fix(docker): revert unprivileged user
continuous-integration/drone/push Build is passing Details

nginx runs the init process as root so that it can bind to port 80. All worker processes run as an unprivileged user and thus the attack surface is minimal.
The previous solution didn't change the user id of the user running Vikunja and thus didn't have an effect anyway.

Related to #3228
kolaente 2 weeks ago
parent e7b89ae44f
commit 6cf2e574bf
Signed by: konrad
GPG Key ID: F40E70337AB24C9B

@ -66,7 +66,3 @@ RUN chmod 0755 /docker-entrypoint.d/*.sh /etc/nginx/templates && \
chmod -R 0644 /etc/nginx/nginx.conf && \
chown -R nginx:nginx ./ /etc/nginx/conf.d /etc/nginx/templates && \
rm -f /docker-entrypoint.d/
# Allow the unprivileged user to run nginx on port 80
RUN apk add libcap && setcap cap_net_bind_service=+ep /usr/sbin/nginx
# unprivileged user
USER nginx