upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor synced 2025-04-22 19:10:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enhance: Running contaienr with non-root user

Browse Source 
* core
* portal

Signed-off-by: Qian Deng <dengq@vmware.com>
This commit is contained in:
Qian Deng 2019-07-22 06:21:28 +00:00
parent 96b62e5741
commit 904f04fac1
5 changed files with 24 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
make/photon/portal/Dockerfile
View File

@ -17,23 +17,24 @@ VOLUME ["/portal_src"]
FROM photon:2.0 FROM photon:2.0
RUN tdnf install -y nginx >> /dev/null \
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
&& tdnf clean all
EXPOSE 80
VOLUME /var/cache/nginx /var/log/nginx /run
COPY --from=nodeportal /build_dir/dist /usr/share/nginx/html COPY --from=nodeportal /build_dir/dist /usr/share/nginx/html
COPY --from=nodeportal /build_dir/swagger.yaml /usr/share/nginx/html COPY --from=nodeportal /build_dir/swagger.yaml /usr/share/nginx/html
COPY --from=nodeportal /build_dir/swagger.json /usr/share/nginx/html COPY --from=nodeportal /build_dir/swagger.json /usr/share/nginx/html
COPY make/photon/portal/nginx.conf /etc/nginx/nginx.conf COPY make/photon/portal/nginx.conf /etc/nginx/nginx.conf
RUN tdnf install -y nginx >> /dev/null \
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
&& tdnf clean all \
&& chown -R 10000:10000 /etc/nginx
EXPOSE 80
VOLUME /var/cache/nginx /var/log/nginx /run
STOPSIGNAL SIGQUIT STOPSIGNAL SIGQUIT
HEALTHCHECK CMD curl --fail -s http://127.0.0.1 || exit 1 HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080 || exit 1
CMD ["nginx", "-g", "pid /tmp/nginx.pid; daemon off;"]
CMD ["nginx", "-g", "daemon off;"]

9
make/photon/portal/nginx.conf
View File

@ -6,8 +6,15 @@ events {
} }
http { http {
client_body_temp_path /tmp/client_body_temp;
proxy_temp_path /tmp/proxy_temp;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server { server {
listen 80; listen 8080;
server_name localhost; server_name localhost;
root /usr/share/nginx/html; root /usr/share/nginx/html;

2
make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja
View File

@ -133,6 +133,7 @@ services:
env_file: env_file:
- ./common/config/core/env - ./common/config/core/env
restart: always restart: always
user: 10000:10000
cap_drop: cap_drop:
- ALL - ALL
cap_add: cap_add:
@ -185,6 +186,7 @@ services:
image: goharbor/harbor-portal:{{version}} image: goharbor/harbor-portal:{{version}}
container_name: harbor-portal container_name: harbor-portal
restart: always restart: always
user: 10000:10000
cap_drop: cap_drop:
- ALL - ALL
cap_add: cap_add:

2
make/photon/prepare/templates/nginx/nginx.http.conf.jinja
View File

@ -17,7 +17,7 @@ http {
} }
upstream portal { upstream portal {
server portal:80; server portal:8080;
} }
log_format timed_combined '$remote_addr - ' log_format timed_combined '$remote_addr - '

2
make/photon/prepare/templates/nginx/nginx.https.conf.jinja
View File

@ -18,7 +18,7 @@ http {
} }
upstream portal { upstream portal {
server portal:80; server portal:8080;
} }
log_format timed_combined '$remote_addr - ' log_format timed_combined '$remote_addr - '