From 6cf2e574bfcca6bf10d0465e9adf9e23d7b24367 Mon Sep 17 00:00:00 2001 From: kolaente Date: Sat, 11 Mar 2023 21:56:47 +0100 Subject: [PATCH] fix(docker): revert unprivileged user nginx runs the init process as root so that it can bind to port 80. All worker processes run as an unprivileged user and thus the attack surface is minimal. The previous solution didn't change the user id of the user running Vikunja and thus didn't have an effect anyway. Related to #3228 --- Dockerfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index e5701bc48..52d08e468 100644 --- a/Dockerfile +++ b/Dockerfile @@ -66,7 +66,3 @@ RUN chmod 0755 /docker-entrypoint.d/*.sh /etc/nginx/templates && \ chmod -R 0644 /etc/nginx/nginx.conf && \ chown -R nginx:nginx ./ /etc/nginx/conf.d /etc/nginx/templates && \ rm -f /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh -# Allow the unprivileged user to run nginx on port 80 -RUN apk add libcap && setcap cap_net_bind_service=+ep /usr/sbin/nginx -# unprivileged user -USER nginx