Closed archletekke closed 8 months ago
Maybe it is possible to set up the base images so that all of the required directories are owned by nginx already?
Hi @archletekke ! Let me take a look at this one.
I don't think you need to change the whole /usr/local
directory to nginx... 🤔
@archletekke Can you try to following the documentation from upstream, the part that says "Running nginx as a non-root user", and let us know?
I guess that could work as well. My proposal was that the security-focused docker image could be non-root by default. Meaning that the crs docker image has the non-root config defined in its own dockerfile.
There might be another option: we could use https://hub.docker.com/r/nginxinc/nginx-unprivileged from upstream instead. Will check if this works out of the box for us.
If anyone else is wondering how to use this image for in a non-root context then what worked for me in the Dockerfile: