Docker — how to start Apache on behalf of the user?

Hi all,
as soon as going on and fix this line, Apache will not start...
USER www-data

docker-compose ps -> state restarting

Dockerfile:
FROM httpd:2.4
RUN apt-get update && apt-get upgrade -y
RUN apt-get install nano -y
set default user and working directory
USER www-data
EXPOSE 80


docker-compose.yaml:
version: '3.7'

services:

db:
 image: mariadb
 restart: always
environment:
 MYSQL_ROOT_PASSWORD: example

adminer:
 image: adminer
 restart: always
ports:
 - 8080:8080

web:
 image: apache
 build: ./apache
depends_on:
 - db
 restart: always
ports:
 - 80:80
volumes:
 - //c/Docker/sf4/project:/usr/local/apache2/htdocs


Use Docker Toolbox
Host System: Win10Home 64Bit
Please anyone know, help
March 23rd 20 at 19:17
2 answers
March 23rd 20 at 19:19
Here if all in the forehead, then:
docker run --help
docker run --user XXX


In principle, you did it in the Dockerfile, but think of the head... You took the image httpd, inside a huge debian https://github.com/docker-library/httpd/blob/75e85...
It is better for such a task to take alpine FROM httpd:alpine-2.4
On httpd most likely runs as root, and not just because! He just needs to do it, because there is such a thing as not privileged ports https://ru.wikipedia.org/wiki/%D0%A1%D0%BF%D0%B8%D...

You have 100500% in the config httpd set to use port 80, which is less than 1024, and therefore, httpd is unable to start!
httpd runs as root, bendida on port 80/443, and then does a suid to the uid/gid specified in corrige https://httpd.apache.org/docs/2.4/mod/mod_unixd.ht...

Now knowing this, it becomes clear why docker logs (containername) we see the error.

What to do? Well, for example run the Apache user www-data as intended, but on ports higher than 1024, but if you want to answer on port 80 on the host, it does not matter, the port-mapping will do for you is because on the host dockerd will start the docker-proxy process, which will work from the root and will listen to port 80, Proxima traffic in the container to the specified port, for example 8080.
We find that inside the container Apache lives on 8080 outside to 80.

version: '3.7'

services:

db:
 image: mariadb
 restart: always
environment:
 MYSQL_ROOT_PASSWORD: example

adminer:
 image: adminer
 restart: always
ports:
 - 8080:8080

web:
 image: httpd:alpine-2.4 # believe me, you don't need nano inside the container! just connect all the necessary config files from the host as a volume, it is really comfortable.
depends_on:
 - db
 restart: always
ports:
 - 80:8080 #HOST:CONTAINER
volumes:
 - //c/Docker/sf4/project:/usr/local/apache2/htdocs
# - copy the necessary config files themselves like this: "docker cp /etc/httpd/httpd.conf.", and connect as volume
 - "./httpd/httpd.conf:/etc/httpd/httpd.conf" # connection example config where ./httpd/httpd.conf file next to your docker-compose.yml
thanks for the help, it is not clear why but I have some kind of a vicious Docker. Again the error:

ERROR: for sf4_web_1 Cannot start service web: OCI runtime create failed: container_linux.go:345: starting container process caused "exec: \"/usr/local/apache2/htdocs\": permission denied": unknown

ERROR: for web Cannot start service web: OCI runtime create failed: container_linux.go:345: starting container process caused "exec: \"/usr/local/apache2/htdocs\": permission denied": unknown
ERROR: Encountered errors while bringing up the project.


can pliz to look? - isom.Weimann commented on March 23rd 20 at 19:22
@isom.Weimann, on what host OS? Here is one of 2, or indeed a problem with the rights chown/chmod, or selinux/apparmor.
Will not prevent the compose file, it 90% of the answer :) - martine commented on March 23rd 20 at 19:25
windows 10 Home, work through the ToolBox

docker-compose:
version: '3.7'

services:

db:
 image: mariadb
 restart: always
environment:
 MYSQL_ROOT_PASSWORD: example
volumes:
 /DATA/sulu/mysql:/var/lib/mysql

adminer:
 image: adminer
 restart: always
ports:
 - 8080:8080


web:
 image: alpine:latest
 build: ./apache
depends_on:
 - db
 restart: always
ports:
 - 80:8080 #HOST:CONTAINER
volumes:
 /DATA/sulu/data:/var/www/localhost/htdocs
- isom.Weimann commented on March 23rd 20 at 19:28
Opensource projects, eh, all that he wrote is probably not past :)

The configuration of the httpd you just need to bring yourself to the project and yet there is something to do is direct best-practice. And here is an image with apache inside, there is no need. That was less letters, that's immediately ready code block with the minimum necessary:
web:
 image: httpd:2.4-alpine # Oficial image: <a href="https://hub.docker.com/_/httpd">https://hub.docker.com/_/httpd</a>
 restart: always
ports:
 IS 8080:80 # HOST:CONTAINER

Is to run httpd in a container on port 80, and docker will throw 80 port of the container to the host at port 8080.

