From c85dbaf820c40b72dd3c88a65d5cd2f8ae299de3 Mon Sep 17 00:00:00 2001 From: Hermes Date: Sat, 23 May 2026 00:31:38 -0400 Subject: [PATCH] fix: run nginx as root, Honcho as app user (was running as app, nginx can't create runtime dirs) --- ai/honcho/Dockerfile | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ai/honcho/Dockerfile b/ai/honcho/Dockerfile index b44aa6f..e3b7ca3 100644 --- a/ai/honcho/Dockerfile +++ b/ai/honcho/Dockerfile @@ -60,10 +60,13 @@ RUN rm -f /etc/nginx/sites-enabled/default RUN groupadd --system app && \ useradd --system --gid app --create-home app && \ - chown -R app:app /app /usr/share/nginx/html - -USER app + chown -R app:app /app /usr/share/nginx/html && \ + # nginx runtime dirs need to exist for non-root master? Actually master is root, just ensure /var/lib/nginx exists + mkdir -p /var/lib/nginx/body /var/lib/nginx/proxy /var/lib/nginx/fastcgi /var/lib/nginx/uwsgi /var/lib/nginx/scgi && \ + chown -R root:root /var/lib/nginx && \ + chmod 755 /var/lib/nginx EXPOSE 80 -CMD ["sh", "-c", "nginx && exec fastapi run --host 127.0.0.1 --port 8000 src/main.py"] +# nginx runs as root (needed for port 80 + runtime dirs), Honcho runs as app user +CMD ["sh", "-c", "nginx && exec su -s /bin/sh app -c 'fastapi run --host 127.0.0.1 --port 8000 src/main.py'"]