I am trying to view portal that build with angular uses netcore backend runs on docker swarm fluently. When I try to deploy angular image on openshift, I get following error;
[emerg] 1#1: bind() to 0.0.0.0:80 failed (13: Permission denied)
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
First I created nginx deployment as root user using "nginx:1.19.6-alpine" and defined service account(anyuid), it works fine. Then I try to create openshift deployment with "nginxinc/nginx-unprivileged" image to run as non-root user. I had change nginx.conf according to "nginxinc/nginx-unprivileged" image. I defined service account again but it throws "bind() to 0.0.0.0:80 failed (13: Permission denied)" error.
Container 80 port open. There was no ingress. Service uses 80 port to expose route. What could be the solution ?
Here is my Dockerfile;
### STAGE 1: Build ###
FROM node:12.18-alpine as build-env
ENV TZ=Europe/Istanbul
RUN export NG_CLI_ANALYTICS=false
COPY ng/package.json ng/package-lock.json ng/.npmrc ./
COPY ng/projects/package.json ./projects/package.json
RUN npm install && pwd && ls -ltra
COPY ./ng/ ./
RUN time node --max_old_space_size=12000 node_modules/@angular/cli/bin/ng build project --configuration production
WORKDIR /usr/src/app/dist/
COPY ng/.npmrc ./
RUN npm publish
WORKDIR /usr/src/app/
RUN time node --max_old_space_size=12000 node_modules/@angular/cli/bin/ng build portal --configuration production
### STAGE 2: Run ###
FROM nginxinc/nginx-unprivileged:1.23-alpine as runtime-env
ENV TZ=Europe/Istanbul
COPY ng/nginx.conf /etc/nginx/nginx.conf
COPY ng/nginx.template.conf /etc/nginx/nginx.template.conf
COPY --from=build-env /usr/src/app/dist/portal/ /usr/share/nginx/html/
CMD ["/bin/sh", "-c", "envsubst < /usr/share/nginx/html/assets/env.template.js > /usr/share/nginx/html/assets/env.js && envsubst '$API_URL' < /etc/nginx/nginx.template.conf > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"]
nginx.conf file :
worker_processes auto; # nginx.conf file taken from nginxinc_nginx-unprivileged image
error_log /var/log/nginx/error.log notice;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
proxy_temp_path /tmp/proxy_temp;
client_body_temp_path /tmp/client_temp;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
nginx.template.conf
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location /api {
proxy_pass ${API_URL};
proxy_pass_request_headers on;
#rewrite /api/(.*) /$1 break;
}
}
I have used all service accounts on deployment such as nonroot, hostaccess, hostmount-anyuid, priviledged, restricted and anyuid.
Also I tried to add following command to dockerfile:
"RUN chgrp -R root /var/cache/nginx /var/run /var/log/nginx &&
chmod -R 770 /var/cache/nginx /var/run /var/log/nginx"
Gets it from here.
2
Answers
I have found the mistake. I had change the nginx.template.conf 80 to 8080. But openshift did not renew deployment. So I recreate deployment with new image it fixes the problem.
OpenShift will not run your container as root, so it cannot listen on port 80. Choose a port >1024, e.g. port 8080 instead, and it should work.