What to do with the config? Instead of 1000 words, I'll just leave step by step actions that will show you how to search and read config files, inside the images. Did it even on Windows, as wouldn't want that :)))
:: The first thing you need to understand that is the entry point, i.e. how the application is launched inside the container
:: Check what command and arguments would start when you start the container
PS C:\Users\admin\d> docker inspect httpd:2.4-alpine | FINDSTR /I "cmd"
 "Cmd": [
 "CMD [\"httpd-foreground\"]"
 "Cmd": [
PS C:\Users\admin\d> docker inspect httpd:2.4-alpine | FINDSTR /I "entry"
 "Entrypoint": null,
 "Entrypoint": null,

:: Look what cwd will have a program at startup
PS C:\Users\admin\d> docker inspect httpd:2.4-alpine | FINDSTR /I "workingdir"
 "WorkingDir": "/usr/local/apache2",
 "WorkingDir": "/usr/local/apache2",
PS C:\Users\admin\d> docker run --rm-ti httpd:2.4-alpine sh

:: Now you need to understand that inside the script that starts httpd, which we found in step 1: "CMD [\"httpd-foreground\"]"
# cat $(which httpd-foreground)
#!/bin/sh
set-e

# Apache gets grumpy about PID files pre-existing
rm-f /usr/local/apache2/logs/httpd.pid

exec httpd-DFOREGROUND

:: Nothing super complicated, let's see what options the developers have collected Httpd
# /usr/local/apache2 # httpd -V
Server version: Apache/2.4.39 (Unix)
Server built: Jan 5 2019 22:22:14
Server's Module Magic Number: 20120211:84
Server loaded: APR 1.6.5, APR-UTIL 1.6.1
Compiled using: APR 1.6.5, APR-UTIL 1.6.1
Architecture: 64-bit
Server MPM: event
 threaded: yes (fixed thread count)
 forked: yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/usr/local/apache2"
 -D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

:: Here is what you need! -D SERVER_CONFIG_FILE="conf/httpd.conf"
:: So, when you start the container, run the script /usr/local/bin/httpd-foreground, with cwd (working directory) is /usr/local/apache2, the script runs the command exec httpd-DFOREGROUND and exec will force the wrapper to start httpd with pid 1.
httpd assembled in such a way that he's looking for the config relative to your cwd SERVER_CONFIG_FILE="conf/httpd.conf", then the config file is located here: /usr/local/apache2/conf/httpd.conf

:: where the config lives, we realized, let's find out where httpd is hiding files default site
# grep ^DocumentRoot /usr/local/apache2/conf/httpd.conf
DocumentRoot "/usr/local/apache2/htdocs"

:: Now I understand that not touching the configs to slip in httpd your website, you need to shoot there volume.
I checked this very simply:
volumes:
 - /etc:/usr/local/apache2/htdocs
:: And then simply opened in the browser:
<a href="http://127.0.0.1:8080/hosts">http://127.0.0.1:8080/hosts</a>
As expected, I saw the file :)

Still, I would recommend to organize a project in this structure:
src/ - code of your programs
src/application1
src/application2
data/ - volume containers with data
data/mysql
conf/ - configuration files of programs
conf/mysql/main.cf
conf/httpd/httpd.conf
conf/httpd/conf/extra/httpd-vhosts.conf
docker-compose.yml

In addition the configs can be different for different environments! For example, dev/stage/production for httpd can be a different set of vhosts, if in more than 1 site and you must walk on SNI at them.
Well, for Mysql different options.
Configs are delivered in containers is very simple - through volumes
web:
 image: httpd:2.4-alpine # Oficial image: <a href="https://hub.docker.com/_/httpd">https://hub.docker.com/_/httpd</a>
...
volumes:
 - ./conf/httpd/httpd.conf:/usr/local/apache2/conf/httpd.conf
 - ./conf/httpd/conf/extra/httpd-vhosts.conf:/usr/local/apache2/conf/httpd-vhosts.conf

You can certainly go crazy for the entire httpd /usr/local/apache2/conf to bring to my project, but to understand what exactly changed people and how the file will be difficult :( it is best to keep turnips, just what we need.

