Problem when starting kong in the jelastic cloud with docker

Run comands
/docker-entrypoint.sh kong docker-start --vv

Error Error:
/usr/local/share/lua/5.1/kong/cmd/prepare.lua:12: could not prepare Kong prefix at /usr/local/kong: /usr/local/kong/logs/error.log: Permission denied

I already tried to add 777 permissions on the folder, but it didn’t work, it seems that it is something specific to the platform, has anyone installed kong on jelastic in order to give me some tips?

Note: When I run with root “sudo kong start” it works normally, but by docker-entrypoint.sh with the user kong it presents the following error.

No valid login shell found for user kong
2020/11/17 17:08:21 [verbose] Kong: 2.2.0
2020/11/17 17:08:21 [debug] ngx_lua: 10017
2020/11/17 17:08:21 [debug] nginx: 1017008
2020/11/17 17:08:21 [debug] Lua: LuaJIT 2.1.0-beta3
2020/11/17 17:08:21 [verbose] no config file found at /etc/kong/kong.conf
2020/11/17 17:08:21 [verbose] no config file found at /etc/kong.conf
2020/11/17 17:08:21 [verbose] no config file, skip loading
2020/11/17 17:08:21 [debug] reading environment variables
2020/11/17 17:08:21 [debug] KONG_PREFIX ENV found with "/usr/local/kong"
2020/11/17 17:08:21 [debug] KONG_PG_DATABASE ENV found with "***"
2020/11/17 17:08:21 [debug] KONG_PG_USER ENV found with "***"
2020/11/17 17:08:21 [debug] KONG_PG_PASSWORD ENV found with "******"
2020/11/17 17:08:21 [debug] KONG_PG_HOST ENV found with "***"
2020/11/17 17:08:21 [debug] KONG_NGINX_DAEMON ENV found with "off"
2020/11/17 17:08:21 [debug] admin_access_log = "logs/admin_access.log"
2020/11/17 17:08:21 [debug] admin_error_log = "logs/error.log"
2020/11/17 17:08:21 [debug] admin_listen = {"127.0.0.1:8001 reuseport backlog=16384","127.0.0.1:8444 http2 ssl reuseport backlog=16384"}
2020/11/17 17:08:21 [debug] anonymous_reports = true
2020/11/17 17:08:21 [debug] cassandra_contact_points = {"127.0.0.1"}
2020/11/17 17:08:21 [debug] cassandra_data_centers = {"dc1:2","dc2:3"}
2020/11/17 17:08:21 [debug] cassandra_keyspace = "kong"
2020/11/17 17:08:21 [debug] cassandra_lb_policy = "RequestRoundRobin"
2020/11/17 17:08:21 [debug] cassandra_port = 9042
2020/11/17 17:08:21 [debug] cassandra_read_consistency = "ONE"
2020/11/17 17:08:21 [debug] cassandra_refresh_frequency = 60
2020/11/17 17:08:21 [debug] cassandra_repl_factor = 1
2020/11/17 17:08:21 [debug] cassandra_repl_strategy = "SimpleStrategy"
2020/11/17 17:08:21 [debug] cassandra_schema_consensus_timeout = 10000
2020/11/17 17:08:21 [debug] cassandra_ssl = false
2020/11/17 17:08:21 [debug] cassandra_ssl_verify = false
2020/11/17 17:08:21 [debug] cassandra_timeout = 5000
2020/11/17 17:08:21 [debug] cassandra_username = "kong"
2020/11/17 17:08:21 [debug] cassandra_write_consistency = "ONE"
2020/11/17 17:08:21 [debug] client_body_buffer_size = "8k"
2020/11/17 17:08:21 [debug] client_max_body_size = "0"
2020/11/17 17:08:21 [debug] client_ssl = false
2020/11/17 17:08:21 [debug] cluster_control_plane = "127.0.0.1:8005"
2020/11/17 17:08:21 [debug] cluster_data_plane_purge_delay = 1209600
2020/11/17 17:08:21 [debug] cluster_listen = {"0.0.0.0:8005"}
2020/11/17 17:08:21 [debug] cluster_mtls = "shared"
2020/11/17 17:08:21 [debug] database = "postgres"
2020/11/17 17:08:21 [debug] db_cache_ttl = 0
2020/11/17 17:08:21 [debug] db_cache_warmup_entities = {"services","plugins"}
2020/11/17 17:08:21 [debug] db_resurrect_ttl = 30
2020/11/17 17:08:21 [debug] db_update_frequency = 5
2020/11/17 17:08:21 [debug] db_update_propagation = 0
2020/11/17 17:08:21 [debug] dns_error_ttl = 1
2020/11/17 17:08:21 [debug] dns_hostsfile = "/etc/hosts"
2020/11/17 17:08:21 [debug] dns_no_sync = false
2020/11/17 17:08:21 [debug] dns_not_found_ttl = 30
2020/11/17 17:08:21 [debug] dns_order = {"LAST","SRV","A","CNAME"}
2020/11/17 17:08:21 [debug] dns_resolver = {}
2020/11/17 17:08:21 [debug] dns_stale_ttl = 4
2020/11/17 17:08:21 [debug] error_default_type = "text/plain"
2020/11/17 17:08:21 [debug] go_plugins_dir = "off"
2020/11/17 17:08:21 [debug] go_pluginserver_exe = "/usr/local/bin/go-pluginserver"
2020/11/17 17:08:21 [debug] headers = {"server_tokens","latency_tokens"}
2020/11/17 17:08:21 [debug] host_ports = {}
2020/11/17 17:08:21 [debug] kic = false
2020/11/17 17:08:21 [debug] log_level = "notice"
2020/11/17 17:08:21 [debug] lua_package_cpath = ""
2020/11/17 17:08:21 [debug] lua_package_path = "./?.lua;./?/init.lua;"
2020/11/17 17:08:21 [debug] lua_socket_pool_size = 30
2020/11/17 17:08:21 [debug] lua_ssl_trusted_certificate = {}
2020/11/17 17:08:21 [debug] lua_ssl_verify_depth = 1
2020/11/17 17:08:21 [debug] mem_cache_size = "128m"
2020/11/17 17:08:21 [debug] nginx_admin_directives = {}
2020/11/17 17:08:21 [debug] nginx_daemon = "off"
2020/11/17 17:08:21 [debug] nginx_events_directives = {{name="worker_connections",value="auto"},{name="multi_accept",value="on"}}
2020/11/17 17:08:21 [debug] nginx_events_multi_accept = "on"
