run as non privileged user for security
Jye Lee
parent
67a81cf781
commit
54b6ab3dc3
|
|
@ -34,6 +34,12 @@ ADD entrypoint.sh /entrypoint.sh
|
|||
ADD create_ca_cert.sh /create_ca_cert.sh
|
||||
RUN chmod +x /create_ca_cert.sh /entrypoint.sh
|
||||
|
||||
# Allow running nginx with unprivileged user
|
||||
RUN chown 1000:1000 /etc/nginx && \
|
||||
mkdir /certs && chown 1000:1000 /certs
|
||||
|
||||
USER 1000:1000
|
||||
|
||||
# Clients should only use 3128, not anything else.
|
||||
EXPOSE 3128
|
||||
|
||||
|
|
@ -53,4 +59,4 @@ ENV DEBUG="false"
|
|||
ENV DEBUG_NGINX="false"
|
||||
|
||||
# Did you want a shell? Sorry, the entrypoint never returns, because it runs nginx itself. Use 'docker exec' if you need to mess around internally.
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
|
|
|||
Loading…
Reference in New Issue