I hope magic will be no more :) - martine commented on March 23rd 20 at 19:31
Configs screwed, but they somehow don't work:

httpd-vhosts.conf:
<VirtualHost *:80>
 ServerName sf4.local
 ServerAlias sf4.local www.sf4.local
 ServerAdmin webmaster@localhost
 DocumentRoot /usr/local/apache2/htdocs/symfony
 <Directory /usr/local/apache2/htdocs/symfony>
 Options Indexes FollowSymLinks MultiViews
 AllowOverride None
 Order allow,deny
 allow from all
</Directory>
 ErrorLog /var/log/apache2/error.log
 LogLevel warn
 CustomLog /var/log/apache2/access.log combined
 ServerSignature On
</VirtualHost>


and another paradox, here prevrashenie files have a different user and group: is this normal?
bash-4.4# ls-lsh
total 68
 4 -rw-r--r-- 1 root root 2.8 K Jun 5 22:23 httpd-autoindex.conf
 4 -rw-r--r-- 1 root root 1.8 K Jun 5 22:23 httpd-dav.conf
 4 -rw-r--r-- 1 root root 2.9 K Jun 5 22:23 httpd-default.conf
 4 -rw-r--r-- 1 root root 1.1 K Jun 5 22:23 httpd-info.conf
 8 -rw-r--r-- 1 root root 5.0 K Jun 5 22:23 httpd-languages.conf
 4 -rw-r--r-- 1 root root 1.4 K Jun 5 22:23 httpd-manual.conf
 8 -rw-r--r-- 1 root root 4.3 K Jun 5 22:23 httpd-mpm.conf
 4 -rw-r--r-- 1 root root 2.2 K Jun 5 22:23 httpd-multilang-errordoc.conf
 16 -rw-r--r-- 1 root root 13.0 K Jun 5 22:23 httpd-ssl.conf
 4 -rw-r--r-- 1 root root 694 Jun 5 22:23 httpd-userdir.conf
 4-rwxrwxrwx 1 1000 50 925 Jun 8 17:14 httpd-vhosts.conf
 4 -rw-r--r-- 1 root root 3.1 K Aug 5 22:23 proxy-html.conf
- isom.Weimann commented on March 23rd 20 at 19:34
@isom.Weimann, If you're on Windows, the files prokalyvayutsya first in the guest OS, there are some "parmesani happen" need sumapit owner from Windows to Linux (chown), probably 1000:50 is what zampelas, but the permissions (chmod) has zampelis very simple on everything to 777 (rwxrwxrwx) hence the problems with file access will not have a guest either inside the container.

If you open for virtual host sf4.local/, then on the computer where you do it, it should be resolved, ie, in the address bar in the browser should be sf4.local/, if you open the ip, then you need to understand 1 thing, in which directory the web server looks for files, in this case, as I wrote this:
# grep ^DocumentRoot /usr/local/apache2/conf/httpd.conf
DocumentRoot "/usr/local/apache2/htdocs"

Then you just need to mount the files of the website:
volumes:
 - ./src/symfony/usr/local/apache2/htdocs

In this case, the website will open on the ip.
I don't see in the container of the php interpreter, and you do not need Apache in fact and in php :)

Can you still best to take php-fpm + nginx? Though there will be 2 containers, but it is more modern stack will succeed. Is there and easier configs, nginx, they have thousands of times easier. You have the project reference files .htaccess? If not, then your choice is nginx+php-fpm. - martine commented on March 23rd 20 at 19:37
March 23rd 20 at 19:21
And if there is a user www-data?) Anyway - go into the container and read the logs. Business somehow
I wrote conainer to restart, can't log in:
Error response from daemon: Container 256c342608106233200ee375c1b46b1c332d232240d29b989916a85619c67f72 is restarting, wait until the container is running
- isom.Weimann commented on March 23rd 20 at 19:24
@isom.Weimann, well, I wrote to wait. Although it is suspicious - torrance41 commented on March 23rd 20 at 19:27
so how long to wait for an hour as the update. - isom.Weimann commented on March 23rd 20 at 19:30
@isom.Weimann, then it is not a healthy subject and get the brake it restarts from a configuration for starting - torrance41 commented on March 23rd 20 at 19:33
now does not start
Error response from daemon: Container is not running 170a93ff031813cb95262613effa60cb735b159f8e46d2d7d6906b276f4cdcb5
- isom.Weimann commented on March 23rd 20 at 19:36
@isom.Weimann, you recompiled my image? - torrance41 commented on March 23rd 20 at 19:39
Yes, always do - isom.Weimann commented on March 23rd 20 at 19:42

Find more questions by tags Docker