Unable to run nginx container as non-root

10/23/2019

I am trying to run nginx container as a non-root user I am trying to configure my nginx.conf file, which I am then putting into a k8s configmap, but when the container starts, it keeps throwing errors such as

"pid" directive is not allowed here in /etc/nginx/conf.d/nginx-kibana.conf:4

and for every subsequent ones

What do i need to fix or adjust in the config, or do i need to adjust the volume: in the nginx-deployment.yaml

This is my nginx.conf

error_log /tmp/error.log;

# The pidfile will be written to /var/run unless this is set.
pid /tmp/nginx.pid;

worker_processes 1;

events {
  worker_connections 1024;
}
http {
  # Set an array of temp and cache file options that will otherwise default to
  # restricted locations accessible only to root.
  client_body_temp_path /tmp/client_body;
  fastcgi_temp_path /tmp/fastcgi_temp;
  proxy_temp_path /tmp/proxy_temp;
  scgi_temp_path /tmp/scgi_temp;
  uwsgi_temp_path /tmp/uwsgi_temp;

  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;

  include /etc/nginx/mime.types;
  index index.html index.htm index.php;

  default_type application/octet-stream;
  server {
        listen 8080 default_server;
        listen [::]:8080 default_server ipv6only=on;
        server_name  localhost;

        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

        # the UI will send the request with query string pageId to kibana to load a specific page
        # e.g: iframe src="/kibana/page?pageId=dashboard"
        # set proxy_pass to root kibana does not see the query params, so we have to go to /app/kibana
        location ^~ /${KIBANA_PATH}/page {
          proxy_pass http://127.0.0.1:5601/app/kibana/${ESC}is_args${ESC}args;
          proxy_http_version 1.1;
          proxy_set_header Upgrade ${ESC}http_upgrade;
          proxy_set_header Connection 'upgrade';
          proxy_set_header Host ${ESC}host;
          proxy_cache_bypass ${ESC}http_upgrade;
        }

        # have to re-write URLs for kibana to strip out the /kibana part
        location /${KIBANA_PATH}/ {
          proxy_pass http://127.0.0.1:5601/;
          proxy_http_version 1.1;
          proxy_set_header Upgrade ${ESC}http_upgrade;
          proxy_set_header Connection 'upgrade';
          proxy_set_header Host ${ESC}host;
          proxy_cache_bypass ${ESC}http_upgrade;
        }

    }
}

This is how i mount the configmap onto the container

      securityContext:
        fsGroup: 2000
        runAsUser: 2000
      volumes:
      - name: nginxconfigmap-volume
        configMap:
          name: my-nginx-configmap

      containers:
      - name: nginx
        image: nginx:stable
        ports:
        - containerPort: 8080
          name: http
          protocol: TCP
        livenessProbe:
          httpGet:
            scheme: HTTP
            path: /
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 10
          timeoutSeconds: 5
          successThreshold: 1
          failureThreshold: 3
        readinessProbe:
          httpGet:
            scheme: HTTP
            path: /
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 10
          timeoutSeconds: 5
          successThreshold: 2
          failureThreshold: 6
        volumeMounts:
        - mountPath: /etc/nginx/conf.d
          name: nginxconfigmap-volume
-- Shoaib Ahmed Nasir
containers
kubernetes
nginx
security-context

3 Answers

10/23/2019

The file nginx.conf goes in the path /etc/nginx not in /etc/nginx/conf.d. The error you are getting is nginx related, nothing to do with kubernetes. Change the path to load your nginx configuration correctly.

-- Rodrigo Loza
Source: StackOverflow

10/24/2019

Problem solved by fixing two things. Firstly I had to ensure to name my conf file as nginx.conf instead of nginx-kibana.conf

And secondly had to ensure that I set the mount path to mountPath: /etc/nginx

-- Shoaib Ahmed Nasir
Source: StackOverflow

10/23/2019

If I modify the volume-mount path to

   volumeMounts:
        - mountPath: /etc/nginx
          name: nginxconfigmap-volume

Then i get this error 2019/10/23 02:50:49 [emerg] 1#1: open() "/etc/nginx/nginx.conf" failed (2: No such file or directory) nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)

Unsure how to proceed

-- Shoaib Ahmed Nasir
Source: StackOverflow