apache2] - (95)Operation not supported: mod_jk

The Apache2 on my Docker container keeps failing on starting; I already check the config using apachectl configtest, and it's returning OK. The error below is what I found under /var/log/apache2/error.log
[Wed Aug 10 15:17:30.643137 2022] [mpm_event:notice] [pid 465:tid 139744629492672] AH00489: Apache/2.4.52 (Ubuntu) mod_jk/1.2.46 configured -- resuming normal operations
[Wed Aug 10 15:17:30.643188 2022] [core:notice] [pid 465:tid 139744629492672] AH00094: Command line: '/usr/sbin/apache2'
[Mon Oct 31 22:14:51.535467 2022] [jk:crit] [pid 63:tid 274907793600] (95)Operation not supported: mod_jk: could not create jk_log_lock
But when I tried to uninstall and reinstall apache2, I could access the localhost:80, but the ColdFusion under it was not working. It just shows me the directory of the working directory..
Docker Desktop: v4.13.1
Docker: version 20.10.20, build 9fdeb9c
ColdFusion: 2018
This happens only on my Macbook 13 M2. I tried running it on a windows laptop, and it's working well.

http works but https is not working with docker

I am trying to host my application in angular from docker container. Its working fine with http but not working with https.
1. Created a signed ssl certificate in wsl and generated the .key and .crt files
2. Added the below code to docker file in the application
# Set the working directory
WORKDIR /app
# Add the source code to app
COPY ./ /app/
# Install all the dependencies
RUN npm install
ARG configuration=prod
RUN npm run build:$configuration
FROM httpd:2.4
COPY --from=build-step /app/dist/<appname>/ /usr/local/apache2/htdocs/
3. Created an image using the command: docker build --build-arg configuration=dev . -t <image name>
4. To run the web traffic over ssl used the command for mounting
docker run -p 8235:80 -p 443:443 -v /mnt/c/usr/name/Azure/certificate.crt:/usr/local/apache2/conf/server.crt -v /mnt/c/usr/name/Azure/certificate.key:/usr/local/apache2/conf/server.key <image name>
5. Uncommented the below lines in httpd.conf file present in /usr/local/apache2/conf/httpd.conf
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule ssl_module modules/mod_ssl.so
#Include conf/extra/httpd-ssl.conf
6. Also added the line ServerName localhost in httpd.conf
When tried browsing with http://localhost:8235/ it works fine but when using https://localhost:8235/ it does not work
The logs show the below result:
[Fri Feb 04 10:59:21.854978 2022] [ssl:warn] [pid 1:tid ##########] AH01906: www.example.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Feb 04 10:59:21.855031 2022] [ssl:warn] [pid 1:tid ##########] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri Feb 04 10:59:21.856743 2022] [mpm_event:notice] [pid 1:tid ##########] AH00489: Apache/2.4.52 (Unix) OpenSSL/1.1.1k configured -- resuming normal operations
[Fri Feb 04 10:59:21.856787 2022] [core:notice] [pid 1:tid ##########] AH00094: Command line: 'httpd -D FOREGROUND'
Httpd will not run http and https protocols on the same port.
As it seems, it is configured to operate on port 80 (http) and port 443 (https). You configured port forwarding as
8235 -> 80 (http)
443 -> 443 (https)
so you need to test the URLs
http://localhost:8235/
https://localhost:443/
Depending on the certificate you provided the client may warn about an unsafe connection.

Creating a PHP Web Server Based on CentOS 8 with Docker

Here is my Dockerfile to create a simple web server based on CentOS 8:
FROM centos:8
RUN yum -y update && \
yum -y install httpd php
COPY . /var/www/html
CMD ["httpd", "-D", "FOREGROUND"]
I build and run the container with the following commands:
docker build -t web .
docker run --rm --name web -p 8000:80 --network net1 --mount type=bind,source=`pwd`,target=/var/www/html web
The error I see when accessing http://localhost:8000 is:
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
The httpd logs say:
[Sat Jun 20 04:42:02.970003 2020] [suexec:notice] [pid 1:tid 140041021270272] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.19.0.2. Set the 'ServerName' directive globally to suppress this message
[Sat Jun 20 04:42:02.994125 2020] [lbmethod_heartbeat:notice] [pid 1:tid 140041021270272] AH02282: No slotmem from mod_heartmonitor
[Sat Jun 20 04:42:02.995333 2020] [http2:warn] [pid 1:tid 140041021270272] AH02951: mod_ssl does not seem to be enabled
[Sat Jun 20 04:42:03.001899 2020] [mpm_event:notice] [pid 1:tid 140041021270272] AH00489: Apache/2.4.37 (centos) configured -- resuming normal operations
[Sat Jun 20 04:42:03.002120 2020] [core:notice] [pid 1:tid 140041021270272] AH00094: Command line: 'httpd -D FOREGROUND'
[Sat Jun 20 04:42:04.782201 2020] [proxy:error] [pid 8:tid 140040377865984] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php-fpm/www.sock (*) failed
[Sat Jun 20 04:42:04.782280 2020] [proxy_fcgi:error] [pid 8:tid 140040377865984] [client 172.19.0.1:41072] AH01079: failed to make connection to backend: httpd-UDS
The problem is not as clear to me as it seems. I think it's a php-fpm issue, but have no idea how to fix it. Looked this up, but all solutions seem complicated. Is there a simple way to tell PHP to work with the server in the Docker image?
I recently read about using process managers like supervisord where one needs to start several services per container. But, is it possible to start PHP-FPM in a simpler way inside the web container?
I managed to tackle it when using a base rhel 8 image by
CMD ["bash", "-c", "/usr/sbin/apachectl start; /usr/sbin/php-fpm --nodaemonize"]
But when I tried it with base centos 8 image, it doesn't work, I don't know why

