我正在尝试查看使用 Angular 构建的门户,使用 netcore 后端在 docker swarm 上流畅运行。当我尝试在 openshift 上部署角度图像时,出现以下错误;
[emerg] 1#1: bind() to 0.0.0.0:80 failed (13: Permission denied)
nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
首先,我使用“nginx:1.19.6-alpine”作为root用户创建了nginx部署并定义了服务帐户(anyuid),它工作正常。然后我尝试使用“nginxinc/nginx-unprivileged”映像创建 openshift 部署以作为非 root 用户运行。我根据“nginxinc/nginx-unprivileged”图像更改了 nginx.conf 。我再次定义了服务帐户,但它抛出“bind() to 0.0.0.0:80 failed (13: Permission returned)”错误。
容器80端口开放。没有任何入口。服务使用80端口公开路由。解决办法是什么?
这是我的 Dockerfile;
### STAGE 1: Build ###
FROM node:12.18-alpine as build-env
ENV TZ=Europe/Istanbul
RUN export NG_CLI_ANALYTICS=false
COPY ng/package.json ng/package-lock.json ng/.npmrc ./
COPY ng/projects/package.json ./projects/package.json
RUN npm install && pwd && ls -ltra
COPY ./ng/ ./
RUN time node --max_old_space_size=12000 node_modules/@angular/cli/bin/ng build project --configuration production
WORKDIR /usr/src/app/dist/
COPY ng/.npmrc ./
RUN npm publish
WORKDIR /usr/src/app/
RUN time node --max_old_space_size=12000 node_modules/@angular/cli/bin/ng build portal --configuration production
### STAGE 2: Run ###
FROM nginxinc/nginx-unprivileged:1.23-alpine as runtime-env
ENV TZ=Europe/Istanbul
COPY ng/nginx.conf /etc/nginx/nginx.conf
COPY ng/nginx.template.conf /etc/nginx/nginx.template.conf
COPY --from=build-env /usr/src/app/dist/portal/ /usr/share/nginx/html/
CMD ["/bin/sh", "-c", "envsubst < /usr/share/nginx/html/assets/env.template.js > /usr/share/nginx/html/assets/env.js && envsubst '$API_URL' < /etc/nginx/nginx.template.conf > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"]
nginx.conf 文件:
worker_processes auto; # nginx.conf file taken from nginxinc_nginx-unprivileged image
error_log /var/log/nginx/error.log notice;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
proxy_temp_path /tmp/proxy_temp;
client_body_temp_path /tmp/client_temp;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
nginx.template.conf
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location /api {
proxy_pass ${API_URL};
proxy_pass_request_headers on;
#rewrite /api/(.*) /$1 break;
}
}
我在部署中使用了所有服务帐户,例如 nonroot、hostaccess、hostmount-anyuid、priviedged、restricted 和 anyuid。
我还尝试将以下命令添加到 dockerfile 中:
"RUN chgrp -R root /var/cache/nginx /var/run /var/log/nginx && \
chmod -R 770 /var/cache/nginx /var/run /var/log/nginx"
从这里获取。
OpenShift 不会以 root 身份运行您的容器,因此它无法侦听端口 80。选择 >1024 的端口,例如改为端口 8080,它应该可以工作。
我发现错误了。我必须将
nginx.template.conf
从 80
更改为 8080
。但openshift
并没有重新部署。所以我部署了一个新图像来解决这个问题。