From 9224843f121311b7d6b8547b0bd14c4395c6935b Mon Sep 17 00:00:00 2001 From: Endial Fang Date: Mon, 20 Apr 2020 16:00:50 +0800 Subject: [PATCH] =?UTF-8?q?[fix:1.16.1]=20=E8=A7=A3=E5=86=B3=E9=9D=9Eroot?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E8=AE=BF=E9=97=AE=E6=9D=83=E9=99=90=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 增加gosu功能 - 解决启用gosu后80端口无法访问问题 - 解决启用gosu后ip地址无法bind问题(非root用户) - 解决启用gosu后目录访问权限问题 - 默认配置文件增加daemon off --- 1.16.1/Dockerfile | 34 ++++++++++++++++++---------- 1.16.1/README.md | 10 ++++---- 1.16.1/entrypoint.sh | 22 +++++++++++------- 1.16.1/nginx/conf.d/default.conf | 39 ++++++++++++++++++++++++++++++-- 1.16.1/nginx/nginx.conf.default | 23 ++++++++++++------- 5 files changed, 93 insertions(+), 35 deletions(-) diff --git a/1.16.1/Dockerfile b/1.16.1/Dockerfile index ff918a2..75e55b4 100644 --- a/1.16.1/Dockerfile +++ b/1.16.1/Dockerfile @@ -24,9 +24,9 @@ LABEL \ RUN set -eux; \ groupadd -r ${APP_GROUP}; \ - useradd -r -g ${APP_GROUP} -s /usr/sbin/nologin ${APP_USER}; \ + useradd -r -g ${APP_GROUP} -s /usr/sbin/nologin -d /usr/cache/nginx ${APP_USER}; \ \ - mkdir -p /etc/nginx /srv/conf/nginx /var/log/nginx /var/cache/nginx; \ + mkdir -p /etc/nginx /srv/conf/nginx /var/log/nginx /var/run/nginx /var/cache/nginx; \ \ NGINX_CONFIG=" \ --prefix=/etc/nginx \ @@ -86,16 +86,27 @@ RUN set -eux; \ zlib1g-dev \ libxml2-dev \ libxslt-dev \ + libgd-dev \ + libc6-dev \ + libgeoip-dev \ libterm-readkey-perl \ "; \ - apt update; \ - apt install -y --no-install-recommends ${fetchDeps}; \ + apt-get update; \ + apt-get install -y ${fetchDeps}; \ \ - apt install -y --no-install-recommends zlib1g; \ + apt install -y --no-install-recommends \ + zlib1g \ + libxml2 \ + libxslt1.1 \ + geoip-bin \ + geoip-database \ + libgd3 \ + libc6 \ + ; \ \ wget -O nginx.tar.gz "http://nginx.org/download/nginx-$APP_MAJOR.tar.gz"; \ wget -O nginx.tar.gz.asc "http://nginx.org/download/nginx-$APP_MAJOR.tar.gz.asc"; \ - wget -O nginx_signing.key "https://nginx.org/keys/nginx_signing.key"; \ +# wget -O nginx_signing.key "https://nginx.org/keys/nginx_signing.key"; \ \ wget -O openssl.tar.gz --no-check-certificate "https://www.openssl.org/source/old/1.1.1/openssl-${OPENSSL_VERSION}.tar.gz"; \ wget -O openssl.tar.gz.asc --no-check-certificate "https://www.openssl.org/source/old/1.1.1/openssl-${OPENSSL_VERSION}.tar.gz.asc"; \ @@ -140,12 +151,10 @@ RUN set -eux; \ \ cd /; \ rm -rf /nginx-$APP_MAJOR; \ - ln -sf /dev/stdout /var/log/nginx/access.log; \ - ln -sf /dev/stderr /var/log/nginx/error.log; \ - ln -sf /etc/nginx/nginx.conf /srv/conf/nginx/nginx.conf; \ - chown -Rf nginx:nginx /etc/nginx /srv/conf/nginx /var/log/nginx /var/cache/nginx; \ + ln -sf /srv/conf/nginx/nginx.conf /etc/nginx/nginx.conf; \ + chown -Rf nginx:nginx /etc/nginx /srv/conf/nginx /var/log/nginx /var/run/nginx /var/cache/nginx; \ # this 777 will be replaced by 700 or 755 at runtime (allows semi-arbitrary "--user" values) - chmod 777 /etc/nginx /srv/conf/nginx /var/log/nginx /var/cache/nginx; \ + chmod 777 /etc/nginx /srv/conf/nginx /var/log/nginx /var/run/nginx /var/cache/nginx; \ \ apt purge -y --auto-remove ${fetchDeps}; \ apt autoclean -y; \ @@ -157,7 +166,8 @@ COPY ./nginx /etc/nginx VOLUME ["/srv/www", "/srv/conf", "/srv/cert", "/var/log", "/var/run"] -EXPOSE 80 443 +# 解决使用gosu后,nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied) +EXPOSE 8080 8443 STOPSIGNAL SIGTERM diff --git a/1.16.1/README.md b/1.16.1/README.md index ee993bb..07d0be1 100644 --- a/1.16.1/README.md +++ b/1.16.1/README.md @@ -6,8 +6,8 @@ ## 基本信息 -* 镜像地址:endial/nginx-ubuntu:v1.16.1 -* 依赖镜像:endial/ubuntu:v18.04 +* 镜像地址:endial/nginx:v1.16.1 + * 依赖镜像:endial/ubuntu:v18.04 @@ -41,7 +41,7 @@ export DOCKER_VOLUME_BASE= ```bash docker run -d --name nginx \ - -p 80:80 \ + -p 80:8080 \ -v $DOCKER_VOLUME_BASE/srv/www:/srv/www:ro \ -v $DOCKER_VOLUME_BASE/var/log:/var/log \ -v $DOCKER_VOLUME_BASE/srv/conf:/srv/conf \ @@ -53,7 +53,7 @@ docker run -d --name nginx \ ```shell docker run -d --name nginx \ --user www-data \ - -p 80:80 \ + -p 80:8080 \ -v $DOCKER_VOLUME_BASE/srv/www:/srv/www:ro \ -v $DOCKER_VOLUME_BASE/var/log:/var/log \ -v $DOCKER_VOLUME_BASE/srv/conf:/srv/conf \ @@ -69,7 +69,7 @@ docker run -d --name nginx \ ```bash docker run -d --name nginx \ - -p 80:80 \ + -p 80:8080 \ --volumes-from dvc \ endial/nginx-ubuntu:v1.16.1 ``` diff --git a/1.16.1/entrypoint.sh b/1.16.1/entrypoint.sh index bdc7425..2cc4a73 100755 --- a/1.16.1/entrypoint.sh +++ b/1.16.1/entrypoint.sh @@ -44,6 +44,7 @@ docker_create_user_directories() { LOG_I "Check directories used by ${APP_NAME}" mkdir -p "/var/log/${APP_NAME}" mkdir -p "/var/run/${APP_NAME}" + mkdir -p "/var/cache/${APP_NAME}" mkdir -p "/srv/conf/${APP_NAME}/conf.d" [ ! -e /srv/conf/nginx/nginx.conf ] && cp /etc/nginx/nginx.conf.default /srv/conf/nginx/nginx.conf @@ -52,22 +53,27 @@ docker_create_user_directories() { # 允许容器使用`--user`参数启动,修改相应目录的所属用户信息 if [ "$user_id" = '0' ]; then - LOG_I "Chang owner of resources to: ${APP_USER}" + LOG_I "Chang owner of resources to: ${APP_USER} by root" find /var/run/${APP_NAME} \! -user ${APP_USER} -exec chown ${APP_USER} '{}' + find /var/log/${APP_NAME} \! -user ${APP_USER} -exec chown ${APP_USER} '{}' + + find /var/cache/${APP_NAME} \! -user ${APP_USER} -exec chown ${APP_USER} '{}' + find /srv/conf/${APP_NAME} \! -user ${APP_USER} -exec chown ${APP_USER} '{}' + - find /etc/nginx \! -user ${APP_USER} -exec chown ${APP_USER} '{}' + - elif [ ! "$user_id" = "$(id -u ${APP_USER})"]; then - chown "$user_id" /etc/nginx /srv/conf/nginx /var/log/nginx /var/run/nginx +# 解决使用gosu后,nginx: [emerg] open() "/dev/stdout" failed (13: Permission denied) + chmod 0622 /dev/stdout /dev/stderr + else + LOG_I "Chang owner of resources to: $user_id by $user_id" + find /var/run/${APP_NAME} \! -user ${user_id} -exec chown ${user_id} '{}' + + find /var/log/${APP_NAME} \! -user ${user_id} -exec chown ${user_id} '{}' + + find /var/cache/${APP_NAME} \! -user ${user_id} -exec chown ${user_id} '{}' + + find /srv/conf/${APP_NAME} \! -user ${user_id} -exec chown ${user_id} '{}' + fi - chmod 755 /etc/nginx /srv/conf/nginx /var/log/nginx /var/run/nginx + chmod 755 /etc/nginx /var/log/nginx /var/cache/nginx /var/run/nginx /srv/conf/nginx || : } # 检测可能导致容器执行后直接退出的命令,如"--help";如果存在,直接返回 0 docker_app_want_help() { - LOG_I "Check command type" local arg for arg; do case "$arg" in @@ -92,13 +98,13 @@ _main() { # 以root用户运行时,设置数据存储目录与权限;设置完成后,会使用gosu重新以"postgres"用户运行当前脚本 docker_create_user_directories if [ "$(id -u)" = '0' ]; then - LOG_I "Restart container with default user: ${APP_USER}'" + LOG_I "Restart container with default user: ${APP_USER}" LOG_I "" exec gosu ${APP_USER} "$0" "$@" fi fi - LOG_I "Start application ${APP_NAME}: $@" + LOG_I "Start container with: $@" # 执行命令行 exec "$@" diff --git a/1.16.1/nginx/conf.d/default.conf b/1.16.1/nginx/conf.d/default.conf index feac296..0460e9d 100644 --- a/1.16.1/nginx/conf.d/default.conf +++ b/1.16.1/nginx/conf.d/default.conf @@ -1,8 +1,8 @@ server { - listen 80; + listen 8080; server_name localhost; - # charset utf-8; ## DON'T need, set in nginx.conf + # charset utf-8; ## DO NOT need, set in nginx.conf access_log /var/log/nginx/default.access.log main; location / { @@ -43,3 +43,38 @@ server { # deny all; #} } + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 8443 ssl; + # server_name localhost; + + # ssl_certificate /srv/cert/nginx/cert.pem; + # ssl_certificate_key /srv/cert/nginx/cert.key; + + # ssl_session_cache shared:SSL:1m; + # ssl_session_timeout 5m; + + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} \ No newline at end of file diff --git a/1.16.1/nginx/nginx.conf.default b/1.16.1/nginx/nginx.conf.default index e022059..79fd3b7 100644 --- a/1.16.1/nginx/nginx.conf.default +++ b/1.16.1/nginx/nginx.conf.default @@ -2,7 +2,9 @@ # 针对Docker镜像使用,请不要修改为其他用户 user nginx; -group nginx; + +# 关闭后台模式,防止默认设置为后台模式时导致容器直接退出 +daemon off; # Set number of worker processes automatically based on number of CPU cores. worker_processes auto; @@ -11,12 +13,14 @@ worker_processes auto; pcre_jit on; # Configures default error logger. -error_log /var/log/nginx/error.log warn; +# error_log /var/log/nginx/error.log warn; +#error_log /dev/stdout warn; # Includes files with directives to load dynamic modules. include /etc/nginx/modules/*.conf; -pid /var/run/nginx.pid; +# 设置PID文件路径为对应的子目录 +pid /var/run/nginx/nginx.pid; worker_rlimit_nofile 32767; @@ -103,11 +107,14 @@ http { '"$http_user_agent" "$http_x_forwarded_for"'; # Sets the path, format, and configuration for a buffered log write. - access_log /var/log/nginx/access.log main; - error_log /var/log/nginx/error.log warn; - - #access_log off; - #error_log /dev/null; +# access_log /var/log/nginx/access.log main; +# error_log /var/log/nginx/error.log warn; + access_log /dev/stdout main; + error_log /dev/stdout warn; + + # Turn off log output + # access_log /dev/null; + # error_log /dev/null; # Includes virtual hosts configs. include /srv/conf/nginx/conf.d/*.conf;