When using nginx etc. with Docker, first of all, knowledge of Linux ... (commandment)
When using nginx etc. with Docker or Vagrant, first of all, knowledge of Linux ... (commandment)
1. Background
After learning the front desk, I decided to try the back end soon, so I wrote the code to upload the image to the server with PHP using the popular Dokcer. And addicted
2. Environment
・ Windows10 <VirtualBox (vagrant) <CentOS7 <Docker
Startup configuration
docker-compose.yml
version: '3'
services:
web:
#ver 1.17.7
build: ./nginx
ports:
- '8080:80'
links:
- php-fpm
volumes:
- ./data/public:/var/www/html/public
depends_on:
- php-fpm
php-fpm:
#ver 7.3
build: ./php-fpm
links:
- db
volumes:
- ./data:/var/www/html
3. I'm addicted to
I was infinitely troubled by this PHP one-line error
upload.php
move_uploaded_file($_FILES['image']['tmp_name'], $savePath);
Permisson denied ......
4.1 What I did first
For the time being, use shallow Linux knowledge to set the authority of the image storage folder
$sudo chmod 777 images
Confirm that the code works as.
Of course, I couldn't forgive such security-friendly privileges even on the local server, so I rejected it.
4.2 Solution
Check the user with phpinfo.
It turns out that www-data is USER. Then I should give authority to www-data
The authority under vagrant environment is like this
$ls -l
~
drwxrwxr-x. 2 vagrant vagrant 4096 Jan 13 08:32 images
~
$ sudo chown www-data images
chown: invalid user: ‘www-data’
I was told that it is not valid, so I will check the user list
$cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
~
vagrant:x:1000:1000:vagrant:/home/vagrant:/bin/bash
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
There are many other things, but there are no www-data users.
What should I do
Launch the container
docker exec -it [id] bash
Try entering the php-fpm container with.
The file permissions in it are
drwxrwxr-x. 2 1000 1000 4096 Jan 13 08:32 images
1000 1000?
When I looked it up, it seems that the uid of the vagrant user is 1000.
If you check the user list with $ cat / etc / passwd
vagrant:x:1000:1000:vagrant:/home/vagrant:/bin/bash
You can see that the vagrant uid is numbered 1000
It seems that there is another virtual container in the virtual environment called VM and the 1000 uid is not named in that container. In other words, there are no users including the vagrant user at number 1000 in the container. But the uid seems to be common
Then, if you check from inside the container, there should be www-data ...
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
Was there
What to do after all
I don't know if it's the correct answer, but I came up with the idea of creating a vagrant user with a UID of 33 outside the container and changing the owner of the images folder to 33. This fits nicely in me. I mean, I haven't succeeded other than this
$useradd -u 33 www-data -g vagrant
$chown www-data images
Other https://gtrt7.com/blog/nginx/docker_userid_share#3docker-composeyml It seems that you can match from the docker side instead of the vagrant side like this.
I got this error and I didn't understand and threw it
web_1 | 2020/01/13 13:52:54 [emerg] 1#1: host not found in upstream "php-fpm" in /etc/nginx/conf.d/default.conf:20
web_1 | nginx: [emerg] host not found in upstream "php-fpm" in /etc/nginx/conf.d/default.conf:20
default.conf:20fastcgi_pass php-fpm:9000;
I don't know honestly
I feel that it is better to complete the file relations in the Docker container, but I can not find a good way to do it, so I gave up this time.
I don't have enough knowledge about Linux, nginx php-fpm, etc. to dig a little deeper, so now when I create a folder where I uploaded a file with php, I changed the authority as appropriate. It was.
Please let me know if there is a good way ...
Recommended Posts