From 1db72c181a0570db5d3350dce494a6153a7704bb Mon Sep 17 00:00:00 2001 From: Deon George Date: Mon, 30 Dec 2024 23:27:46 +1100 Subject: [PATCH] Change /sbin/init to /sbin/init-docker - start nginx and php-fpm non-root --- docker/Dockerfile | 14 +++++++++++--- docker/{init => init-docker} | 0 docker/www.conf | 4 ++-- 3 files changed, 13 insertions(+), 5 deletions(-) rename docker/{init => init-docker} (100%) diff --git a/docker/Dockerfile b/docker/Dockerfile index 2fe22f1..365704f 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -51,11 +51,19 @@ COPY msmtprc /etc/ COPY docker/www.conf /usr/local/etc/php-fpm.d/ COPY docker/nginx-app.conf /etc/nginx/http.d/default.conf -COPY docker/init /sbin/ -RUN chmod 550 /sbin/init && chown 0:0 /sbin/init +COPY docker/init-docker /sbin/init-docker + +# Startup as non-root configuration +RUN chmod 550 /sbin/init-docker && chown www-data:0 /sbin/init-docker +RUN addgroup nginx www-data && addgroup www-data nginx \ + && chgrp www-data /run/nginx /var/log/nginx /var/lib/nginx/tmp \ + && chmod g+w /run/nginx /var/log/nginx \ + && chmod g+rwx /var/lib/nginx/tmp +RUN sed -i -e 's/user nginx;/#user nginx;/' /etc/nginx/nginx.conf +USER www-data VOLUME [ "/var/cache/composer" ] WORKDIR /var/www/html EXPOSE 80 -ENTRYPOINT [ "/sbin/init" ] +ENTRYPOINT [ "/sbin/init-docker" ] CMD [ "php-fpm" ] diff --git a/docker/init b/docker/init-docker similarity index 100% rename from docker/init rename to docker/init-docker diff --git a/docker/www.conf b/docker/www.conf index 8b67780..1b869d3 100644 --- a/docker/www.conf +++ b/docker/www.conf @@ -1,12 +1,12 @@ [www] -group = www-data +;group = www-data listen = 127.0.0.1:9000 pm = dynamic pm.max_children = 25 pm.max_spare_servers = 10 pm.min_spare_servers = 5 pm.start_servers = 10 -user = www-data +;user = www-data prefix = /var/www/html php_admin_value[memory_limit] = 512M php_admin_value[max_execution_time] = 300