Docker - how to run Apache as a user?

S

symnoob2019-06-05 23:51:29

Docker

symnoob, 2019-06-05 23:51:29

Hello everyone,
as soon as I add this line, Apache won't start...
USER www-data
docker-compose ps -> state restarting
Dockerfile:

FROM httpd:2.4
RUN apt-get update && apt-get upgrade -y
RUN apt-get install nano -y
set default user and working directory
USER www-data
EXPOSE 80

docker-compose.yaml:

version: '3.7'

services:

  db:
    image: mariadb
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: example

  adminer:
    image: adminer
    restart: always
    ports:
      - 8080:8080

  web:
    image: apache
    build: ./apache
    depends_on:
      - db
    restart: always
    ports:
      - 80:80
    volumes:
      - //c/Docker/sf4/project:/usr/local/apache2/htdocs

I am using Docker Toolbox
Host System: Win10Home 64Bit
Please help

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

M

metajiji, 2019-06-06
@metajiji

Now, if completely on the forehead, then:

docker run --help
docker run --user XXX

In principle, you did this in a Dockerfile, but think with your head ... You took an httpd image, inside a huge debian https://github.com/docker-library/httpd/blob/75e85...
It is better to take alpine for such a task FROM httpd:alpine-2.4
Further httpd most likely it is launched from the root, and not just like that! He just needs to do this, because there is such a thing as non-privileged ports https://ru.wikipedia.org/wiki/%D0%A1%D0%BF%D0%B8%D...
You have 100500% in httpd config is set to port 80, which is less than 1024, so httpd can't start!
httpd is started as root, binds to port 80/443, and then suid to uid/gid specified in https://httpd.apache.org/docs/2.4/mod/mod_unixd.ht...
Now knowing this, it becomes clear why we see errors in docker logs (container_name).
What to do? Well, for example, run Apache as the www-data user, as intended, but on ports higher than 1024, and if you want it to respond to port 80 on the host, then it’s not a question, port mapping will do it for you, because on the host, dockerd will launch a docker-proxy process that will run as root and listen on port 80, proxying traffic to the container to the port you specified, for example 8080.
We get that Apache lives on 8080 inside the container, outside on 80.

version: '3.7'

services:

  db:
    image: mariadb
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: example

  adminer:
    image: adminer
    restart: always
    ports:
      - 8080:8080

  web:
    image: httpd:alpine-2.4  # поверьте, вам не нужен nano внутри контейнера! просто подключите все необходимые конфиги с хоста как volume, это правда удобно.
    depends_on:
      - db
    restart: always
    ports:
      - 80:8080  #HOST:CONTAINER
    volumes:
      - //c/Docker/sf4/project:/usr/local/apache2/htdocs
#      - скопируйте необходимые конфиги себе примерно так: "docker cp /etc/httpd/httpd.conf ." и подключите как volume
      - "./httpd/httpd.conf:/etc/httpd/httpd.conf"  # пример подключения конфига, где ./httpd/httpd.conf файл рядом с вашим docker-compose.yml

I

Ivan Shumov, 2019-06-05
@inoise

Is there a www-data user there?) And in general - go into the container and read the logs. business