Docker nginx SELinux (centOS/RHEL) with 403 forbidden access

So my Dockerfile runs via docker-compose using:

Dockerfile

FROM nginx
#COPY conf
COPY myapp/ /usr/share/nginx/html
RUN chmod -R 664 /usr/share/nginx/html
RUN chown -R nginx /usr/share/nginx/html
RUN chcon -R -t httpd_sys_content_t /usr/share/nginx/html

This is on RHEL 6.x, Docker is old 1.7 or something as well.

  • Docker user permission while mounting a directory
  • Creating a Docker Compose for Rail App with Cassandra
  • Inheriting from postgres docker container - doesn't keep the daemon alive?
  • Node-inspector in docker does not load sources
  • Docker Ubuntu 16.04 LTS - use tcpdump to capture GRE packets
  • using a docker container to build another docker image
  • I don’t even need “run chmod/chown/chcon” for most environments!! The dockerfile works just fine on windows.

    However, I still get 403 Forbidden errors whenever nginx tries to access ANY file in /usr/share/nginx/html.

    What is the correct way to setup nginx in a docker container and avoid these SElinux problems? (SElinux is on “Enforcing”)

    In fact, if you do

    RUN/CMD ls -l

    we can see nginx is the user who owns that folder and it has the right permissions! So what the heck is going on?

  • Docker for Windows not working
  • Eclipse IDE within docker
  • can't run a pull queue handler inside a custom vm
  • restart nginx container when upstream servers is updated
  • PostgreSQL docker container on Widnows
  • What's the difference between Docker for Windows and Docker on Windows?
  • One Solution collect form web for “Docker nginx SELinux (centOS/RHEL) with 403 forbidden access”

    Special circumstances related to old Docker 1.7.1 and RHEL6, means you gotta install RHEL7. SELinux does not work well with it. There are some core RHEL6 library issues (shared library permission errors) making it nearly impossible to use with Docker 1.7.1.

    The labels are all wrong. the processes inside the image are init_rc_t type labels which are incorrect. The files can be changed to httpd_sys_content_t but it doesn’t work.

    I think also there may be some nginx:nginx (UID GID mismatching) issues.

    But really, it’s give up time. Not worth investing time in resolving it and my host provider wouldn’t call RHEL6 to ask about it.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.