Spaces:
Sleeping
Sleeping
Raymond Weitekamp
commited on
Commit
·
9f9700b
1
Parent(s):
9330762
Fix Nginx permissions for non-root user
Browse files- Dockerfile +28 -22
- start.sh +0 -8
Dockerfile
CHANGED
|
@@ -27,25 +27,33 @@ RUN mkdir -p /.cache/ezdxf && \
|
|
| 27 |
# Set OCP_VSCODE_LOCK_DIR environment variable
|
| 28 |
ENV OCP_VSCODE_LOCK_DIR=/tmp/ocpvscode
|
| 29 |
|
| 30 |
-
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 31 |
COPY . .
|
| 32 |
|
| 33 |
# Set up startup script with correct permissions
|
| 34 |
RUN chmod +x start.sh
|
| 35 |
|
| 36 |
-
# Configure Nginx with proper permissions
|
| 37 |
-
RUN mkdir -p /var/lib/nginx/body && \
|
| 38 |
-
mkdir -p /var/lib/nginx/proxy && \
|
| 39 |
-
mkdir -p /run/nginx && \
|
| 40 |
-
chown -R www-data:www-data /var/lib/nginx && \
|
| 41 |
-
chown -R www-data:www-data /var/log/nginx && \
|
| 42 |
-
chown -R www-data:www-data /run/nginx && \
|
| 43 |
-
chmod 755 /var/lib/nginx && \
|
| 44 |
-
chmod -R 755 /var/lib/nginx/* && \
|
| 45 |
-
chmod -R 755 /var/log/nginx && \
|
| 46 |
-
chmod -R 755 /run/nginx && \
|
| 47 |
-
rm -f /etc/nginx/sites-enabled/default
|
| 48 |
-
|
| 49 |
# Create nginx configuration for port forwarding
|
| 50 |
RUN echo 'worker_processes 1;\n\
|
| 51 |
error_log stderr info;\n\
|
|
@@ -80,11 +88,11 @@ http {\n\
|
|
| 80 |
proxy_read_timeout 86400;\n\
|
| 81 |
}\n\
|
| 82 |
}\n\
|
| 83 |
-
}' > /etc/nginx/nginx.conf
|
|
|
|
| 84 |
|
| 85 |
-
#
|
| 86 |
-
RUN
|
| 87 |
-
touch /home/appuser/.ocpvscode && \
|
| 88 |
echo "{}" > /home/appuser/.ocpvscode && \
|
| 89 |
chown -R appuser:appuser /home/appuser && \
|
| 90 |
chmod 666 /home/appuser/.ocpvscode
|
|
@@ -105,11 +113,9 @@ RUN wget https://github.com/gitpod-io/openvscode-server/releases/download/openvs
|
|
| 105 |
rm /tmp/openvscode-server.tar.gz && \
|
| 106 |
mv /opt/openvscode-server-v1.86.2-linux-x64 /opt/openvscode-server
|
| 107 |
|
| 108 |
-
# Set permissions for the entire /code directory
|
| 109 |
RUN chown -R appuser:appuser /code && \
|
| 110 |
-
chown -R appuser:appuser /opt/openvscode-server
|
| 111 |
-
chown -R appuser:appuser /etc/nginx && \
|
| 112 |
-
chmod -R 755 /etc/nginx
|
| 113 |
|
| 114 |
# Switch to non-root user
|
| 115 |
USER appuser
|
|
|
|
| 27 |
# Set OCP_VSCODE_LOCK_DIR environment variable
|
| 28 |
ENV OCP_VSCODE_LOCK_DIR=/tmp/ocpvscode
|
| 29 |
|
| 30 |
+
# Create a non-root user first
|
| 31 |
+
RUN useradd -m -d /home/appuser -s /bin/bash appuser
|
| 32 |
+
|
| 33 |
+
# Set up Nginx directories and permissions
|
| 34 |
+
RUN mkdir -p /var/lib/nginx/body \
|
| 35 |
+
/var/lib/nginx/fastcgi \
|
| 36 |
+
/var/lib/nginx/proxy \
|
| 37 |
+
/var/lib/nginx/scgi \
|
| 38 |
+
/var/lib/nginx/uwsgi \
|
| 39 |
+
/run/nginx && \
|
| 40 |
+
touch /var/log/nginx/access.log && \
|
| 41 |
+
touch /var/log/nginx/error.log && \
|
| 42 |
+
chown -R appuser:appuser /var/lib/nginx \
|
| 43 |
+
/var/log/nginx \
|
| 44 |
+
/run/nginx \
|
| 45 |
+
/etc/nginx && \
|
| 46 |
+
chmod -R 755 /var/lib/nginx && \
|
| 47 |
+
chmod -R 644 /var/log/nginx/* && \
|
| 48 |
+
chmod -R 755 /run/nginx && \
|
| 49 |
+
rm -f /etc/nginx/sites-enabled/default
|
| 50 |
+
|
| 51 |
+
# Copy application files
|
| 52 |
COPY . .
|
| 53 |
|
| 54 |
# Set up startup script with correct permissions
|
| 55 |
RUN chmod +x start.sh
|
| 56 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 57 |
# Create nginx configuration for port forwarding
|
| 58 |
RUN echo 'worker_processes 1;\n\
|
| 59 |
error_log stderr info;\n\
|
|
|
|
| 88 |
proxy_read_timeout 86400;\n\
|
| 89 |
}\n\
|
| 90 |
}\n\
|
| 91 |
+
}' > /etc/nginx/nginx.conf && \
|
| 92 |
+
chown appuser:appuser /etc/nginx/nginx.conf
|
| 93 |
|
| 94 |
+
# Set up .ocpvscode file
|
| 95 |
+
RUN touch /home/appuser/.ocpvscode && \
|
|
|
|
| 96 |
echo "{}" > /home/appuser/.ocpvscode && \
|
| 97 |
chown -R appuser:appuser /home/appuser && \
|
| 98 |
chmod 666 /home/appuser/.ocpvscode
|
|
|
|
| 113 |
rm /tmp/openvscode-server.tar.gz && \
|
| 114 |
mv /opt/openvscode-server-v1.86.2-linux-x64 /opt/openvscode-server
|
| 115 |
|
| 116 |
+
# Set permissions for the entire /code directory
|
| 117 |
RUN chown -R appuser:appuser /code && \
|
| 118 |
+
chown -R appuser:appuser /opt/openvscode-server
|
|
|
|
|
|
|
| 119 |
|
| 120 |
# Switch to non-root user
|
| 121 |
USER appuser
|
start.sh
CHANGED
|
@@ -1,13 +1,5 @@
|
|
| 1 |
#!/bin/bash
|
| 2 |
|
| 3 |
-
# Create required directories with correct permissions
|
| 4 |
-
mkdir -p /var/log/nginx
|
| 5 |
-
chmod 777 /var/log/nginx
|
| 6 |
-
touch /var/log/nginx/error.log
|
| 7 |
-
chmod 666 /var/log/nginx/error.log
|
| 8 |
-
touch /var/log/nginx/access.log
|
| 9 |
-
chmod 666 /var/log/nginx/access.log
|
| 10 |
-
|
| 11 |
# Start Nginx
|
| 12 |
nginx
|
| 13 |
|
|
|
|
| 1 |
#!/bin/bash
|
| 2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
# Start Nginx
|
| 4 |
nginx
|
| 5 |
|