There are few things to keep in mind if you are running Read Only filesystem.
Ports need to be higher than <1024. E.g. Port 80 will not work, but 8080 will.
For Nginx, another thing to keep in mind is that you need to alter your nginx.conf. Because the image for Nginx writes the PID to /var/run/ (I think this is correct), as well as the logs you are going to get some errors initially. So, you should probably redirect these to a /tmp folder.
Here is my nginx.conf file:
user nginx;
worker_processes 1;
error_log /tmp/error.log warn;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /tmp/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
# Temporary directories for kubernetes "readonlyfilesystem"
client_body_temp_path /tmp/nginx-client-body;
proxy_temp_path /tmp/nginx-proxy;
fastcgi_temp_path /tmp/nginx-fastcgi;
uwsgi_temp_path /tmp/nginx-uwsgi;
scgi_temp_path /tmp/nginx-scgi;
include /etc/nginx/conf.d/*.conf;
}
And this is my Dockerfile (I wanted to make sure that the directory /etc/nginx/certs was there at all times rather than during mounting)
FROM nginx:1.16.1
# Create the certificate directory
RUN mkdir -p /etc/nginx/certs
# Replace default nginx.conf
COPY conf/nginx.conf /etc/nginx/nginx.conf
So basically you need to mount 3 directories (at least for me):
- You need to mount the
/tmpdirectory so you can get anything that the system needs to write to - I mounted a directory just for the certs in
/etc/nginx/certs, because I’m using Nginx for TLS reverse proxy too. - I mounted a directory for my conf files – or perhaps you can just mount the file that you have and replace the
default.confthat comes nginx in/etc/nginx/conf.d/