fix(docker): revert unprivileged user

nginx runs the init process as root so that it can bind to port 80. All worker processes run as an unprivileged user and thus the attack surface is minimal. The previous solution didn't change the user id of the user running Vikunja and thus didn't have an effect anyway. Related to #3228
2023-03-11 21:56:47 +01:00 · 2023-03-11 21:56:47 +01:00 · 6cf2e574bf
commit 6cf2e574bf
parent e7b89ae44f
1 changed files with 0 additions and 4 deletions
--- a/4
+++ b/4
@ -66,7 +66,3 @@ RUN chmod 0755 /docker-entrypoint.d/*.sh /etc/nginx/templates && \
    chmod -R 0644 /etc/nginx/nginx.conf && \
    chown -R nginx:nginx ./ /etc/nginx/conf.d /etc/nginx/templates && \
    rm -f /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
-# Allow the unprivileged user to run nginx on port 80 
-RUN apk add libcap && setcap cap_net_bind_service=+ep /usr/sbin/nginx
-# unprivileged user
-USER nginx