
I'm trying to set up an Nginx container as part of a Docker stack. I want to use a bind mount to make a folder on my computer available to the container as /data/www, and use that as the root folder for Nginx to serve content from. The Nginx container builds and starts without any errors, and the port is exposed as 8080; however, if I actually try to go to localhost:8080, I get HTTP 403 errors.


Here's the relevant folder structure of my project:


The folder /frontend/static is the one I am trying to add as a bind mount volume to the Nginx container.


version: '3.7'

      context: frontend
      dockerfile: frontend.dockerfile
      - 8080:80
      - type: bind
        source: ./frontend/static
        target: /data/www
        read_only: true


FROM nginx:1.16-alpine
COPY nginx.conf /etc/nginx/nginx.conf


events {

http {
  server {
    listen 80;

    location / {
      root /data/www;

When I run docker-compose up, the container builds and starts without any problems, but when I type localhost:8080 into the browser, I get HTTP 403, and the following error in the docker console:

frontend_1  | - - [04/Aug/2019:22:15:50 +0000] "GET / HTTP/1.1" 403 555 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36"
frontend_1  | 2019/08/04 22:15:50 [error] 7#7: *1 "/data/www/index.html" is forbidden (13: Permission denied), client:, server: , request: "GET / HTTP/1.1", host: "localhost:8080"

So Nginx is clearly receiving the HTTP request and trying to serve the content (in this case, index.html), but it does not have permission to access any files in the folder /data/www, i.e. the bind mount volume.

I'm running Fedora 30. The project itself is in my home folder: ~/Dev/sandbox. I've used chmod -R 755 frontend/static in the project folder to grant permissions on the folder that needs to be bound.

I've also tried using a non-alpine image of Nginx, no difference.

Máté Safranka
  • 121
  • 1
  • 6

3 Answers3


It was indeed a permission issue; specifically a SELinux permission issue. Although the chmod of the mounted volume was set to 755, the docker user (under which Docker containers are executed) was still not granted access to it under SELinux's stricter rules.

Since this was just on my machine, and I didn't feel like taking a 24-hour deep dive into SELinux permissions, I just permanently switched to permissive mode, and my problem was solved without a hitch.

Máté Safranka
  • 121
  • 1
  • 6

This clearly says that it's a permission issue. Please check document root "/data/www/" is owned by Nginx user. You can also change the ownership by entering container with below commands.

docker exec -it bash

Give this a try and post back with the errors you have identified and we shall try to resolve it.

  • 177
  • 2

Due to the relative path of the source, the execution context for compose may not point to where you want it. If a volume is bound in the docker-compose.yml file and the source at host does not (yet) exist there, Docker also creates a frontend/static directory (with root privileges only) on the host (not just in the container). Find and delete this on the host with sudo. Point then to the source as an absolute path rather than a relative path.

  • 146
  • 1
  • 1
  • 3