2020/11/17 17:08:21 [debug] nginx_events_worker_connections = "auto"
2020/11/17 17:08:21 [debug] nginx_http_client_body_buffer_size = "8k"
2020/11/17 17:08:21 [debug] nginx_http_client_max_body_size = "0"
2020/11/17 17:08:21 [debug] nginx_http_directives = {{name="client_max_body_size",value="0"},{name="ssl_prefer_server_ciphers",value="off"},{name="client_body_buffer_size",value="8k"},{name="ssl_protocols",value="TLSv1.2 TLSv1.3"},{name="ssl_session_tickets",value="on"},{name="ssl_session_timeout",value="1d"}}
2020/11/17 17:08:21 [debug] nginx_http_ssl_prefer_server_ciphers = "off"
2020/11/17 17:08:21 [debug] nginx_http_ssl_protocols = "TLSv1.2 TLSv1.3"
2020/11/17 17:08:21 [debug] nginx_http_ssl_session_tickets = "on"
2020/11/17 17:08:21 [debug] nginx_http_ssl_session_timeout = "1d"
2020/11/17 17:08:21 [debug] nginx_http_status_directives = {}
2020/11/17 17:08:21 [debug] nginx_http_upstream_directives = {}
2020/11/17 17:08:21 [debug] nginx_main_daemon = "off"
2020/11/17 17:08:21 [debug] nginx_main_directives = {{name="daemon",value="off"},{name="worker_processes",value="auto"},{name="worker_rlimit_nofile",value="auto"}}
2020/11/17 17:08:21 [debug] nginx_main_worker_processes = "auto"
2020/11/17 17:08:21 [debug] nginx_main_worker_rlimit_nofile = "auto"
2020/11/17 17:08:21 [debug] nginx_optimizations = true
2020/11/17 17:08:21 [debug] nginx_proxy_directives = {{name="real_ip_recursive",value="off"},{name="real_ip_header",value="X-Real-IP"}}
2020/11/17 17:08:21 [debug] nginx_proxy_real_ip_header = "X-Real-IP"
2020/11/17 17:08:21 [debug] nginx_proxy_real_ip_recursive = "off"
2020/11/17 17:08:21 [debug] nginx_sproxy_directives = {}
2020/11/17 17:08:21 [debug] nginx_status_directives = {}
2020/11/17 17:08:21 [debug] nginx_stream_directives = {{name="ssl_session_timeout",value="1d"},{name="ssl_session_tickets",value="on"},{name="ssl_prefer_server_ciphers",value="off"},{name="ssl_protocols",value="TLSv1.2 TLSv1.3"}}
2020/11/17 17:08:21 [debug] nginx_stream_ssl_prefer_server_ciphers = "off"
2020/11/17 17:08:21 [debug] nginx_stream_ssl_protocols = "TLSv1.2 TLSv1.3"
2020/11/17 17:08:21 [debug] nginx_stream_ssl_session_tickets = "on"
2020/11/17 17:08:21 [debug] nginx_stream_ssl_session_timeout = "1d"
2020/11/17 17:08:21 [debug] nginx_supstream_directives = {}
2020/11/17 17:08:21 [debug] nginx_upstream_directives = {}
2020/11/17 17:08:21 [debug] nginx_worker_processes = "auto"
2020/11/17 17:08:21 [debug] pg_database = "apigateway"
2020/11/17 17:08:21 [debug] pg_host = "10.100.29.237"
2020/11/17 17:08:21 [debug] pg_max_concurrent_queries = 0
2020/11/17 17:08:21 [debug] pg_password = "******"
2020/11/17 17:08:21 [debug] pg_port = 5432
2020/11/17 17:08:21 [debug] pg_ro_ssl = false
2020/11/17 17:08:21 [debug] pg_ro_ssl_verify = false
2020/11/17 17:08:21 [debug] pg_semaphore_timeout = 60000
2020/11/17 17:08:21 [debug] pg_ssl = false
2020/11/17 17:08:21 [debug] pg_ssl_verify = false
2020/11/17 17:08:21 [debug] pg_timeout = 5000
2020/11/17 17:08:21 [debug] pg_user = "webadmin"
2020/11/17 17:08:21 [debug] plugins = {"bundled"}
2020/11/17 17:08:21 [debug] port_maps = {}
2020/11/17 17:08:21 [debug] prefix = "/usr/local/kong"
2020/11/17 17:08:21 [debug] proxy_access_log = "logs/access.log"
2020/11/17 17:08:21 [debug] proxy_error_log = "logs/error.log"
2020/11/17 17:08:21 [debug] proxy_listen = {"0.0.0.0:8000 reuseport backlog=16384","0.0.0.0:8443 http2 ssl reuseport backlog=16384"}
2020/11/17 17:08:21 [debug] real_ip_header = "X-Real-IP"
2020/11/17 17:08:21 [debug] real_ip_recursive = "off"
2020/11/17 17:08:21 [debug] role = "traditional"
2020/11/17 17:08:21 [debug] ssl_cipher_suite = "intermediate"
2020/11/17 17:08:21 [debug] ssl_ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
2020/11/17 17:08:21 [debug] ssl_prefer_server_ciphers = "on"
2020/11/17 17:08:21 [debug] ssl_protocols = "TLSv1.1 TLSv1.2 TLSv1.3"
2020/11/17 17:08:21 [debug] ssl_session_tickets = "on"
2020/11/17 17:08:21 [debug] ssl_session_timeout = "1d"
2020/11/17 17:08:21 [debug] status_access_log = "off"
2020/11/17 17:08:21 [debug] status_error_log = "logs/status_error.log"
2020/11/17 17:08:21 [debug] status_listen = {"off"}Error:
/usr/local/share/lua/5.1/kong/cmd/prepare.lua:12: could not prepare Kong prefix at /usr/local/kong: /usr/local/kong/logs/error.log: Permission denied
stack traceback:
[C]: in function 'error'
/usr/local/share/lua/5.1/kong/cmd/prepare.lua:12: in function 'cmd_exec'
/usr/local/share/lua/5.1/kong/cmd/init.lua:88: in function </usr/local/share/lua/5.1/kong/cmd/init.lua:88>
[C]: in function 'xpcall'
/usr/local/share/lua/5.1/kong/cmd/init.lua:88: in function </usr/local/share/lua/5.1/kong/cmd/init.lua:45>
/usr/local/bin/kong:9: in function 'file_gen'
init_worker_by_lua:51: in function <init_worker_by_lua:49>
[C]: in function 'xpcall'
init_worker_by_lua:58: in function <init_worker_by_lua:56>