attempt to change docker data-root fails - why

I am trying to set my docker storage dir as other than default, something I've done on other machines:
/etc/docker/daemon.json:
{
"data-root": "/mnt/x/y/docker_data"
}
where the storage dir looks like
jeremyr#snorble:~$ ls -ltr /mnt/x/y
total 4
drwxrwxrwx 11 jeremyr 5001 122 Mar 19 08:14 docker_data
with the daemon.json file in place, sudo systemctl restart docker hits Job for docker.service failed (without that daemon.json, docker restarts fine and docker run hello-world runs fine) . with the daemon.json in place, journalctl -xn shows
Mar 25 14:20:33 bolt88 systemd[1]: docker.service start request repeated too quickly, refusing to start.
Mar 25 14:20:33 bolt88 systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has failed.
--
-- The result is failed.
Mar 25 14:20:33 bolt88 systemd[1]: Unit docker.service entered failed state.
Mar 25 14:20:34 bolt88 sudo[23961]: jeremyr : TTY=pts/18 ; PWD=/home/jeremyr ; USER=root ; COMMAND=/bin/journalctl -xn
Mar 25 14:20:34 bolt88 sudo[23961]: pam_unix(sudo:session): session opened for user root by jeremyr(uid=0)
while systemctl status docker.service just shows code=exited, status=1/FAILURE
and in dmesg I see this:
1547:[Mon Mar 25 14:21:41 2019] aufs au_opts_verify:1570:dockerd[20714]: dirperm1 breaks the protection by the permission bits on the lower branch
1548-[Mon Mar 25 14:21:41 2019] device veth34d1dfd entered promiscuous mode
1549-[Mon Mar 25 14:21:41 2019] IPv6: ADDRCONF(NETDEV_UP): veth34d1dfd: link is not ready
1550-[Mon Mar 25 14:21:41 2019] IPv6: ADDRCONF(NETDEV_CHANGE): veth34d1dfd: link becomes ready
1551:[Mon Mar 25 14:21:41 2019] docker0: port 1(veth34d1dfd) entered forwarding state
1552:[Mon Mar 25 14:21:41 2019] docker0: port 1(veth34d1dfd) entered forwarding state
1553:[Mon Mar 25 14:21:41 2019] docker0: port 1(veth34d1dfd) entered disabled state
1554-[Mon Mar 25 14:21:41 2019] device veth34d1dfd left promiscuous mode
1555:[Mon Mar 25 14:21:41 2019] docker0: port 1(veth34d1dfd) entered disabled state
1556-[Mon Mar 25 14:21:59 2019] systemd-sysv-generator[20958]: Ignoring creation of an alias umountiscsi.service for itself
Docker version 17.05.0-ce, build 89658be, on a debian 8.8 setup .
Does anyone know why docker isn't allowing use of that dir as data-root?
TD;DR -- worked on Ubuntu 18.04 just before post
follow the instructions:
sudo systemctl stop docker
sudo rsync -axPS /var/lib/docker/ /mnt/x/y/docker_data #copy all existing data to new location
sudo vi /lib/systemd/system/docker.service # or your favorite text editor
in file docker.service find one line like this:
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
add --data-root /mnt/x/y/docker_data to it(on one line):
ExecStart=/usr/bin/dockerd --data-root /mnt/x/y/docker_data -H fd:// --containerd=/run/containerd/containerd.sock
save and quit, then
sudo systemctl daemon-reload
sudo systemctl start docker
docker info | grep "Root Dir"
last command should output: Docker Root Dir: /mnt/x/y/docker_data
that's it, should've done here.
The Too Long version, if you Do want to Read:
after some investigating, I found some outdated articles, include this one, they mentioned some confident solution, these are typical pages:
add -g option in docker.service
not working because -g and --graph Deprecated In Release: v17.05.0
add data-root in /etc/docker/daemon.json, the method tried by question author,
not working for some unknown reason
read those solution on about one dozen web pages, got the inspiration:
How To Change Docker Data Folder Configuration
not a very good solution -- not popular, , but the interesting part is below Update::
graph has been deprecated in v17.05.0 .You can use data-root instead.
Yeah, graph => data-root, and the --graph is just the long form of -g, so I tried this substitution in solution add -g option in docker.service, and Ta da ~
Something is off on the docker_data.
Solution:
remove the /etc/docker/daemon.json file.
start docker.
copy the /var/lib/docker contents to the path you've put in /etc/docker/daemon.json.
put back the file /etc/docker/daemon.json and restart docker.
Well, I'm not an expert of docker, but I see "dirperm1 breaks the protection by the permission bits on the lower branch" in your log. And I also see this.
"drwxrwxrwx 11 jeremyr 5001 122 Mar 19 08:14 docker_data"
As my understanding, docker daemon requires the access permission to the directory. Does 5001 mean "docker" group?
However, if you ran the daemon in root permission, then it shouldn't happen.
Check the docker version of your machine by
docker --version
I was facing the same issue, and it got solved after upgrading the docker to latest version which is available.
Even the documentation available on docker's official website have not mentioned anything like that.
Once you upgrade docker ,
Restart the docker by
systemctl restart docker
The error will be gone, and new changes will start reflecting.

