Permissions issue with Docker, nginx and Grav

Question

I'm trying to set up a simple Grav site workflow using git, Docker and two containers: one for nginx and one for PHP. The idea is to git clone into my Digital Ocean droplet and run docker-compose up -d --build to build and serve the website.

I'm getting permission issues whenever I try to access the sites, and even Grav's documentation about troubleshooting permission issues does not help.

Here's my docker-compose.yml:

version: '3'

services:
  web:
    build:
      context: .
      dockerfile: ./docker/nginx/Dockerfile
    ports:
        - "80:80"
    volumes:
        - ./src:/var/www/html
    links:
        - php

  php:
    build:
      context: .
      dockerfile: ./docker/php/Dockerfile
    volumes:
      - ./src:/var/www/html

And here's nginx's Dockerfile:

FROM nginx:stable-alpine

WORKDIR /var/www/html

COPY ./src .

COPY ./docker/nginx/default.conf /etc/nginx/conf.d/default.conf

If that's any use, here's the nginx configuration I'm using:

server {
    listen 80;
    index index.php index.html;
    server_name www.gravtest.test gravtest.test;
    error_log /var/log/nginx/gravtest.test.error.log;
    access_log /var/log/nginx/gravtest.test.access.log;
    root /var/www/html;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}

The PHP Dockerfile is simple, it just spawns php:7.3-fpm and installs a few dependencies like opcache, gd, etc...

Whenever I try to access the site via localhost, I get this error:

Fatal error: Uncaught RuntimeException: Creating directory failed for /var/www/html/cache/compiled/files/40779d000b68629af00dd987148afc06.yaml.php in /var/www/html/vendor/rockettheme/toolbox/File/src/File.php:325 Stack trace:....

Files are copied from the host to the container with the nginx:nginx owner, so I should be good, but looks like I'm not. I've tried setting folders/files chmod using Grav's documentation but no dice.

Am I missing something?

Answer 1

Answering my own question:

It turns out the images php-fpm and nginx do not use the same user, so the permission problem came from that. I simply had to add a new user to both Dockerfile, and run that container from that user.

So for PHP, my Dockerfile is now:

FROM php:7.3-fpm

# Install a few dependencies here...

COPY ./src /var/www/html

RUN addgroup --gid 1000 mygroup
RUN adduser --system --no-create-home --disabled-password --disabled-login --uid 1000 --ingroup mygroup myuser

RUN chown -R myuser:mygroup /var/www

USER myuser

And for nginx:

FROM nginx:stable-alpine

RUN addgroup --gid 1000 mygroup
RUN adduser --system --no-create-home --disabled-password --disabled-login --uid 1000 --ingroup mygroup myuser

WORKDIR /var/www/html

RUN chown -R myuser:mygroup .

USER myuser

And now everything works fine! :)