Skip to content

Unable to start image 1.27-alpine-slim after the most recent push #978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ezbercihk opened this issue Apr 16, 2025 · 2 comments
Closed

Unable to start image 1.27-alpine-slim after the most recent push #978

ezbercihk opened this issue Apr 16, 2025 · 2 comments
Labels
bug

Comments

@ezbercihk
Copy link

ezbercihk commented Apr 16, 2025
edited
Loading

Bug Overview

We have been using this image for a very long time and up until a little more than half an hour ago, it started to fail with the following error:

2025/04/16 21:12:46 [notice] 1#1: using the "epoll" event method
2025/04/16 21:12:46 [notice] 1#1: nginx/1.27.5
2025/04/16 21:12:46 [notice] 1#1: built by gcc 14.2.0 (Alpine 14.2.0)
2025/04/16 21:12:46 [notice] 1#1: OS: Linux 5.10.234-225.921.amzn2.x86_64
2025/04/16 21:12:46 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2025/04/16 21:12:46 [emerg] 1#1: open() "/run/nginx.pid" failed (30: Read-only file system)
nginx: [emerg] open() "/run/nginx.pid" failed (30: Read-only file system)

It seems like a new patch (1.27.5) has been released and now this tag points to that so it probably has to do with a change in this patch release that is trying to write to the filesystem. We have our filesystems in our pods in read-only mode as a security precaution and a best practice. So this may or may not be considered a bug from nginx's perspective but it is impacting us. As a workaround we changed the tag to 1.27.4-alpine-slim for the time being.

Expected Behavior

That the container image comes up.

Steps to Reproduce the Bug

Try running the image in a pod with read-only filesystem.

Environment Details

  • Version of the Docker NGINX image or specific commit: 1.27-alpine-slim
  • Target deployment platform: Kubernetes

Additional Context

No response
@ezbercihk ezbercihk added the bug label Apr 16, 2025
@thresheek
Copy link
Member

Hi @ezbercihk!

Prior to 1.27.5, nginx packages (as used in this docker image) used /var/run/nginx.pid to store the pid file information. Now, starting with 1.27.5, we rely on /run/nginx.pid to do the same - as /var/run is deprecated (and is a long time symlink to /run on all contemporary OSes).

Now, 1.27.4 should fail the same way if you have a fully read-only filesystem. I believe you have some other configuration that makes /var/run writeable in your deployment?

@ezbercihk
Copy link
Author

@thresheek, thank you for the fast response. You are right, we had the following line in our Dockerfile that was overcoming this issue (/tmp is mounted as writable) but since the location has changed now, it was ineffective:

sed -i 's,/var/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf

We have updated the line to use the new location and that solved our problem. I'll go ahead and close this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thresheek @ezbercihk