tomcat icon indicating copy to clipboard operation
tomcat copied to clipboard
verified publisher icon docker-library

SEVERE [main] org.apache.catalina.startup.HostConfig.beforeStart Unable to create directory for deployment: [/usr/local/tomcat/conf/Catalina/localhost] Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/myapp]]

Open giuliano-aiello opened this issue 1 year ago • 1 comments

When running a tomcat Docker image, this error appears, despite the container seems to go on with the execution: SEVERE [main] org.apache.catalina.startup.HostConfig.beforeStart Unable to create directory for deployment: [/usr/local/tomcat/conf/Catalina/localhost] Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/myapp]]

Steps to reproduce: Distributor ID: Ubuntu Description: Ubuntu 20.04.5 LTS Release: 20.04 Codename: focal

Docker version 20.10.23, build 7155243

With the Docker image:

FROM tomcat:10.1.25-jdk17

#RUN mkdir -p /usr/local/tomcat/conf/Catalina/localhost #Hardcoding this privilege will obviously solve the problem

ADD ./asapianpr/asapianpr.war /usr/local/tomcat/webapps/
ADD ./asapianpr/ROOT /usr/local/tomcat/webapps/ROOT
RUN chown -R 8877:8877 /usr/local/tomcat/webapps/
RUN chmod -R g+rwx /usr/local/tomcat/webapps/

RUN chown -R 8877:8877 /usr/local/tomcat/temp/
RUN chmod -R g+rwx /usr/local/tomcat/temp/

RUN chown -R 8877:8877 /usr/local/tomcat/work/
RUN chmod -R g+rwx /usr/local/tomcat/work/

RUN mkdir -p /usr/local/tomcat/config
ADD ./asapianpr/config/asapianpr.settings /usr/local/tomcat/config/
RUN chown -R 8877:8877 /usr/local/tomcat/config/
RUN chmod -R g+rwx /usr/local/tomcat/config/

ADD ./setenv.sh /usr/local/tomcat/bin
RUN chown -R 8877:8877 /usr/local/tomcat/bin/
RUN chmod -R g+rwx /usr/local/tomcat/bin/

ENV TZ="Europe/Rome"

RUN useradd -ms /bin/bash -u 8877 user

USER user

EXPOSE 8080

CMD ["catalina.sh", "run"]

This seems to be a known old problem: #128 and #209 .

giuliano-aiello avatar Jun 28 '24 08:06 giuliano-aiello

As far as I understand tomcat, we wouldn't want the conf directory writeable by the running user, since that could be a security concern. So, creating the configuration directories that your app needs should be done in your Dockerfile.

Though I would guess that if you're not putting any configuration in there, then they are probably not relevant and createDirs could be disabled in the server.xml. 🤷

yosifkit avatar Jun 28 '24 17:06 yosifkit