allow image to run as any non-root user/group, fixes #10
This commit is contained in:
El RIDO
parent
7326e27e8c
commit
0928070a04
3 changed files with 2 additions and 9 deletions
|
|
@ -36,8 +36,8 @@ RUN \
|
||||||
&& mkfifo \
|
&& mkfifo \
|
||||||
/etc/s6/services/nginx/supervise/control \
|
/etc/s6/services/nginx/supervise/control \
|
||||||
/etc/s6/services/php-fpm8/supervise/control \
|
/etc/s6/services/php-fpm8/supervise/control \
|
||||||
&& adduser nobody www-data \
|
&& chown -R 65534:82 /etc/s6 /run /srv/* /var/lib/nginx /var/www \
|
||||||
&& chown -R nobody.www-data /etc/s6 /run /srv/* /var/lib/nginx /var/www \
|
&& chmod o+rwx /run /var/lib/nginx /var/lib/nginx/tmp \
|
||||||
# Clean up
|
# Clean up
|
||||||
&& rm -rf "${GNUPGHOME}" /tmp/* \
|
&& rm -rf "${GNUPGHOME}" /tmp/* \
|
||||||
&& apk del gnupg
|
&& apk del gnupg
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,3 @@
|
||||||
# Run as a unique, less privileged user for security reasons.
|
|
||||||
user nobody www-data;
|
|
||||||
|
|
||||||
# Sets the worker threads to the number of CPU cores available in the system for best performance.
|
# Sets the worker threads to the number of CPU cores available in the system for best performance.
|
||||||
# Should be > the number of CPU cores.
|
# Should be > the number of CPU cores.
|
||||||
# Maximum number of connections = worker_processes * worker_connections
|
# Maximum number of connections = worker_processes * worker_connections
|
||||||
|
|
|
||||||
|
|
@ -3,11 +3,7 @@ daemonize = no
|
||||||
error_log = /dev/stderr
|
error_log = /dev/stderr
|
||||||
|
|
||||||
[www]
|
[www]
|
||||||
user = nobody
|
|
||||||
group = www-data
|
|
||||||
listen = /run/php-fpm.sock
|
listen = /run/php-fpm.sock
|
||||||
listen.owner = nobody
|
|
||||||
listen.group = www-data
|
|
||||||
access.log = /dev/null
|
access.log = /dev/null
|
||||||
clear_env = On
|
clear_env = On
|
||||||
pm = dynamic
|
pm = dynamic
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue