Docker nginx SELinux (centOS/RHEL) with 403 forbidden access

1
votes

So my Dockerfile runs via docker-compose using:

Dockerfile

FROM nginx
#COPY conf
COPY myapp/ /usr/share/nginx/html
RUN chmod -R 664 /usr/share/nginx/html
RUN chown -R nginx /usr/share/nginx/html
RUN chcon -R -t httpd_sys_content_t /usr/share/nginx/html

This is on RHEL 6.x, Docker is old 1.7 or something as well.

I don't even need "run chmod/chown/chcon" for most environments!! The dockerfile works just fine on windows.

However, I still get 403 Forbidden errors whenever nginx tries to access ANY file in /usr/share/nginx/html.

What is the correct way to setup nginx in a docker container and avoid these SElinux problems? (SElinux is on "Enforcing")

In fact, if you do

RUN/CMD ls -l

we can see nginx is the user who owns that folder and it has the right permissions! So what the heck is going on?

1
nginxdockerdockerfilerhel

1 Answers

0
votes

Special circumstances related to old Docker 1.7.1 and RHEL6, means you gotta install RHEL7. SELinux does not work well with it. There are some core RHEL6 library issues (shared library permission errors) making it nearly impossible to use with Docker 1.7.1.

The labels are all wrong. the processes inside the image are init_rc_t type labels which are incorrect. The files can be changed to httpd_sys_content_t but it doesn't work.

I think also there may be some nginx:nginx (UID GID mismatching) issues.

But really, it's give up time. Not worth investing time in resolving it and my host provider wouldn't call RHEL6 to ask about it.