fix(docker): revert unprivileged user
continuous-integration/drone/push Build is passing Details

nginx runs the init process as root so that it can bind to port 80. All worker processes run as an unprivileged user and thus the attack surface is minimal.
The previous solution didn't change the user id of the user running Vikunja and thus didn't have an effect anyway.

Related to #3228
This commit is contained in:
kolaente 2023-03-11 21:56:47 +01:00
parent e7b89ae44f
commit 6cf2e574bf
Signed by: konrad
GPG Key ID: F40E70337AB24C9B
1 changed files with 0 additions and 4 deletions

View File

@ -66,7 +66,3 @@ RUN chmod 0755 /docker-entrypoint.d/*.sh /etc/nginx/templates && \
chmod -R 0644 /etc/nginx/nginx.conf && \
chown -R nginx:nginx ./ /etc/nginx/conf.d /etc/nginx/templates && \
rm -f /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
# Allow the unprivileged user to run nginx on port 80
RUN apk add libcap && setcap cap_net_bind_service=+ep /usr/sbin/nginx
# unprivileged user
USER nginx