I am trying to set up a local dev LEMP stack for a Slim-4 project using podman-compose. So far I have containers for PHP and Nginx. Nginx runs but gives a 500 error on trying to access the log directory - permission denied. This directory is outside of the public directory that is served by nginx.
I have selinux set to permissive to eliminate its issues. I have used podman unshare to set ownership to the container's Nginx UID:GID. I tried the setup with only a simple index file - the file is served with no issues. So, nginx/podman has access to the nginx configuration file on the host. The issue must be with write permissions.
Here is my docker-compose file:
version: '3.7'
# Services
services:
# Nginx Service
nginx:
image: nginx:1.17
ports:
- 8090:80
volumes:
- .:/var/www/php:z
- ./.docker/nginx/conf.d:/etc/nginx/conf.d:ro
depends_on:
- php
# PHP Service
php:
image: php:7.4-fpm
working_dir: /var/www/php
volumes:
- .:/var/www/php
What am I missing?
The issue was that I incorrectly assumed I needed to set permissions to allow Nginx to have access.
Instead I needed to grant the group www-data access permissions.
How I did it:
log into the running Nginx container podman exec -it [container ID] bash
find the www-data GID (Group ID) - from the container command line, cat /etc/passwd | grep www-data
note the GID (in the result you will see something like ...x:33:33... 33:33 is the user:group)
exit the container cli with exit
in your development/host cli, at the root of your project, run podman unshare chown -R 0:[the www-data GID you found above] . (don't miss the '.')
Explanation:
podman unshare puts you in a modified userspace that matches the container
chown changes ownership
-R means recursive
the number to the left of the ':' is the UID (User ID), the number to the right is the GID
the '.' is the current directory.
I hope this helps someone. I spent hours learning the above.