AWS ECS EC2 ECR not updating files after deployment with docker volume nginx

Question

I am being stuck on issue with my volume and ECS. I would like to attach volume so i can store there .env files etc so i dont have to recreate this manually after every deployment. The problem is, the way I have it set up it does not update(or overwrite) files, which are pushed to ECR. So If i do code change and push it to git, it does following:

1. Creates new image and pushes it to ECR
2. It Creates new containers with image pushed to ECR (it dynamically assigns tag to the image)
3. when I do docker ps on EC2 I see new containers, and container with code changes is built from correct image which has just been pushed to ECR. So it seems all is working fine until this point.

But the code changes dont appear when i refresh browser nor after clearing caches.

I am attaching volume to the folder /var/www/html where sits my app, so from my understanding this code should get replaced during deployment. But the problem is, it does not replaces the code.

When I remove the volume, I can see the code changes everytime deployment finishes but I also always have to create manually .env file + run couple of commands.

PS: I have another container (mysql) which is setting volume exactly the same way and changes I do in database are persistent even after new container is created.

Please see my Docker file and taskDefinition.json to see how I deal with volumes.

Dockerfile:

FROM alpine:${ALPINE_VERSION}
# Setup document root
WORKDIR /var/www/html

# Install packages and remove default server definition
RUN apk add --no-cache \
  curl \
  nginx \
  php8 \
  php8-ctype \
  php8-curl \
  php8-dom \
  php8-fpm \
  php8-gd \
  php8-intl \
  php8-json \
  php8-mbstring \
  php8-mysqli \
  php8-pdo \
  php8-opcache \
  php8-openssl \
  php8-phar \
  php8-session \
  php8-xml \
  php8-xmlreader \
  php8-zlib \
  php8-tokenizer \
  php8-fileinfo \
  php8-json \
  php8-xml \
  php8-xmlwriter \
  php8-simplexml \
  php8-dom \
  php8-pdo_mysql \
  php8-pdo_sqlite \
  php8-tokenizer \
  php8-pecl-redis \
  php8-bcmath \
  php8-exif \
  supervisor \
  nano \
  sudo

# Create symlink so programs depending on `php` still function
RUN ln -s /usr/bin/php8 /usr/bin/php

# Configure nginx
COPY tools/docker/config/nginx.conf /etc/nginx/nginx.conf

# Configure PHP-FPM
COPY tools/docker/config/fpm-pool.conf /etc/php8/php-fpm.d/www.conf
COPY tools/docker/config/php.ini /etc/php8/conf.d/custom.ini

# Configure supervisord
COPY tools/docker/config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

# Make sure files/folders needed by the processes are accessable when they run under the nobody user
RUN chown -R nobody.nobody /var/www/html /run /var/lib/nginx /var/log/nginx

# Install composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer

RUN apk update && apk add bash

# Install node npm
RUN apk add --update nodejs npm \
 && npm config set --global loglevel warn \
 && npm install --global marked \
 && npm install --global node-gyp \
 && npm install --global yarn \
 # Install node-sass's linux bindings
 && npm rebuild node-sass

# Switch to use a non-root user from here on
USER nobody

# Add application
COPY --chown=nobody ./ /var/www/html/

RUN cat /var/www/html/resources/js/Components/Sections/About.vue

RUN composer install --optimize-autoloader --no-interaction --no-progress --ignore-platform-req=ext-zip --ignore-platform-req=ext-zip

USER root
RUN yarn && yarn run production

USER nobody

VOLUME /var/www/html

# Expose the port nginx is reachable on
EXPOSE 8080

# Let supervisord start nginx & php-fpm
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]

# Configure a healthcheck to validate that everything is up&running
HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping

taskDefinition.json

{
    "containerDefinitions": [
        {
            "name": "fooweb-nginx-php",
            "cpu": 100,
            "memory": 512,
            "links": [
                "mysql"
            ],
            "portMappings": [
                {
                    "containerPort": 8080,
                    "hostPort": 80,
                    "protocol": "tcp"
                }
            ],
            "essential": true,
            "environment": [],
            "mountPoints": [
                {
                    "sourceVolume": "fooweb-storage-web",
                    "containerPath": "/var/www/html"
                }
            ]
        },
        {
            "name": "mysql",
            "image": "mysql",
            "cpu": 50,
            "memory": 512,
            "portMappings": [
                {
                    "containerPort": 3306,
                    "hostPort": 4306,
                    "protocol": "tcp"
                }
            ],
            "essential": true,
            "environment": [
                {
                    "name": "MYSQL_DATABASE",
                    "value": "123"
                },
                {
                    "name": "MYSQL_PASSWORD",
                    "value": "123"
                },
                {
                    "name": "MYSQL_USER",
                    "value": "123"
                },
                {
                    "name": "MYSQL_ROOT_PASSWORD",
                    "value": "123"
                }
            ],
            "mountPoints": [
                {
                    "sourceVolume": "fooweb-storage-mysql",
                    "containerPath": "/var/lib/mysql"
                }
            ]
        }
    ],
    "family": "art_web_task_definition",
    "taskRoleArn": "arn:aws:iam::123:role/ecs-task-execution-role",
    "executionRoleArn": "arn:aws:iam::123:role/ecs-task-execution-role",
    "networkMode": "bridge",
    "volumes": [
        {
            "name": "fooweb-storage-mysql",
            "dockerVolumeConfiguration": {
                "scope": "shared",
                "autoprovision": true,
                "driver": "local"
            }
        },
        {
            "name": "fooweb-storage-web",
            "dockerVolumeConfiguration": {
                "scope": "shared",
                "autoprovision": true,
                "driver": "local"
            }
        }
    ],
    "placementConstraints": [],
    "requiresCompatibilities": [
        "EC2"
    ],
    "cpu": "1536",
    "memory": "1536",
    "tags": []
}

So I believe there will be some problem with the way I have set the volume or maybe there could be some permission issue ?

Many thanks !

Answer 1

"I am attaching volume to the folder /var/www/html where sits my app, so from my understanding this code should get replaced during deployment."

That's the opposite of how docker volumes work.

It is going to ignore anything in /var/www/html inside the docker image, and instead reuse whatever you have in the mounted volume. Mounted volumes are primarily for persisting files between container restarts and image changes. If there is updated code in /var/www/html inside the image you are building, and you want that updated code to be active when your application is deployed, then you can't mount that as a volume.

If you are specifying a VOLUME instruction in your Dockerfile, then the very first time you ran your container in it would have "initialized" the volume with the files that are inside the docker container, as part of the process of creating the volume. After that, the files in the volume on the host server are persisted across container restarts/deployments, and any new updates to that path inside the new docker images are ignored.