Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wordpress with Kubernetes #528

Closed
Issen007 opened this issue Sep 4, 2020 · 2 comments
Closed

Wordpress with Kubernetes #528

Issen007 opened this issue Sep 4, 2020 · 2 comments
Labels
question Usability question, not directly related to an error with the image Request Request for image modification or feature

Comments

@Issen007
Copy link

Issen007 commented Sep 4, 2020

I'm playing around with Wordpress and Kubernetes (RedHat Openshift 4.5) and everytime I try to boot up my Wordpress with Apache it give me following issue.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.130.2.22. Set the 'ServerName' directive globally to suppress this message
(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

And this is because Openshift doesn't allow root access and Apache need root access for any port below 1024:ish.
So I suggest that you also insert a variable for port change on the apache side.
@wglambert wglambert added question Usability question, not directly related to an error with the image Request Request for image modification or feature labels Sep 4, 2020
@wglambert
Copy link

With OpenShift running as a non-root user you'll want to pass --sysctl net.ipv4.ip_unprivileged_port_start=0
Or adjust the Apache configuration to use an unprivileged port
https://github.com/docker-library/docs/tree/master/php#running-as-an-arbitrary-user

You might find this relevant for your usecase #293 (comment)

@Issen007
Copy link
Author

Issen007 commented Sep 5, 2020

Thanks @wglambert
I found two solutions for the same problem. So I'll will just add them here if anyone else has the same issue could solved it.

Either you add following link to your yaml file, and I think this is the best way.

spec:
      containers:
      - image: wordpress:5.5.1-php7.2-apache
        name: wordpress
        securityContext:   # This is what wglambert referring to 
          sysctls:               # Will add a sysctl in variable to your container
          - name: net.ipv4.ip_unprivileged_port_start   # You will modify the this parameter 
            value: "0"

The other way to solve it is to give access for root to run in your container. Maybe a security issue but it works.

oc get pod <POD NAME> -o yaml | grep -i serviceAccountName   # Verify what service account your container are running 
  serviceAccountName: default    # Output should be default

oc adm policy add-scc-to-user anyuid -z default   # Change Policy to allow root access in your pod

oc delete pod <POD NAME>  # Delete your old pod to automaticelly create a new pod with root access

@Issen007 Issen007 closed this as completed Sep 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Usability question, not directly related to an error with the image Request Request for image modification or feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Issen007 @wglambert