refactor: drop helper tools and run rootless by default

2024-07-18 21:46:25 +02:00 · 2024-07-18 21:46:25 +02:00 · 708cce23d0
commit 708cce23d0
parent d2e5121a61
1 changed files with 7 additions and 31 deletions
--- a/Containerfile.multiarch
+++ b/Containerfile.multiarch
@ -11,47 +11,21 @@ ARG TARGETOS
 ARG TARGETARCH
 ARG TARGETVARIANT
 ARG GOMPLATE_VERSION
 ARG SUPERCRONIC_VERSION
 ARG URL_PARSER_VERSION
 ARG WAIT_FOR_VERSION
 ARG CONTAINER_LIBRARY
 # renovate: datasource=github-releases depName=hairyhenderson/gomplate
 ENV GOMPLATE_VERSION="${GOMPLATE_VERSION:-v4.1.0}"
 # renovate: datasource=github-releases depName=aptible/supercronic
 ENV SUPERCRONIC_VERSION="${SUPERCRONIC_VERSION:-v0.2.30}"
 # renovate: datasource=github-releases depName=thegeeklab/url-parser
 ENV URL_PARSER_VERSION="${URL_PARSER_VERSION:-v2.0.5}"
 # renovate: datasource=github-releases depName=thegeeklab/wait-for
 ENV WAIT_FOR_VERSION="${WAIT_FOR_VERSION:-v0.4.2}"
 # renovate: datasource=git-tags depName=https://gitea.rknet.org/container/container-library
 ENV CONTAINER_LIBRARY="${CONTAINER_LIBRARY:-v0.1.3}"
 RUN addgroup -g 101 -S nginx && \
-    adduser -S -D -H -u 101 -h /var/www -s /sbin/nologin -G nginx -g nginx nginx && \
+    adduser -S -D -H -u 101 -h /var/lib/nginx/html -s /sbin/nologin -G nginx -g nginx nginx && \
    apk --update add --virtual .build-deps curl && \
    apk --update --no-cache add nginx ca-certificates && \
    apk --no-cache upgrade libcrypto3 libssl3 && \
-    rm -rf /var/www/localhost && \
+    rm -rf /var/www && \
    rm -rf /etc/nginx/conf.d && \
    curl -SsfL "https://gitea.rknet.org/container/container-library/releases/download/${CONTAINER_LIBRARY}/container-library.tar.gz" | tar xz -C / && \
    curl -SsfL -o /usr/local/bin/gomplate "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS}-${TARGETARCH}${TARGETVARIANT}" && \
    curl -SsfL -o /usr/local/bin/supercronic "https://github.com/aptible/supercronic/releases/download/${SUPERCRONIC_VERSION}/supercronic-${TARGETOS}-${TARGETARCH}" && \
    curl -SsfL -o /usr/local/bin/url-parser "https://github.com/thegeeklab/url-parser/releases/download/${URL_PARSER_VERSION}/url-parser-${TARGETOS}-${TARGETARCH}${TARGETVARIANT//v/-}" && \
    curl -SsfL -o /usr/local/bin/wait-for "https://github.com/thegeeklab/wait-for/releases/download/${WAIT_FOR_VERSION}/wait-for" && \
    chmod 755 /usr/local/bin/gomplate && \
    chmod 755 /usr/local/bin/supercronic && \
    chmod 755 /usr/local/bin/url-parser && \
    chmod 755 /usr/local/bin/wait-for && \
    touch /run/nginx.pid && \
    chown nginx /run/nginx.pid && \
    chown -R nginx /var/log/nginx && \
    mkdir -p /var/cache/nginx && \
    chown -R nginx /var/cache/nginx && \
    chmod -R 750 /var/cache/nginx && \
-    chown -R nginx:nginx /var/www && \
+    chown -R nginx:nginx /var/lib/nginx/html && \
-    chmod -R 750 /var/www && \
+    chmod -R 750 /var/lib/nginx/html && \
    apk del .build-deps && \
    rm -rf /var/cache/apk/* && \
    rm -rf /tmp/*
@ -59,7 +33,9 @@ RUN addgroup -g 101 -S nginx && \
 ADD overlay/ /
 EXPOSE 8080
 STOPSIGNAL SIGTERM
 WORKDIR /var/lib/nginx/html
 USER 101
 CMD ["nginx", "-g", "daemon off;"]