I created a Dockerfile to run a simple Vue.js SPA using lighttpd as the webserver.
Dockerfile
FROM node:fermium-alpine AS builder
RUN apk update && \
apk add --no-cache \
git && \
rm -rf /var/cache/apk/*
WORKDIR /app
COPY package*.json ./
RUN npm set progress=false && \
npm config set depth 0 && \
npm ci
COPY . .
RUN npm run build
FROM alpine
RUN apk update && \
apk add --no-cache \
lighttpd \
curl && \
rm -rf /var/cache/apk/*
COPY ./support/lighttpd/*.conf /etc/lighttpd/
HEALTHCHECK --interval=1m --timeout=1s CMD curl -f http://localhost/ || exit 1
COPY --from=builder /app/dist/ /var/www/localhost/htdocs/
EXPOSE 80
ENTRYPOINT ["/usr/sbin/lighttpd", "-D", "-f", "/etc/lighttpd/lighttpd.conf"]
(The lighttpd config is modified to redirect not found routes back to the application so that pushState navigation can be used, with the addition of a single line: server.error-handler-404 = "/index.html".)
When I build this container directly in Docker Desktop for Windows, it works perfectly, but when I build it using Kaniko (run by GitLab CI in Docker Desktop for Mac), I get the following error when I try to run the container:
2020-12-11 05:39:25: (server.c.752) opening errorlog '/var/log/lighttpd/error.log' failed: Permission denied
2020-12-11 05:39:25: (server.c.1485) Opening errorlog failed. Going down.
When I compare the containers, I see the following difference:
Docker Desktop built
/ # ls -la /var/log/lighttpd/
total 8
drwxr-s--- 2 lighttpd wheel 4096 Dec 11 04:26 .
drwxr-xr-x 1 root root 4096 Dec 11 04:26 ..
Kaniko built
/ # ls -la /var/log/lighttpd/
total 8
drwxr-xr-x 2 root root 4096 Dec 11 04:51 .
drwxr-xr-x 1 root root 4096 Dec 11 04:51 ..
Why does the Kaniko-built container have the wrong permissions on the log directory?