Problem Installing in OpenShift - nginx not running as root

I have installed ERPNext 3.2.5 using the Helm install ( into OpenShift 4. Everything installed and started except the nginx container in the “erpnext” pod. It will not start because it is not running as root. The error is:

/ line 73: /etc/nginx/conf.d/default.conf: Permission denied

This is the point where the default.conf file is created by the entry script. The directory /etc/nginx/conf.d is not writeable by the unprivileged user:

$ id
uid=1001000000(1001000000) gid=0(root) groups=0(root),1000,1001000000
$ ls -al /etc/nginx/conf.d
total 8
drwxr-xr-x. 1 root root 35 Jun 15 14:34 .
drwxr-xr-x. 1 root root 20 May 25 15:43 …
-rw-r–r–. 1 root root 1072 May 25 13:01 default.conf
-rw-rw-r–. 1 root root 3581 Jun 15 14:30 default.conf.template

I can use my own configuration file and set SKIP_NGINX_TEMPLATE_GENERATION=1, but there will be other problems with the nginx pid file and the temporary directories.

Is there something I should have done differently with my installation?

In fact this container is the only container that runs as root user., all other containers run as non root user.

Can you try custom image that is built with nginxinc/nginx-unprivileged:latest instead of nginx:latest? I can hack up the image and push it somewhere for you. If that works we’ll make the image unprivileged.

If you could push an image somewhere, that would be great!

Try these:

based on version-13, change nginxImage.tag to unpriv in helm chart

  • frappe/frappe-nginx:unpriv
  • frappe/erpnext-nginx:unpriv

I’ve not tested these images. Set pull policy to always. I’ll push images with same tag again.

I’m not able to make nginx container non-root easily.

Too many things going on in that make it difficult to run as non root

If anyone has any ideas, please help.

I just removed the default.conf file in dockerfile during build


Try if that solves the problem.

the default.conf is generated from default.conf.template and replaced.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.