OpenCPU Docker fails to restart after it is stopped once

I installed opencpu Docker image using
docker pull opencpu/ubuntu-16.04.
The very first time it starts sucessfully. But if I terminate the process and try to start it again using command
docker run -it imageID
It gets terminated each time. Need suggestion about how to start it successfully.
Desktop$ docker run -it d98852787b8e
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
[Thu Mar 08 06:34:52.836970 2018] [ssl:warn] [pid 11] AH01909: 172.17.0.4:443:0 server certificate does NOT include an ID which matches the server name
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
[Thu Mar 08 06:34:52.849109 2018] [ssl:warn] [pid 11] AH01909: 172.17.0.4:443:0 server certificate does NOT include an ID which matches the server name
[Thu Mar 08 06:34:52.849219 2018] [core:warn] [pid 11] AH00098: pid file /var/run/apache2/apache2.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Mar 08 06:34:52.851132 2018] [mpm_prefork:notice] [pid 11] AH00163: Apache/2.4.18 (Ubuntu) mod_R/1.2.7 R/3.2.2 OpenSSL/1.0.2g mod_apreq2-20090110/2.8.0 configured -- resuming normal operations
[Thu Mar 08 06:34:52.851152 2018] [core:notice] [pid 11] AH00094: Command line: '/usr/sbin/apache2 -D FOREGROUND'
[Thu Mar 08 06:34:52.872738 2018] [mpm_prefork:notice] [pid 11] AH00170: caught SIGWINCH, shutting down gracefully
Using locale: en_US.UTF-8
Using locale: en_US.UTF-8
AppArmor not available. Running OpenCPU without security profile but with rlimits.
Using locale: en_US.UTF-8
AppArmor not available. Running OpenCPU without security profile but with rlimits.
AppArmor not available. Running OpenCPU without security profile but with rlimits.
Using locale: en_US.UTF-8
Using locale: en_US.UTF-8
AppArmor not available. Running OpenCPU without security profile but with rlimits.
AppArmor not available. Running OpenCPU without security profile but with rlimits.
Loading config from /usr/lib/opencpu/library/opencpu/config/defaults.conf
Loading config from /usr/lib/opencpu/library/opencpu/config/defaults.conf
Loading config from /etc/opencpu/server.conf
Loading config from /usr/lib/opencpu/library/opencpu/config/defaults.conf
Loading config from /etc/opencpu/server.conf
Loading config from /usr/lib/opencpu/library/opencpu/config/defaults.conf
OpenCPU cloud server ready.
OpenCPU cloud server ready.
Loading config from /etc/opencpu/server.conf
Loading config from /etc/opencpu/server.conf
OpenCPU cloud server ready.
OpenCPU cloud server ready.
Loading config from /usr/lib/opencpu/library/opencpu/config/defaults.conf
Loading config from /etc/opencpu/server.conf
OpenCPU cloud server ready.
rserver[8]: ERROR system error 10 (No child processes); OCCURRED AT: rstudio::core::Error rstudio::server::app_armor::enforceRestricted() /home/ubuntu/rstudio/src/cpp/server/ServerAppArmor.cpp:90; LOGGED FROM: int main(int, char* const*) /home/ubuntu/rstudio/src/cpp/server/ServerMain.cpp:513
Terminated
Perhaps this can give you some hint... this is not exactly the solution but if gives you at a high level what could be the cause and lead to the solutioni.enter link description here
This seems to be a problem with the rstudio-server package. I will add the workaround suggested above (server-app-armor-enabled=0) to the opencpu docker images.
Note that the opencpu/base image does install rstudio, so you may want to try this one.
What is the output of
sudo docker logs <container-name> ?
Most likely it would be something indicating the httpd pid exists. Which means you need to delete the apache2.pid in the container. But now since the container does not boot up a hack is to edit your container's config.v2.json file located in /var/lib/docker/containers/<container-long-id>/
In the CMD section, change "service cron start && apachectl -DFOREGROUND" to "rm -f /var/run/apache2/apache2.pid && service cron start && apachectl -DFOREGROUND". This will ensure your container will start. Worked for me!

Resources