2020/11/17 17:08:21 [debug] stream_listen = {"off"}
2020/11/17 17:08:21 [debug] trusted_ips = {}
2020/11/17 17:08:21 [debug] upstream_keepalive_idle_timeout = 60
2020/11/17 17:08:21 [debug] upstream_keepalive_max_requests = 100
2020/11/17 17:08:21 [debug] upstream_keepalive_pool_size = 60
2020/11/17 17:08:21 [debug] worker_consistency = "strict"
2020/11/17 17:08:21 [debug] worker_state_update_frequency = 5
2020/11/17 17:08:21 [verbose] prefix in use: /usr/local/kong
2020/11/17 17:08:21 [verbose] preparing nginx prefix directory at /usr/local/kong
  • add the user nginx_user to the root group; or
  • allow every user to write to /usr/local/kong with something like
    chmod -R 777 /usr/local/kong

These are workarounds but are dangerous and hacky. I think you should change the file system permissions to allow the nginx_user the ability to write to /usr/local/kong with something like
chown $nginx_user:$nginx_user /usr/local/kong; chmod -R 750 /usr/local/kong/) ;

What causes permission denied is for example starting Kong as the user/group kong when all files under /usr/local/kong are owned and only writable by the user/group root (I think this is what’s happening to you)

One of the things that we started doing in 2.2.0 was changing permissions of /usr/local/kong/ (the default prefix) to be owned by the kong user/group to make it easy to start Kong as the kong user. This was already being done in our official docker releases, but we started doing it for non-docker environments too such as operating systems centos and debian.

If you are still blocked, please provide us the step by step reproduction instructions. Where is the docker-entrypoint.sh and the Dockerfile? How are you installing Kong, starting it (with which user?), docker distribution (centos, debian, ubuntu), etc.