Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Non-root docker fails in my environment #29020

Closed
AkbarTheGreat opened this issue Jan 17, 2025 · 3 comments
Closed

Non-root docker fails in my environment #29020

AkbarTheGreat opened this issue Jan 17, 2025 · 3 comments
Labels
A-Developer-Experience O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Minor Impairs non-critical functionality or suitable workarounds exist T-Defect

Comments

@AkbarTheGreat
Copy link

Steps to reproduce

If I do nothing but update my kubernetes deployment from v1.11.89 to 90, nginx fails to start because it can't bind to port 80. This was added in PR #28849, but appears to be less safe than originally thought?

I'm happy to fix something on my end if need-be, but aside from throwing a configMap in as the config.json file, I do very little to the docker image as published.

My container spec:

            "containers" : [
               {
                  "name" : "element",
                  "image" : "vectorim/element-web:v1.11.90",
                  "ports" : [
                     {
                        "name" : "web",
                        "containerPort" : 80,
                        "protocol" : "TCP"
                     }
                  ],
                  "volumeMounts" : [
                     {
                        "name" : "config-volume",
                        "mountPath" : "/app/config.json",
                        "subPath" : "config.json"
                     }
                  ],
                  "resources": {
                    "requests": {
                      "memory": "25Mi"
                    },
                    "limits": {
                      "memory": "25Mi"
                    }
                  }
               }
            ],
            "volumes" : [
               {
                  "configMap" : {
                     "name" : "element-config"
                  },
                  "name" : "config-volume"
               }
            ]

Logs from k8s:

element-b955ff885-jm79g element /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
element-b955ff885-jm79g element /docker-entrypoint.sh: Configuration complete; ready for start up
element-b955ff885-jm79g element 2025/01/17 15:54:09 [warn] 1#1: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2
element-b955ff885-jm79g element nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2
element-b955ff885-jm79g element 2025/01/17 15:54:09 [emerg] 1#1: bind() to 0.0.0.0:80 failed (13: Permission denied)
element-b955ff885-jm79g element nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

Outcome

What did you expect?

What happened instead?

Operating system

No response

Browser information

No response

URL for webapp

No response

Application version

Element version 1.11.90

Homeserver

No response

Will you send logs?

Yes

@AkbarTheGreat
Copy link
Author

I got it working by changing the port (re-reading the release notes, I saw 4825916)

Close this or don't, up to you. I'd recommend at least documenting how to change the port better, because I suspect that other folks will hit this same issue down the line.

For closure, my new config:

            "containers" : [
               {
                  "name" : "element",
                  "image" : "vectorim/element-web:v1.11.90",
                  "env": [
                    {
                      "name": "ELEMENT_WEB_PORT",
                      "value": "8080"
                    }
                  ],
                  "ports" : [
                     {
                        "name" : "web",
                        "containerPort" : 8080,
                        "protocol" : "TCP"
                     }
                  ],
                  "volumeMounts" : [
                     {
                        "name" : "config-volume",
                        "mountPath" : "/app/config.json",
                        "subPath" : "config.json"
                     }
                  ],
                  "resources": {
                    "requests": {
                      "memory": "25Mi"
                    },
                    "limits": {
                      "memory": "25Mi"
                    }
                  }
               }
            ],
            "volumes" : [
               {
                  "configMap" : {
                     "name" : "element-config"
                  },
                  "name" : "config-volume"
               }
            ]

@dosubot dosubot bot added A-Developer-Experience O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Minor Impairs non-critical functionality or suitable workarounds exist labels Jan 17, 2025
@t3chguy
Copy link
Member

t3chguy commented Jan 17, 2025

Close this or don't, up to you. I'd recommend at least documenting how to change the port better, because I suspect that other folks will hit this same issue down the line.

It is adequately documented on the same doc we tell people about the docker image - /~https://github.com/element-hq/element-web/blob/develop/docs/install.md#docker

@t3chguy t3chguy closed this as not planned Won't fix, can't repro, duplicate, stale Jan 17, 2025
@AkbarTheGreat
Copy link
Author

So it is. Sorry for the noise. 🤷

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-Developer-Experience O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Minor Impairs non-critical functionality or suitable workarounds exist T-Defect
Projects
None yet
Development

No branches or pull requests

2 participants