Enhance: Running contaienr with non-root user

* core
* portal

Signed-off-by: Qian Deng <dengq@vmware.com>
This commit is contained in:
Qian Deng 2019-07-22 06:21:28 +00:00
parent 96b62e5741
commit 904f04fac1
5 changed files with 24 additions and 14 deletions

View File

@ -17,23 +17,24 @@ VOLUME ["/portal_src"]
FROM photon:2.0
RUN tdnf install -y nginx >> /dev/null \
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
&& tdnf clean all
EXPOSE 80
VOLUME /var/cache/nginx /var/log/nginx /run
COPY --from=nodeportal /build_dir/dist /usr/share/nginx/html
COPY --from=nodeportal /build_dir/swagger.yaml /usr/share/nginx/html
COPY --from=nodeportal /build_dir/swagger.json /usr/share/nginx/html
COPY make/photon/portal/nginx.conf /etc/nginx/nginx.conf
RUN tdnf install -y nginx >> /dev/null \
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
&& tdnf clean all \
&& chown -R 10000:10000 /etc/nginx
EXPOSE 80
VOLUME /var/cache/nginx /var/log/nginx /run
STOPSIGNAL SIGQUIT
HEALTHCHECK CMD curl --fail -s http://127.0.0.1 || exit 1
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080 || exit 1
CMD ["nginx", "-g", "pid /tmp/nginx.pid; daemon off;"]
CMD ["nginx", "-g", "daemon off;"]

View File

@ -6,8 +6,15 @@ events {
}
http {
client_body_temp_path /tmp/client_body_temp;
proxy_temp_path /tmp/proxy_temp;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
listen 80;
listen 8080;
server_name localhost;
root /usr/share/nginx/html;

View File

@ -133,6 +133,7 @@ services:
env_file:
- ./common/config/core/env
restart: always
user: 10000:10000
cap_drop:
- ALL
cap_add:
@ -185,6 +186,7 @@ services:
image: goharbor/harbor-portal:{{version}}
container_name: harbor-portal
restart: always
user: 10000:10000
cap_drop:
- ALL
cap_add:

View File

@ -17,7 +17,7 @@ http {
}
upstream portal {
server portal:80;
server portal:8080;
}
log_format timed_combined '$remote_addr - '

View File

@ -18,7 +18,7 @@ http {
}
upstream portal {
server portal:80;
server portal:8080;
}
log_format timed_combined '$remote_addr - '