nginx proxy_temp_path permissions

[BobDickinson]

The nginx.conf file and template do not specify proxy configuration (via proxy_cache_path). Because of this, nginx will by default attempt to access proxy_temp_path in some situations (it did so in my case when serving a large .js file). This will result in an ERR_CONTENT_LENGTH_MISMATCH, which is itself cause by the fact that nginx doesn't have permissions to where proxy_temp_path points, which is /var/lib/nginx/proxy (so the content length is "0").

My first solution was to fix the perms in the Dockerfile:

# Make it so nginx can access the default proxy temp path
RUN chown -R nginx /var/lib/nginx

That worked fine.

If you configure proxy support via proxy_cache_path with use_temp_path=off, then that will avoid using the proxy_temp_path, and solve the problem without any permissions changes. In the http section of nginx.conf.ctmpl you can add something like:

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=app_cache:10m inactive=60m use_temp_path=off;

Or you could just set the proxy_temp_path to someplace nginx has permission.

Not a big deal, but it will save nginx nubes like me some time tracking this down when copying/pasting this nginx configuration.

[tgross]

My first solution was to fix the perms in the Dockerfile:

# Make it so nginx can access the default proxy temp path
RUN chown -R nginx /var/lib/nginx

That seems like the easiest solution but I wonder if its a problem with the upstream nginx container (our base layer)? I'll investigate and come back here with my findings.