docker - ECS Fargate NGINX容器在CloudWatch日志中未显示错误

Question

我的Nginx Dockerfile:

FROM nginx:1.15.12-alpine
RUN rm /etc/nginx/conf.d/default.conf
COPY ./nginx/nginx.conf /etc/nginx/conf.d

# Forward request logs to Docker log collector
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
  && ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 80
ENTRYPOINT ["nginx", "-g", "daemon off;"]

来自ECS任务定义的容器:

[
  {
    "name": "nginx",
    "image": "<ECR REPO HERE>",
    "networkMode": "awsvpc",
    "essential": true,
    "portMappings": [
      {
        "containerPort": 80,
        "protocol": "http"
      }
    ],
    "logConfiguration": {
      "logDriver": "awslogs",
      "options": {
        "awslogs-group": "mygroup",
        "awslogs-region": "us-east-1",
        "awslogs-stream-prefix": "nginx"
      }
    },
    "essential": true
  }
]

然而，部署任务后，它失败了，在CloudWatch中，我看到以下内容:



我是ECS / Cloudwatch的新手。如何从容器中看到NGINX错误？

Answer 1

您应该检查ECS_Execution_Role_Policy。它应该包含logs权限。像:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}

您应该为ecs_agent驱动程序配置awslogs的配置。

此配置文件路径在主机中为/etc/ecs/ecs.config。该文件应类似于:

ECS_CLUSTER=test_ecs_cluster
ECS_AVAILABLE_LOGGING_DRIVERS=["awslogs","json-file"]

See :

Here's a document