RPJosh
/
docker-registry-proxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

run as non privileged user for security

pull/39/head
Jye Lee 2020-04-27 12:23:48 -07:00
parent 67a81cf781
commit 54b6ab3dc3
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Dockerfile
View File

@ -34,6 +34,12 @@ ADD entrypoint.sh /entrypoint.sh
ADD create_ca_cert.sh /create_ca_cert.sh ADD create_ca_cert.sh /create_ca_cert.sh
RUN chmod +x /create_ca_cert.sh /entrypoint.sh RUN chmod +x /create_ca_cert.sh /entrypoint.sh
# Allow running nginx with unprivileged user
RUN chown 1000:1000 /etc/nginx && \
mkdir /certs && chown 1000:1000 /certs
USER 1000:1000
# Clients should only use 3128, not anything else. # Clients should only use 3128, not anything else.
EXPOSE 3128 EXPOSE 3128
@ -53,4 +59,4 @@ ENV DEBUG="false"
ENV DEBUG_NGINX="false" ENV DEBUG_NGINX="false"
# Did you want a shell? Sorry, the entrypoint never returns, because it runs nginx itself. Use 'docker exec' if you need to mess around internally. # Did you want a shell? Sorry, the entrypoint never returns, because it runs nginx itself. Use 'docker exec' if you need to mess around internally.
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]