Docker nginx SELinux (centOS/RHEL) with 403 forbidden access
So my Dockerfile runs via docker-compose using:
FROM nginx #COPY conf COPY myapp/ /usr/share/nginx/html RUN chmod -R 664 /usr/share/nginx/html RUN chown -R nginx /usr/share/nginx/html RUN chcon -R -t httpd_sys_content_t /usr/share/nginx/html
This is on RHEL 6.x, Docker is old 1.7 or something as well.
I don’t even need “run chmod/chown/chcon” for most environments!! The dockerfile works just fine on windows.
However, I still get 403 Forbidden errors whenever nginx tries to access ANY file in /usr/share/nginx/html.
What is the correct way to setup nginx in a docker container and avoid these SElinux problems? (SElinux is on “Enforcing”)
In fact, if you do
RUN/CMD ls -l
we can see nginx is the user who owns that folder and it has the right permissions! So what the heck is going on?
One Solution collect form web for “Docker nginx SELinux (centOS/RHEL) with 403 forbidden access”
Special circumstances related to old Docker 1.7.1 and RHEL6, means you gotta install RHEL7. SELinux does not work well with it. There are some core RHEL6 library issues (shared library permission errors) making it nearly impossible to use with Docker 1.7.1.
The labels are all wrong. the processes inside the image are init_rc_t type labels which are incorrect. The files can be changed to httpd_sys_content_t but it doesn’t work.
I think also there may be some nginx:nginx (UID GID mismatching) issues.
But really, it’s give up time. Not worth investing time in resolving it and my host provider wouldn’t call RHEL6 to ask about it.