Score:0

apache2 docker container writes logs on my host as root user

cl flag

I am running a apache2 docker container on my ubuntu box but it keeps writing logs to my host os. Details below:

samples/docker/apache2/Dockerfile

FROM php:5.6.34-apache
COPY ./sites-available/mysite.conf /etc/apache2/sites-available/mysite.conf
RUN a2dissite 000-default.conf
#RUN a2dissite default-ssl.conf
RUN a2ensite mysite.conf

with:

samples/docker/apache2/sites-available/mysite.conf:

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName localhost
    ServerAlias localhost
    #DocumentRoot /var/www/html
    DocumentRoot /var/www


    ErrorLog /dev/stderr
    CustomLog /dev/stdout combined

    #ErrorLog ${APACHE_LOG_DIR}/error.log
    #CustomLog ${APACHE_LOG_DIR}/access.log combined
    
</VirtualHost>

that I build/run with:

samples/docker-compose.yaml:

version: '3.8'
services:
  apache2-php:
    container_name: apache2-php-container
    image: apache2-php-image
    build:
      context: ./docker/apache2
    ports:
      - "8082:80"

But log, run and lock folders are created on my host under the root user one folder above my docker-compose.yaml file:

$ ll
total 60
drwxrwxr-x   3 user user  4096 Nov 15 09:22 samples/
drwxr-xr-x   3 root root  4096 Nov 15 10:40 lock/
drwxr-xr-x   3 root root  4096 Nov 15 10:40 log/
drwxr-xr-x   3 root root  4096 Nov 15 10:40 run/

with:

├── log
│   └── apache2
│       ├── error.log
│       └── other_vhosts_access.log

I have also tried suggestions here:

Writing Apache2 Logs to stdout/stderr?

but it has no effect.

Why are those folders/files created at that location on my host and how do I configure apache2 container to only write logs inside the container and not on my host?

sgohl avatar
ca flag
you should always provide the commands you execute
Score:1
ca flag

This is really not possible. Unless you define volumes in docker-compose, the container can not write anything into the host's filesystem.

Prove that with

> docker inspect apache2-php-container | jq .[].Mounts
> docker inspect apache2-php-container | jq .[].Volumes

You also can reverse-prove that by creating a file in your ominous Host's log folder and try finding it within the container (you didn't mention where this folder is or should be located within your container. Note: Even if a container would write files onto the Host, it would also be accessible from within the container at some path, of course - because it needs to be mounted somewhere)

I even reproduced your hierarchy and verified there are no folders created.

samples > docker-compose build
Building apache2-php
Sending build context to Docker daemon  3.584kB
...
Successfully tagged apache2-php-image:latest
samples > docker-compose up -d
Creating network "samples_default" with the default driver
Creating apache2-php-container ... done
> tree
.
└── samples
    ├── docker
    │   └── apache2
    │       ├── Dockerfile
    │       └── sites-available
    │           └── mysite.conf
    └── docker-compose.yaml

4 directories, 3 files

The logging even goes to the docker logs output:

> curl -I http://localhost:8082/bla
HTTP/1.1 404 Not Found
Server: Apache/2.4.10 (Debian)

apache2-php-container | 172.21.0.1 - - [17/Nov/2021:12:34:16 +0000] "HEAD /bla HTTP/1.1" 404 140 "-" "curl/7.69.1"

You may have some kind of cache hitting there. Try to clean your system (docker system prune -a -f (careful!)) or test it on another untouched system.

tip: docker-compose build --no-cache

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.