堆栈内存溢出
  简体   繁体   English

具有403禁止访问权限的Docker nginx SELinux(centOS / RHEL)

[英]Docker nginx SELinux (centOS/RHEL) with 403 forbidden access

 原文  2017-04-09 01:38:47       nginx/ docker/ dockerfile/ rhel

问题描述

So my Dockerfile runs via docker-compose using: 所以我的Dockerfile使用以下命令通过docker-compose运行:

Dockerfile Dockerfile 

FROM nginx
#COPY conf
COPY myapp/ /usr/share/nginx/html
RUN chmod -R 664 /usr/share/nginx/html
RUN chown -R nginx /usr/share/nginx/html
RUN chcon -R -t httpd_sys_content_t /usr/share/nginx/html

This is on RHEL 6.x, Docker is old 1.7 or something as well. 这是在RHEL 6.x上,Docker是1.7或更旧的版本。

I don't even need "run chmod/chown/chcon" for most environments!! 在大多数环境下,我甚至都不需要“运行chmod / chown / chcon”! The dockerfile works just fine on windows. dockerfile在Windows上可以正常工作。

However, I still get 403 Forbidden errors whenever nginx tries to access ANY file in /usr/share/nginx/html. 但是,每当nginx尝试访问/ usr / share / nginx / html中的任何文件时,我仍然会收到403禁止错误。

What is the correct way to setup nginx in a docker container and avoid these SElinux problems? 在Docker容器中设置Nginx并避免这些SElinux问题的正确方法是什么? (SElinux is on "Enforcing") (SElinux在“ Enforcecing”上)

In fact, if you do 实际上,如果您这样做

RUN/CMD ls -l 运行/ CMD ls -l

we can see nginx is the user who owns that folder and it has the right permissions! 我们可以看到nginx是拥有该文件夹的用户,并且具有正确的权限! So what the heck is going on? 那么到底发生了什么?

1 个解决方案

解决方案1
 0 已采纳  2017-04-27 21:05:42

Special circumstances related to old Docker 1.7.1 and RHEL6, means you gotta install RHEL7. 与旧Docker 1.7.1和RHEL6相关的特殊情况意味着您必须安装RHEL7。 SELinux does not work well with it. SELinux不能很好地使用它。 There are some core RHEL6 library issues (shared library permission errors) making it nearly impossible to use with Docker 1.7.1. RHEL6库存在一些核心问题(共享库权限错误),使其几乎无法与Docker 1.7.1一起使用。

The labels are all wrong. 标签都是错误的。 the processes inside the image are init_rc_t type labels which are incorrect. 映像内的进程是init_rc_t类型的标签,它们是不正确的。 The files can be changed to httpd_sys_content_t but it doesn't work. 可以将文件更改为httpd_sys_content_t,但是它不起作用。

I think also there may be some nginx:nginx (UID GID mismatching) issues. 我认为也可能存在一些nginx:nginx(UID GID不匹配)问题。

But really, it's give up time. 但实际上,这是浪费时间。 Not worth investing time in resolving it and my host provider wouldn't call RHEL6 to ask about it. 不值得花费时间来解决它,并且我的主机提供商不会致电RHEL6来询问它。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 403 禁止访问 - Nginx、Docker & Windows - 403 Forbidden - Nginx, Docker & Windows CentOS,Nginx:Laravel文件夹中禁止使用403 - CentOS, Nginx: 403 Forbidden in Laravel's folder Centos nginx + django + gunicorn 403 禁止 - Centos nginx + django + gunicorn 403 forbidden Nginx 403 - 规则禁止访问 nginx - Nginx 403 - access forbidden by rule nginx Docker nginx + php 回复 403 禁止 - Docker nginx + php replied 403 Forbidden uwsgi nginx selinux在centos 7上的audit2allow完成,强制selinux仍然阻止对套接字的访问 - uwsgi nginx selinux on centos 7 audit2allow done, enforcing selinux still blocking access to the socket 在CentOS 7上禁止使用403时,如何正确设置Nginx? - How to set up Nginx correctly when 403 Forbidden on CentOS 7? Nginxplus泊坞窗构建因Centos 7的403禁止错误而失败 - Nginxplus docker build is failing with 403 Forbidden error for Centos 7 Nginx centos7被禁止 - Nginx centos7 forbidden 带有 CentOS/RHEL7 模块的 Nginx - Nginx with module for CentOS/RHEL7
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM