anhefti
commented
3 years ago I removed the file appender logger for production profile now. Another configuration attribute is located in the application-[xy].properties files of the spring configurations named: "logging.file". This must be removed (or set empty) for the specified configuration in the seb-server-setup repo.
The change has made it into the development branch where actual development is been done. So when you make a next pull request, please checkout the development branch to get the newest changed, make your changes there and make a pull request to the remote development branch.
when you have time, we can have a look at this issue together, just call me. In the meanwhile I'll try to remove all logging to files for default and try to configure it explicitly where it should be applied.
Describe the bug The docker builds currently run the application with root permissions. For security reasons, this is not recommended. I built a docker image with a non privileged user.
The application then failed to start, because a log file in /sebserver/logs could not be created caused by missing write permissions. I tried to direct logging to stdout, but could not manage to completely avoid write attempts to the log file. The approach used in the docker-compose examples (mounting a log volume) is not practicable in Kubernetes environments. Logs are expected to go to stdout, where they can be processed by log shippers etc.
To Reproduce Steps to reproduce the behavior:
Modify a Dockerfile, add a user:
The image builds, but fails at startup due to missing permissions
Expected behavior A configuration or a environment variable which redirects all logging to stdout
Setup (please complete the following information):