我有以下的 Dockerfile,我设置了一个新用户来替代 root 用户作为我的 nginx 服务器。该 nginx 服务器基于 Redhat UBI 镜像构建。
镜像构建成功,但是当我运行容器时,出现以下错误:nginx: [nginx: [emerg] open() "/run/nginx.pid" failed (13: Permission denied)
下面是我的 Dockerfile。
USER root
RUN microdnf --setopt=tsflags=nodocs install -y nginx procps shadow-utils net-tools ca-certificates dirmngr gnupg wget vim\
&& microdnf clean all \
&& rpm -q procps-ng
ENV NGINX_USER="api-gatway" \
NGINXR_UID="8987" \
NGINX_GROUP="api-gatway" \
NGINX_GID="8987"
RUN set -ex; \
groupadd -r --gid "$NGINX_GID" "$NGINX_GROUP"; \
useradd -r --uid "$NGINXR_UID" --gid "$NGINX_GID" "$NGINX_USER"
COPY nginx.conf /etc/nginx/nginx.conf
RUN mkdir -p /var/lib/nginx/tmp /var/log/nginx \
&& chown -R api-gatway:api-gatway /var/lib/nginx /var/log/nginx \
&& chmod -R 755 /var/lib/nginx /var/log/nginx
EXPOSE 1080
USER api-gatway
CMD ["nginx", "-g", "daemon off;"]
当我构建镜像时,没有任何错误,但是当我使用helm将其部署到我的K8群集上时,它会出现以下错误。
nginx: [emerg] open() "/run/nginx.pid" failed (13: Permission denied)
这是我设置的nginx.conf文件:
worker_processes 1;
error_log /tmp/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
server {
listen 1080;
server_name localhost 127.0.0.1;
access_log /tmp/access.log;
client_max_body_size 0;
set $allowOriginSite *;
proxy_pass_request_headers on;
proxy_pass_header Set-Cookie;
# External settings, do not remove
#ENV_ACCESS_LOG
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_set_header X-Forwarded-Proto $scheme;
location /search/ {
proxy_pass http://*******-svc:8983/***/;
}
location /auth/ {
proxy_pass http://********:8080;
}
location /mapbox {
rewrite ^/mapbox(.*)https://****$1 break;
}
}
}
我该如何修复nginx:[emerg] open()“/var/run/nginx.pid”失败(13:Permission denied),我在配置方面做错了什么?