docker - Running nginx container as non-root from nginx-alpine image

Question

I am trying to run container from nginx-alpine as a non root user and getting the below error.

[emerg] 1#1: bind() to 0.0.0.0:80 failed (13: Permission denied) nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

Question: Do I need to add different port inside the dockerfile for the non-root user along with USER instruction?

question from:https://stackoverflow.com/questions/65626346/running-nginx-container-as-non-root-from-nginx-alpine-image

Answer 1

You have the correct intuition.

Ports in the range 1-1024 need privileged permission to be bound. As you are starting nginx as a non-root user, you cannot bind nginx to listen on port 80.

Only way to fix this is to make Nginx listen on a non-privilege port >1024. To do this, you will need to feed a custom nginx.conf file. This should solve your immediate problem.

But there will be other permission issues down the line as nginx starts trying to access /var/log to write logs, /var/tmp/ for temp files etc.

The best option is to use the non-root nginx docker image itself. https://hub.docker.com/r/nginxinc/nginx-unprivileged