Search code examples
dockernginxtags

Docker ngnix with tag nginx:latest seems causes a major issue - direct acces to web directory

Upgrading Nginx docker with image tag Nginx:latest causes not executing PHP files and give direct access to web directory!

Upgrading docker-compose.yml from nginx:1.18.0 to Nginx:latest seems to cause a major issue. Ngnix container not executing PHP files anymore and give direct access to all content of web repository

  • Details:

Extract of docker-compose.yml (full reproductible example below)

  webserver:
    #image: nginx:1.8.0
    image: nginx:latest

and then "docker-composer up -d" raises the issue.

  • Effect: Nginx 1.18.0 not executing PHP files (using php7.4-fpm) and give direct access to web contains eg: domain.com/index.php can then be directly downloaded!

  • First elements: image nginx:latest or image nginx produce the same effect image nginx:1.8.0 (nor any explicit x.y.z tag) does not produce this issue

  • Troubling facts: nginx image with tag: nginx:mainline download version # nginx version: nginx/1.21.5 nginx image with tag: nginx:latest download a 1.8.0 version # nginx version: nginx/1.8.0

  • Probable issue : image nginx:latest has the following file (extract)

/etc/nginx/nginx.conf

html {
        (...)
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*; # THIS LINE IS NEW - instantiated a default site 
}

Don't know if this point has been noticed

Is a Dockerfile with "rm /etc/nginx/sites-enabled/" cmd an acceptable workaround or a prerequisite?

Reproducible example

docker-compose.yml

version: "3"

services:
  cms_php:
    image: php:7.4-fpm
    container_name: cms_php
    restart: unless-stopped
    networks:
      - internal
      - external
    volumes:
      - ./src:/var/www/html

  webserver:
    # image: nginx:1.18.0   # OK
    # image: nginx:1.17.0   # OK
    # image: nginx:mainline   # OK
    image: nginx:latest # NOK
    # image: nginx        # NOK
    container_name: webserver
    depends_on:
      - cms_php
    restart: unless-stopped
    ports:
      - 80:80
    volumes:
      - ./src:/var/www/html
      - ./nginx-conf:/etc/nginx/conf.d/
    networks:
      - external

networks:
  external:
    driver: bridge
  internal:
    driver: bridge

nginx-conf/nginx.conf

server {
    listen 80;
    listen [::]:80;

    server_name localhost;
    index index.php index.html index.htm;
    root /var/www/html;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass cms_php:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }

    location ~ /\.ht {
        deny all;
    }

    location = /favicon.ico {
        log_not_found off; access_log off;
    }
    location = /robots.txt {
        log_not_found off; access_log off; allow all;
    }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
    }
}

src/index.php

<?php echo "Hi..."; ?>
Solution

  • With the below setup, I am able to get the desired data. I didn't have to make changes to your files. You may have an issue with your paths/setup. Try to imitate my setup. I am using nginx:latest.

    $ curl localhost:80
Hi...

    Running docker processes in this setup

    $ docker-compose ps
  Name                 Command               State         Ports       
-----------------------------------------------------------------------
cms_php     docker-php-entrypoint php-fpm    Up      9000/tcp          
webserver   /docker-entrypoint.sh ngin ...   Up      0.0.0.0:80->80/tcp

    Folder structure

    $ tree
.
├── docker-compose.yaml
├── nginx-conf
│   └── nginx.conf
└── src
    └── index.php

2 directories, 3 files

    src/index.php

    $ cat src/index.php 
<?php echo "Hi..."; ?>

    docker-compose.yaml

    $ cat docker-compose.yaml 
version: "3"

services:
  cms_php:
    image: php:7.4-fpm
    container_name: cms_php
    restart: unless-stopped
    networks:
      - internal
      - external
    volumes:
      - ./src:/var/www/html

  webserver:
    image: nginx:latest
    container_name: webserver
    depends_on:
      - cms_php
    restart: unless-stopped
    ports:
      - 80:80
    volumes:
      - ./src:/var/www/html
      - ./nginx-conf:/etc/nginx/conf.d/
    networks:
      - external

networks:
  external:
    driver: bridge
  internal:
    driver: bridge

    nginx-conf/nginx.conf

    $ cat nginx-conf/nginx.conf 
server {
    listen 80;
    listen [::]:80;

    server_name localhost;
    index index.php index.html index.htm;
    root /var/www/html;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass cms_php:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }

    location ~ /\.ht {
        deny all;
    }

    location = /favicon.ico {
        log_not_found off; access_log off;
    }
    location = /robots.txt {
        log_not_found off; access_log off; allow all;
    }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
    }
}