[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Java language guide Dockerfile issue on final stage #21498

Open
1 task done
rogeriofrsouza opened this issue Nov 25, 2024 · 3 comments
Open
1 task done

Java language guide Dockerfile issue on final stage #21498

rogeriofrsouza opened this issue Nov 25, 2024 · 3 comments
Labels
area/guides kind/enhancement Improves the usability of docs kind/help-wanted Relates to issues/PRs the project wants help on

Comments

@rogeriofrsouza
Copy link

Is this a docs issue?

  • My issue is about the documentation content or website

Type of issue

Information is incorrect

Description

I have a Spring Boot REST API project and I followed the Java language specific guide instructions to containerize it in the right way.

However, the build stage presented in the Dockerfile makes my app raise an exception because it has no permission to create a file. This occurs because I use Logback FileAppender feature for logging.

# Create a non-privileged user that the app will run under.
# See https://docs.docker.com/go/dockerfile-user-best-practices/
ARG UID=10001
RUN adduser \
    --disabled-password \
    --gecos "" \
    --home "/nonexistent" \
    --shell "/sbin/nologin" \
    --no-create-home \
    --uid "${UID}" \
    appuser
USER appuser

Image

Location

https://docs.docker.com/guides/java/containerize/

Suggestion

I know that logging to a file is not a standard for every Spring Boot application, and maybe, I should not do it. However, I wonder if the Docker build should be compatible with this because some projects may require some kind of access to the file system.
@rogeriofrsouza rogeriofrsouza added the status/triage Needs triage label Nov 25, 2024
@dvdksn
Copy link
Collaborator
dvdksn commented Nov 26, 2024

@ajeetraina @falconcr do you think it might be worth having a section about logging in this guide?

@dvdksn dvdksn added kind/enhancement Improves the usability of docs kind/help-wanted Relates to issues/PRs the project wants help on area/guides and removed status/triage Needs triage labels Nov 26, 2024
@falconcr
Copy link
Contributor

I understand the concern, but my recommendation is to follow modern best practices for logging in containerized environments:

  1. Use stdout and stderr for logs: This is the industry standard for containerized applications. It simplifies log collection and analysis with observability systems.

  2. Volumes for specific cases: If your application strictly requires access to the filesystem, consider mounting an external volume to store log files.

  3. Redirect logs to external systems: Configure Logback to send logs to a centralized logging solution (e.g., Elastic Stack or CloudWatch) rather than writing to local files.

Granting write permissions to the container’s filesystem is not recommended due to security concerns. Allowing the container to modify its own directories could create exploitable vulnerabilities. I suggest reviewing how your project could adopt these modern practices, aligned with Docker security principles.

CC @dvdksn @rogeriofrsouza

@rogeriofrsouza
Copy link
Author

@falconcr thanks for these recommendations.

The project budget and logs output is rather low, seems like using a centralized logging stack isn't viable at the moment.
I tried to configure the Docker Compose volume but had the same permission error, could you recommend some configuration?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/guides kind/enhancement Improves the usability of docs kind/help-wanted Relates to issues/PRs the project wants help on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dvdksn @rogeriofrsouza @falconcr