Skip to content

🐛 fix(nginx): move PID file to writable directory for clean shutdown#282

Merged
cteyton merged 1 commit intomainfrom
fix/nginx
Apr 15, 2026
Merged

🐛 fix(nginx): move PID file to writable directory for clean shutdown#282
cteyton merged 1 commit intomainfrom
fix/nginx

Conversation

@cteyton
Copy link
Copy Markdown
Contributor

@cteyton cteyton commented Apr 14, 2026

Explanation

Move the nginx PID file from /run/nginx.pid to /home/packmind/nginx.pid to fix Permission Denied errors on graceful shutdown.

On pod shutdown (SIGQUIT), nginx calls unlink() on the PID file, which requires write permission on the parent directory. /run/ is root-owned, so the call fails even though the file itself is owned by packmind. Moving to /home/packmind/ (already owned by packmind) resolves this.

Impact: eliminates ~119 [alert] unlink() "/run/nginx.pid" failed (13: Permission denied) log entries per week.

Type of Change

  • Bug fix
  • New feature
  • Improvement/Enhancement
  • Refactoring
  • Documentation
  • Breaking change

Affected Components

  • Domain packages affected: none
  • Frontend / Backend / Both: Frontend (Docker/nginx config only)
  • Breaking changes (if any): none

Testing

  • Unit tests added/updated
  • Integration tests added/updated
  • Manual testing completed
  • Test coverage maintained or improved

Test Details:

  1. Build the frontend Docker image
  2. Run container and confirm nginx starts with PID file at /home/packmind/nginx.pid
  3. Stop container (SIGQUIT) and verify no unlink permission error in logs

TODO List

  • CHANGELOG Updated
  • Documentation Updated

Reviewer Notes

Pure config change across 4 files — no code logic modified. The recursive chown ... /home/packmind in the Dockerfile already covers the new PID file location, so /run/nginx.pid was removed from the explicit chown list.

🤖 Generated with Claude Code

@cteyton @claude
🐛 fix(nginx): move PID file to writable directory for clean shutdown
ff9b652 
unlink() on /run/nginx.pid fails with Permission Denied because /run/ is
root-owned. Moving the PID file to /home/packmind/nginx.pid resolves the
119 weekly alerts on pod graceful shutdown.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Apr 14, 2026

Greptile Summary

This PR fixes a permission error on graceful nginx shutdown by relocating the PID file from /run/nginx.pid (root-owned directory) to /home/packmind/nginx.pid (owned by the packmind user). The change is applied consistently across the Dockerfile and all three nginx config variants, and the recursive chown -R packmind:packmind /home/packmind in the Dockerfile already covers the new path — no extra ownership step is needed.

Confidence Score: 5/5

  • This PR is safe to merge — it's a focused, correct config-only fix with no logic changes.
  • All four files are updated consistently, the Dockerfile ownership chain is correct (recursive chown covers the new path), no references to the old /run/nginx.pid path remain anywhere in the codebase, and the entrypoint script is unaffected. No P0 or P1 findings.
  • No files require special attention.

Important Files Changed

Filename Overview
dockerfile/Dockerfile.frontend Moves PID file creation to /home/packmind/nginx.pid and removes the now-redundant explicit /run/nginx.pid entry from the chown list; recursive chown -R on /home/packmind covers the new location.
dockerfile/nginx.compose.conf PID directive updated from /run/nginx.pid to /home/packmind/nginx.pid — consistent with Dockerfile change.
dockerfile/nginx.k8s.conf PID directive updated from /run/nginx.pid to /home/packmind/nginx.pid — consistent with Dockerfile change.
dockerfile/nginx.k8s.no-ingress.conf PID directive updated from /run/nginx.pid to /home/packmind/nginx.pid — consistent with Dockerfile change; the envsubst-rendered copy used at runtime will carry the new path correctly.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Container Start] --> B[nginx-entrypoint.sh]
    B --> C{NGINX_ENV?}
    C -- K8S + no ingress --> D[envsubst renders\nnginx.k8s.no-ingress.conf\nto /tmp/nginx.conf]
    C -- K8S + ingress --> E[nginx -c nginx.k8s.conf]
    C -- compose --> F[nginx -c nginx.compose.conf]
    D --> G[nginx -c /tmp/nginx.conf]
    E --> H[Write PID to\n/home/packmind/nginx.pid]
    F --> H
    G --> H
    H --> I[nginx running as packmind:1000]
    I --> J{SIGQUIT received}
    J --> K[nginx calls unlink\non /home/packmind/nginx.pid]
    K --> L[packmind owns /home/packmind ✓\nunlink succeeds]
    L --> M[Clean shutdown]

    style L fill:#90EE90
    style K fill:#90EE90
Loading

Reviews (1): Last reviewed commit: "🐛 fix(nginx): move PID file to writable..." | Re-trigger Greptile

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 14, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@cteyton cteyton merged commit 0405031 into main Apr 15, 2026
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cteyton