Public | Automated Build

Last pushed: 23 days ago
Short Description
Minimal docker image for nginx with Alpine Linux
Full Description

Minimal nginx

Sample with Alpine Linux as base image. Small container, about 6.7 MB size.

The image will run the nginx master process as root and the worker process as nobody user instead of root.

Build image

To build the image with name minimal-nginx:

$ docker build -t minimal-nginx .
Sending build context to Docker daemon  7.68 kB
Step 0 : FROM alpine:3.2
 ---> ab7e84202862
Step 1 : RUN apk add --update nginx && rm -rf /var/cache/apk/*
 ---> Using cache
 ---> 4ffb8220a47f
Step 2 : COPY nginx.non-root.conf /etc/nginx/nginx.conf
 ---> 12c16fa78728
Removing intermediate container 8cf9ebc817c0
Step 3 : COPY index.html /usr/share/nginx/html/index.html
 ---> 66ef2d118a55
Removing intermediate container fcdf5cf7659d
Step 5 : CMD nginx -g daemon off;
 ---> Running in 924416d06df6
 ---> 792212e8fbc1
Removing intermediate container 924416d06df6
Successfully built 792212e8fbc1

Runing image

To start image you could use docker run -td -p 80:8080 minimal-nginx. Or if using dockerhub: docker run -td -p 80:8080 sdelrio/docker-minimal-nginx.

We can see nginx process is now running the nginx master process as root and the worker process as the nobody user instead of root.

Map the volume to your current directory -v $(pwd):/usr/share/nginx/html.

$ docker run -td -p 80:8080 minimal-nginx
3a7f3e9ad1906a0c15c12e9bad94cd00ac172eae51bef7d73af4a45e4f1fd96e

$ docker ps
CONTAINER ID        IMAGE                  COMMAND                  CREATED             STATUS              PORTS                    NAMES
3a7f3e9ad190        minimal-nginx          "nginx -g 'daemon off"   2 seconds ago       Up 1 seconds        0.0.0.0:80->8080/tcp     evil_yalow

$ docker exec evil_yalow ps
PID   USER     TIME   COMMAND
    1 root       0:00 nginx: master process nginx -g daemon off;
    5 nobody     0:00 nginx: worker process
    7 nobody     0:00 ps

References

Docker documentation, best practices for building secure Docker images.

Docker Pull Command
Owner
sdelrio
Source Repository

Comments (4)
sdelrio
9 months ago

Since the process is run as nobody (not root), that's why can't open the file with permission denied on start, but after that, the output will be on stdout.

dubc
a year ago

I updated the pull request with some fixes.

dubc
a year ago

I fixed this issue and created a pull request @ https://github.com/sdelrio/docker-minimal-nginx/pull/2

dubc
a year ago

Thanks for this fast and small little image.

I get the following alert in the logs. I tried chown, chmod and adding the nobody user to the adm group.

nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)

Any ideas on how to avoid it?