I have this basic setup for a webserver using php-fpm and nginx. Now, the files are in a given path and I want the files to be editable by the main user but also by the webserver.
Right now, files created by the webserver are listed as “root:root” and I do also not want to change folder permissions to 777, that is not secure. What is the best practice here?
There is a lot on the internet but I cannot find a concrete answer to this problem.
./docker-compose.yml:
services:
# nginx
web:
image: nginx:latest
ports:
- "8003:80"
volumes:
- /mnt/samba_share_webserver:/var/www/html
- ./nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf
app:
build:
dockerfile: ./php/Dockerfile
volumes:
- /mnt/samba_share_webserver:/var/www/html
./php/Dockerfile:
FROM php:8.1-fpm-alpine
RUN docker-php-ext-install pdo pdo_mysql
./nginx/conf.d/default.conf
server {
listen 80;
server_name _ localhost;
root /var/www/html;
index index.php;
location ~ .php$ {
fastcgi_pass app:9000;
fastcgi_index index.php;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
}
As you can see, the location where the files are stored are placed on a samba share running in another docker container. Those files need to be able to be altered by users making a smb connection.
I’m kind of experimenting and learning about permissions and how to use them. Could anyone give me a direction in for this problem?