Nginx Question posted in
The official documentation can be found here.

Save logs in Docker volume (write permission for all users on volume) – Nginx

I have a Yii application with docker-compose.yml:

version: '3'
services:
  web:
    image: nginx
    restart: always
    volumes:
      - ./docker/conf/nginx/default.conf:/etc/nginx/conf.d/default.conf
      - .:/var/www/html
    ports:
      - 80:80
    depends_on:
      - php
  php:
    image: yiisoftware/yii2-php:7.1-fpm
    restart: always
    volumes:
      - ./docker/conf/php/php.ini:/usr/local/etc/php/conf.d/php.ini
      - .:/var/www/html

All is good. Then some functions were added to save logs to folder /var/www/html/data/logs.

I do my stuff, connect to container and see

sudo docker container exec -it php_1 bash

root@16270e4c7275:/app# ls -la /var/www/html/data/logs
total 1
drwxrwxrwx 1 root root   0 Jan 12 02:03 . // write permissions to all users for /var/www/html/data/logs
drwxrwxrwx 1 root root   0 Dec 30 03:12 ..
-rwxrwxrwx 1 root root 104 Jan 12 02:03 12-01-2021.log // log is here

And then I want to save logs when container will be down. What should I use?

I try to make a volume.

File docker-compose.yml

  php:
    image: yiisoftware/yii2-php:7.1-fpm
    restart: always
    volumes:
      - ./docker/conf/php/php.ini:/usr/local/etc/php/conf.d/php.ini
      - .:/var/www/html
      - useractionlogs:/var/www/html/data/logs
volumes:
    pgdata:
    useractionlogs:

But saving logs failed šŸ™

In the container I see:

sudo docker container exec -it php_1 bash

root@16270e4c7275:/app# ls -la /var/www/html/data/logs
total 1
drwxr-xr-x 1 root root   0 Jan 12 02:03 . // write permissions are not to all users for /var/www/html/data/logs
drwxrwxrwx 1 root root   0 Dec 30 03:12 ..

I can do this in the container:

chmod go+rw /var/www/html/data/logs
ls -la /var/www/html/data/logs

total 4
drwxrwxrwx 2 root root 4096 Jan 12 02:19 .
drwxrwxrwx 1 root root    0 Dec 30 03:12 ..

But I should do that after all recreation of the volume.

How can I make logs to be saved correctly? Is there may be another way?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    A correct way to store logs is to send it to stdout. https://12factor.net/logs

    Treat logs as event streams

    Logs provide visibility into the behavior of a running app. In server-based environments they are commonly written to a file on disk (a ā€œlogfileā€); but this is only an output format.

    Logs are the stream of aggregated, time-ordered events collected from the output streams of all running processes and backing services. Logs in their raw form are typically a text format with one event per line (though backtraces from exceptions may span multiple lines). Logs have no fixed beginning or end, but flow continuously as long as the app is operating.

    A twelve-factor app never concerns itself with routing or storage of its output stream. It should not attempt to write to or manage logfiles. Instead, each running process writes its event stream, unbuffered, to stdout. During local development, the developer will view this stream in the foreground of their terminal to observe the appā€™s behavior.

    In staging or production deploys, each processā€™ stream will be captured by the execution environment, collated together with all other streams from the app, and routed to one or more final destinations for viewing and long-term archival. These archival destinations are not visible to or configurable by the app, and instead are completely managed by the execution environment. Open-source log routers (such as Logplex and Fluentd) are available for this purpose.

    https://serverfault.com/questions/599103/make-a-docker-application-write-to-stdout/634296#634296

    An amazing recipe is given in the nginx Dockerfile:

    forward request and error logs to docker log collector

    RUN ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log

    Simply, the app can continue writing to it as a file, but as a result the lines will go to stdout & stderr!

    and others

    Then work with https://docs.docker.com/config/containers/logging/

    Where is a log file with logs from a container?


  2. 0

    To my knowledge, this has to be done through a custom dockerfile based of an nginx base image and by using that you can change the ownership of the content within the /var/www/html directory to the group (for example, Apache uses the www-data user and group) and change the file permissions too.

    This way you can follow the security tradition of not using a root as a group permission and also overcome the fact that you have to change permissions manually each and every time.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search