How to deal with permissions using docker - nginx / php-fpm

9
votes

I'm trying to deploy a very simple Symfony application using nginx & php-fpm via Docker.

Two docker services :
1. web : running nginx
2. php : running php-fpm; containing application source.

I want to build images that can be deployed without any external dependency. That's why I'm copying source code within the php container.
On development process; i'm overriding /var/www/html volume with local path.

# file: php-fpm/Dockerfile
FROM php:7.1-fpm-alpine

COPY ./vendor /var/www/html
COPY . /var/www/html

VOLUME /var/www/html

Now the docker-compose configuration file.

# file : docker-compose-prod.yml
version: '2'
services:
  web:
    image: "private/web"
    ports:
      - 80:80
    volumes_from:
      - php
  php:
    image: "private/php"
    ports:
      - 9000:9000

The problem is about permissions.
When accessing localhost, Symfony is botting up, but cache / logs / sessions folders are not writable.

  1. nginx is using /var/www/html to serve static files.
  2. php-fpm is using /var/www/html to execute php files.

I'm not sure about the problem. But how can I be sure about the following:

  1. /var/www/html have to be readable for nginx ?
  2. /var/www/html have to be writable for php-fpm ?

Note: I'm building images from MacbookPro; cache / logs / sessions are 777.

3
phpsymfonynginxdockerdocker-compose
What does volumes_from do, if you don't have any volumes specified in the php service?Tom Fenech

3 Answers

5
votes

docker-compose.yml supports a user directive under services. The docs only mention it in the run command, but it works the same.

I have a similar setup and this is how I do it:

# file : docker-compose-prod.yml
version: '2'
services:
  web:
    image: "private/web"
    ports:
      - 80:80
    volumes_from:
      - php
  php:
    image: "private/php"
    ports:
      - 9000:9000
    user: "$UID"

I have to run export UID before running docker-compose and then that sets the default user to my current user. This allows logging / caching etc. to work as expected.

0
votes

I am using this solution "Docker for Symfony" https://github.com/StaffNowa/docker-symfony

New features on 

./d4d start
./d4s stop
./d4d help
-1
votes

I've found a solution; But if someone can explain best practices, it will be appreciate !

Folders cache / logs / sessions from docker context where not empty (on host).
Now that folders have been flushed, Symfony creates them with good permissions.

I've found people using usermod to change UID, ie: 1000 for www-data / nginx ... But it seems to be an ugly hack. What do you think about ?