refactor: drop helper tools and run rootless by default
This commit is contained in:
parent
d2e5121a61
commit
708cce23d0
|
@ -11,47 +11,21 @@ ARG TARGETOS
|
|||
ARG TARGETARCH
|
||||
ARG TARGETVARIANT
|
||||
|
||||
ARG GOMPLATE_VERSION
|
||||
ARG SUPERCRONIC_VERSION
|
||||
ARG URL_PARSER_VERSION
|
||||
ARG WAIT_FOR_VERSION
|
||||
ARG CONTAINER_LIBRARY
|
||||
|
||||
# renovate: datasource=github-releases depName=hairyhenderson/gomplate
|
||||
ENV GOMPLATE_VERSION="${GOMPLATE_VERSION:-v4.1.0}"
|
||||
# renovate: datasource=github-releases depName=aptible/supercronic
|
||||
ENV SUPERCRONIC_VERSION="${SUPERCRONIC_VERSION:-v0.2.30}"
|
||||
# renovate: datasource=github-releases depName=thegeeklab/url-parser
|
||||
ENV URL_PARSER_VERSION="${URL_PARSER_VERSION:-v2.0.5}"
|
||||
# renovate: datasource=github-releases depName=thegeeklab/wait-for
|
||||
ENV WAIT_FOR_VERSION="${WAIT_FOR_VERSION:-v0.4.2}"
|
||||
# renovate: datasource=git-tags depName=https://gitea.rknet.org/container/container-library
|
||||
ENV CONTAINER_LIBRARY="${CONTAINER_LIBRARY:-v0.1.3}"
|
||||
|
||||
RUN addgroup -g 101 -S nginx && \
|
||||
adduser -S -D -H -u 101 -h /var/www -s /sbin/nologin -G nginx -g nginx nginx && \
|
||||
adduser -S -D -H -u 101 -h /var/lib/nginx/html -s /sbin/nologin -G nginx -g nginx nginx && \
|
||||
apk --update add --virtual .build-deps curl && \
|
||||
apk --update --no-cache add nginx ca-certificates && \
|
||||
apk --no-cache upgrade libcrypto3 libssl3 && \
|
||||
rm -rf /var/www/localhost && \
|
||||
rm -rf /var/www && \
|
||||
rm -rf /etc/nginx/conf.d && \
|
||||
curl -SsfL "https://gitea.rknet.org/container/container-library/releases/download/${CONTAINER_LIBRARY}/container-library.tar.gz" | tar xz -C / && \
|
||||
curl -SsfL -o /usr/local/bin/gomplate "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS}-${TARGETARCH}${TARGETVARIANT}" && \
|
||||
curl -SsfL -o /usr/local/bin/supercronic "https://github.com/aptible/supercronic/releases/download/${SUPERCRONIC_VERSION}/supercronic-${TARGETOS}-${TARGETARCH}" && \
|
||||
curl -SsfL -o /usr/local/bin/url-parser "https://github.com/thegeeklab/url-parser/releases/download/${URL_PARSER_VERSION}/url-parser-${TARGETOS}-${TARGETARCH}${TARGETVARIANT//v/-}" && \
|
||||
curl -SsfL -o /usr/local/bin/wait-for "https://github.com/thegeeklab/wait-for/releases/download/${WAIT_FOR_VERSION}/wait-for" && \
|
||||
chmod 755 /usr/local/bin/gomplate && \
|
||||
chmod 755 /usr/local/bin/supercronic && \
|
||||
chmod 755 /usr/local/bin/url-parser && \
|
||||
chmod 755 /usr/local/bin/wait-for && \
|
||||
touch /run/nginx.pid && \
|
||||
chown nginx /run/nginx.pid && \
|
||||
chown -R nginx /var/log/nginx && \
|
||||
mkdir -p /var/cache/nginx && \
|
||||
chown -R nginx /var/cache/nginx && \
|
||||
chmod -R 750 /var/cache/nginx && \
|
||||
chown -R nginx:nginx /var/www && \
|
||||
chmod -R 750 /var/www && \
|
||||
chown -R nginx:nginx /var/lib/nginx/html && \
|
||||
chmod -R 750 /var/lib/nginx/html && \
|
||||
apk del .build-deps && \
|
||||
rm -rf /var/cache/apk/* && \
|
||||
rm -rf /tmp/*
|
||||
|
@ -59,7 +33,9 @@ RUN addgroup -g 101 -S nginx && \
|
|||
ADD overlay/ /
|
||||
|
||||
EXPOSE 8080
|
||||
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
WORKDIR /var/lib/nginx/html
|
||||
USER 101
|
||||
|
||||
CMD ["nginx", "-g", "daemon off;"]
|
||||
|
|
Loading…
Reference in New Issue
Block a user