Nginx on Docker cannot access bind mount

dockerdocker-composenginx

Summary:

I'm trying to set up an Nginx container as part of a Docker stack. I want to use a bind mount to make a folder on my computer available to the container as /data/www, and use that as the root folder for Nginx to serve content from. The Nginx container builds and starts without any errors, and the port is exposed as 8080; however, if I actually try to go to localhost:8080, I get HTTP 403 errors.

Details:

Here's the relevant folder structure of my project:

/frontend
  /static
    index.html
  frontend.dockerfile
  nginx.conf
docker-compose.yml

The folder /frontend/static is the one I am trying to add as a bind mount volume to the Nginx container.

docker-compose.yml

version: '3.7'

services:
  frontend:
    build:
      context: frontend
      dockerfile: frontend.dockerfile
    ports:
      - 8080:80
    volumes:
      - type: bind
        source: ./frontend/static
        target: /data/www
        read_only: true

frontend.dockerfile

FROM nginx:1.16-alpine
EXPOSE 80
COPY nginx.conf /etc/nginx/nginx.conf

nginx.conf

events {
}

http {
  server {
    listen 80;

    location / {
      root /data/www;
    }
  }
}

When I run docker-compose up, the container builds and starts without any problems, but when I type localhost:8080 into the browser, I get HTTP 403, and the following error in the docker console:

frontend_1  | 172.18.0.1 - - [04/Aug/2019:22:15:50 +0000] "GET / HTTP/1.1" 403 555 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36"
frontend_1  | 2019/08/04 22:15:50 [error] 7#7: *1 "/data/www/index.html" is forbidden (13: Permission denied), client: 172.18.0.1, server: , request: "GET / HTTP/1.1", host: "localhost:8080"

So Nginx is clearly receiving the HTTP request and trying to serve the content (in this case, index.html), but it does not have permission to access any files in the folder /data/www, i.e. the bind mount volume.

I'm running Fedora 30. The project itself is in my home folder: ~/Dev/sandbox. I've used chmod -R 755 frontend/static in the project folder to grant permissions on the folder that needs to be bound.

I've also tried using a non-alpine image of Nginx, no difference.

Best Answer

This clearly says that it's a permission issue. Please check document root "/data/www/" is owned by Nginx user. You can also change the ownership by entering container with below commands.

docker exec -it bash

Give this a try and post back with the errors you have identified and we shall try to resolve it.